Consultation Draft Sound Business and Financial Practices Rule - Summary of stakeholders’ feedback and FSRA’s responses | Financial Services Regulatory Authority of Ontario

(Pre-FSRA board approved version)

Background

FSRA’s consultation draft Sound Business and Financial Practices Rule (Rule) sets out principles-based and outcomes-focussed requirements for credit unions and caisses populaires (CUs) with respect to their corporate governance, risk management and financial practices. It aims to improve corporate governance standards, protect members and depositors, enhance public confidence in the CU sector, and provide clarity on matters that are not explicitly addressed in the existing framework, such as internal audit, oversight functions and subsidiary governance. It is also consistent with FSRA’s priority to modernize the CU framework and transition to principles-based regulation (PBR).

The Rule, in conjunction with FSRA’s proposed Risk-Based Supervisory Framework (RBSF), is intended to replace the existing By-Law No. 5 (Standards of Sound Business and Financial Practices) and related documents inherited by FSRA from the Deposit Insurance Corporation of Ontario (DICO). This would reduce the number of prescriptive legal requirements to which CUs are currently subject.

FSRA is authorized to make the Rule pursuant to paragraph 1 of s. 285(1) of the Credit Unions and Caisses Populaires Act, 2020 (CUCPA 2020), if it is proclaimed into force, and paragraph 1 of s. 321.0.4(1) of the Credit Unions and Caisses Populaires Act, 1994.

Stakeholder consultation

On June 14, 2021, the Rule was posted for public consultation for a 90-day period, ending on September 14, 2021. During this period, FSRA held a technical briefing that was accessible to the public and engaged in multiple meetings with CU sector stakeholders to respond to comments and questions about the Rule.

Generally, stakeholders indicated their support for the Rule but requested clarification with respect to certain matters, including board composition, the roles and responsibilities of the board and senior management, remuneration, oversight functions, reporting and disclosure, and subsidiary governance.

Outcome of stakeholder consultation

Based on the feedback received during the consultation period, FSRA is considering changes to the Rule to clarify:

the roles and responsibilities of the Board and senior management as they relate to
- proposing, nominating and appointing directors;
- hiring and remuneration policies and practices; and
- reporting processes and controls;
the fact that the oversight functions need not necessarily be separated in order to ensure independence (except the head of the Internal Audit function);
the role of the oversight functions and the fact that the appointment of the head of the Risk Management function must be approved by the Board;
that the Board and senior management of a CU must have effective oversight of a subsidiary, but not usurp the roles of the subsidiary’s Board and senior management; and
requirements around information-sharing by a subsidiary with its parent CU and, where there is a legal basis for refusing to share information, a requirement for the CU to provide FSRA with reasonable notice and an explanation.

The changes being considered by FSRA aim to address feedback received by clarifying FSRA’s policy intent, but do not represent material changes to the Rule. As such, FSRA does not intend to hold a second public consultation before finalizing the Rule.

Feedback from the consultation

FSRA would like to thank all stakeholders that commented on the Rule. All comments have been carefully considered.

FSRA received written submissions from the following eleven CUs and associations, which are available on FSRA’s website:

	CU/Association	Representative
1	Alterna Savings (“Alterna”)	Rob Paterson
2	Canadian Bankers Association (“CBA”)	Alex Ciappara
3	Canadian Credit Union Association (“CCUA”)	Nick Best
4	Desjardins Group (“Desjardins”)	Bernard Brun
5	DUCA Financial Services CU (“DUCA”)	Doug Conick
6	FirstOntario CU (“FirstOntario”)	Lloyd Smith
7	“Group of Five”	Alterna, DUCA, FirstOntario, Libro and Meridian
8	Kingston Community CU (“KCCU”) Note: KCCU expressed support for the CCUA’s submission. This is indicated in the rows below by adding reference to KCCU in brackets after CCUA.	Jon Dessau and the Board Governance Committee
9	Meridian CU (“Meridian”)	Brigitte Catellier
10	Parama CU (“Parama”)	Tarmo Lobu
11	Your Neighbourhood CU (“YNCU”) Note: YNCU expressed support for the CCUA’s and Group of 5’s submissions. This is indicated in the rows below by adding reference to YNCU in brackets after CCUA and Group of 5.	Anthony Piscitelli and Gord Harrison

