Skip to content | Skip to institutional links

Common menu bar links

This Web page has been archived on the Web.

Left hand menu

Canada Gazette
Consultation
- What is the consultation process?
- Current Consultations
Archives
Publishing Information
Resources
Stay in Touch
- RSS Feeds
Proactive Disclosure
- Proactive Disclosure

Vol. 135, No. 17 — August 15, 2001

Registration
SOR/2001-299 2 August, 2001

CANADA DEPOSIT INSURANCE CORPORATION ACT

Canada Deposit Insurance Corporation Standards of Sound Business and Financial Practices By-law

The Board of Directors of the Canada Deposit Insurance Corporation, pursuant to paragraphs 11(2)(e) (see footnote a) and (g) (see footnote b) and subsections 21(2) (see footnote c) and 25.1(1) (see footnote d) of the Canada Deposit Insurance Corporation Act, hereby makes the annexed Canada Deposit Insurance Corporation Standards of Sound Business and Financial Practices By-law.

August 2, 2001

The Minister of Finance, pursuant to subsection 21(3) of the Canada Deposit Insurance Corporation Act, hereby approves sections 37 and 38 of the annexed Canada Deposit Insurance Corporation Standards of Sound Business and Financial Practices By-law made by the Board of Directors of the Canada Deposit Insurance Corporation.

Ottawa, August 2, 2001

CANADA DEPOSIT INSURANCE CORPORATION STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES BY-LAW

INTERPRETATION

1. (1) The following definitions apply in this By-law.

"appropriate", in relation to a thing so described, means that a knowledgeable individual in the financial institutions industry would conclude that it is suitable for its intended purpose, having regard to the nature, magnitude, complexity and implications of the matter in question. (adéquat)

"business objectives" means short- and long-term operating and financial objectives. (objectifs commerciaux)

"business plan" means a detailed description of how particular operations are to be conducted in implementing a business strategy. (plan d'exploitation)

"business strategy" means a detailed description of how business objectives are to be achieved. (stratégie d'entreprise)

"capital management" means the determination, allocation and maintenance — as to both quantity and quality — of the capital needed to support current and planned operations. (gestion du capital)

"CDIC standards" means the standards of sound business and financial practices for member institutions established in Part 1. (normes de la SADC)

"control environment" means the environment that results from the following factors: approach to governance, management style, organizational structure, resource commitments, communication style, procedures and controls and the level of adherence thereto, the conduct of personnel, and human resource policies and practices. (milieu propice à la maîtrise)

"credit risk", in relation to a member institution, means the risk of loss to which the institution is exposed that is attributable to the possibility that persons will fail to honour their obligations, whether on- or off-balance sheet, to the institution or to any of its subsidiaries. (risque de crédit)

"Differential Premiums By-law" means the Canada Deposit Insurance Corporation Differential Premiums By-law. (Règlement administratif sur les primes différentielles)

"effective", in relation to a thing so described, means that a knowledgeable individual in the financial institutions industry would conclude that it is achieving, or can reasonably be expected to achieve, its intended purpose. (efficace)

"examiner" has the same meaning as in subsection 1(1) of the Differential Premiums By-law. (inspecteur)

"fiduciary risk", in relation to a member institution, means the risk of loss to which the institution is exposed, whether directly or as a result of adverse effects on its reputation, that is attributable to the possibility that the institution or any of its subsidiaries will breach their duties or obligations in the course of holding, administering, managing or investing assets on behalf of other persons, or in the course of providing investment advice to other persons. (risque fiduciaire)

"funding management" means the management of the sources, levels and concentration of funding, both on- and off-balance sheet. (gestion du financement)

"liquidity management" means the management of cash flow and the concentration of assets and liabilities, both on- and off-balance sheet, for the purpose of obtaining a desired relationship between cash inflows and cash outflows. (gestion des liquidités)

"market risk", in relation to a member institution, means the risk of loss to which the institution is exposed that is attributable to the possibility of adverse changes in the values of financial instruments and other investments or assets owned by the institution or any of its subsidiaries, whether on- or off-balance sheet, as a result of changes in market rates or prices. (risque de marché)

"operational risk", in relation to a member institution, means the risk of loss, whether direct or indirect, to which the institution is exposed that is attributable to the possibility of disruptions in the operations of the institution or any of its subsidiaries caused by external events, human error, or the inadequacy or failure of processes, procedures or controls. (risque d'exploitation)

"operations" means business activities and the functions that support those activities. (activités)

"prudent", in relation to a thing so described, means that a knowledgeable individual in the financial institutions industry would conclude that it is the product of the exercise of careful and practical judgment, having regard to business objectives, risks, the business and economic environment, and the quantity, quality and sustainability of earnings, liquidity, funding, capital and other resources. (prudent)

"resources" includes financial, informational and human resources and technology. (ressources)

"senior management", in relation to a member institution, means

(a) the chief executive officer, the chief operating officer and the president of the institution, and any individuals who perform the functions that normally are performed by a chief executive officer, a chief operating officer or a president in the financial institutions industry;

(b) all individuals who are directly accountable to the board of directors of the institution, or to the chief executive officer, the chief operating officer or the president, for the management of a significant operation of the institution; and

"significant operations", in relation to a member institution, means operations that have an important influence — whether quantitative or qualitative — on the institution's earnings, liquidity, funding, capital, reputation or brand value, or that are important to the achievement of the institution's business objectives or the implementation of its business strategy and business plans, and includes any such operations that are conducted through one or more subsidiaries of the institution. (activités importantes)

"significant risk", in relation to a member institution, means a risk or a combination of risks to which the institution is exposed, whether directly or through one or more of its subsidiaries, that is important because of the probability of occurrence, the severity of impact or both, and that could have an adverse effect — whether quantitative or qualitative — on the institution's earnings, liquidity, funding, capital, reputation or brand value, or on the ability of the institution to achieve its business objectives or implement its business strategy and business plans. (risque important)

