Skip to content

BANC - Standing Committee

Banking, Commerce and the Economy

44-1 44th Parliament, 1st Session (November 22, 2021 - Present)
Select a different session
Download as PDF

THE STANDING SENATE COMMITTEE ON BANKING, COMMERCE AND THE ECONOMY

EVIDENCE

OTTAWA, Wednesday, November 6, 2024

The Standing Senate Committee on Banking, Commerce and the Economy met this day at 4:15 p.m. [ET] to study matters relating to banking, trade and commerce generally.

Senator Pamela Wallin (Chair) in the chair.

[English]

The Chair: Hello to everyone, and welcome to this meeting of the Standing Senate Committee on Banking, Commerce and the Economy. My name is Pamela Wallin, and I serve as the chair of this committee.

I would like to introduce the members of the committee with us today: Senator Loffreda, the deputy chair of the committee; Senator Fridhandler; Senator Galvez; Senator Marshall; Senator Martin; Senator Varone; and Senator Yussuff.

Our committee is struck and ready.

On December 16, 2021, the committee was authorized to study matters relating to banking, trade and commerce generally. Today, under this mandate and because of his goodwill, we are welcoming the following witnesses from the Office of the Superintendent of Financial Institutions, or OSFI: Peter Routledge, the Superintendent; Angie Radiskovic, Assistant Superintendent and Chief Strategy and Risk Officer; and Tolga Yalkin, Assistant Superintendent, Regulatory Response Sector.

We wanted to incorporate the presence of Mr. Routledge here as an annual event, at least, and perhaps even more than that so that we could keep our eye on the banking sector, which is our job. You have willingly agreed, and here you are. I know that you have some opening remarks. The floor is now yours.

Peter Routledge, Superintendent, Office of the Superintendent of Financial Institutions: Good afternoon, Madam Chair and members of the committee.

[Translation]

Parliament created the Office of the Superintendent of Financial Institutions (OSFI) in 1987. At that time, our mandate contained a single overriding requirement: to ensure institutions remained in sound financial condition and, when they strayed from that state, to direct their boards of directors to take prompt corrective actions to return their institutions to financial soundness.

[English]

This singularly focused mandate worked quite well for the first 20 years of OSFI’s existence, but its utility waned during the global financial crisis of 2008 and 2009. Regulators realized that although financial condition indicators — for example, capital ratios and liquidity ratios — were critical to institutional and systemic stability, they were too often lagging indicators. In the financial regulatory profession, we began focusing on non‑financial risks.

We realized that non-financial risks — just like financial risks — can have serious prudential consequences. Now, “prudential” is an interesting word; it means the protection of depositors, policyholders and creditors. Since the global financial crisis, OSFI has expanded its risk surveillance and response in recognition of the reality that non-financial risks pose the same prudential danger to depositors, policyholders and creditors as financial risks.

[Translation]

Last year, Parliament expanded our mandate by requiring OSFI to ensure that financial institutions have adequate policies in place to protect themselves against threats to their integrity and security, including foreign interference. This fundamental change signalled the equivalence of financial and non-financial risks.

[English]

I would like to address the recent news of anti-money laundering lapses by a Canadian institution in the United States — lapses which resulted in guilty pleas by the institution to violations of anti-money laundering and the Bank Secrecy Act laws in that country. I would like to be forthcoming about our involvement in this case because I think that information would contribute to public confidence in the Canadian financial system. That said, Canadian law prohibits me, or any OSFI official, from disclosing confidential information obtained from federally regulated financial institutions in the course of OSFI’s regulation and supervision activities.

When OSFI sees deficiencies in an institution that it regulates — financial or non-financial — we take early action and oblige management and boards of directors to take prompt corrective measures, which could be financial and/or non‑financial in nature. We recognize the critical role played by boards of directors and their important role in effective risk governance.

[Translation]

To do our work effectively, we constantly monitor changes in the risk environment, including new and emerging risks, that may negatively impact financial institutions.

[English]

Every year, we publish our Annual Risk Outlook with a semi‑annual update that identifies the top risks facing financial institutions. In those reports, we highlighted integrity and security risks, including fraud and money laundering, pointing out that non-financial risks can manifest as financial risks.

Thank you. I’m happy to take your questions.

The Chair: Thank you. I have just a couple of points of clarification before we begin.

You are the regulator, and when something occurs that is public and in the news — as was the case with TD in the U.S. — what is your obligation to consumers here? Was the behaviour somehow corralled south of the forty-ninth parallel but somehow it didn’t impact here? Please give us a bit of context.

Mr. Routledge: My obligation and my responsibility under our mandate is to ensure that the institutions we regulate are in sound financial conditions and that they have protections in place against threats to their integrity and security.

When we see evidence that either of those conditions, or all of those conditions, are not the case, our responsibility to Canadians is to prompt corrective action by boards and senior managers.

Accompanying that responsibility is a very clear restraint, which is in section 22 of the Office of the Superintendent of Financial Institutions Act and section 636 of the Bank Act. It says that in the course of doing that, if you’re gathering confidential information, it must remain confidential. As I mentioned in my opening statement, I cannot explain to Canadians what we’ve done in that case or in any case. In our way of thinking, as public servants, we’re appointed to administer the laws, and that’s what our job is. The worst thing a superintendent could do would be to inadvertently, or advertently, violate the laws we’re meant to administer.

The Chair: We as consumers have to count on the sunlight being the only disinfectant that we can be made aware of.

Mr. Routledge: I suppose so. We have a free press.

The Chair: We’ll carry on with the questions.

Senator Loffreda: I’ll continue on with the sunlight issue, which is always good for everyone. It’s a good cure, as we say.

We agree on the potential danger that non-financial risks pose, and it’s huge. You did come out with new guidelines for integrity and security in the new year. Were those guidelines not followed by TD in the U.S., or are you confident that those guidelines are being followed by Canadian banks so that such a situation could not happen in Canada? It’s a serious consequence. Canada is always ranked number one or number two in the world when it comes to its banking system. We must maintain those rankings. How could something like that happen? I don’t want any confidential information, but you do have guidelines, and you do follow up with the banks and assert that those guidelines are followed. If they were followed, how does that happen?

