On November 7 the Office of the Superintendent of Financial Institutions (OSFI) published draft changes to its Corporate Governance Guideline—last updated in 2013—for public comment. OSFI began inviting feedback in December 2016 and discussed the existing Corporate Governance Guidelines with directors from more than 20 federally regulated financial institutions (FRFIs). The discussions were held with a view to updating OSFI's expectations for FRFI boards to better enable effective governance. The public consultation period closes on December 22, 2017. OSFI will assess the comments it receives and issue a final version in spring 2018.
The general themes of the feedback received in this outreach spanned a range of issues, including:
- a desire to consolidate all corporate governance expectations in a single guideline;
- permitting an appropriate balance in the expectations on directors between oversight and strategy;
- retaining and further enhancing the principle-based approach;
- giving the board of directors sufficient latitude on how to meet the principles; and
- providing more clarity regarding OSFI's expectations between the role of the board and senior management.
These themes translated into a number of key objectives in the drafting of the guideline including maintaining and further developing the principle-based approach, consolidating all OSFI's corporate governance expectations in this guideline (and removing references to corporate governance expectations from other OSFI guidelines), clarifying circumstances where OSFI expects the board to "approve" versus "review and discuss" particular matters and make the guideline more outcome based (focusing on "what" expectations not "how" expectations are met).
Below is a summary of the key draft changes to the Corporate Governance Guidelines.
Board and Senior Management
In response to feedback from FRFI boards, the draft changes attempt to more clearly delineate the responsibilities of the board and senior management.
- In particular, the draft changes emphasize the board's primary responsibilities are to "approve and oversee" strategy, risk management, executive compensation and succession matters, and audit plans. These "essential duties" should be the "main focus of the board's attention and activities." Senior management, on the other hand, is responsible for operational and business policies, business performance and the effectiveness of risk management. The board is given the discretion to decide the extent and nature of its input and guidance to senior management on these matters.
- Senior management is also responsible for implementing the board's decisions and directing operations of the FRFI within the authority delegated to them by the board. Senior management should set out information and recommendations to the board to enable the board to focus on key issues, make informed decisions in a timely manner and regularly assess the effectiveness of senior management's oversight functions and determine whether the FRFI's operations, results and risk exposures are consistent with the FRFI's risk appetite. The draft changes specifically mention that heads of the oversight functions, including the chief financial officer, chief risk officer, chief compliance officer, chief internal auditor and appointed actuary, should have "unfettered access and a direct reporting line to the board or the appropriate board committee."
The draft changes provide more detailed guidance on the structure and governance of board subsidiaries and boards with FRFI subsidiaries.
- If the parent company is another FRFI, the parent board should exercise adequate oversight of the activities of the subsidiary FRFI to be satisfied the parent board can meet its enterprise-wide oversight responsibilities applicable to FRFIs.
- A FRFI that is part of a larger corporate group (another FRFI or company in Canada, or another company abroad) may be subject to or may adopt certain policies, practices or procedures of the parent that govern strategy, risk oversight and controls. In this situation, the subsidiary board should be satisfied these policies, practices, or procedures are appropriate for the FRFI's business plan, strategy and risk appetite, and comply with specific Canadian regulatory requirements.
The draft changes provide consolidated guidance on what an effective board should look like, and now emphasize that:
- the board should facilitate open communication, collaboration and appropriate debate in the decision-making process and collectively bring a balance of diversity, expertise, skills, competencies and perspectives; and
- relevant financial industry expertise and risk management expertise are the two key competencies for a FRFI board and there should be appropriate representation of these skills at the board and committee levels.
The draft revisions retain an emphasis on the independence of the board from senior management and the importance of separating the role of the board and committee chairs from senior management and, in particular, from the chief executive officer.
Risk governance remains a distinct and crucial element of FRFI's corporate governance. The draft changes continue to emphasize that banks should be in a position to identify significant risks they face, assess their potential impact and have policies and controls to manage them effectively.
- Risk culture: OSFI now states the board and senior management should, through their behaviors, actions and words, promote a "risk culture" that "stresses integrity and effective risk management throughout the FRFI."
- Risk committee: The draft changes indicate there should be reasonable representation of key competencies of relevant financial industry expertise and risk management expertise in the risk committee.
- Chief risk officer (CRO): The most significant changes in risk governance are found in the role of the chief risk officer and their interaction with the board, board committees and the FRFI itself. In particular, the CRO should have sufficient statute and authority within the organization and should be independent from operational management. In addition, the draft changes specifically state the CRO should have unfettered access and a direct reporting line to the board or the risk committee.
- The key competencies of relevant financial industry expertise and risk management expertise should be reasonably represented on the audit committee.
- The audit committee, not senior management, should recommend to the shareholders the appointment, reappointment, removal and remuneration of the external auditor. It should also agree to the scope and terms of the audit engagement and approve the engagement letter.
OSFI's Supervision of FRFIs
- OSFI's Supervisory Assessment: OSFI will now look at the discussions and deliberations of the board and board committees to understand the board's behavior and objectivity, degree of challenge and independence in the decision-making process. This may put pressure on the corporate secretary to prepare more detailed minutes of board meetings which may not be helpful if litigation is subsequently commenced against the FRFI.
- Changes to the Board or Senior Management: FRFIs should notify OSFI as early as possible in the nomination and appointment process of any potential changes to the membership of the board or senior management. Also, the process and criteria used by the FRFI in the selection process for board and senior management should be transparent to OSFI. Information regarding the expertise and character of candidates of the board and senior management should be provided to OSFI.
To discuss these issues, please contact the author(s).
This publication is a general discussion of certain legal and related developments and should not be relied upon as legal advice. If you require legal advice, we would be pleased to discuss the issues in this publication with you, in the context of your particular circumstances.
For permission to republish this or any other publication, contact Janelle Weed.
© 2019 by Torys LLP.
All rights reserved.