"standards year" means the period beginning on July 15 in one year and ending on July 14 in the next year. (année d'application des normes)

"structural risk", in relation to a member institution, means the risk of loss to which the institution is exposed that is attributable to the possibility that assets and liabilities, whether on- or off-balance sheet, of the institution or one or more of its subsidiaries will be mismatched as regards their final maturity dates, repricing dates, currency of denomination, or type of commodity. (risque structurel)

"subsidiary" has the same meaning as in section 2 of the Bank Act. (filiale)

"technology", in relation to a member institution, means the facilities, platforms, computer systems (both hardware and software), data files and other technological systems that support the operations of the institution. (moyens techniques)

(2) For the purposes of this By-law, a member institution is in control when it can demonstrate that

(a) its operations are subject to effective governance by its board of directors, are being managed in accordance with ongoing, appropriate and effective strategic, risk, liquidity, funding and capital management processes, and are being conducted in an appropriate control environment; and

(b) any significant weaknesses or breakdowns relating to those matters are being identified, and appropriate and timely action is being taken to address them.

PART 1

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES

Establishment of Standards

2. The sound business and financial practices set out in sections 3 to 22 are established as standards for member institutions.

Standards Relating to the Board of Directors

General

3. It is a sound business and financial practice for the board of directors of a member institution to

(a) understand its responsibilities and evaluate objectively, on a regular basis, its effectiveness in fulfilling those responsibilities;

(b) exercise independent judgment in directing and overseeing the operations of the institution;

(c) establish the responsibilities and authority of board committees and of the institution's senior management, as well as accountability requirements for them;

(d) appoint to senior management positions individuals who are suitably qualified and capable of managing the operations of the institution effectively and prudently, and plan for their succession;

(e) satisfy itself, on a regular basis, that the institution's compensation plans are consistent with the sustainable achievement of the institution's business objectives, the prudent management of its operations and the risks to which it is exposed, and adherence to its processes, policies, procedures and controls;

(f) establish standards of business conduct and ethical behaviour for the institution's directors, senior management and other personnel, and obtain, on a regular basis, reasonable assurance that the institution has an ongoing, appropriate and effective process for ensuring adherence to those standards as referred to in section 21; and

(g) evaluate, on a regular basis, the effectiveness and prudence of senior management in managing the operations of the institution and the risks to which the institution is exposed.

Strategic Management

4. It is a sound business and financial practice for the board of directors of a member institution to

(a) establish the business objectives of the institution, consider and approve the institution's business strategy and its business plans for significant operations, and review those things at least once a year to ensure that they remain appropriate and prudent in light of the institution's current and anticipated business and economic environment, resources and results;

(b) evaluate frequently the institution's actual operating and financial results against forecast results, in light of the institution's business objectives, business strategy and business plans; and

(c) obtain, on a regular basis, reasonable assurance that the institution has an ongoing, appropriate and effective strategic management process as referred to in section 11.

Risk Management

5. It is a sound business and financial practice for the board of directors of a member institution to

(a) understand the significant risks to which the institution is exposed;

(b) establish appropriate and prudent risk management policies for those risks, including the policies referred to in sections 13 to 17, as applicable;

(d) obtain, on a regular basis, reasonable assurance that the institution has an ongoing, appropriate and effective risk management process as referred to in section 12 and that the institution's risk management policies for significant risks are being adhered to.

Liquidity and Funding Management

6. It is a sound business and financial practice for the board of directors of a member institution to

(a) understand the liquidity and funding needs of the institution;

(b) establish appropriate and prudent liquidity and funding management policies for the institution, taking into account the institution's significant operations, including policies on the sources, types and levels of liquidity that are to be maintained by the institution and policies that are designed to prevent the institution's funding from becoming unduly concentrated with respect to source, type, term to maturity or currency of denomination;

(d) obtain, on a regular basis, reasonable assurance that the institution has ongoing, appropriate and effective liquidity and funding management processes as referred to in section 18 and that the institution's liquidity and funding management policies are being adhered to.

Capital Management

7. It is a sound business and financial practice for the board of directors of a member institution to

(a) understand the capital needs of the institution;

(b) establish appropriate and prudent capital management policies for the institution, taking into account the institution's significant operations, including policies on the quantity and quality of capital needed to support the current and planned operations of the institution that reflect both the risks to which the institution is exposed and its regulatory capital requirements;

(c) review those policies once a year, or more frequently if necessary, to ensure that they remain appropriate and prudent; and

(d) obtain, on a regular basis, reasonable assurance that the institution has an ongoing, appropriate and effective capital management process as referred to in section 19 and that the institution's capital management policies are being adhered to.

Control Environment

8. It is a sound business and financial practice for the board of directors of a member institution to obtain, on a regular basis, reasonable assurance that the institution has a control environment as referred to in section 20.

Independent Inspection and Audit

9. It is a sound business and financial practice for the board of directors of a member institution to

(a) establish the mandate of, and allocate sufficient resources for, the institution's independent inspection and audit group, and approve its plan each year; and

(b) seek from the independent inspection and audit group, on a regular basis, validations that the institution's processes, policies, procedures and controls are being monitored and adhered to, and that appropriate action is being taken to address any significant weaknesses or breakdowns that have been identified.

Institution In Control

10. It is a sound business and financial practice for the board of directors of a member institution to obtain, on a regular basis, reasonable assurance that the institution is in control.