Subject	Stakeholders	Summary of Stakeholders’ Feedback	FSRA’s Response
Support for Rule and PBR	Alterna CBA CCUA (KCCU and YNCU) Desjardins DUCA KCCU Meridian Parama YNCU	Stakeholders were supportive of the Rule and pleased that it generally conforms to the spirit of PBR. They welcomed FSRA’s efforts to transition its regulatory approach to PBR and outcomes-focused regulation, as evidenced in the Rule, and anticipated that this would strengthen the CU sector. Stakeholders expressed the view that the Rule, together with the proposed RBSF being developed by FSRA, would reduce reliance on inherited prescriptive legal requirements and replace not only By-Law No. 5 but, more importantly, the highly prescriptive reference manuals, self-assessment workbooks and guidance inherited by FSRA from DICO.	FSRA would like to thank stakeholders for their support of the Rule and FSRA’s transition to PBR. The Rule is intended to be principles-based and to provide flexibility to CUs in determining how to comply with its outcomes-focused requirements.
Costs and compliance	DUCA Group of 5 (YNCU) Parama	Several stakeholders expressed concerns that the Rule is ambiguous in places and, without clarification, could result in CUs violating the Rule and incurring material costs. Most of these concerns stem from the apparent confusion in the Rule as to the roles and responsibilities of the Board, oversight functions and senior management, and misunderstanding of the description of “independence” and how it applies to these entities.	FSRA is considering changes to the Rule (summarized below) to address areas of potential ambiguity. FSRA does not expect that well-governed CUs will incur additional material costs as a result of the Rule. FSRA intends to supervise using the Rule in accordance with the proposed RBSF and, where authorized by the Rule, it would do so in a proportionate manner. Consistent with our current supervisory practices using By-Law No. 5, any concerns regarding the need for a CU to enhance or upgrade its corporate governance and risk management processes and procedures in light of the Rule will be addressed during FSRA’s supervisory process.
Proportionality	CCUA (KCCU and YNCU) KCCU Parama	Several stakeholders recommended that proportionality should apply to all aspects of the Rule and FSRA’s supervision of it. This would be of particular benefit to smaller CUs since their “nature, size, complexity, operations and risk profile” may require them to operationalize the Rule’s requirements differently than larger CUs. Two stakeholders suggested that the concepts of “appropriate and prudent” are more apt than that of “proportionality” since the former would give CUs flexibility to determine the appropriateness of a policy or procedure and demonstrate this to FSRA; whereas, the latter places the onus on FSRA to demonstrate that its interventions are proportionate to the risk being addressed.	The Rule would expressly authorize CUs to approach some, but not all, requirements in a proportional manner. For example, remuneration programs, policies and practices for Board members, Board committee members, senior management and employees of a CU may be structured in a manner that is proportionate to a CU’s nature, size, complexity, operations and risk profile. It would not be appropriate to apply proportionality to all aspects of the Rule since some requirements should be satisfied by all CUs, regardless as to their nature, size, complexity, operations and risk profiles (e.g., requirements relating to the implementation of appropriate reporting processes and controls). The RBSF is expressly risk-based, so the degree of FSRA’s supervisory intensity would be proportionate to the risk being addressed. In other words, while FSRA agrees that regulatory intensity is related to proportionality, the focus and onus would be on CUs to demonstrate compliance with the Rule.
Independence	CCUA (KCCU and YNCU) DUCA Group of 5 (YNCU) Meridian	Several stakeholders found the application of the concept of independence, as described in the Rule, to be unclear with respect to the oversight functions. They also questioned how the heads of the oversight functions could be both independent and part of senior management or report to senior management. In addition, they expressed their concern that the description of independence would require CUs to substantially reorganize their affairs with respect to the oversight functions.	In response to comments, FSRA is considering changes to the Rule which would clarify the application of independence in relation to the oversight functions (see “Oversight Functions” below).
Co-operative principles	Group of 5 (YNCU) Meridian	Several stakeholders expressed their concern that the Rule authorizes FSRA to interpret and define the co-operative principles set out in the Rule, and that this could result in the imposition of future requirements on CUs. They also queried how FSRA would consult on any such interpretations or definitions.	FSRA may issue an interpretation of any provision contained in statutes under its administration, as well as regulations and FSRA rules. If FSRA were to interpret or define the co-operative principles set out in the Rule, it would do so as Interpretation Guidance and follow the process set out in FSRA’s Guidance Framework.
