Determined through collaboration from our members
Regulatory Intensity and Divergence
We expect regulatory supervision and scrutiny to continue throughout 2025 leading regulators to require more rapid remediation and focus on risk management, governance and compliance controls. In 2024 we saw U.S. regulators inflict hefty fines on Canadian banks raising the question of whether Canadian regulators are holding Canadian banks to the same standard as other jurisdictions. We expect further regulatory divergence in areas such as artificial intelligence and climate in 2025.
Impact: Financial institutions will need to further strengthen and invest in risk management practices and compliance deficiencies.
Opportunity: Industry and regulatory collaboration will be essential to promote international regulatory alignment and standardization to ensure Canadian banks are not disadvantaged.
Culture and Conduct
In November 2024, OSFI released a notification on Culture Risk Management which supersedes the previously framed draft guidance. Its sets out expectations on accountability and governance -providing quite granular guidance on how culture risks should be managed in the appendix. We expect greater regulatory focus on ‘risk culture’ yet changing legacy risk and accountability structures will not be a straightforward task. Completing priorities and resource constraints will also impede progress.
Impact: Financial institutions will need to invest in new talent and assess and make changes to their risk culture to ensure there is frequent engagement and communication between risk oversight teams and senior leadership. Enhanced modeling capabilities, scenario testing and expanded risk measures as well as an effective feedback loop will be needed to meet regulatory expectations.
Opportunity: There is an opportunity for the industry to come together to define qualitative and quantitative risk measures and discuss integration challenges and risk mitigation strategies.
Cyber Security and Information Protection
Cyber security risk will remain a key concern for Canadian organizations throughout 2025. We expect Canadian regulators to remain concerned about information security and protection, foreign interference and the interconnectedness of transactions, including the use of third parties AI technology products and services.
Impact: Spending on cyber and technology risk will dominate budgets throughout 2025 particularly protecting critical infrastructures, strengthening operational resilience, data management and incident management.
Opportunity: Join the CRTA AI forum to contribute to our work to establish standard controls for providers of AI technology products and services.
Comentarios