Standards Relating to Senior Management

Strategic Management

11. It is a sound business and financial practice for the senior management of a member institution to ensure that the institution has an ongoing, appropriate and effective strategic management process for

(a) developing and submitting to the board of directors of the institution for its consideration and approval business objectives for the institution;

(b) developing and submitting to the board of directors for its consideration and approval a business strategy for the institution that takes into account the institution's business and economic environment, its financial position, and the risks to which it is or will be exposed in conducting its current and planned operations;

(c) developing business plans for the institution, and submitting business plans for significant operations to the board of directors for its consideration and approval;

(d) implementing the institution's business strategy and business plans;

(e) reviewing the institution's business objectives, business strategy and business plans at least once a year to ensure that they remain appropriate and prudent;

(f) providing the board of directors with timely, relevant, accurate and complete reports on the implementation of the institution's business strategy and its business plans for significant operations, and on the institution's actual operating and financial results as against forecast results; and

(g) providing the board of directors with timely, relevant, accurate and complete reports that will enable it to assess whether the institution has an ongoing, appropriate and effective strategic management process.

Risk Management

General

12. It is a sound business and financial practice for the senior management of a member institution to ensure that the institution has an ongoing, appropriate and effective risk management process for

(a) identifying the risks to which the institution is or will be exposed, whether on- or off-balance sheet and whether directly or through one or more of its subsidiaries, in conducting its current and planned operations, and measuring those risks on an aggregate basis;

(b) measuring, on an aggregate basis, the different types of risk to which the institution is or will be exposed in relation to a single counterparty or issuer and groups of associated counterparties or issuers;

(d) developing appropriate and prudent risk management policies, including policies on aggregate exposure limits, submitting to the board of directors of the institution for its consideration and approval policies for managing significant risks, including the policies referred to in sections 13 to 17, as applicable, and reviewing the institution's risk management policies at least once a year to ensure that they remain appropriate and prudent;

(e) managing the risks to which the institution is exposed in accordance with the institution's risk management policies;

(f) establishing appropriate and effective procedures and controls for managing the risks to which the institution is exposed, including the procedures and controls referred to in sections 13 to 17, as applicable, monitoring adherence to those procedures and controls, and reviewing them on a regular basis to ensure that they remain appropriate and effective;

(g) providing the board of directors with timely, relevant, accurate and complete reports on the management of significant risks and on the procedures and controls for managing those risks;

(h) dealing with extraordinary events; and

(i) providing the board of directors with timely, relevant, accurate and complete reports that will enable it to assess whether the institution has an ongoing, appropriate and effective risk management process.

Credit Risk

13. (1) It is a sound business and financial practice for a member institution that is exposed to significant credit risk to have

(a) appropriate and prudent policies on the areas and types of credit, both on- and off-balance sheet, in which the institution is willing to engage; and

(b) appropriate and prudent policies on exposure limits for a single counterparty, for groups of associated counterparties, for industries or economic sectors, for geographic regions and for other credit exposures warranting aggregation, that take into account all other risks, both on- and off-balance sheet, to which the institution is exposed.

(2) It is a sound business and financial practice for a member institution that is exposed to significant credit risk to have procedures and controls for managing that risk, including

(a) defined and prudent levels of decision-making authority for approving credit exposures;

(b) an effective assessment and rating system for credit risk;

(d) an effective methodology for identifying, estimating, providing for and recording credit impairments.

Market Risk

14. (1) It is a sound business and financial practice for a member institution that is exposed to significant market risk to have

(a) appropriate and prudent policies on the types of financial instruments and other investments, both on- and off-balance sheet, in which the institution is willing to trade or take positions; and

(b) appropriate and prudent policies on exposure limits for a single issuer, for groups of associated issuers, for types of financial instruments and other investments or assets, for industries or economic sectors, for geographic regions and for other market exposures warranting aggregation, that take into account all other risks, both on- and off-balance sheet, to which the institution is exposed.

(2) It is a sound business and financial practice for a member institution that is exposed to significant market risk to have procedures and controls for managing that risk, including

(a) defined and prudent levels of decision-making authority for approving market exposures;

(b) fixed quality and return expectations for market exposures;

(c) a list of suitably qualified securities dealers and other counterparties with whom the institution is willing to deal;

(d) reliable data and effective techniques, such as stress testing and shock testing, for assessing the nature, quality and value of the institution's market exposures and for evaluating the extent of market risk to which the institution is or will be exposed under current and reasonably foreseeable scenarios;

(e) effective techniques for back-testing against actual results the assessments and evaluations made using the data and techniques referred to in paragraph (d); and

(f) an effective methodology for identifying, estimating, providing for and recording market impairments.

Structural Risk

15. (1) It is a sound business and financial practice for a member institution to have appropriate and prudent policies on the types and extent of structural risk to which it is willing to be exposed.

(2) It is a sound business and financial practice for a member institution to have procedures and controls for managing structural risk, including

(a) defined and prudent levels of decision-making authority; and

(b) effective techniques, such as stress testing and shock testing, for measuring the institution's structural risk positions and for evaluating the impact on those positions of changes in underlying factors under current and reasonably foreseeable scenarios.

Fiduciary Risk

16. (1) It is a sound business and financial practice for a member institution to have appropriate and prudent policies on the types of fiduciary activities in which it is willing to engage.

(2) It is a sound business and financial practice for a member institution that is exposed to significant fiduciary risk to have procedures and controls for managing that risk, including

(a) an ongoing, appropriate and effective process for ensuring that assets held, administered, managed or invested on behalf of other persons are dealt with prudently and in accordance with the agreements and arrangements made between the institution and those persons; and

(b) an ongoing, appropriate and effective process for ensuring that the investment advice provided to other persons is suitably represented and appropriate in light of their risk tolerances and reward expectations.

Operational Risk

17. (1) It is a sound business and financial practice for a member institution to have

(a) appropriate and prudent policies on the operational risk that is inherent in the operations of the institution; and

(b) if the institution uses outsourced services in conducting significant operations, appropriate and prudent policies on

(i) the circumstances in which outsourced services may be used,
(ii) the selection of capable and reliable service providers,
(iii) the standards of quality for outsourced services, including standards relating to accuracy, security and timeliness, and
(iv) the monitoring of the performance of, and the risks associated with, service providers.