Composition of the Board	CCUA (KCCU and YNCU) DUCA Group of 5 (YNCU)	Stakeholders expressed their concern that the Rule does not adequately reflect the principle of “democratic member control” or accurately distinguish between the roles of the Board and senior management with respect to the appointment of directors. In particular, stakeholders requested clarification that senior management cannot appoint a director to the Board; only the Board can do so in certain circumstances. In addition, stakeholders want FSRA’s supervisors to be aware that, despite the desire for a CU’s Board to have appropriate skills, education, experience and commitment, members may elect directors that do not possess these qualities.	FSRA acknowledges that CU Boards are elected by their members in accordance with co-operative principles (i.e., democratic control). FSRA is considering changes to clarify that the Board or senior management may propose or nominate directors to be elected by members, or in specific circumstances, that the Board may temporarily appoint directors (as permitted under the CUCPA 2020 and its regulations), but not that the Board or senior management controls who is ultimately elected by the members.
Responsibilities of the Board and Senior Management	Alterna CCUA (KCCU and YNCU) Desjardins DUCA Group of 5 (YNCU) Meridian Parama	Stakeholders recommended that the roles of the Board and senior management be more clearly differentiated in the Rule. In particular, stakeholders requested that the Rule be clarified to ensure that the Board is responsible to “oversee and approve” matters, but not to be involved in the day-to-day operations of the CU, which are the responsibility of senior management. Stakeholders noted that the CEO and senior management of a CU should be responsible for certain operational activities, not the Board, and expressed concern that the Rule does not adequately address the CEO’s Board-delegated authority and responsibilities. Stakeholders commented on the nature, scope and potential costs associated with the “ethical framework” for operational management, and queried whether this ethical framework is the same as the Market Code of Conduct or a Code of Ethics.	FSRA is considering proposed changes to the Rule to clarify that the Board has oversight and approval responsibilities, but is not responsible for the day-to-day operations of a CU or its operational procedures. This distinction is consistent with the CUCPA 2020 and good governance practices. With respect to the requirement to “identify an ethical framework” for operational management, FSRA will take a principles-based and outcomes- focused approach, and will work with CUs to determine what type of ethical framework would best satisfy this requirement, given the nature, size, complexity and risk profile of the CU.
Integrity in Reporting and Disclosure	Alterna CBA Group of 5 (YNCU) Meridian Parama	Stakeholders recommended clarification that the disclosure of information to members, regulators and other stakeholders regarding a CU’s business and operations should not be based on what information such persons feel they are entitled to but, rather, on what CUs are required to disclose by law. Stakeholders recommended replacing the words “viability and prospects” with “risks and outlook”, based on prevailing disclosure standards. One stakeholder recommended that CUs be subject to the same disclosure requirements as federally regulated deposit-taking institutions, including the requirement that they disclose their financial statements and regulatory ratios to the general public (“Pillar 3”).	FSRA is considering narrowing the scope of information that is required to be disclosed to members, regulators and other stakeholders of a CU regarding the CU’s business and operations. FSRA is considering changes to address the phrase “viability and prospects”. Requiring public disclosure of CUs’ financial statements and regulatory ratio is not being considered at this time. Unlike banks, CUs are member-owned financial institutions, some of which have closed bonds of association, and they are required to provide their members and other relevant stakeholders with this information. FSRA may consider the potential for Pillar 3 adoption in future, as the CU sector transitions to international standards.
Remuneration	Alterna CCUA (KCCU and YNCU) Desjardins DUCA Group of 5 (YNCA) KCCU Meridian Parama	Stakeholders commented that the requirement for CUs to disclose their policies and procedures regarding directors’ and senior management’s remuneration is too granular and unnecessarily prescriptive. Several stakeholders expressed concern about the requirement that the remuneration of employees engaged in the oversight functions be independent of the business areas that they oversee. Stakeholders noted that the heads of the oversight functions (e.g., the CFO and CRO) are integrated and directly engaged in a CU’s operations, especially in a smaller CU. This requirement would preclude variable compensation tied to business performance, and result in misalignment, unnecessarily complicated compensation and incentive programs, and increased costs. Stakeholders noted that it would be difficult, especially for smaller CUs, to ensure that remuneration was adjusted for “all types of risk” and “symmetric with risk outcomes”.	FSRA is considering clarifying the desired outcomes associated with the disclosure of remuneration programs, policies and procedures. FSRA is also considering removing references to various types of remuneration (e.g., bonuses).
