< Back to Performance Measures & Targets

Table 1: FSRA Major Risks

Legend:  Improving     Stable     Deteriorating Deteriorating

 

Risk Title

Trend

Mitigation

1. Sustainability of funds

 

Insufficient DIRF

  • DIRF Risk arising from an insufficient DIRF to pay insured depositors of insolvent credit unions

 

FSRA closely monitors liquidity and capital ratios at all credit unions, through information returns, and intervenes when necessary.


FSRA is enhancing the DIRF adequacy assessment methodology.

 

Limited access by credit unions to emergency liquidity funding

  • Risk of not having an established emergency liquidity access for credit unions in times of crisis due to legislative impediments.

 

In December 2020, FSRA entered into a new $2 billion line-of-credit agreement with the Ontario Financing Authority (OFA), which better enables FSRA to provide emergency liquidity to otherwise viable credit unions experiencing short-term liquidity stress, thus maintaining stability and confidence.


FSRA has established relevant Memorandum of Understandings with the BC Financial Services Authority for the exchange of data, including Central 1 liquidity information, and with the Bank of Canada (BOC), which could enable future access for Ontario credit unions to the BOC’s liquidity funding facilities. Moreover, as of December 31, 2020, Central 1 has legally segregated its Mandatory Liquidity Pool into a structure that is better protected from creditors of Central 1.

 

Insufficient PBGF

  • Risk of an insufficient PBGF, to cover claims arising from a SEPP solvency funding deficit and insolvency of Plan Sponsor(s), at the same time.

 

FSRA focuses on prudential supervision of SEPPs for early risk identification, monitoring and intervention, to minimize the potential claims to the PBGF.


FSRA is working on a return-seeking investment strategy to support the prudent management of assets in the PBGF and better tools (e.g., stochastic modelling) to better assess potential PBGF draws and enable FSRA to more effectively manage the fund.

2. Organizational maturity challenges

 

Legacy: Unsupported software & technology stack and legacy domains

  • Risk that key business applications are running an unsupported technology stack, security patches are unavailable, and applications run into issues that cannot be resolved in a timely manner.

 

FSRA has developed a digital transformation blueprint, which aligns processes, data, technology, and stakeholder interactions with FSRA’s business vision and priorities. The digital transformation program is expected to replace the legacy applications by 2025.


Currently, FSRA ensures that a back-up of systems is performed regularly. A Disaster Recovery Playbook was written and tested in 2019 and a domain consolidation project was completed.


In addition, FSRA is in the process of performing 2020 Runbook review and updates, tactical application enhancements, and decommissioning of systems, as part of the upgrade or digital transformation program.

 

Cybersecurity

  • Risk that FSRA systems are breached or compromised, which may lead to the theft of information and/or impairment of FSRA’s ability to sustain IT operations.

 

FSRA has taken action to mitigate the most serious exposures and is implementing a cybersecurity program, tools and controls to set up a modern and adequate cybersecurity practice. The overall cybersecurity program is driven by the National Institute of Standards and Technology Cybersecurity Framework, which leverages a risk-based approach to address the cyber threats faced by the organization. At this stage, FSRA’s priority includes policy, governance, process, risk management and resourcing, to support operational capabilities that will be acquired and developed. Certain tactical, operational and technological capabilities, such as training and awareness and testing defences, are being prioritized in the short-term to address cyber risks of higher concern.


Moreover, to improve protection, FSRA built and implemented a new primary data centre presence located in Guelph. A Chief Information Security Officer was also appointed to drive cybersecurity initiatives to enhance the organization’s overall cybersecurity posture.

 

Regulatory & Cultural Transformation

  • Risk that FSRA needs to transform the regulatory frameworks and organizational culture it inherited, through an aggressive set of transformative priorities, while continuing to provide effective and efficient day-to-day regulation with limited resources.

 

FSRA continues to monitor service delivery and ensure it is consistent with published commitments, such as burden reduction and regulatory effectiveness.


FSRA has implemented transformative work to change the organization’s culture, to re-think its regulatory foundations, and to focus on both core regulatory activities and priorities, through a structure and personnel that combine attention to core regulation and substantive specialist expertise, and an organization that is highly collaborative and transparent with its stakeholders.

3. Emerging risks associated with COVID-19

 

Macroeconomic & Systemic

  • Risk that the economic downturn brought about by the pandemic may threaten the financial soundness and stability of FSRA’s regulated financial sectors.

Deteriorating

 *

FSRA places strong focus in promoting effective governance and risk management in the regulated sectors.


FSRA is closely monitoring the financial soundness of the regulated sectors, using available tools, and issues regulatory relief or guidance to regulated sectors, as appropriate. Moreover, it is in constant coordination with other regulators and relevant government agencies as part of its strategy to monitor the systemic impact of the pandemic to the financial industry. This involves ensuring within FSRA’s legislative capacity that appropriate liquidity facilities applicable to its regulated sectors are in place and readily accessible during a systemic crisis.

 

Operational Resilience

  • Risk of a service disruption due to events such as a pandemic, cybersecurity, physical disaster and systemic risk events.

 

FSRA has completed the Business Continuity Management Policy and Cyber Security Policy to manage risks, which may affect operational resilience. FSRA has developed Pandemic Crisis, Cyber Security, Systemic Crisis and Physical Disaster Playbooks to provide guidelines in disruptive situations including COVID-19 crisis.

* Reflects general deterioration due to the pandemic