Financial Crime World

Risk-Based Regulation: A Guide to Effective Supervision

=====================================================

Introduction

A recent article highlighted the development of risk-based regulation in financial services, particularly in Canada. The Office of the Superintendent of Financial Institutions (OSFI) has been instrumental in shaping this regulatory approach globally.

Key Features of the Framework

The framework relies on institutions’ own internal controls and oversight functions to ensure regulators can leverage off their knowledge and expertise. This approach emphasizes consistency between OSFI’s analytical tools and those used by financial institutions, enabling meaningful dialogues and sharing insights on risk management.

Two Key Elements

  1. Reliance-Based Supervision Regime: The framework relies on the work of an institution’s board, senior management, internal audit, risk management, compliance, and financial analysis functions.
  2. Dynamic Risk Assessment Process: This process assesses inherent risks in significant activities and quality of risk management to arrive at an overall net risk rating.

Notable Features

1. Limited Consideration of Systemic Risk

The framework does not consider the potential impact of a firm’s failure on Canadian financial markets.

2. Resource Allocation Based on Risk Assessment

Risk assessment is used to allocate resources to institutions, with higher-risk firms receiving more frequent supervisory scrutiny.

3. Qualitative Approach

The framework primarily relies on subjective assessments by supervisory officials rather than quantitative risk metrics.

4. Relationship Managers

The operation of the framework is supported by “relationship managers” who maintain a current assessment of an institution and serve as its point of contact within OSFI.

5. Meta-Regulation Strategy

The framework reflects a strategy of “meta-regulation,” leveraging off firms’ internal controls and oversight functions.

Evaluation Process

The supervisory framework assesses net risk by identifying significant activities within a firm and evaluating inherent risks mitigated by quality of risk management. This process involves recasting an institution’s operations into OSFI’s own assessment frame, simplifying the evaluation process.

Conclusion

OSFI’s risk-based regulation framework has been influential in shaping regulatory approaches globally. Its reliance on internal controls, consistency with institutional practices, and focus on dynamic risk assessment make it a model for effective supervision.