Stuart S Carruthers, Stikeman Elliott LLP
In this article, Stuart Carruthers at Stikeman Elliott assesses recent regulatory developments in the Canadian market, highlighting particularly the draft of the Revised Corporate Governance Guideline.
On 7 November 2017, Canada’s federal financial institutions regulator, the Office of the Superintendent of Financial Institutions (OSFI), released for comment a draft of its long-awaited revised and updated Corporate Governance Guideline (the Revised Guideline). The Revised Guideline sets forth OSFI’s current expectations for corporate governance of federally regulated financial institutions (FRFIs). Like the current Corporate Governance Guideline (the Current Guideline), it will apply to all FRFIs except foreign bank branches and foreign insurance company branches.
OSFI had previously also been working to update its governance expectations for chief agents of foreign insurance company branches, as set out in its Guideline E-4A. That exercise, which has been on hold during the review of the Current Guideline, is expected to resume once the Revised Guideline is finalised. The branch exercise is widely anticipated to increase the governance expectations of branches and home offices.
The Current Guideline dates from 2013, and was itself the subject of a lengthy review and consultation process. In June 2016, OSFI announced its intention to review its expectations for FRFI boards (Boards). The purpose of the review was to ensure that OSFI’s guidance continues to reflect evolving governance standards and enables Boards to focus on key risks and execute their oversight roles effectively and efficiently. Since the 2016 announcement, OSFI has engaged with Boards and executives to seek their feedback on the updating of the Current Guideline and evolving governance best practices.
The development of the Revised Guideline has focused on streamlining OSFI’s expectations and better adapting those expectations to the size, complexity and risk profiles of institutions. OSFI has noted that its Board expectations are currently spread across more than 60 publications. OSFI is seeking to create a “one-stop shop” approach to governance by editing and simplifying these requirements and gathering them all in the Revised Guideline.
The public consultation period on the Revised Guideline closed on 22 December 2017. OSFI expects to issue the final Revised Guideline in the spring of 2018, along with (as is currently OSFI’s practice) a non-attributed summary of comments received and OSFI’s response. When the final Revised Guideline is issued, OSFI will simultaneously release revised risk management and capital Guidelines with the Board requirements removed. At the same time, OSFI will retire its current Advisory on Changes to the Membership of the Board and Senior Management and will align its current Assessment Criteria for Boards with the final Revised Guideline.
OSFI’s commentary notes that the approach taken in the Revised Guideline differs from that taken in the Current Guideline in several important respects.
More principles-based and outcomes-based guidance
The Revised Guideline is intended to focus more on what a Board should achieve rather than how it should go about achieving it. The revisions were intended to provide boards with greater discretion on how they follow the principles of the Revised Guideline, taking into account their institution’s size, operations and risk profile.
Clearer delineation of board and senior management responsibilities
The Revised Guideline emphasises a Board’s responsibility to “approve and oversee” items essential to prudential oversight, including strategy, risk appetite, plans and key policies. It also clarifies that senior management is responsible for implementing the strategy and risk appetite as well as all other internal FRFI policies, with the board playing an active advisory role. The Revised Guideline notes that this approach should allow boards to focus on issues that are critical to the safety and soundness of the FRFI.
Consolidation of Board requirements
As noted above, the Board expectations contained in OSFI’s risk management and capital Guidelines are now either consolidated into clearer principles in the Revised Guideline or recast as duties of senior management. In addition, the Revised Guideline incorporates the key elements of OSFI’s Advisory on Changes to the Membership of the Board and Senior Management.
Following the order of the Revised Guideline, other noteworthy proposed changes in the Revised Guideline include the following.
Purpose and scope of the guideline
In general, the Revised Guideline is more concise than the Current Guideline and less repetitive. Overall, it contains less explanation and general commentary on corporate governance than the Current Guideline, perhaps reflective of maturing corporate governance understandings and practices worldwide. (Both in Canada and internationally, the focus of financial institution governance is increasingly on management of operational risks, data security risks, market conduct risks and related potential reputational impacts rather than on solvency risks – a shift that is happening as memories of the financial crisis begin to fade but market conduct scandals continue to erupt.)
To cite just one example of this change, the Revised Guideline deletes the initial overarching observation that “OSFI expects Boards and Senior Management of FRFIs to be proactive, and to be aware of best practices related to corporate governance that are applicable to their institution. Where appropriate, FRFIs should adopt these best practices.”
The Board of Directors
In several places, the Revised Guideline requires the Board to provide “challenge” to senior management. That said, the Revised Guideline notes that the Board “has the discretion to decide the extent and nature of its input on Senior Management responsibilities”. However, “the Board should be satisfied that the decisions of Senior Management are consistent with the Board-approved business plan, strategy and risk appetite.”
The Revised Guideline deletes the express expectation that “the Board should ensure that regulators are promptly notified of substantive issues affecting the FRFI.” It is not clear what is intended with regard to any obligation to keep regulators informed of material developments.
With respect to Boards of subsidiaries, or Boards of companies with FRFI subsidiaries, OSFI notes that an FRFI that is part of a larger corporate group “may be subject to or may adopt certain policies, practices or procedures of the parent that govern strategy, risk appetite and controls. In this situation, the subsidiary Board should be satisfied that these policies, practices, or procedures are appropriate for the FRFI’s business plan, strategy and risk appetite and comply with Canadian regulatory requirements.”