Mr. Routledge: Again, with regard to the specifics of the case, as much as I might like to, I can’t provide confidential information. You referenced the word “serious.” On the day that the charges were announced by the Department of Justice in the United States, we used the words “This is serious” in our statement.

I can speak generally. When we see deficiencies in integrity and security protections, it’s our obligation to alert boards and senior managers as quickly as possible, and then we rely on boards and senior managers to take prompt corrective measures. When they don’t, we have an array of tools that we can use — some of which are codified in legislation and some of which just fall under the rubric of moral suasion — in order to induce prompt corrective action if we think it’s lacking.

Some of those tools would be similar to what you saw in the U.S. consent order in regard to TD Bank. Other tools would be financial in nature — for example, capital, liquidity and so forth.

Senator Loffreda: I have a short follow-up. Therefore, if they do adhere to the guidelines for integrity and security in Canada, something of that nature will not happen in Canada. Is that correct?

Mr. Routledge: If they adhere to our guidelines, the probability that it would happen would be very low. To be honest, money laundering will not be eliminated by sound bank regulation and banks following all our integrity and security guidelines.

Crime is a reality in our society, and crime produces proceeds, and the criminals seek to turn those illicit proceeds into licit funds. Sometimes they choose to do that through the banking system. We can ensure that banks have in place protections to lessen and prevent it to the maximum extent possible, but that alone will not eliminate the problem of criminals converting the illicit proceeds of crime into licit funds. It has been around for years, and it will be around for as long as there is crime.

Senator Loffreda: For transactions as large as those — I’ve worked in banking for 35 years — what happened to “know your client”? Was that just thrown out the window?

Mr. Routledge: I’m trying to be careful not to reveal confidential information. Generally, if an institution were to be exposed to excessive money laundering activities at branches, then one could reasonably at least ask the question — if not conclude — that policies such as “know your customer,” or other policies, although they may be written down, may not be followed with sufficient fidelity.

Senator Loffreda: Thank you.

The Chair: If laws prevented crime, we wouldn’t have any.

Senator C. Deacon: I’m glad to see you here again, Superintendent Routledge, with your colleagues.

According to OSFI’s integrity and security guidelines, part of OSFI’s expanded mandate is to oversee Canadian financial institutions and ensure that they meet the standards of integrity and security. This includes protection against malicious or unattended internal and external threats. Technology is a modern-day bank safe, and Canadian banks have been slow to prioritize the adoption of new technologies. In the U.K., under certain conditions, their banks are required to prove that the customers are at fault. In Canada, a recent Radio-Canada investigative journalism show called “La facture” identified that Canadian victims of bank fraud are guilty until they are proven innocent. Can you elaborate on what tools OSFI has to encourage our banks to accelerate investment in state-of-the-art fraud prevention technologies?

Mr. Routledge: I want to answer that in two ways. I want to be straight about how serious fraud is and how important it is that all institutions — which are here to support the stability and resiliency of the financial system — treat it as a serious issue. We have separate mandates, and, in a minute, I’ll come to how ours might differ from that of the Financial Consumer Agency of Canada, or FCAC.

On that particular issue, if fraud became chronic in an institution, that would definitely fall under the notion that the institution is not protecting itself against threats to its integrity, most particularly its integrity and its security.

If you’re not doing enough to protect your customers from fraud, that will affect your reputation and, therefore, your integrity as an institution. If we detected evidence of that, OSFI would be obliged to address that deficiency with the board of directors and senior management. That’s our part of it.

The FCAC’s role — I’m not speaking for them, and I would encourage you to invite the commissioner to talk about this very important issue — is to step into the shoes of the consumers and figure out how to educate them and protect them, as well as oblige banks at the front end to protect them.

I would say very clearly that our job is not that. That’s the FCAC’s job. Our job is at the board table and the senior management table.

Senator C. Deacon: My concern is that the emphasis is not on prevention, and if we don’t start to change the onus, banks are not going to adopt these technologies. Right now, 16% of cases that are challenged through the Ombudsman for Banking Services and Investments, or OBSI, are actually resolved in the consumer’s favour. Meanwhile, 84% of the consumers are found guilty, in effect, of the fraud. How do we do this, unless we reverse the onus and do what the U.K. has done and make banks responsible?

Mr. Routledge: I believe the U.K. would have carried out some of its approach through their Financial Conduct Authority, or FCA, which is their market conduct regulator at the national level. I fear I’m passing the puck, and I don’t intend to do it. There is a role for OSFI in this to ensure that, at the top of the house, this is taken seriously if it is a legitimate threat to security or integrity.

What you’re talking about is at the consumer level, and if we were to try to do something at that level, I would be worried about overstepping our bounds and our authority from Parliament. We have the Financial Institutions Supervisory Committee and the Senior Advisory Committee, and I sit on it with all the financial safety net principals, with the Commissioner of the FCAC among them. Those are the forums where we can ensure that the overlap is not too great and that there is not a gap.

Senator C. Deacon: I have a yes-or-no question. Are banks required to report to you every incident of fraud?

Mr. Routledge: No.

Senator C. Deacon: No. I found that they’re not even reporting it to their own fraud department, so how would you know it’s a big issue. That’s a challenge. Thank you very much.

Senator Marshall: Thank you, Mr. Routledge, to you and your officials for being here. I want to go back to TD Bank and that issue you mentioned in your opening remarks. I wasn’t looking to talk specifically about what happened in the U.S., but we’ve had a lot of expert witnesses in here talking about money laundering in Canada, and they say that we’re a major money laundering country. In fact, we have our own name: The money laundering that’s going on here is called “snow washing.” B.C. had the Cullen commission because money laundering was so extensive out there.