(2) It is a sound business and financial practice for a member institution to have procedures and controls for managing the operational risk that is inherent in the operations of the institution, including

(a) a human resource management program that encompasses

(i) an ongoing, appropriate and effective process to attract and retain a sufficient number of qualified personnel to achieve the institution's business objectives and implement the institution's business strategy and business plans,
(ii) defined and prudent levels of decision-making authority,
(iii) the segregation of incompatible functional responsibilities,
(iv) the clear communication to personnel of their responsibilities, and
(v) the effective supervision of personnel;

(b) documentation of the institution's significant processes, policies, procedures and controls;

(c) valuation methods and accounting principles for the appropriate valuation of and accounting for the institution's assets and liabilities, both on- and off-balance sheet;

(d) accurate and complete records of financial and other key information;

(e) management information systems that provide timely, relevant, accurate and complete information to facilitate the day-to-day management of the institution's operations and of the risks to which the institution is exposed;

(f) ongoing, appropriate and effective technology development and maintenance processes for ensuring that the institution's technology is, and continues to be, aligned with its business objectives, business strategy, business plans, operational needs and management of the risks to which it is exposed, that the institution's technology is authorized, tested and documented before it is introduced, and that the institution's technology is updated when necessary;

(g) appropriate and effective security procedures and controls for safeguarding the institution's records of financial and other key information, the institution's technology and the information recorded, processed, reported and stored using that technology, including procedures and controls for safeguarding their integrity; and

(h) ongoing, appropriate and effective business continuity plans, including backup and recovery processes and standby arrangements for dealing with the loss of availability or the destruction of critical information or critical technology.

Liquidity and Funding Management

18. It is a sound business and financial practice for the senior management of a member institution to ensure that the institution has ongoing, appropriate and effective liquidity and funding management processes for

(a) identifying the ongoing liquidity and funding needed to enable the institution to conduct its operations, including operations conducted through one or more of its subsidiaries;

(b) developing and submitting to the board of directors of the institution for its consideration and approval appropriate and prudent liquidity and funding management policies, including policies on the sources, types and levels of liquidity that are to be maintained by the institution and policies that are designed to prevent the institution's funding from becoming unduly concentrated with respect to source, type, term to maturity or currency of denomination;

(c) managing the institution's liquidity and funding in accordance with the institution's liquidity and funding management policies;

(d) establishing appropriate and effective procedures and controls for managing the institution's liquidity and funding, monitoring adherence to those procedures and controls, and reviewing them on a regular basis to ensure that they remain appropriate and effective;

(e) establishing a liquidity and funding contingency plan for the institution and reviewing that plan on a regular basis;

(f) providing the board of directors with timely, relevant, accurate and complete reports on the institution's liquidity and funding positions and on the procedures and controls for managing the institution's liquidity and funding; and

(g) providing the board of directors with timely, relevant, accurate and complete reports that will enable it to assess whether the institution has ongoing, appropriate and effective liquidity and funding management processes.

Capital Management

19. It is a sound business and financial practice for the senior management of a member institution to ensure that the institution has an ongoing, appropriate and effective capital management process for

(a) identifying the capital needed to support the current and planned operations of the institution, including operations conducted or to be conducted through one or more of its subsidiaries;

(b) developing and submitting to the board of directors of the institution for its consideration and approval appropriate and prudent capital management policies, including policies on the quantity and quality of capital needed to support the current and planned operations of the institution that reflect both the risks to which the institution is exposed and its regulatory capital requirements;

(c) regularly measuring and monitoring the institution's capital requirements and capital position, and ensuring that the institution meets and will continue to meet its capital requirements;

(d) managing the institution's capital in accordance with the institution's capital management policies;

(e) establishing appropriate and effective procedures and controls for managing the institution's capital, monitoring adherence to those procedures and controls, and reviewing them on a regular basis to ensure that they remain appropriate and effective;

(f) providing the board of directors with timely, relevant, accurate and complete reports on the institution's capital position and on the procedures and controls for managing the institution's capital; and

Control Environment

20. It is a sound business and financial practice for the senior management of a member institution to ensure that

(a) the institution has a control environment that supports the appropriate, effective and prudent management of its operations and of the risks to which it is exposed, and that contributes to the achievement of its business objectives; and

(b) the board of directors of the institution is provided with timely, relevant, accurate and complete reports that will enable it to assess whether the institution has such a control environment.

Standards of Business Conduct and Ethical Behaviour

21. It is a sound business and financial practice for the senior management of a member institution to

(a) develop and submit to the board of directors of the institution for its consideration and approval standards of business conduct and ethical behaviour for the institution's senior management and other personnel;

(b) ensure that the institution has an ongoing, appropriate and effective process for ensuring adherence to the institution's standards of business conduct and ethical behaviour; and

(c) ensure that the board of directors is provided with timely, relevant, accurate and complete reports that will enable it to assess whether the institution has a process referred to in paragraph (b).

Institution In Control

22. It is a sound business and financial practice for the senior management of a member institution to ensure that the institution has an ongoing, appropriate and effective process for assisting the board of directors to assess whether the institution is in control.

PART 2

REPORTING REQUIREMENTS

Senior Management Representation Letter and Board of Directors' Resolution

Timing of Submissions

23. (1) A member institution, other than a member institution referred to in section 26, shall submit to the Corporation a senior management representation letter and board of directors' resolution pertaining to the CDIC standards in each standards year, starting with the standards year beginning on July 15, 2002.

(2) The letter and resolution for the standards years beginning on July 15, 2002 and on July 15, 2003 may be submitted at any time during those standards years.

(3) The letter and resolution for the standards year beginning on July 15, 2004, and for subsequent standards years, shall be submitted in the same quarter as that in which the letter and resolution for the standards year beginning on July 15, 2003 were submitted.

