OSFI Consults on Approach to Address Operational Risk and Resilience
OSFI issued a letter to the federally regulated financial institutions seeking their views on certain aspects of its approach to the operational risk and resilience framework. One aspect OSFI is seeking views on is how it can position its perspective on operational risk and resilience within its principles-based guidance framework (including Guideline E-21). Views are also being sought on ways to address connections to related risks within the OSFI approach to operational risk management and operational resilience; the related risks include technology and cyber risks; third-party risk; model risk; and culture, compliance, and reputational risks. Stakeholders can submit comments until September 10, 2021.
BCBS published guidance in March 2021 on operational risk and resilience and OSFI, as a BCBS member, had participated in the work that led to the publication of the revised principles for sound management of operational risk and the new principles for operational resilience. OSFI believes that the revisions to the principles for sound management of operational risk strengthen BCBS guidance on operational risk management while the principles of operational resilience introduce the concept of operational resilience. Earlier, on December 15, 2020, OSFI had concluded a consultation process on its September discussion paper titled "Developing financial sector resilience in a digital world," which highlighted certain aspects of operational resilience. OSFI views operational resilience as an important objective of operational risk management and believes that operational resilience encompasses a number of risk management practices and capabilities; these include articulating risk appetite and setting risk tolerances for operational risk; identifying and analyzing critical operations, interconnections, and interdependencies; using scenarios and testing to assess resilience capabilities; and preventing, responding, adapting, recovering and learning from operational disruptions. While the existing Guidelines and Advisories of OSFI cover many of these areas, there are opportunities to strengthen its guidance expectations to enhance operational resilience at financial institutions, including both deposit-taking institutions and insurance companies. As part of implementing any guidance on operational risk and resilience for financial institutions, OSFI will consider whether certain elements of this guidance could also be relevant to federally regulated pension plans.
Related Links
Keywords: Americas, Canada, Banking, Insurance, Pensions, Operational Risk, Operational Resilience, Guideline E-21, Third Party Risk, Cyber Risk, Model Risk, Technology Risk, OSFI
Previous Article
FSB Reports on LIBOR Transition, Urges Entities to Take ActionRelated Articles
EBA Clarifies Use of COVID-19-Impacted Data for IRB Credit Risk Models
The European Banking Authority (EBA) published four draft principles to support supervisory efforts in assessing the representativeness of COVID-19-impacted data for banks using the internal ratings based (IRB) credit risk models.
EP Reaches Agreement on Corporate Sustainability Reporting Directive
The European Council and the European Parliament (EP) reached a provisional political agreement on the Corporate Sustainability Reporting Directive (CSRD).
PRA Consults on Model Risk Management Principles for Banks
The Prudential Regulation Authority (PRA) launched a consultation (CP6/22) that sets out proposal for a new Supervisory Statement on expectations for management of model risk by banks.
EC Regulation Amends Standards for Calculating Credit Risk Adjustments
The European Commission (EC) published the Delegated Regulation 2022/954, which amends regulatory technical standards on specification of the calculation of specific and general credit risk adjustments.
BIS Hub Updates Work Program for 2022, Announces New Projects
The Bank for International Settlements (BIS) Innovation Hub updated its work program, announcing a set of projects across various centers.
EIOPA Issues Cyber Underwriting Proposal, Statement on Open Insurance
The European Insurance and Occupational Pensions Authority (EIOPA) published two consultation papers—one on the supervisory statement on exclusions related to systemic events and the other on the supervisory statement on the management of non-affirmative cyber exposures.
US Senate Members Seek Details on SEC Proposed Climate Disclosure Rule
Certain members of the U.S. Senate Committee on Banking, Housing, and Urban Affairs issued a letter to the Securities and Exchange Commission (SEC)
EIOPA Consults on Review of Securitization Framework in Solvency II
The European Insurance and Occupational Pensions Authority (EIOPA) published a consultation paper on the advice on the review of the securitization prudential framework in Solvency II.
BIS Bulletins Discuss DeFi Lending and Aspects of Crypto-Assets
The Bank for International Settlements (BIS) published bulletins on lending in decentralized finance (DeFi) system, on blockchain scalability and fragmentation of crypto, and on extractable value and market manipulation in crypto and decentralized finance.
UK Authorities Issue Regulatory and Reporting Updates for Banks
The Prudential Regulation Authority (PRA) issued a statement on PRA buffer adjustment while the Bank of England (BoE) published a notice on the statistical reporting requirements for banks.