The regulator that troubleshoots first, asks questions later

Canada’s bank watchdog aims to intervene early to tackle burgeoning risks, even at the expense of “perfect” regulatory decisions, explains risk chief

Credit: Risk.net montage

A regulator’s job is to examine the risk appetite of banks. So why shouldn’t the regulator also set its own risk appetite?

It’s a question that Canada’s Office of the Superintendent of Financial Institutions has answered. On May 11, it published its new risk appetite statement.

The document “puts a corporate-wide or organisation-wide hat on the way we manage risk and allocate resources”, explains Angie Radiskovic, assistant superintendent and chief strategy and risk officer at Osfi.

Some elements of the statement are not new policies, but one aspect represents a conscious change of approach, and directly reflects the mood of the times. Osfi now has a “high appetite for early intervention, [and] low appetite for surprises”, the statement reads.

“That is really a reflection of the new environment we are in, where you have massive, broad systemic types of risks that are impacting not just financial institutions, but the broader economy, and some of those risks are piled on top of each other, and some of them are interrelated,” says Radiskovic. “We are being transparent that we are not going to wait until the last minute.”

Radiskovic took up her new role in March 2022, after previously leading the regulator’s non-financial risk group. Her first experience at Osfi came on a student internship programme in 1997. She went on to work at Ernst & Young in financial services assurance and at the Canada Deposit Insurance Corporation in resolution preparedness.

In the type of environment which we are finding ourselves in now, that sort of perfectionist, time-dependent type of decision-making doesn’t necessarily work… More and more, we’re finding that risks are hitting deeper and faster
Angie Radiskovic, Osfi

Her work on the risk appetite statement is part of a wider strategic blueprint for transformation, unveiled in April 2022 and due to be completed by 2025. The strategic plan is based on what proved a very timely assumption: “Osfi must assume and plan for more frequent volatility storms”, in the words of superintendent, Peter Routledge, who took over in the midst of the Covid pandemic in 2021.

“Since then, we’ve had a lot of major shocks to the risk environment, some of them created beyond Canada’s borders,” says Radiskovic. Those shocks include the war in Ukraine, a surge in inflation and interest rates, and the most recent travails in the US and Swiss banking systems.

Move fast and fix things

Osfi’s risk appetite statement is particularly interesting in the context of the recent US Federal Reserve report on the failure of Silicon Valley Bank. The Fed noted that supervisors had been too focused on “the continued accumulation of supporting evidence in a consensus-driven environment”, which had resulted in decisions being taken too slowly – or in some cases not taken at all prior to the bank’s failure.

“No crisis goes to waste, no matter where it happens,” says Radiskovic. “We think through how we would have handled that crisis. If we think we need to make improvements to our own processes or technologies or data, for example, we will go about doing that, we won’t wait for a crisis to hit us.”

In stark contrast to the findings of the Fed review, the Osfi statement now prioritises “agility and efficiency over perfection in decision-making”. Radiskovic says this is vital, in view of the fast-moving nature of risk today. Canada hasn’t suffered a domestic bank failure in 30 years, but now is not the moment to take stability for granted.

“We’ve seen massive liquidity withdrawals and deposit withdrawals in very short periods of time,” says Radiskovic “We’ve got digital innovation and digitisation of financial institutions, where a click of a button moves money now. It’s incumbent on all supervisors, not just Osfi, to recognise there are impacts in the system we maybe hadn’t contemplated a decade ago, such as the impact of social media and how quickly information flows through society.”

This is also a marked difference from the way in which global regulators responded to the 2008 financial crisis. The post-crisis Basel III package took a decade to draft. Osfi implemented the Canadian version in January 2022 – which puts it far ahead of the US, where regulators have yet to produce a proposed rulemaking.

“That type of workstyle, as you can imagine, was super-technical, and we were in a more benign risk environment after the global financial crisis which afforded us the time to think through these technical issues, to have extensive consultations and to look at every bit of data we could get our hands on,” says Radiskovic.

“In the type of environment which we are finding ourselves in now, that sort of perfectionist, time-dependent type of decision-making doesn’t necessarily work… More and more, we’re finding that risks are hitting deeper and faster.”

She says the regulator therefore has to trust in the experience it can gather round the table, looking at “the information we have at hand, recognising we can’t wait for every bit of detail to come in.”

That doesn’t mean Osfi will focus only on supervision as a response to the changing risk environment, she adds. It will also examine whether it has “the appropriate regulations, guidelines and policies in place to address those risks.”

Trust me, I’m a regulator

The risk appetite statement is not a wholly new idea for Osfi. The regulator had previously set out some similar policies, but in a more piecemeal fashion, specific to the different industries it regulates, Radiskovic explains. Osfi looks after both banking and insurance sectors.

But issuing a formal, explicit risk appetite “underscores and helps promote confidence in the financial system, that people know why we’re here, what we do and how we go about executing on our mandate”, Radiskovic says. As well as providing benefits at home, Osfi hopes the risk appetite statement will help “build more trust” with “international counterparts” who are the home regulators for foreign firms operating in Canada, or the hosts for Canadian firms operating overseas.

Two elements of the statement represent a continuity of policy: the regulator’s zero risk appetite for “material breaches of confidentiality of sensitive information” and for “real or perceived regulatory capture.” These policies don’t just apply to Osfi’s relationship with banks, but also its own internal processes.

“We have cyber risk, just like institutions do, we have data privacy risks, we have culture risk, and so it’s a much broader mandate than just focused on supervision,” says Radiskovic.

An essential component to setting risk appetite is the regulator’s annual risk outlook, launched last year. The second edition was published in April 2023, and Osfi has integrated feedback from regulated firms on the previous version. Risks in the 2022 edition were not listed in any particular order, and firms had wrongly assumed the risk listed at the top (cyber) was Osfi’s top risk.

This year, the list is ranked. Liquidity/funding risk is unsurprisingly at number two, bracketed by residential and commercial real estate risks at one and three. In a further sign that the regulator is anticipating the need to respond to fast-moving risks, Osfi has already pencilled in the possible addition of a semi-annual update to the risk outlook, in October this year.

Editing by Alex Krohn

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here