(4) Despite subsections (2) and (3), a member institution that is a subsidiary of another member institution shall submit its letter and resolution for each standards year in the same quarter as that in which the parent member institution submits its letter and resolution for that standards year.

Contents of Senior Management Representation Letter

24. Each senior management representation letter shall be addressed to the board of directors of the member institution and to the Corporation, shall be signed by the chief executive officer of the institution and by another member of senior management who is not a member of the board of directors, and shall contain

(a) a statement to the effect that the senior management of the institution are familiar with the CDIC standards and acknowledge their responsibilities under those standards;

(b) a statement indicating whether senior management are fulfilling their responsibilities under the CDIC standards;

(c) a statement setting out senior management's conclusion as to whether the operations of the institution are being managed in accordance with the CDIC standards;

(d) if the statement referred to in paragraph (c) indicates that senior management have concluded that the operations of the institution are not being managed in accordance with the CDIC standards, or that the operations are being managed in accordance with the CDIC standards except for identified deficiencies,

(i) an explanation of the reasons for that conclusion,
(ii) a statement confirming that an action plan to correct any identified deficiencies has been prepared and is being implemented, and
(iii) a statement confirming that a copy of the action plan has been or will be submitted to the institution's examiner; and

(e) when the institution is required to submit a standards report at the same time that it submits the senior management representation letter, an opinion as to whether the contents of the standards report are accurate and fairly presented.

Contents of Board of Directors' Resolution

25. Each board of directors' resolution shall be addressed to the Corporation and shall contain

(a) a statement to the effect that the board of directors is familiar with the CDIC standards and acknowledges its responsibilities under those standards;

(b) a statement indicating whether the board of directors is fulfilling its responsibilities under the CDIC standards;

(c) a statement indicating whether the board of directors has carefully considered the senior management representation letter and other information relevant to forming an opinion as to whether the member institution is following the CDIC standards;

(d) a statement setting out the board of directors' opinion as to whether the institution is following the CDIC standards;

(e) if the statement referred to in paragraph (d) indicates that the board of directors is of the opinion that the institution is not following the CDIC standards, or that the institution is following the CDIC standards except for identified deficiencies,

(i) an explanation of the reasons for the opinion that relate to deficiencies other than those identified in the senior management representation letter,
(ii) a statement confirming that an action plan to correct those other deficiencies has been prepared and is being implemented, and
(iii) a statement confirming that a copy of the action plan has been or will be submitted to the institution's examiner; and

(f) when the institution is required to submit a standards report at the same time that it submits the board of directors' resolution, a statement to the effect that the board of directors has carefully considered the standards report and approves it on behalf of the institution.

New Member Institutions

26. (1) A member institution that becomes a member institution after July 14, 2002 shall submit to the Corporation a senior management representation letter and board of directors' resolution pertaining to the CDIC standards in each standards year, starting with the first standards year after the date on which it becomes a member institution.

(2) The letter and resolution for the first and second standards years after the date on which the institution becomes a member institution may be submitted at any time during those standards years.

(3) The letter and resolution for the third standards year after the date on which the institution becomes a member institution, and for subsequent standards years, shall be submitted in the same quarter as that in which the letter and resolution for the second standards year after the date on which the institution became a member institution were submitted.

Standards Report

Timing of Submissions

27. Subject to sections 32 and 33, a member institution shall submit to the Corporation a standards report in the standards years specified below, at the same time that the institution submits its senior management representation letter and board of directors' resolution for those standards years:

(a) if the institution is classified in premium category 1 under the Differential Premiums By-law, in every fifth standards year;

(b) if the institution is classified in premium category 2 under the Differential Premiums By-law, in every third standards year; and

(c) if the institution is classified in premium category 3 or 4 under the Differential Premiums By-law, in each standards year.

First Report

28. Subject to sections 32 and 33, a member institution, other than a member institution referred to in section 30, shall submit to the Corporation its first standards report in the standards year specified below, at the same time that the institution submits its senior management representation letter and board of directors' resolution for that standards year:

(a) if the institution is classified in premium category 1 under the Differential Premiums By-law on July 14, 2002, in the standards year beginning on July 15, 2006;

(b) if the institution is classified in premium category 2 under the Differential Premiums By-law on July 14, 2002, in the standards year beginning on July 15, 2004; and

(c) if the institution is classified in premium category 3 or 4 under the Differential Premiums By-law on July 14, 2002, in the standards year beginning on July 15, 2002.

Contents

29. Each standards report shall contain

(a) an explanation of how the senior management of the member institution arrived at their conclusion as to whether the operations of the institution are being managed in accordance with the CDIC standards, including a description of

(i) the criteria, methods and other means used by senior management to determine which of the current and planned operations of the institution are significant operations, and how those criteria, methods and other means were explained to the board of directors,
(ii) the criteria, methods and other means used by senior management to assess which of the risks to which the institution is or will be exposed constitute significant risks, and how those criteria, methods and other means were explained to the board of directors,
(iii) how senior management assessed the appropriateness and effectiveness of the institution's processes, procedures and controls, and
(iv) the criteria, methods and other means used in bringing to the attention of senior management and the board of directors significant weaknesses or breakdowns relating to the institution's processes, policies, procedures and controls;

(b) an explanation of how the board of directors of the institution arrived at its opinion as to whether the institution is following the CDIC standards, including a description of how the board

(i) evaluated its effectiveness in fulfilling its responsibilities under the CDIC standards and dealt with any significant inadequacies or failures relating to the fulfillment of those responsibilities,
(ii) assessed the appropriateness and prudence of the institution's policies, and
(iii) assessed whether it was provided with timely, relevant, accurate and complete reports in accordance with the CDIC standards; and

(c) a copy of all information directly related to the making of the board of directors' resolution that was provided to the board at the time the resolution was made.