I’m an auditor by profession, so I’m looking at what happened down in the States with regard to TD Bank, and I’m thinking that money laundering is so pervasive in Canada. I can’t believe that the problem they’re having in the States isn’t happening in Canada. I wonder what kind of regulatory regime is in place. From the news media, the impression I got for TD Bank — and you don’t have to comment on it — is that this was almost something they stumbled upon, as opposed to everyone knew it within the bank. But how about the regulatory regime? What’s the oversight you provide that’s going to catch money laundering? Is it vigorous enough? Is it comparable to what the States are doing? Is it stronger than the Americans or weaker than the Americans? Could you talk about that because we have a problem? They found something down in the States. One of these days, we’re going to find something big up here. Can you just talk about the regulatory regime and what you do?

Mr. Routledge: Yes. Money laundering is a crime. There are two ways you can detect a crime. We can detect it through suspicious transaction reports and cash transaction reports. They’re submitted by banks, and they’re just suspicious. They’re not evidence of a crime. The Financial Transactions and Reports Analysis Centre of Canada, or FINTRAC, collects them, and when they have suspicions that are material, they can engage with law enforcement, and law enforcement can take it from there.

I’m going to talk about money laundering cases generally in the United States. Sometimes that has happened. Other times, law enforcement has followed criminals around and detected or observed proceeds from crime being laundered in branches of banks. In either case, law enforcement is following leads, and it’s coming from the bottom up.

The other way — and this is why the integrity and security mandate is so important and why what we’re doing in terms of our organization is so important — is that now, after our mandate changed last year, we can engage with FINTRAC more easily and trade more information. If they detect a pattern of transactions that is concerning and involves a specific institution, they can inform us.

That is a threat to that institution’s security and integrity. OSFI does not have law enforcement, but we can take supervisory activities, shine a light on that activity and, lo and behold, when we do, that activity stops.

The risk here is if we do that and shine a light on activity and it stops, we might be impairing law enforcement, which is why a lot of what we are doing organizationally is trying to connect to different and non-traditional counterparts in the federal government so that we don’t make those types of mistakes.

Senator Marshall: For the additional things that you are doing, are they showing results?

The impression that is being left with at least some Canadians is that you are tracking these transactions of people who aren’t criminals, but we are not hearing anything about the criminals or the money laundering.

You have made changes. Are you seeing the results that you would like to see? They say money laundering is pervasive in Canada. Are you seeing the results that you would like to see? Do you think that you are not there yet?

Mr. Routledge: I can answer “yes” to both questions. Let me explain.

After Parliament changed our mandate, we created a new unit. We call it our National Security Unit, and we have populated it with colleagues. We are literally building it as I speak to you today. It is small. It is 25 to 30 people. It will grow toward 40 people by next year. Their job will be to plug into FINTRAC and national security, as well as border security and law enforcement, and gather this information. It is early days. That is just starting.

My initial take is it is a fairly rich vein of information that helps us identify security and integrity risks at institutions. What we can do, if we are alert and proactive, is we can take action that may shine a light on activities. We are not law enforcement, and I don’t think we should be, but we can at least affect the situation when it threatens an institution.

Senator Galvez: Superintendent, thank you for your presence here today.

A few days ago at the Energy Committee, we received David Dodge. I am sure you know who he is. He said that globally and here in Canada, we have to make an energy transition in order to deal with the threat posed by climate change.

Later, when asked if we are moving quickly enough, he answered:

Are we moving fast enough in this country? The answer is no, we’re not. In part, we’re not because the cost of moving quickly actually means that we’re going to have to divert a share of our national income from consumption to investment.

We all have a degree of myopia in that sense, so we tend to discount future incomes more highly than even the interest rate that we have in the market.

What role do you see for OSFI in ensuring that the investment needed for the energy transition is sufficient and available?

Mr. Routledge: The role of OSFI is going to change with the risk over time.

During my first couple of years in the job, the role of OSFI was to level up climate risk discipline at all the institutions we regulate. We did that through Guideline B-15.

The role of OSFI right now is to take the next two to three years and drive the principles in Guideline B-15 through to action. If we do that, institutions will empirically measure climate risk. What they will find is that the cost of climate risks is high. A sensible board, having empirically measured that cost, will then take — in my view anyway — sensible decisions to mitigate them, and that will create what Mr. Dodge was referring to, or at least it will contribute to the creation of what Mr. Dodge was referring to, which is a shift to more investment in technologies that either adapt to or otherwise respond to climate.

Senator Galvez: When talking about this risk — and it’s increasing — Bloomberg reports that the big oil exit is leaving Canada’s oil sands. Among the big companies and big banks that are leaving, you have Chevron, Shell, Devon Energy, TotalEnergies, BP and Equinor. Over time, since 2010, they are reducing. This constitutes a stranded asset or the risk of a stranded asset increasing.

Considering this statement, Mr. Dodge said that he was concerned of the potential and the risk that is increasing.

How great a risk do stranded assets pose to the Canadian financial sector?

Mr. Routledge: At present, regarding the way we measure it, we would say it probably isn’t that high. It doesn’t mean that’s accurate. It just means that we have a measurement system, and the measurement system produces data, and the data suggests that.

Through our climate risk returns and through our Standardized Climate Scenario Exercise — which is a standardized way of looking at transition risks — our job is to oblige institutions to sharpen their pencils and measure empirically and cost more effectively climate change. When they do that, their recognition of the risk will increase, and their economic decisions will change.

What we lack right now is rigour and precision in measuring that risk. I see that our job, at least as a financial institution regulator, is to improve that precision.

We have done that before. We did that with market risk after the dot-com crash in the early 2000s. We did that with liquidity risk after the global financial crisis in 2008 and 2009. This is a financial risk, and we know how to oblige institutions to up their game.

Senator Galvez: When are you doing that?

Mr. Routledge: Starting now. We have published our regulatory climate returns. Banks will have to measure Scope 1, Scope 2 and Scope 3 emissions across their client base and report them to us.

