Skip to main content

Canada’s banking regulator has told banks they have one year to comply with new rules aimed at tamping down non-financial threats, including risks from culture and character issues.

Office of the Superintendent of Financial Institutions assistant superintendent Tolga Yalkin unveiled the regulator’s final guidelines Wednesday on integrity and security issues affecting the country’s financial system. OSFI will oversee and enforce new regulations on how banks manage risks involving cybersecurity, technology, third-party providers, culture and compliance.

“The public’s confidence in the financial sector really does hinge on the integrity and security ultimately of the financial institutions that make it up,” Mr. Yalkin told reporters during a media conference.

“We have been dedicated to these values for a considerable time, but what we’re embarking on now represents a significant new chapter.”

The regulator said it will bolster its assessments of the character of board members and senior executives, review how access and security are managed at offices and branches and oversee how and when sensitive information is shared internally.

As part of its integrity reviews, OSFI will also monitor the culture cultivated by senior leaders and the corporate governance structures that dictate how and when decisions are made.

Last week, The Globe and Mail revealed that the Bank of Montreal terminated four mining bankers in Toronto and that another two resigned after allegations of bullying and harassment of a colleague. The employee, a young male investment banker in the Toronto office of BMO’s mining group, had become the target of homophobic slurs, according to four sources.

Five of the six former employees were junior bankers, and the other was a director responsible for overseeing the juniors.

Mr. Yalkin did not comment on the specifics of the BMO BMO-T incident but said that, with regards to culture and character, senior leaders have a “significant and meaningful” role in the decisions made within institutions.

“We have the draft culture guideline out that we conducted a consultation on, and it reflects the fact that not only the character of senior leaders but also the corporate culture within an institution can have a big impact ultimately on how it goes about managing the risks that it faces.”

Mr. Yalkin said the regulator has distributed a questionnaire to financial institutions to help assess how well the companies are meeting the new expectations.

“It may appear at first blush that things like character and culture are things that are new – that are less black and white relative to other financial risks that we had been tracking before,” he said, adding that OSFI regularly applies its own judgment to quantifiable metrics in financial risks. “We are used to trying to make difficult calls about whether or not we think particular expectations are met. Expectations, quite frankly, that are not just binary or black and white.”

Prior to this change, OSFI’s primary focus was ensuring that banks have adequate capital and liquidity to withstand shocks to the economy and the financial system. Last year, Ottawa expanded OSFI’s mandate to oversee non-financial risks.

Prime Minister Justin Trudeau’s government has been ramping up enforcement measures on Canada’s banks. Ottawa has also proposed new tools to address weaknesses in Canada’s anti-money-laundering regime, including expanding the powers of OSFI and the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).

The changes also include guidelines on reporting incidents related to foreign influence, interference or malicious activity. The requirement to report these incidents takes effect immediately, but banks will be required to comply with most of the changes by January, 2025.

In an e-mailed statement, the Canadian Bankers Association said the country’s lenders have strong governance and risk management practices “reinforced by an already extensive number of regulatory guidelines on corporate governance, non-financial risk, and technology-related risk management.”

“In addition to OSFI, banks must also meet extensive regulatory requirements from FINTRAC and engage with law enforcement,” CBA spokesperson Mathieu Labrèche said in the statement. “We anticipate that these agencies will endeavour to collaborate in developing a streamlined regulatory framework that aligns with the government’s objectives.”

Follow related authors and topics

Authors and topics you follow will be added to your personal news feed in Following.

Interact with The Globe