First Report for New Member Institutions

30. (1) Subject to sections 32 and 33, a member institution that becomes a member institution after July 14, 2002 or that has not been classified for the first time under the Differential Premiums By-law by that date, other than in accordance with subsection 7(2) of that By-law, shall submit to the Corporation its first standards report in the standards year specified below, at the same time that the institution submits its senior management representation letter and board of directors' resolution for that standards year:

(a) if, when the institution is classified for the first time under the Differential Premiums By-law, other than in accordance with subsection 7(2) of that By-law, it is classified in premium category 1, in the fifth standards year after the date on which it is so classified;

(b) if, when the institution is classified for the first time under the Differential Premiums By-law, other than in accordance with subsection 7(2) of that By-law, it is classified in premium category 2, in the third standards year after the date on which it is so classified; and

(c) if, when the institution is classified for the first time under the Differential Premiums By-law, other than in accordance with subsection 7(2) of that By-law, it is classified in premium category 3 or 4, in the first standards year after the date on which it is so classified.

(2) Despite subsection (1), a member institution that is a subsidiary of another member institution shall submit its first standards report in the standards year in which the parent member institution is required to submit its next standards report.

Additional Information

31. (1) The Corporation shall request each member institution that is classified in premium category 4 under the Differential Premiums By-law to provide the Corporation with additional information on areas of concern related to the CDIC standards. The request shall indicate the areas of concern and specify the type of information that is to be provided.

(2) The Corporation shall notify a member institution of the request between July 15 and October 14 after the date on which the institution is classified in premium category 4.

(3) A member institution that is notified of a request to provide additional information shall comply with the request by the April 15 following the date of notification.

Classification of Member Institution in Different Category

32. (1) A member institution that, after July 14, 2002, is classified under the Differential Premiums By-law in a different premium category from that in which it was classified for the preceding premium year shall submit to the Corporation a standards report in the standards year specified below, at the same time that the institution submits its senior management representation letter and board of directors' resolution for that standards year:

(a) if the institution is classified in a higher-numbered premium category, in the first standards year after the date on which it is so classified; and

(b) if the institution is classified in a lower-numbered premium category, in the standards year in which it would have been required to submit a report had it been classified in the same premium category as it was for the preceding premium year.

(2) A member institution referred to in subsection (1) shall submit to the Corporation subsequent standards reports in accordance with section 27.

Reclassification of Member Institution as a Result of Review

33. A member institution that, during the period beginning on July 15 in one year and ending on April 30 in the next year, is reclassified as a result of a review under the Differential Premiums By-law shall submit to the Corporation a standards report in the standards year in which it would have been required to submit a report had it been classified in the reclassified category initially.

Combined Reporting

34. Where a member institution is the parent corporation of one or more member institutions, the submission to the Corporation by the parent member institution of the following documents fulfills the obligations under this Part of the parent member institution and those of its subsidiary member institutions to which the documents relate:

(a) a senior management representation letter that relates to the parent member institution and one or more of its subsidiary member institutions, signed by the chief executive officer of the parent member institution and by another member of the senior management of that institution who is not a member of its board of directors;

(b) a resolution of the board of directors of the parent member institution that relates to that institution and one or more of its subsidiary member institutions; and

(c) a standards report that relates to the parent member institution and one or more of its subsidiary member institutions.

Amalgamations

35. (1) A member institution that is formed by the amalgamation of member institutions is to be treated for the purposes of this By-law as being classified, during the standards year in which the amalgamation takes place, in the same premium category under the Differential Premiums By-law as that in which the amalgamating member institution having the lowest-numbered premium categorization was classified before the amalgamation took place.

(2) A member institution that is formed by the amalgamation of member institutions is not required to submit a senior management representation letter, board of directors' resolution and, if applicable, standards report for the standards year in which the amalgamation takes place if, before the amalgamation took place, the amalgamating member institution that had the lowest-numbered premium categorization submitted to the Corporation its senior management representation letter, board of directors' resolution and, if applicable, standards report for that standards year.

(3) If, before the amalgamation took place, the amalgamating member institution that had the lowest-numbered premium categorization did not submit to the Corporation its senior management representation letter, board of directors' resolution and, if applicable, standards report for the standards year in which the amalgamation takes place, the member institution that is formed by the amalgamation shall

(a) submit to the Corporation a senior management representation letter and board of directors' resolution

(i) for the standards year in which the amalgamation takes place, before the end of the 90-day period following that standards year, and
(ii) for subsequent standards years, in the same quarter as that in which the amalgamating member institution that had the lowest-numbered premium categorization would have been required to submit its letter and resolution had the amalgamation not taken place; and

(b) submit to the Corporation a standards report

(i) if the amalgamating member institution that had the lowest-numbered premium categorization was required to submit a standards report during the standards year in which the amalgamation takes place, before the end of the 90-day period following that standards year, and
(ii) in any other case, in the standards year in which the amalgamating member institution that had the lowest-numbered premium categorization would have been required to submit its next standards report had the amalgamation not taken place.

(4) A member institution that is formed by the amalgamation of member institutions shall submit to the Corporation standards reports in accordance with section 27.

Acquisitions

36. (1) A member institution that is acquired by and becomes a subsidiary of another member institution is to be treated for the purposes of this By-law as being classified, during the standards year in which the acquisition takes place, in the same premium category under the Differential Premiums By-law as that in which the parent member institution is classified.

(2) A member institution that is acquired by and becomes a subsidiary of another member institution is not required to submit a senior management representation letter, board of directors' resolution and, if applicable, standards report for the standards year in which the acquisition takes place if, before the acquisition took place, the parent member institution submitted to the Corporation its senior management representation letter, board of directors' resolution and, if applicable, standards report for that standards year.

(3) If, before the acquisition took place, the parent member institution did not submit to the Corporation its senior management representation letter, board of directors' resolution and, if applicable, standards report for the standards year in which the acquisition takes place,

(a) the subsidiary member institution may, if it notifies the Corporation of its intention to do so, submit its senior management representation letter, board of directors' resolution and, if applicable, standards report for that standards year up to 90 days after the end of the standards year; or

(b) the parent member institution may, if it notifies the Corporation of its intention to do so, submit a senior management representation letter, board of directors' resolution and, if applicable, standards report for that standards year in accordance with section 34 up to 90 days after the end of the standards year.