This fall, we have started what we call our Standardized Climate Scenario Exercise, where we are providing a deterministic set of transition scenarios, and we’re asking banks what it does to their balance sheet and income statement over a multi-year period. Then that illuminates the risk, and, empirically, sounding boards and risk managers will price it better and make better economic decisions.

Senator Yussuff: Thank you, superintendent and colleagues, for being here. I want to return to TD and what we are reading in the media. From two perspectives, I hear you about what you can say, but Canadian depositors — those who hold stock in TD — are now dealing with a debacle over which they had no control. How are they supposed to have confidence in the system, recognizing that the institution did not follow the guidelines? I know there were guidelines. They did not follow the guidelines.

There is a new CEO taking over the bank. The old one is gone with a golden handshake and a “Thank you very much.” The depositors and, equally, the shareholders are left holding the bag, and we are told that we cannot say anything about it because it happened in another jurisdiction.

How can we have confidence in the rules that are there in the first place if we can’t at least learn something of value? We’ve put penalties in place not only with what the Americans have done, but we also impose our own penalties as a country, because TD Bank is not just any bank. It is a Canadian bank.

Assist me in how the public can understand this in a better way.

Mr. Routledge: I share your sentiment. It isn’t pleasant for me to not be as forthcoming as, clearly, you would prefer. You understand it does not matter what I think is pleasant or unpleasant. There is a law, and I follow it.

I can talk about the consequences in the United States. Those are facts. They are in the public domain. The consequences imposed in the United States are consequential for the bank. I would refer you to the bank to obtain their answer to that question. However, as someone who has read the consent orders and the pleas, I can tell you that the consequences are consequential for the bank.

Senator Yussuff: In 2025, many Canadians are going to be dealing with mortgage renewals. I am sure it is on your radar, trying to understand where we are and what is the likelihood of defaults. And if there is, the interest rate is coming down, so that is the positive side. We can all feel good about that.

From the data that you are looking at currently, and also in terms of the new horizon in 2025, do you see any significant risks of defaults from mortgage holders who are having to deal with renewals but also in the context of what strain that might put on the financial institutions going forward?

Mr. Routledge: I don’t have an all-clear message for you. I have good news, though: Despite an extraordinary increase in interest rates, which are now easing back a little bit, and although the housing market has stayed relatively stable — house prices generally haven’t gone up in the last couple of years — 99.8% of Canadians are current on their mortgage. I am delighted that credit risk has been so minimal, or events of loss have been so minimal.

You are right; in 2025, and particularly in 2026, there will be a serious wave of renewals. In general, we have seen over the last two years that Canadians have absorbed higher interest rates and have stayed current on their mortgages.

House prices have stayed level, which means that folks aren’t forced into distressed sales. It is all very good news. That is 10 or 12 years of fairly sound regulation and good decision making by banks.

There are certain pockets that we’re particularly watchful over. About 170,000 Canadian households have variable-rate mortgages with fixed payments, which is a product that could give rise to a substantial increase in monthly payment at renewal, but that number is down from 270,000 about 18 months ago. That tells me that Canadians are self-curing before a more difficult renewal period.

Over the next two years, I believe we will see higher rates of default, but they will remain well below historical averages. That is my expectation.

The Chair: To follow up on that, it was also in the news that OSFI had eased — I cannot give you the chapter and verse — the Guideline B-20 stress test for uninsured mortgages when switching providers. It seems like a small category, but the signal was this: What do you mean that you are easing the rules for that? Can you explain?

Mr. Routledge: That refers to something called a straight switch. That’s when you are a mortgagor, and you come up to your term, and you want to switch your mortgage to a different lender.

You are uninsured, so you have not paid a Canada Mortgage and Housing Corporation, or CMHC, premium or a premium with one of the private mortgage insurers. Under Guideline B-20, until very recently, the new lender would have to underwrite you and apply a stress test. In a rising rate environment, if you were that borrower walking into the new branch, it would feel unfair. Your neighbour with an insured mortgage doesn’t have to do that, but you do. That is unfair. If I were that person, I would feel hard done by.

Regarding the people who switched at renewal before the stress test was in place, the percentage of renewing mortgagors who switched lenders varied between 2% and 6%, and the average was about 4%. Since the application of the stress test, it is the same.

When we looked at it, we thought, “Well, it feels unfair; authentically, it is unfair for a certain group of Canadians. If it is not really a prudential issue, why impose this principle with purity?” So we lightened it a little.

Something we have done, which will help mitigate any risk that might come up that we don’t expect, is that we are implementing something called a loan-to-income test which is something directed at bank portfolios, and that will attenuate any sudden increase in leverage. It has proven to be effective in other countries.

The Chair: Thank you.

Senator Varone: I will return to a phrase mentioned by Senator Loffreda: “know your client.” I will put this through a small business lens.

There are a multitude of small businesses that do cash business. Cash is still an accepted instrument in Canada. We run a family business that does deposits well over the anti-money laundering guidelines because it is a large hospitality group. I have a multitude of clients who do the same thing. They are small businesses; they do not have active managers because they do not have loans, but God forbid they run into a teller who is new. The burden of the crime, in terms of the anti-money laundering reality, falls on the small business. I know first-hand where I’m kept at the teller, and they are trying to verify who I am and the business I’m in because we have a $30,000 deposit that came in from a wedding.

There has to be some methodology. I do not know what it is, but I would like your comments on it. I know you want to stop the criminals. As the chair stated, if all rules worked, there wouldn’t be any criminals, but the burden you are placing with these rules on small businesses is almost intolerable.

Mr. Routledge: I’m talking about banks generally. If a bank in that situation does not have policies and procedures in place to serve its customers well — to serve legitimate customers who happen to take in revenue in bills legitimately — and if it hasn’t trained its employees to differentiate between legitimate uses of cash and someone who appears to be walking in with illicit proceeds of crime, then that institution needs to do better by its customers.

