OSFI Superintendent Julie Dickson delivered a speech to the Trust Companies Association of Canada. The speech was focused on highlighting certain governance issues especially relevant to smaller financial institutions.
The following issues were discussed:
- Lack of Diversification: Because smaller financial institutions generally have a lack of diversification in product lines and operations, there is little room for error. As a result, strong governance practices and a thorough understanding of the risks that are being taken are critical. The board of directors should develop a well thought out risk appetite as well as a strategy to deal with risks. The risk appetite and the strategy should be communicated throughout the institution and put into measurable terms that can be monitored.
- Independent Control Functions: In smaller institutions, there may be less segregation of duties and roles which can be seen in blurred lines that exist between management and directors. The board should focus on maximizing functional independence (e.g., the board should ask the question whether the control function personnel have clear performance objectives that link to the management of risk rather than targets related to profit, revenues and volume?). The boards should seek information about best practices from third-party reviews from time to time to benchmark the institution’s risk management practices and processes.
- Board Composition: The boards of financial institutions need to have some relevant financial industry expertise, in addition to an array of other skills. Financial institutions are different from other corporations. The nature of their business means that they can be more opaque to the outside than other corporations. Financial industry expertise on the board would provide an extra pair of informed eyes focused on the management and on operations, particularly with respect to risk.
- Separation of Audit Committee and Risk Management Committee: While OSFI recommends a risk committee that is separate from the audit committee, OSFI recognizes that in smaller institutions, both risk and audit functions may be performed by the same committee. Such a committee will need to think about issues from the perspective of both audit and risk. A practical suggestion to ensure neither perspective gets overlooked is to create separate agenda items by audit committee topic and risk committee topic.