Oversight Functions	Alterna CCUA (KCCU and YNCA) DUCA Group of 5 (YNCA) Meridian Parama YNCU	Stakeholders requested that FSRA allow proportionality to guide its expectations of CUs and senior management and employees who work in the oversight functions. They noted that the heads of the oversight functions may have multiple roles within a CU and are often directly engaged in the business of the CU. Also, by virtue of their direct, functional reporting relationship to the CEO, the heads of the oversight functions are expected to provide input on key business decisions. Stakeholders stated that it is up to the CU to ensure that the heads of the oversight functions are able to fulfil their responsibilities in an independent manner. Stakeholders requested clarification that, if an oversight function is outsourced, senior management of the CU should remain accountable for it. Stakeholders recommended that some prescriptive wording be removed, and that “unrestricted access” to the Board be appropriately qualified or replaced with “unfettered access”, consistent with the requirement for federally regulated banks.	FSRA is considering adding explicit reference to proportionality as it would apply to the establishment and maintenance of oversight functions (including through an outsourcing arrangement), as well as to the requirement for independence of the heads of such functions. The oversight functions of a CU need not necessarily be separate in order to ensure independence. A CU may, if appropriate and as determined on a proportional basis, combine its Risk Management, Compliance and/or Finance functions, including the heads of such oversight functions; however, they may not combine the Internal Audit function with any other function. FSRA is considering changes to the Rule which would clarify this position. FSRA is considering aligning the Rule relating to the role, appointment and reporting of the heads of oversight functions with the requirements for federally regulated banks, and requiring that these heads have direct and “unfettered access” to the Board or a suitable Board committee. FSRA is also considering clarifying that the heads of the oversight functions should engage in regular reporting to the Board or a suitable Board committee, but not a day-to-day reporting relationship.
Internal Audit Function	DUCA Group of 5 (YNCA) Meridian	Stakeholders noted the critical nature of the Internal Audit function and the need for it and its head to be independent of the other oversight functions and heads. They also recommended that the head of Internal Audit have a functional reporting line to the Board. Some stakeholders expressed concern that the Rule’s description of independence may preclude those in Internal Audit from being members of the CU. A few stakeholders noted that some prescriptive elements are present and that the Internal Audit function does not oversee the implementation of management action plans to address Internal Audit’s findings and recommendations but, rather, monitors implementation.	FSRA agrees that the Internal Audit function must be independent of the other oversight functions and have a functional reporting line to the Board. FSRA notes that the Rule does not preclude a member of the Internal Audit function from being a member of a CU. The provision does not require Internal Audit to implement management action plans; rather, it requires that reasonable actions have been implemented by senior management in response to any risk identified in an audit report.
Risk Management Function	CCUA (KCCU and YNCU) DUCA Group of 5 (YNCU)	A few stakeholders requested clarification with respect to the role of the Board in “appointing” the head of the Risk Management function, and questioned whether the head of this function should be required to report directly to the Board.	The intent of the Rule is to require that the Board only oversee and approve the appointment of the head of the Risk Management function, but not to be involved in the hiring process. FSRA is considering a change to the Rule to clarify this intent.
Compliance Function	CCUA (KCCU and YNCU) Group of 5 (YNCU) Parama	A few stakeholders requested clarification with respect to the requirement for the head of the Compliance function to report to the Board, noting that only the CEO “reports” directly to the Board. Clarification was also requested as to whether the Compliance function could be combined with other oversight functions, especially in the case of a smaller CU.	FSRA is considering clarifying this relationship. The head of the Compliance function would be required to provide regular reporting to the Board of the CU. FSRA is considering clarifying that oversight functions (other than Internal Audit) can be combined together under one head.
