Peter Routledge, the new superintendent of the Office of the Superintendent of Financial Institutions (OSFI) gave a noteworthy address at the Global Risk Annual summit in September setting the tone and overarching agenda for OFSI and how it will operate under his tenure. Superintendent Routledge described changes and modernization efforts OSFI will be focusing on including enterprise risk, digitization, and organizational transformation.
It is paramount that the financial services industry is aware of and remains current on OSFI modernization efforts as these efforts will directly impact federally regulated financial institutions and will likely trickle down to provincially regulated financial institutions as provincial regulators follow OSFI’s lead.
Why these changes are important.
Tasked with gauging the spectrum of factors influencing the financial sector, OFSI is obviously concerned with risk. OSFI is therefore attempting to expand its current understanding of risk and is considering wider societal issues once traditionally considered outside of its purview including climate change, business continuity of critical operations, and “ever-present unknown risks”, like pandemics.
Expanding risk management in this way casts a wider net, and it will result in regulatory and other changes that financial institutions must comply with. This adaptation will demand more comprehensive responses, and more involvement with regulators for financial institutions.
For example, OSFI recently amended its cyber risk advisory such that financial institutions must now provide notice to OSFI of a potential cybersecurity breach within 24 hours or less. Note that the obligation relates to potential and not actual breaches. Not only does this mean that financial institutions and their third-party service providers must modify their processes to comply with OSFI’s new guidance, but it also means financial institutions will make more frequent, unnecessary submissions to OSFI because they no longer have the opportunity to properly research a potential breach prior to reporting it.
To summarize, OSFI’s increased risk management efforts will result in increased regulation, obligations, processes, and work for the parties OSFI regulates and the third parties that support them. OFSI is moving quickly, which means financial institutions will be impacted right away. And as the applicable provincial regulators often take the lead from OSFI, changes at the provincial level won’t be far behind.
Staying one step ahead.
Major changes in the regulatory environment – such as those proposed for cybersecurity – often shift the impetus for change onto the regulated organizations themselves, and consequently to the third parties that support their business. As an organization operating in both the technology and insurance sectors, risk management is a top priority for Valeyo.
Over the past few years, Valeyo has diligently modernized its cybersecurity protocols and built the necessary foundation to evolve its security protocols as required in the future.
For financial institutions, the importance of mitigating risk and ensuring the fair treatment of customers is key. Valeyo has the necessary frameworks to support its clients in meeting their regulatory requirements and risk mitigation efforts.
Constant adaptation to a changing risk environment and the regulations it precipitates is the nature of business. Proactively planning to be part of the change and working with other key stakeholders to develop evolving business models that mitigate risk is part of our shared responsibility in the financial services industry and is foundational to how Valeyo conducts business.
Interested in learning more about Valeyo’s approach to risk? Email Lindsey
Keep up with the latest insights
and information from Valeyo.
Subscribe to our newsletter below or connect with us today
to learn more about our products & solutions.