In other words, that is an institutional responsibility. In a competitive banking system, I would hope that there would be competitive players who would notice that gap in the market and develop that expertise so that when a business such as yours needs banking services, you wouldn’t face that.

More competition in a local market would help with that. Could I do anything as the prudential regulator? To be honest, no. That is not our mandate from Parliament.

Senator Varone: You do offer guidelines.

Mr. Routledge: Yes. We can in our guidelines. There is no guideline that says, “Do not take a $30,000 deposit.” There is a guideline that says, “Be aware of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, or PCMLTFA; make sure that you are following through on it, in letter and in spirit, and do it in a responsible way.”

We are not that proscriptive.

Senator Martin: Thank you for being here.

You said something in response to an earlier question that caught my attention. I want to ask you to elaborate on it further. It is the National Security Unit that you mentioned. You said it is fairly new. In light of the TD situation, $3 billion is a huge fine. I am from British Columbia. We have been talking about money laundering for quite some time. You said that it is quite new; it is small.

Mr. Routledge: It is.

Senator Martin: That is concerning to hear. Could you talk more about how it is going to be? Can it address the issue? In what ways will it be expanded?

Mr. Routledge: Yes, it is new. We built it after Parliament changed OSFI’s mandate in response to it. Since COVID, integrity and security as risks have intensified, and this is our response to it.

When it happened, we looked at the legislation and wondered how we could apply this change to our mandate in a responsible way. We recognized that “integrity” and “security” are broad words, but we’ve done a lot of the work on it since the financial crisis because we’ve developed guidelines for cyber risk, third party risk management, corporate governance and culture. All of those are related to security and integrity.

Mr. Yalkin and his team wrote a guideline that said that integrity and security mean these non-financial risks, and we’re supervising that. Then we said that integrity and security also mean risks that we, as an institution, need to improve our awareness of — they’re risks related to money laundering, national security and law enforcement that might implicate our institutions.

It was a new area, so we developed this unit to go out and take in this new information from national security, law enforcement and money laundering — we need people who are familiar with those worlds. We built this unit, basically, so that we can protect information in line with our national security information standards. Then we invite our colleagues in government institutions, where we traditionally haven’t been present, and have those professionals interpret this information and work with our supervisors when there is a serious threat to an institution’s security and integrity.

The answer to your concern is that it is new, and we are building it. It does reflect a growing realization among bank regulators globally that financial risk is usually the weather report on the day of, not the weather report the day before.

Senator Martin: This is related to the risk of, for instance, cyberattacks: Your Risk Report —AI Uses and Risks at Federally Regulated Financial Institutions highlights that by 2026, 70% of financial institutions are expected to integrate AI into their operations, but then that also brings to light potential risks, especially cyberattacks, to these institutions. So it would heighten that risk.

How is OSFI working to ensure that financial institutions implement comprehensive risk management frameworks to safeguard against these vulnerabilities?

Mr. Routledge: I’m going to ask Mr. Yalkin — who wrote our guideline on integrity and security — to talk about that.

Tolga Yalkin, Assistant Superintendent, Regulatory Response Sector, Office of the Superintendent of Financial Institutions: We have a comprehensive guideline in existence. We brought it into existence a few years ago. It is on cyber and tech risk. Although that guideline is not specific to AI, it certainly covers all cyber and tech risks that financial institutions could face.

In that guideline, you’ll see the expectations that we have of financial institutions when it comes to the sound management of those risks — the different systems they need to put in place, who is accountable for what, what they need to do when an issue arises, what they need to report to us, what steps have to be taken and then, after there is a particular incident, for example, what we expect them to do as a consequence when it comes to lessons learned, improving their systems, et cetera.

Like other developments in the external environment, AI has the capacity, as you just pointed out, to heighten the vulnerabilities when it comes to cyber and tech risks. It also potentially offers the opportunity to be a useful tool, for example, with red teaming and being able to use AI in order to identify vulnerabilities that might exist within the systems that financial institutions have.

It’s really an emerging area right now, so we’re working really closely with partners. We work with the FCAC and the Global Risk Institute to get a sense of how AI is developing in the financial sector and how, at the end of the day, it could have an impact on the risk areas we’re active on as a prudential regulator.

Senator Martin: So you have the guidelines, but are the financial institutions in step or up to speed on being able to follow these guidelines? Do they have personnel who will be working on these issues?

Mr. Yalkin: I can’t speak to any specific financial institution, but I can tell you that we work with them on a regular basis to ensure they understand and are implementing our guidelines. We conduct reviews, either comprehensive or targeted reviews, on certain elements of our guideline over the course of time. That occurs over the course of months and years. Also, when incidents occur in a particular financial institution, that often triggers us to look more closely at that institution and make sure they have actually followed our guidelines.

We respond to those situations as they arise.

Senator Fridhandler: We have very much focused today on banking, but as a regulator of federal financial institutions, you monitor many other industries in the financial sector.

First, aside from, perhaps, insurers and trusts, can you tell us who these other players are and whether there are unique issues or concerns relative to those as opposed to what you’ve generally identified as the banking sector concerns?

Mr. Routledge: With respect to?

Senator Fridhandler: The other types of institutions that you regulate, whether those are insurers, which have some very unique characteristics, or trusts. Beyond that, I can’t name them, but you can tell us who they might be.

Mr. Routledge: I’m going to say this out loud to remind myself not to go on for too long, because we do regulate a lot of industries, but let me give you a flavour.

We regulate life insurers, property and casualty insurers, mortgage insurers, reinsurers and certain federal pension plans. We actually have a wide array of non-banking supervisory activities and expertise — 400 institutions, under 100 of which are banks, with the rest being insurers, and then 1,200 federal pension plans.

In the life insurance sector, with interest rates on an upward trajectory over the last few years, it’s very good for life insurers. Generally, we’ve seen strong profitability and improving capitalization for life insurers because of that. As always, when things are good, sometimes companies want to take more risk to generate higher returns. We have our eye on a few areas, the most important of which is the use of alternative assets and the use of private equity managers who like the long-term nature of the liabilities because it allows them to fund more aggressive long-term higher-risk investments.

