The Network for Greening the Financial System (NGFS) seeks consultation on repository of climate data needs and available sources, with the comment period ending on May 06, 2022. NGFS also published a report on enhancing market transparency in green and transition finance.
The revised guideline on third-party risk management emphasizes on governance and risk management programs and sets outcomes-focused, principles-based expectations for federally regulated financial institutions on the sound management of third-party risk. OSFI incorporated feedback received from previous consultations on its 2019 Third-Party Risk Study, 2020 Technology Risk Discussion Paper, and draft Technology and Cyber Risk Management Guideline (Guideline B-13) to modify its approach to expectations on technology and cyber risk in third-party arrangements. OSFI plans to issue the final guideline in Fall 2022, along with a non-attributed summary of comments received and its response to those comments. In addition, OSFI recognized that a federally endorsed framework will be developed to govern consumer-directed data mobility within the financial sector. The revised guideline includes principal changes with respect to:
- Expanded Scope—applies to a significantly wider variety of third-party arrangements including risks posed by traditional outsourcing arrangements, external entities and material subcontractors.
- Widened Risk Lens—increased focus on third-party and related risks such as technology, cyber, data security, financial, operational, business continuity management, subcontracting/supply chain, and concentration risks.
- Enhanced Risk Focus—adoption of risk-based approach instead of the previous binary approach (“material” vs. “non-material” outsourcing). Third-parties are expected to be managed according to individual levels of risk and criticality.
- Modernized Guidance—manage third-party risk by setting clear outcomes and principles and streamlined processes.
The Annual Risk Outlook report outlines the risks faced by the financial system in Canada, along with the regulatory and supervisory response of OSFI to those risks. The risks include cyberattacks, housing market downturn, digital innovation, climate change, third-party, commercial real estate market downturn, and corporate debt funding. In addition, OSFI published near-term plan along with the timelines of guidance priorities for federally regulated financial institutions and private pensions in 2022-23. Key highlights of the report are as follows:
- Cyberattacks Risk—OSFI highlighted the need for active monitoring and supervision of federally regulated financial institutions’ technology and cyber resilience. OSFI published an updated cyber-security self-assessment tool, enhanced the Technology & Cyber Incident Advisory reporting requirements and is also working on a pilot program “intelligence-led cyber resilience testing” (I-CRT) to help institutions identify weaknesses in technology and cyber security controls and to test their overall cyber resiliency. In 2022, OSFI further plans to consult on a draft revised Guideline E-21 on Operational Risk Management, and finalize the draft Guideline B-13 on Technology and Cyber Risk Management.
- Digital Innovation Risk—OSFI plans to publish an advisory that will clarify the capital and liquidity requirements to be applied to federally regulated financial institutions crypto asset exposures. OSFI also plans on providing additional clarity to federally regulated financial institutions in 2022 on areas of risk management and governance that are specific to stablecoin arrangements.
- Climate Change Risk—OSFI plans to issue guidance to set out expectations of institutions’ climate risk management and climate-related financial disclosures in 2022-23. OSFI will continue to work on other policy initiatives, including enhancing climate data and analytics capabilities, developing a standardized climate scenario analysis exercise for institutions, and assessing the need to reflect the unique features of climate-related risks in the regulatory capital framework.
- Letter on Revised Third-Party Risk Management Guideline
- Draft Guideline on Third-Party Risk Management
- Press Release on Annual Risk Outlook
- Annual Risk Outlook for 2022-23
Keywords: Americas, Canada, Banking, Insurance, Securities, Third-Party Risk, Cyber Risk, Guideline B-13, Business Continuity, Operational Risk, Concentration Risk, Annual Risk Outlook, Climate Change Risk, ESG, Basel, Regtech, Crypto-Asset Regulation, Cloud Service Providers, OSFI, Headline
Dr. Denton provides industry leadership in the quantification of sustainability issues, climate risk, trade credit and emerging lending risks. His deep foundations in market and credit risk provide critical perspectives on how climate/sustainability risks can be measured, communicated and used to drive commercial opportunities, policy, strategy, and compliance. He supports corporate clients and financial institutions in leveraging Moody’s tools and capabilities to improve decision-making and compliance capabilities, with particular focus on the energy, agriculture and physical commodities industries.
Previous ArticleNGFS Consults on Climate Data Repository and Issues a Report
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying and, where relevant, calibrating the minimum performance-related triggers for simple.
The European Central Bank (ECB) is undertaking the integrated reporting framework (IReF) project to integrate statistical requirements for banks into a standardized reporting framework that would be applicable across the euro area and adopted by authorities in other EU member states.
The European Banking Authority (EBA) has been awarded the top European Standard for its environmental performance under the European Eco-Management and Audit Scheme (EMAS).
The Monetary Authority of Singapore (MAS) set out the Financial Services Industry Transformation Map 2025 and, in collaboration with the SGX Group, launched ESGenome.
The Basel Committee on Banking Supervision met, shortly after a gathering of the Group of Central Bank Governors and Heads of Supervision (GHOS), the oversight body of BCBS.
The International Organization of Securities Commissions (IOSCO) welcomed the work of the international audit and assurance standard setters—the International Auditing and Assurance Standards Board (IAASB)
The Bank of England (BoE) published a Statistical Notice (2022/18), which informs that due to the Bank Holiday granted for Her Majesty Queen Elizabeth II’s State Funeral on Monday September 19, 2022.
The French Prudential Control and Resolution Authority (ACPR) announced that the European Banking Authority (EBA) has updated its filing rules and the implementation dates for certain modules of the EBA reporting framework 3.2.
The European Central Bank (ECB) published a paper that examines how credit rating agencies accepted by the Eurosystem, as part of the Eurosystem Credit Assessment Framework (ECAF)
The Australian Prudential Regulation Authority (APRA) announced reduction in the aggregate Committed Liquidity Facility (CLF) for authorized deposit-taking entities to ~USD 33 billion on September 01, 2022.