Superintendent of Financial Institutions Jeremy Rudin is monitoring the impact of the regulator's corporate governance guidelines, but says Canada's companies need to evolve.
Boards and management of federally regulated financial institutions are currently "on a journey" to work together more effectively when it comes to risk management, Mr. Rudin said.
The country's banking and insurance watchdog raised its expectations of boards and directors in the oversight of companies last January when it laid out a list of corporate governance best practices. One of OSFI's guidelines focused on approval of the companies' risk appetite frameworks by directors.
"This is part of a larger phenomenon, so it's not just OSFI and Canada that has raised expectations for financial institution boards, it's regulators across the globe," Mr. Rudin said in a discussion with Neil Parkinson, head of KPMG Canada's insurance practice. The two spoke in a fireside chat at the audit and tax company's annual insurance issues conference on Monday. "And it's not just happening in financial services, even in unregulated industries perceptions of responsibilities of board of directors for oversight have gone up materially over time."
OSFI is aware that some boards and management are struggling to sort out their new roles, especially since its corporate governance update came in the form of new principles to guide organizations, rather than hard, clear rules.
Mr. Rudin is also sensitive to the possibility of risk committees and boards feeling overloaded with information that may not ultimately be useful.
"For example, some risk committees receive voluminous reports –hundreds of pages, many thousands of numbers. That's really worth thinking about," Mr. Rudin said, adding that companies need quality information to make decisions, rather than a deluge of paper. "If a company is having that kind of interaction … that's something I certainly think can be improved."
There are a few reasons why risk committees might be drowning in reports, he said. Perhaps management believes risk committees will need this information, or the committees feel obligated to comb through all that data. The lack of clear rules leaves it up to individual company directors and management to interpret what OSFI is looking for.
Mr. Rudin said he has received feedback from executives and boards, and knows striking the right balance may take time. But "if neither of them are happy and they're doing it because that's what they think the regulator wants? Well, I'm here to tell you that's not what we mean by enhanced oversight," he said.