We keep a pretty good eye on that. In Canada, it’s fair to say we have some pretty astute risk managers. Our vulnerability on that scale is perhaps a little lower than other systems, but we stay curious about the scenario.

With property and casualty, or P&C, insurers and reinsurers, the big issue this year is catastrophe risk. The Insurance Bureau of Canada, which does great work on catastrophe, said our insured losses from catastrophic events was $7.5 billion. The previous high was $4 billion. Moreover, the insurers that we supervise are telling us that 7.5 billion is this year’s high, but five years from today, it will probably not be that high.

We’re worried about all sorts of consequences of that. What happens to coverage? Will there be adequate coverage of homeowners? If there is, what does that mean for the value of bank collateral? Will property and casualty insurers be able to buy catastrophe reinsurance so that they don’t suffer the full measure of costs?

This all returns to my earlier answer about the quantification of climate risk. This is the work we have to do over the next few years to sort that out.

With respect to pension plans, again, higher rates are very good, just like with life insurers, so solvency ratios at federal pension plans are near historic highs. In other words, assets‑to‑liabilities ratios are very good. If interest rates fell dramatically and suddenly, that would change.

Now we do work to make sure there is resiliency for that outcome.

That is a tour d’horizon for the non-banking sector.

The Chair: I am reading a book right now about bank fees, which are particularly high on ATM activity, non-sufficient funds and all of these things.

What, if anything, can you do from a regulatory side to either suggest behaviour, regulate behaviour or monitor behaviour? This is a question that should be dealt with basically through competition, but we don’t have a lot in the banking sector.

Mr. Routledge: My honest answer is this: not very much. I don’t say this gladly, but OSFI’s job includes sound financial conditions, integrity and security. The only real angle that we would have is if an institution were seen to be particularly egregious in a way that affected its reputation. We would intervene at the board of directors and say, “Correct this because it’s affecting your reputation, and, therefore, it threatens your integrity.” But those would be extreme cases, and it would not address the broader issue you’re talking about. The broader issue you’re talking about would be, yes, competition and then consumer protection.

The Chair: I guess you could make this case: This is the subject of newspaper reporting, television, you name it. This is a go-to every six months, which is that bank fees are having this impact on this consumer who can’t take that kind of an increase. We look at it through mortgage hikes or whatever it may be.

It seems to me that the industry is taking a bit of a reputational hit on this right now. Is it an actual discussion point at all?

Mr. Routledge: The way it would flow through generally and realistically is if in the course of their work, the FCAC sanctioned an institution for serious consumer protection deficiencies and if that sanction were viewed as a major reputation, the supervisor who worked for OSFI would bring it to the board of directors, and we could effect it that way.

Just to be clear, that would be a fairly severe case, and it wouldn’t affect the everyday issues.

The Chair: Thank you. I wanted to put that on the record, if we could.

Senator Marshall: Just going back to the National Security Unit, I was looking at the increase in the number of staff over the last number of years. I know that you say it’s early on, but once you get them in place, how are you going to measure how effective they are?

Mr. Routledge: There are two ways. It’s through the number of cases they bring to supervisors. In other words, are you detecting information that is actionable and useful by supervisors? That’s a big part of the job. Are we picking up risks and trends that allow us to intervene earlier to protect an institution’s security and integrity? We’ll need to find that, and I think we will. I think it’s a particularly rich vein. But to be blunt, if we don’t find that information, then we’d have to think again about the utility of that unit. Every unit has to have a purpose.

The other way is to understand from supervisors how well this new unit is integrating with the supervisory process. As you might imagine, bank supervisors have a particular way of doing things. Law enforcement experts — people who have a national security background or FINTRAC background — have a different way. A key part of the job is making sure the organization is working effectively and collaboratively, because there is inevitable conflict. They’re managing their conflict and their tensions productively.

Two weeks ago, I was speaking to a group of new hires in this unit, and I said that the best thing I’ve heard in the last couple of months is modest reports of frustrations and tensions, such as, “How do we work together? We don’t know. Well, you should do this. You should do that.” That’s good. That tells me the group is engaging. If they have the right leadership, which we do, they’ll solve problems, and we’ll get a good workable way to figure this out.

Senator Marshall: How can you measure whether you find instances of money laundering? How do you get your hands around that?

Mr. Routledge: That’s a great question. In the case of the United States, that came through law enforcement. The way we would find it directly is we would get reports from our colleagues in law enforcement or money laundering or the Canada Border Services Agency or national security, and we would identify some sort of pattern at an institution or institutions. Then we would, in particular, look to any evidence that those partners had, and of particular utility would be suspicious transaction reports from FINTRAC. We would do due diligence on that evidence to see if it was indicative of a pattern that required a security and integrity intervention at a financial institution.

We’re early days, and we’re figuring that out. We’re a constitutional monarchy with the rule of law. No one is above the law, including officials in government. What we’re trying to do is figure out how to do that in a responsible way.

Senator Marshall: I’m an accountant, so I’m looking at the numbers. Would you measure it by you finding one instance of money laundering, or you could attach a dollar amount to it and say it’s $50 million? Have you thought that far ahead?

Mr. Routledge: We’re not that far along to get to measuring money laundering flows, but we can measure interventions at institutions. That would be the initial data point we would look to. Over time, as we have more events, perhaps we could do that.

Senator Marshall: As Senator Varone was saying, if it is an intervention for a law-abiding citizen who is just trying to do business, I don’t think that should be factored in.

Senator Loffreda: Just to continue on that, although my question is on artificial intelligence, I believe “know your client” is key. You really have to stress with the banks to know their clients. If they know their clients, the money laundering becomes easy to spot and supervise and access. When you don’t know the market — TD in the U.S. probably didn’t know the market as well as Canada — you get caught. HSBC was caught all over the world.