The Revised Guideline notes that an effective Board should provide “independent oversight” (rather than just “oversight”) of senior management and that in that connection, “Board members should strive to facilitate open communication, collaboration and appropriate debate in the decision-making process.”
OSFI has revised a historically problematic requirement that the Board “should regularly conduct a self-assessment of the effectiveness of the Board and Board Committee practices, occasionally with the assistance of independent external advisors”, with the scope and frequency of such external input being established by the Board. The requirement to periodically engage independent external advisers had proved challenging for FRFIs, as the extent of the required independence was not clear, nor was it obvious which type of external advisers would be best suited for this role, other than legal counsel (whose work product would, potentially very importantly, be privileged). This requirement has now been softened to indicate merely that the Board should regularly assess its practices and those of the Board committees, and should “pursue strategies to enhance its overall effectiveness”.
With respect to Board composition, the Revised Guideline now refers to diversity as among the factors that the Board should bring to the institution and notes that diversity should be a factor in Board renewal plans.
The Revised Guideline also deletes an expectation that “directors should seek internal or external education opportunities in order to fully understand the risks undertaken by the FRFI, as well as developments in corporate and risk governance practices.”
With respect to Board independence, the previous requirement that the Board “should be independent” from senior management has been rephrased to “collectively should be independent from senior management”, indicating that the Board viewed as a whole should be independent, rather than connoting that each director must necessarily be independent.
Relatedly, the Revised Guideline now quite vaguely (or flexibly) notes that “achieving independence can involve various Board structures and processes.
A requirement in the Current Guideline that the Chair have frequent dialogue with, and a high level of influence among, other directors and Senior Management has been rephrased to apply to both the Chair and to the Chairs of Board Committees.
An entire section regarding the interface between the Board and Senior Management has been deleted, including an express requirement that the CEO “should ensure that the oversight functions have the resources and support to fulfill their duties, are sufficiently independent of operational management, and have the capacity to offer objective opinions and advice to the Board and to Senior Management”.
Much of the section in the Current Guideline respecting the interface between the Board and oversight functions has also been deleted, including the expectation that the Board should understand how material disagreements with Senior Management are being addressed, follow up on any concerns or findings raised by the oversight functions and track senior management’s action plans. Also deleted is the expectation that in assessing the effectiveness of the FRFI’s oversight functions and processes, the Board should occasionally, as part of its assessment (like in respect of the Board’s periodic assessment of its own effectiveness), conduct a benchmarking analysis of those functions and processes with the assistance of independent external advisers (with the scope and frequency of such external input similarly to be established by the Board).
The section in the Current Guideline regarding Board oversight of internal controls has also been deleted, including detailed expectations that the Board should: (i) receive regular reports on the general operations of the FRFI and its financial condition, the performance of risk management and other control systems, and any ineffectiveness or significant breaches of these controls, the institution’s code of conduct, or laws and regulations; (ii) seek assurances from senior management that prompt action has been taken to correct any material internal control deficiencies or breaches, and that there is a process in place to monitor and report on the progress made to correct such deficiencies; and (iii) along with senior management, proactively consider whether deficiencies identified in one area of the FRFI’s operations may also be present in other areas.
However, the Revised Guideline now expressly provides that Board Committee Chairs should be independent, non-executive directors.
This section of Revised Guideline now commences with an overarching expectation (which could serve as a handy micro-summary of the Revised Guideline, and corporate governance best practices generally) that “the Board and Senior Management, consistent with their specific rules and responsibilities and through their behaviors, actions and words, promote a risk culture that stresses integrity and effective risk management throughout the FRFI”.
With respect to the Risk Appetite Framework required under the guidance, the Revised Guideline notes that all operational, financial and corporate policies, practices and procedures of the FRFI should be “guided” by the Framework, rather than, as in the Current Guideline, “support” the Framework.
The requirement in the Current Guideline for the Board to establish a Risk Committee “depending on the nature, size, complexity, and risk profile of the FRFI” has now been replaced by unqualified obligation to establish a Risk Committee.
The Current Guideline’s requirement that the CRO should provide an objective view to the Risk Committee, and the Board has been rephrased as being provided to the Risk Committee or the Board, as appropriate.
Also deleted is the expectation that the Board and Risk Committee should periodically seek assurances from the CRO and risk management function about the objectivity of risk management information and analysis provided by business lines.
The role of the Audit Committee
A new expectation is included that there should be a reasonable representation of key competencies on the Audit Committee, notably relevant financial industry and risk management expertise.
Overall, the commentary on the role of the Audit Committee has been significantly reduced and streamlined, with the remaining expectations being much less prescriptive than in the Current Guideline.
Supervision of FRFIs
The commentary in the Current Guideline that OSFI supervises FRFIs to assess their “condition” has been revised to refer to their “financial condition”.
Expectations of the Board with respect to the results of OSFI supervisory work and regulatory findings identified by the regulators have been condensed.
OSFI’s expectations with respect to nominations to the Board or appointment of senior management have been significantly abbreviated from a freestanding advisory into just a few sentences in the Revised Guideline in which OSFI notes that it “recognizes that FRFIs make independent decisions regarding such nominations . . . in the course of conducting their day-to-day business”. The requirement to notify OSFI of proposed changes has now been reframed to apply more loosely “as early as possible” in the process, and that the selection process and criteria should be transparent to OSFI, with information about the experience and character of candidates being provided to OSFI. As noted above, upon the finalisation of the Revised Guideline, OSFI will retire its current Advisory on Changes to Membership of the Board and Senior Management.