AMENDMENTS TO THE DIFFERENTIAL PREMIUMS BY-LAW

37. The definition "CDIC standards" in subsection 1(1) of the Canada Deposit Insurance Corporation Differential Premiums By-law (see footnote 1) is replaced by the following:

"CDIC standards" means the standards of sound business and financial practices for member institutions established in Part 1 of the Canada Deposit Insurance Corporation Standards of Sound Business and Financial Practices By-law. (normes de la SADC)

38. The By-law is amended by adding the following after section 29:

29.1 (1) The following definitions apply in this section.

"former standards" means "CDIC standards" as that term was defined in subsection 1(1) before the transition date. (normes antérieures)

"transition date" means the day on which the Canada Deposit Insurance Corporation Standards of Sound Business and Financial Practices By-law comes into force. (date de transition)

(2) For the purpose of assessing, in accordance with section 29, the extent to which a member institution has followed CDIC standards during the period beginning on April 30, 2001 and ending on April 29, 2002,

(a) the references in section 29 and Schedule 5 to CDIC standards are to be read as follows:

(i) in respect of the period beginning on April 30, 2001 and ending on the day before the transition date, as references to the former standards, and
(ii) in respect of the period beginning on the transition date and ending on April 29, 2002, as references to CDIC standards;

(b) the references in Schedule 5 to deficiencies that were identified during the period beginning on April 30 of the second year preceding the filing year and ending on April 29 of the year preceding the filing year, or during the period beginning on April 30 of the third year preceding the filing year and ending on April 29 of the second year preceding the filing year, are to be read as references to deficiencies in following the former standards; and

(c) the references in Schedule 5 to deficiencies that were identified before April 30 of the second year preceding the filing year, or before April 30 of the third year preceding the filing year, are to be read as references to deficiencies in following the former standards.

(3) For the purpose of assessing, in accordance with section 29, the extent to which a member institution has followed CDIC standards during the period beginning on April 30, 2002 and ending on April 29, 2003,

(i) in respect of the period beginning on April 30, 2001 and ending on the day before the transition date, as references to deficiencies in following the former standards, and
(ii) in respect of the period beginning on the transition date and ending on April 29, 2002, as references to deficiencies in following CDIC standards;

(b) the reference in Schedule 5 to deficiencies that were identified during the period beginning on April 30 of the third year preceding the filing year and ending on April 29 of the second year preceding the filing year is to be read as a reference to deficiencies in following the former standards; and

(4) For the purpose of assessing, in accordance with section 29, the extent to which a member institution has followed CDIC standards during the period beginning on April 30, 2003 and ending on April 29, 2004,

(i) in respect of the period beginning on April 30, 2001 and ending on the day before the transition date, as a reference to deficiencies in following the former standards, and
(ii) in respect of the period beginning on the transition date and ending on April 29, 2002, as a reference to deficiencies in following CDIC standards; and

(i) in respect of deficiencies that were identified before the transition date, as references to deficiencies in following the former standards, and
(ii) in respect of deficiencies that were identified on or after the transition date, as references to deficiencies in following CDIC standards.

(5) For the purpose of assessing, in accordance with section 29, the extent to which a member institution has followed CDIC standards during the period beginning on April 30, 2004 and ending on April 29, 2005, or during any subsequent period beginning on April 30 of the year preceding the filing year and ending on April 29 of the filing year,

(a) the references in Schedule 5 to deficiencies that were identified during the period beginning on April 30 of the second year preceding the filing year and ending on April 29 of the year preceding the filing year, or during the period beginning on April 30 of the third year preceding the filing year and ending on April 29 of the second year preceding the filing year, are to be read as references to deficiencies in following CDIC standards; and

(b) the references in Schedule 5 to deficiencies that were identified before April 30 of the second year preceding the filing year, or before April 30 of the third year preceding the filing year, are to be read as follows:

AMENDMENT TO THE CANADA DEPOSIT INSURANCE CORPORATION PRESCRIBED PRACTICES PREMIUM SURCHARGE BY-LAW

39. Paragraph 2(1)(a) of the Canada Deposit Insurance Corporation Prescribed Practices Premium Surcharge By-law (see footnote 2) is replaced by the following:

(a) failing to follow any standard of sound business and financial practice established in Part 1 of the Canada Deposit Insurance Corporation Standards of Sound Business and Financial Practices By-law;

REPEALS

40. The following By-laws are repealed:

(a) the Canada Deposit Insurance Corporation Interest Rate Risk Management Standards By-law (see footnote 3);

(b) the Canada Deposit Insurance Corporation Credit Risk Management Standards By-law (see footnote 4);

(d) the Canada Deposit Insurance Corporation Securities Portfolio Management Standards By-law (see footnote 6);

(e) the Canada Deposit Insurance Corporation Liquidity Management Standards By-law (see footnote 7);

(f) the Canada Deposit Insurance Corporation Real Estate Appraisals Standards By-law (see footnote 8);

(g) the Canada Deposit Insurance Corporation Capital Management Standards By-law (see footnote 9); and

(h) the Canada Deposit Insurance Corporation Internal Control Standards By-law (see footnote 10).

COMING INTO FORCE

41. This By-law comes into force on the day on which section 29 of the Canada Deposit Insurance Corporation Act, as enacted by section 210 of the Financial Consumer Agency of Canada Act, chapter 9 of the Statutes of Canada, 2001, comes into force.

REGULATORY IMPACT ANALYSIS STATEMENT

(This statement is not part of the By-law.)

Description

The Standards of Sound Business and Financial Practices By-law ("Standards By-law") will apply to member institutions of the Canada Deposit Insurance Corporation ("CDIC").