OSFI released a new framework to strengthen financial institutions’ resilience to cyberattacks, and your news release was from April 21, 2023. Are the financial institutions adapting to that press release and those guidelines that you put out there? What is the new threat? Are we secure? Are our financial institutions secure enough?

More importantly, we just saw in the news and everywhere that there is a heightened risk for cyberattacks in Canada by countries such as Russia, China and India, with new developments. Will you be releasing new guidelines? I mean, it is dynamic. It’s not static. April 2023 is almost obsolete by now, I would assume.

Mr. Routledge: I don’t know if we would release new guidelines. We have a responsibility to keep our cyber risk guideline up to date. At some point in the relatively near future, we’ll have to cycle through the cyber risk guideline and ask our institutions for their feedback and then also analyze the environment and make sure that we think it is fit for purpose. That would be a natural part of our regulatory process.

The first question was this: Are Canadian banks protected against cyber-threats, and do they believe they’re protected against cyber-threats? I would say Canadian financial institutions that are well capitalized and generally profitable do invest heavily in cyberdefences, and I feel comfortable that they’ve been responsible.

I would feel uncomfortable if any bank CEO or chairman of the board or board member said, “Yes, we figured it out, and there is nothing to worry about.”

The nature of cyber risk is always to be paranoid and always ask, “If we put up this defence, where is it going to come next time?” What’s more important than — or it is at least as important as — putting up the defences is thinking about how threat actors might penetrate the new defences that you have put in.

That’s where our cyber risk guideline — if we use it smartly — can be a real aid. We can go to boards and say, “You have our guideline. Have you thought about what is missing from the guideline? Or have you thought about tightening a particular area of the guideline where you’re seeing more vulnerabilities?” Through the supervisory process, we can ask questions and improve it.

There will be future cyberattacks that we’ll learn things from, and we’ll have to become better. We will look back and say, “I wish we had done more on that area of protection.” That’s just inevitable with this threat.

Senator Galvez: Mr. Routledge, every year I go to the Conference of the Parties, or COP, on climate or the COP on biodiversity. For decades, I have been interested to hear that our pension plans, our insurance and our banks are investing in renewable energy in Brazil, Mexico, Japan and Germany and in carbon markets in these countries.

That impacts our innovation. That impacts our competitiveness. Therefore, it impacts our productivity.

Beyond the guidelines in Guideline B-15, how can OSFI reverse that? Or are we happy that our money is increasing innovation and competitiveness elsewhere in the world?

Mr. Routledge: I actually have an answer. It’s not the first time I’ve said this. A climate risk taxonomy would be very helpful to us. If we had one in place that was broadly accepted by all participants in the economy, I would go to the regulated institutions in OSFI’s space —

Senator Galvez: You mean a green taxonomy, not a transition taxonomy?

Mr. Routledge: A taxonomy that classifies assets along the dimensions of vulnerability to climate change. A taxonomy that differentiates that risk more precisely. If I had that, I could go to financial institutions and say, “Tell me how to get better on our capital weightings.” Liquidity probably wouldn’t hurt it, but certainly capital can make a major difference. If it would, I believe that as relative capital weightings change, banks will make different decisions about where they lend their marginal dollar. I’m open for business if there is an accepted taxonomy of climate risk assets to look at how our capital rules might be changed to encourage more productive investment.

We’re already starting that with life insurers in infrastructure assets, which would tend to lower greenhouse gas emissions and improve infrastructure elements like public transportation. We’re talking with the insurers about that. We would be happy to talk to the banks about that. It would be great to have this accepted made-in-Canada taxonomy that we could use, as supervisors, to make common-sense changes to our capital rules that added to improve the investment for the future.

Senator C. Deacon: Thank you again, superintendent. Having your team here is a tremendous learning opportunity for all of us, and I’m grateful for all you do and also for the time you’ve taken to be with us. I have a lightning round — three fast questions. I want to make sure I heard it right: Our banks are not required to record and report the incidents of bank-related fraud in Canada to OSFI.

Mr. Routledge: Not to us.

Senator C. Deacon: Thank you. The other question is this: Five senators have now asked about the TD Bank incident. I am surprised that OSFI is prevented by law from speaking to any specifics related to that. Do any of your international counterparts have that same restriction, or are there international counterparts that do not have that restriction? Can you give us some examples in that regard, or similar restrictions?

Mr. Routledge: I’ll preface this by saying that any advice on the law I will reserve for the minister and only the minister.

Senator C. Deacon: I’m looking for examples of jurisdiction.

Mr. Routledge: First, in the United States, in the case you referenced for TD Bank, you would have seen that the Federal Reserve and the Office of the Comptroller of the Currency issued consent orders. As I said publicly, consent orders generally read very similarly to our supervisory letters. Our supervisory letters are something we send regularly to institutions.

Second, in Australia, in certain circumstances, the superintendent equivalent there can communicate to the market his concerns about deficiencies at a bank and the remedies he’s taken, including capital charges or additional capital buffers. He did that with an Australian bank very recently.

Other jurisdictions have laws that permit transparency in specific circumstances.

Senator C. Deacon: Thank you very much. My last question is this: The U.K. has had what they call the Digital Regulation Cooperation Forum, or DRCF, for a number of years, and it includes — at least in part — one of your counterparts, the Financial Conduct Authority, or FCA. In Canada, there is a new forum starting up. I have to believe that your membership would be enormously welcome there. We’ve noted that the Privacy Commissioner and the Commissioner of Competition, for example, are restricted in how much they can talk about in terms of specific instances, but I have to believe it’s very helpful for them to be able to share learnings and experiences globally. The Canadian Radio-television and Telecommunications Commission, the Competition Bureau, the Office of the Privacy Commissioner of Canada and the Copyright Board of Canada have joined. I just wanted to ask you about the extent to which you’re aware of that.

