OSFI's Corporate Governance Guideline Update

OSFI's Corporate Governance Guideline Update

When the Office of the Superintendent of Financial Institutions (OSFI) issued its revised Guideline on Corporate Governance1 last January, it established January 31, 2014, as the date by which all federally regulated financial institutions would be expected to have fully complied with the guideline. With less than four months remaining until the deadline, there are likely only two or three scheduled board meetings left for you to work with your board, not only to ensure that the board’s practices and processes have been brought in line with the guideline, but also that your directors are equipped to meet the new governance expectations.

Board Training Critical

The Guideline on Corporate Governance contains over 50 expectations affecting the board. These expectations cover numerous board practices and processes, including board composition and structure, effectiveness, and risk governance processes and controls. The guideline also sets out specific expectations relating to the board’s risk and audit committees. It will be critical for institutions to demonstrate that their directors understand these expectations and are prepared to meet their new responsibilities.

In keeping with the current direction of regulation, most of the expectations set out in the guideline are principles-based, requiring that directors of individual institutions determine how best to address each principle in the context of their own organization. While this approach provides the board with a certain amount of latitude, it also requires that the board has a strong understanding of the regulatory objectives. To understand these objectives, the board must be fully versed not only in the content of the guideline but also in its source documents2 and emerging best practices.

In addition to establishing governance principles, in several areas the guideline creates an expectation that the directors will develop processes through which to implement a principle or achieve a governance goal. For example, the board is expected to assess regularly the effectiveness of the institution’s oversight functions (risk, compliance, finance, and internal audit) and their oversight processes. While the board is directed to enlist the support of external advisers occasionally to assist with benchmarking, the duty remains with the directors to make the assessment. The expectation is that the board itself will adopt a methodology for assessing the effectiveness of these functions and their processes. Another example of this type of expectation relates to the assurances that the board receives from management. Here, the guideline creates an expectation that the board will not only receive these assurances, but that it will establish a process to assess periodically the quality of the assurances it receives.

Even where the guideline takes a more rules-based approach, the underlying expectation is that the board will understand and implement the principle behind the rule and not simply check a box. For example, the guideline sets out seven specific matters that a board must approve and six more matters that it must review and discuss with management. While the board can demonstrate compliance with the guideline by ensuring that these matters are on the board’s agenda, the over-arching expectation of the guideline is that the board will determine, in the context of the institution, the information that it requires and the type and extent of consideration it needs to give each matter in order to either approve or adequately review it.

OSFI Oversight

It should be assumed that OSFI will monitor closely implementation of the guideline, beginning in 2014. The OSFI Guideline on Corporate Governance implements the Basel Committee publication entitled Principles for Enhancing Corporate Governance, released in October 20103, and is an important part of OSFI’s commitment as a member of the Basel Committee to address governance practices. In its Plans and Priorities for 2013-2016, OSFI indicated that it will be conducting reviews to determine how institutions have implemented the guideline. Given the global focus on
governance, and OSFI’s own stated priorities, it can be assumed that assessing compliance with the guidleine will be a key aspect of OSFI’s supervisory work in 2014 and beyond.

How Protiviti Can Help

Protiviti has vast experience with risk and risk management and with assisting boards with their role in supervising the development of strong risk management practices. Our work in this area includes governance program design, design and development of board and management reporting, and governance audits. Protiviti professionals can help your institution educate and train your directors to meet the expectations of the OSFI Guideline on Corporate Governance and to develop processes that recognize the unique character of your organization.


Protiviti was retained by a major Canadian company to review its governance practices focusing on the board of directors (and related committees), internal control over financial reporting, disclosure controls, and certain other areas specified by the client. The purpose of the review was to identify gaps and make recommendations to address them using best practices for companies of the size, scope, reach and stature of the client. As a result, the client was able to enhance its governance practices to meet the expectations of its regulators, shareholders and other stakeholders.

1Corporate governance guidelines.
2The OSFI Guideline on Corporate Governance is based in part on the Basel Committee publications, Principles for Enhancing Corporate Governance, October 2010, and The Internal Audit Function in Banks, June 2012. It also borrows liberally from the Group of 30 publication, Toward Effective Governance of Financial Institutions, April 2012, that was under development at the same time as the guideline.


John Jason
Leader, Regulatory Compliance
[email protected]
Susie Carnevale
[email protected]
Mary Lepage
Risk and Internal Audit
[email protected]

Ready to work with us?