Following publication in 1999 of the government's policy paper entitled "Reforming Canada's Financial Services Sector: A Framework for the Future", CDIC undertook a review of the existing standards of sound business and financial practices that are contained in the Capital Management Standards By-law, Credit Risk Management Standards By-law, Foreign Exchange Risk Management Standards By-law, Interest Rate Risk Management Standards By-law, Internal Control Standards By-law, Liquidity Management Standards By-law, Real Estate Appraisals Standards By-law and Securities Portfolio Management Standards By-law. These By-laws came into force on August 17, 1993 and are repealed by the Standards By-law.

As a result of that review, CDIC identified changes that could be made to enhance and modernize the standards to better align them with current approaches to sound business and financial practices that are followed by well-run institutions. CDIC also identified other changes that would streamline the related administrative reporting process. The result is aimed at reducing the overall regulatory burden on member institutions.

Rather than focusing on eight separate areas of sound business and financial practices, the Standards By-law requires that a member institution manage its operations in accordance with effective board governance and appropriate, effective and prudent strategic, risk, capital, liquidity and funding management processes. These processes should be supported by an appropriate control environment, one in which significant issues pertaining to the operations of a member institution are identified and appropriate actions are taken to address such issues.

The reporting requirements will be contained in the By-law. Members will be required to file a resolution of the board of directors and a management representation letter as to adherence to the standards, annually. Also, a Standards report is to be filed periodically. Under the By-law, the timing for filing a Standards report will be determined with reference to the premium category in which the member institution is classified under the CDIC Differential Premiums By-law. For example, member institutions that are classified in premium category 1 will only have to file a Standards report in every fifth year, rather than annually. The report itself will be streamlined and require less detail than the present Standards Assessment and Reporting Program ("SARP"). The Standards report is designed to provide CDIC with some assurance that the institution has carefully considered and critically assessed whether it is following the standards.

The Standards By-law is divided into the following Sections and/or Parts: Interpretation, Part 1, Part 2 and Consequential Amendments. The interpretation section contains the definition of essential terms. Part 1 of the By-law sets out the standards that are to be applied by member institutions, while Part 2 of the By-law contains the reporting requirements. The consequential amendments section sets out required amendments to the CDIC Differential Premiums By-law and the CDIC Prescribed Practices Premium Surcharge By-law.

The objects of CDIC include the promotion of standards of sound business and financial practices for member institutions. The authority for the Standards By-law is provided for in paragraph 11(2)(e) of the CDIC Act, which stipulates that the Board of Directors of CDIC is authorized to make by-laws respecting standards of sound business and financial practices for member institutions.

Alternatives

There are no available alternatives. The CDIC Act specifically provides that standards of sound business and financial practices may only be made by by-law. Having been brought into existence by by-law, the existing standards of sound business and financial practices may only be amended by by-law.

Benefits and Costs

Costs

The Standards By-law will not impose any additional costs on member institutions. In fact, the streamlined and simplified reporting process should reduce the costs incurred by member institutions in complying with the by-law.

Net Benefits

The Standards By-law will improve the correlation between the standards of sound business and financial practices and current concepts of sound business management employed by well-run institutions and as such should enable member institutions to respond more effectively to the rapid pace of change in the financial services industry. The implementation of sound business and financial practices by member institutions may give rise to other benefits, both tangible and intangible, for the members following the standards, including an enhanced reputation and attractiveness to depositors and investors. The Standards By-law is sufficiently flexible so as to be tailored in its application to accomodate the diverse characteristics and operations of all CDIC member institutions.

The Standards By-law will benefit CDIC by reducing CDIC's risk and exposure as a deposit insurer. By requiring member institutions to carefully and prudently manage their operations, this may reduce institutional failure and the probability that CDIC will be called upon to pay out the insured deposits of failed member institutions.

Consultation

In creating the Standards By-law, CDIC researched proven domestic and international standards of sound business practices and undertook extensive consultation with CDIC member institutions, their trade associations, domestic and international supervisory authorities and other interested parties during 1999, 2000 and 2001. CDIC issued three consultation papers; one in January, 2000, another in August, 2000, and a third in May, 2001. CDIC also met with many of its member institutions and their trade associations. In addition, a draft of the Standards By-law was pre-published in the Canada Gazette, Part I, on May 5, 2001. During the consultation process, CDIC received a number of helpful comments that have been reflected in the Standards By-law.

Compliance and Enforcement

The Standards By-law does not give rise to any unique compliance or enforcement issues.

Contacts

Ken Mylrea
Senior Director, Insurance
Telephone: (613) 992-7902
FAX: (613) 996-6095
E-mail: kmylrea@cdic.ca

Sandra Chisholm
Director of Standards and Insurance
Telephone: (613) 943-1976
FAX: (613) 580-3017
E-mail: schisholm@cdic.ca

Canada Deposit Insurance Corporation
50 O'Connor Street
17th Floor
Ottawa, Ontario
K1P 5W5

Footnote a

S.C. 1992, c. 26, s. 4

Footnote b

R.S., c. 18 (3rd Supp.), s. 51

Footnote c

S.C. 1996, c. 6, s. 27

Footnote d

R.S., c. 18 (3rd Supp.), s. 59

SOR/99-120

SOR/94-142

SOR/93-422

SOR/93-423

SOR/93-424

SOR/93-425

SOR/93-426

SOR/93-427

SOR/93-428

SOR/93-429

NOTICE:
The format of the electronic version of this issue of the Canada Gazette was modified in order to be compatible with extensible hypertext markup language (XHTML 1.0 Strict).

Common menu bar links

Left hand menu

Canada Gazette

Consultation

Archives

Publishing Information

Resources

Stay in Touch

Proactive Disclosure

Canada Deposit Insurance Corporation Standards of Sound Business and Financial Practices By-law