Finance Function	Alterna DUCA FirstOntario Group of 5 (YNCA) Parama	Several stakeholders queried the Rule’s description of the Finance function’s activities and noted that they are too prescriptive. Stakeholders also questioned how the Finance function could be independent.	FSRA is considering changes to make this section less prescriptive and more principles-based. FSRA is also considering clarifying that the financial services, reporting and analysis should be provided by the Finance function to the other oversight functions, senior management and the Board, rather than the CU as a whole. FSRA is also considering changes with respect to the oversight functions more generally that would permit the Finance function to be combined with other oversight functions (except Internal Audit). The Finance function as a whole may be directly engaged, through the services it provides, with operational management and the other oversight functions. However, the Finance function should be able to demonstrate that it is able to act independently when carrying out oversight-related activities, such as developing finance-related policies and procedures to be used across the CU.
Operational Management	Alterna Group of 5 (YNCA)	A few stakeholders noted that this section is too prescriptive and expressed concern about the possibility that operational management could violate the independence requirements in the Rule.	FSRA notes that operational management relates to the day-to-day operations of the CU and not the oversight of these operations. This is the only principle for operational management, and it is important to provide clarity regarding FSRA’s expectations. Operational management is not an oversight function; thus, independence does not apply in this context. The details in this section of the Rule do not limit or preclude senior management from assigning other responsibilities to operational management.
Subsidiary Governance	Alterna CCUA (KCCU and YNCU) Group of 5 (YNCU) Meridian	Several stakeholders noted that the Rule requires the heads of a CU’s oversight functions to oversee risk, compliance, finance and internal audit of a CU’s subsidiaries, and to report on risks to the CU’s Board, and recommended that the responsibilities of a CU’s Board be limited to the CU in order to respect the fiduciary duties of the boards of subsidiaries. With respect to regulated subsidiaries, particularly financial institutions that are regulated by the Office of the Superintendent of Financial Institutions (OSFI), stakeholders recommended changes to the Rule to ensure that there is no duplication of regulatory activity, and noted that subsidiaries may not be legally authorized to share information with the CU.	Good subsidiary governance by parent financial institutions has become very important as international financial regulators and supervisors have moved to consolidated supervision. In the past, significant risks to parent institutions have come from high risk or poor controls at subsidiaries. This section would require the parent CU’s Board and senior management to have an appropriate level of oversight of the activities (fiduciary and non-fiduciary) of its subsidiaries. The activities of a subsidiary are considered to be part of the activities of the parent CU because significant risk to the parent can come from its subsidiaries. FSRA is also considering clarifying that a CU subsidiary would not be required to share information with its parent CU if prohibited by law; however, FSRA should receive reasonable notice and an explanation from the CU in such cases.
Incorporate all corporate governance requirements in the Rule and RBSF	Meridian	One stakeholder recommended that FSRA adopt OSFI’s practice of putting all corporate governance-related requirements in one document (in OSFI’s case, in its Corporate Governance Guideline), instead of having them in multiple documents dealing with different subject matters (e.g., risk management and capital). This stakeholder recommended that FSRA’s corporate governance requirements for CUs should only be found in the Rule and the RBSF.	FSRA will consider this suggestion for future development of its guidance regarding corporate governance.
Transition period	FirstOntario Meridian	A few stakeholders recommended that FSRA add a transition period to the Rule, delaying its effective date in order to give CUs time to make any necessary changes to fully comply with the Rule. One stakeholder recommended a three-year transition period.	The proposed changes to the Rule that FSRA is considering should minimize the need for any significant adjustments by CUs and, if such changes are made to the Rule, well-governed CUs should not be required make substantive changes as a result. FSRA intends to apply this Rule through its normal supervisory process and any concerns regarding the need for a CU to enhance or upgrade its corporate governance and risk management processes and procedures in accordance with the principle of proportionality will be addressed through that process. In addition, strong corporate governance requirements are necessary to counterbalance the additional flexibility and powers granted to CUs under the CUCPA 2020, which is expected to be proclaimed into force in early 2022.