Mr. Routledge: I’m aware of it now, and I’m very interested. A challenge we have over the next five years is to deal with the digitalization of banking. There are great innovators outside the regulated system, and I would love to make the OSFI-regulated system more attractive to them, because I think innovation that flows through a regulated system is a lot healthier for the economy and for the financial system than innovation that crops up outside. Witness the crypto winter as an example of that — securitization in the early 2000s.

We are very interested in any forum we can leverage for that purpose.

Senator C. Deacon: That’s wonderful to hear. Thank you for taking the time to be with us today.

Senator Yussuff: I want to come back to the issue of how we are aware of how much illegal transactions are happening and the money laundering in the system. It’s illegal to money launder. We know the institution can’t be involved. But regarding the degree to which they have to report and you’re monitoring, is it fair to ask you how much the bank tells you about incidents in which they have actually discovered something that was about to happen and you were able to have some certainty that the system that we have in place is working? More importantly, we can all learn from the disclosure aspect of it because one institution will tell you something where you can certainly point that out, indicating that we should pay attention to it because that institution brought it to our attention.

Mr. Routledge: I’m going to hand it to my colleague Angie Radiskovic who has more experience in this field than me.

Angie Radiskovic, Assistant Superintendent and Chief Strategy and Risk Officer, Office of the Superintendent of Financial Institutions: Good afternoon, senators. The challenge about effectiveness — I too am an accountant — is the denominator in terms of determining effectiveness is unknown because it’s hidden activity by its nature.

We become aware of anything material through our discussions with institutions at the senior management level in the day-to-day supervisory work, so we do hear those stories from institutions. That is a great question to ask the anti-money laundering regulator in Canada because they may have a better sense in terms of effectiveness of the regime.

Senator Yussuff: Credit unions are provincial creatures, but they play an incredible role overall in the economy right across the system, and Canadians are very engaged where they exist in the history and relationship.

To what degree do you collaborate with your provincial counterparts in terms of advice and experience to better help, of course, bring oversight to credit unions in the responsibility that they have?

Mr. Routledge: We consider them peers and colleagues. I take actions to reach out to my provincial peers, and they call me. There is a fairly regular cadence.

We supervise three federal credit unions across the country from coast to coast. There is an avenue for credit unions to join the federal system. By virtue of that overlap, the amount of integration and collaboration is going up. For example, in 2023, during the crisis in the United States banking system, we convened regular touch points with our provincial peers just for situational awareness on both sides — if we spoke to the head of the BC Financial Services Authority, or BCFSA, for example, or the Financial Services Regulatory Authority of Ontario or Quebec’s Autorité des marchés financiers, or AMF, we said, “Here is what we are seeing in the federal system. Tell us what is going on; what are you seeing?”

It improves your ability to crisis manage in the moment.

Other times, we have collaborated with the AMF in Quebec on climate, and we’re proud of this. Our Standardized Climate Scenario Exercise is a joint effort with the AMF. It is a common problem. Climate risk doesn’t affect just banks; it also affects credit unions, and we work on it collaboratively.

On my credit union peers, if there is a tough regulatory issue like a 51-49 decision and if I cannot quite figure it out, I will call them up and ask, “What do you think?” A lot of times, they will stiffen my backbone and say, “No, you have to be tough here.”

We at OSFI pride ourselves on our outreach. We respect jurisdictions and collaborate on problem solving.

Senator Fridhandler: I want to return to your earlier comments on the insurance industry, particularly the P&C and related reinsurance players, because you identified catastrophic events as a risk. That is usually in the rear-view mirror in that something happens.

I have two questions. What percentage of the P&C business is federal versus provincial so that we understand where that is happening? I’d like to get a comfort level that P&C insurers and policyholders who are relying on them have sufficient coverage that catastrophic events are not going to trigger receiverships and the inability for insurers to respond to other events.

Mr. Routledge: I do not know the percentage breakdown between federal and provincial. You are absolutely right; there are P&C insurers that are exclusively provincial and therefore regulated provincially, and there are federal ones, obviously. I do not know the number. I could come back to the committee on it.

Right now, reinsurance — as far as we understand, and we have done a lot of work on it — has been there for P&C insurers in our sector. It is reasonable to conclude, if that is the case, that it is likely to be the case with provincial insurers, though I don’t supervise them.

As climate costs rise, as there are more natural catastrophes — and they are more costly — reinsurance rates will go up. Attachment points, or the point at which reinsurers start to pay back the primary insurers, will rise. So primary insurers will take more risk. When they take more risk, they will look at their policies and change them to lower their risk so that people can still afford the premium, but the coverage won’t be the same.

For house insurance, for example, we worry about what happens if there is a sizable flood somewhere and, unfortunately, it destroys the collateral. The mortgagor still has the mortgage.

Climate risk does have systemic consequences that we have to start thinking about. This is why our Guideline B-15 work — which is green eyeshades, heads down and really trying to empirically measure this — is so critical to long-term financial resilience in our country.

Senator Fridhandler: Is there anything in our system beyond reinsurance, such as some kind of reserve fund or response, where in the case of insolvency of an insurer, there is a backup or a Plan B?

Mr. Routledge: There is. The resolution authority for P&C insurers in Canada is called PACICC. It is industry funded. We work closely with them.

PACICC is a mechanism by which the industry contributes funds — it is a fund — and if an insurer gets into trouble or fails, there are funds available to make good on the claims that the failed insurer may have issued.

I would invite you to bring in Alister Campbell, who is a good friend of mine, to come and talk to the committee. He is genuinely thoughtful and a great risk manager, and he could explain how PACICC works.

It is our job to work closely with the PACICC team to make sure that when we regulate, we are keeping an eye on the resolution responsibilities of PACICC.

The Chair: It’s a good suggestion. And we are talking to your FINTRAC colleagues tomorrow. Thank you for your time today. Mr. Routledge, I know that you have been battling a cold and sore throat, so we appreciate you answering our questions so fully. We will see you again soon, I hope, as we continue this new relationship with OSFI.

Ladies and gentlemen, that is it for our agenda today. Thank you very much.

(The committee adjourned.)

Back to top