FSRA’s priorities will continue to deliver positive outcomes by improving:
- regulatory efficiency and effectiveness;
- stakeholders’ regulatory experience; and
- safety, fairness and choice for consumers in Ontario.
A core foundation of FSRA’s activities is aligning them with principles-based and outcomes-focused regulation.
In addition to the measurable outputs associated with the activities and priorities outlined in this plan, each priority has clearly stated desired outcomes. This is an important step in developing quantifiable outcome measures for all FSRA endeavors.
From a more operational perspective, FSRA’s goal is to create clear service expectations. In FY2020-21, FSRA developed new performance measures and targets that meet FSRA’s service standard principles and drive our desired outcomes. FSRA’s service standards will increase transparency and accountability for the delivery of regulatory activities.
FSRA is committed to working with stakeholders to develop and implement service standards that support responsive processing of regulatory matters and to do so in a timeframe that facilitates the cost-effective provision of non-securities financial services and pensions. The principles that will guide future standards include accountability, effectiveness, efficiency, adaptability, collaboration and transparency.
To deliver on this priority, FSRA conducted a review to identify high- priority services that need standards. Internal teams then assessed each service to determine the factors that affect delivery to appropriately set meaningful targets for each standard. The targets set a measurable level of performance when delivering a service under normal conditions (i.e., expected level of demand for regular day-to-day operations).
Alongside a public consultation, in October 2020 FSRA launched 22 service standards (Appendix B) measuring timeliness and accountability. FSRA collected feedback and, where practicable, revised the standards and/or targets. Service standard performance against targets will be reported quarterly, beginning in early 2021 (Figure 2).
Figure 2: Number of FSRA Service Standards by Sector, 2021
These performance measures and targets will be published, tested, revised and improved periodically. This review will apply to the annual business plan process and the associated priorities, as well as the operational service standards. During service standard reviews, the standards will be fully assessed. This may result in augmentations and/or deletions to support delivery of meaningful and cost- effective information.
FSRA has adopted a three-lines-of- defence model to its operation. The first line of defence is performed by the risk owners, covering risk identification, assessment and mitigation.
The second line of defence is the responsibility of the risk function, performing oversight, monitoring and reporting of FSRA’s risk profiles.
The third line of defence, internal audit, is outsourced to a major accounting firm. The Internal Auditor reports to the Audit and Finance Committee (AFC) of the Board on financial matters and to other Board committees on matters related to their oversight areas. The AFC oversees the internal auditor on behalf of the Board.
FSRA is guided by a comprehensive Enterprise Risk Management (ERM) Framework. To effectively fulfill its statutory objectives and mandated responsibilities, FSRA will continue to upgrade its Framework along with relevant risk tools to align with the needs of its operational requirements and to adapt to the changing risk environment.
Risk management at FSRA is supervised at both the executive level and the Board level. At the operational level, FSRA’s risk management oversight function rests with the Chief Risk Officer and his team. The Risk Management Committee (RMC), which includes FSRA’s executive team, supports the risk management team as a forum for communication and oversight of FSRA’s corporate-wide risk profile and risk-mitigation strategies. At the Board level, the Governance Committee of the Board oversees risk at the broader enterprise level under a delegated authority while the Board has ultimate oversight for risk.
The effective operationalization of the ERM Framework is fulfilled by the Risk Appetite Statement, which is in the process of being finalized. It will serve to guide FSRA in ensuring it is taking acceptable levels of risks in delivering its mandate and pursuing its strategic goals and objectives.
FSRA’s risk culture will continue to drive the operationalization of the ERM Framework. Risk owners will continue to be responsible for risk identification, assessment and mitigation functions, while the risk management team takes an active role in performing its second line of defense function. On a periodic basis, FSRA has been actively tracking its risk exposures and closely monitoring risk-mitigation strategies through a quarterly risk-monitoring process. Risk profiles are tracked and presented by functional areas at RMC meetings for executive review and to the Governance Committee of the Board.
The Compliance Enterprise Framework has been developed to establish a process for adherence to applicable legislation, regulation and directives. The framework highlights the roles and responsibilities of internal stakeholders and the standard of operations required to carry out daily activities, through well- drafted approved policies, awareness and training, compliance attestations, regulatory watch, and continuous monitoring of functional areas.
FSRA continues to improve its Privacy Management Program to meet its legislative obligations under the Freedom of Information and Protection of Privacy Act (FIPPA). This includes evaluating projects that involve the collection, use and/or disclosure of personal information to ensure compliance with the FIPPA, identifying privacy risk and mitigation strategies, and providing privacy training to staff across the organization with the goal of ensuring awareness of FSRA’s privacy obligations under the FIPPA. FSRA will continue to reinforce the importance of privacy across all functional areas.
Overall, at the enterprise level, FSRA is currently exposed to the major risks identified in Table 1. In response, FSRA has put in place adequate mitigation plans to ensure that these risks are properly addressed. The risk management team performs effective challenge to monitor the accuracy of FSRA risk assessments and the effectiveness of mitigation plans, on an ongoing basis.