2020 Fall Reports of the Auditor General of Canada to the Parliament of Canada Independent Auditor’s ReportReport of the Auditor General of Canada to the Board of Directors of the Canada Deposit Insurance Corporation—Special Examination—2020
2020 Fall Reports of the Auditor General of Canada to the Parliament of CanadaReport of the Auditor General of Canada to the Board of Directors of the Canada Deposit Insurance Corporation—Special Examination—2020
Independent Auditor’s Report
Table of Contents
- Introduction
- Findings, Recommendations, and Responses
- Conclusion
- About the Audit
- List of Recommendations
- Exhibits:
- 1—Deposit insurance coverage provided by the corporation
- 2—Corporate governance—Key findings and assessment
- 3—Strategic planning—Key findings and assessment
- 4—Corporate risk management—Key findings and assessment
- 5—Management of members’ risk—Key findings and assessment
- 6—Management of resolution—Key findings and assessment
Introduction
Background
1. Since 1967, the Canada Deposit Insurance Corporation has helped protect the savings of millions of Canadians. Under its enabling legislation, the Canada Deposit Insurance Corporation Act, this Crown corporation is mandated to
- provide insurance against the loss of part or all of deposits in member institutions (Exhibit 1)
- promote and otherwise contribute to the stability of the financial system in Canada
- pursue both these goals while minimizing the corporation’s exposure to loss
- act as the resolution authority for members—that is, prepare for and resolve the failure of a member institution to protect eligible deposits
Exhibit 1—Deposit insurance coverage provided by the corporation
At the time of our audit
Covered by the corporation
Eligible deposits held in each member institution up to a maximum of $100,000 (principal and interest combined) separately in each of the following:
- deposits held in one name
- joint deposits
- trust deposits
- registered retirement savings plans
- registered retirement income funds
- tax-free savings accounts
- deposits held for paying taxes on mortgaged property
Eligible deposits
- savings accounts and chequing accounts
- term deposits, such as guaranteed investment certificates, of 5 years or less
- money orders and bank drafts issued by member institutions, and cheques certified by them
Deposits must be payable in Canada, in Canadian currency.
Not covered
Mutual funds, stocks, foreign currency deposits (including those in AmericanUS dollars), and digital and cryptocurrencies
Upcoming changes resulting from 2018 amendments to the Canada Deposit Insurance Corporation Act
Effective on 30 April 2020
- expanded coverage of eligible deposits held in foreign currencies
- extended coverage of eligible deposits with terms longer than 5 years
- elimination of coverage for travellers’ cheques
Effective on 30 April 2021
- separate coverage for up to $100,000 in eligible deposits held under registered education savings plans
- separate coverage for up to $100,000 in eligible deposits held under registered disability savings plans
- removal of separate coverage for deposits in mortgage tax accounts (instead, deposits to be combined with eligible deposits in other categories)
- new requirements for deposits held in trust, enhancing the corporation’s ability to protect these deposits and reimburse them quickly in case of failure of a member institution
Source: Based on information from the Canada Deposit Insurance Corporation’s 2019 Annual Report and website
2. The corporation reports to Parliament through the Minister of Finance. It is funded entirely by premiums paid by its member institutions. These include banks, trust companies, loan companies, federal credit unions, and credit associations.
3. A stable financial system is a key support for a healthy economy. A number of federal government organizations work together to provide what the corporation refers to as Canada’s “financial safety net.” Aside from itself, the corporation identifies 4 other safety net agencies:
- The Department of Finance Canada is responsible for policies and legislation related to federal financial matters.
- The Office of the Superintendent of Financial Institutions Canada supervises banks and other federally regulated financial institutions.
- The Bank of Canada generally promotes the country’s economic and financial welfare. It also oversees Canada’s clearing, payments, and settlement system.
- The Financial Consumer Agency of Canada works to strengthen oversight of consumer issues and expand consumer education in the financial sector.
4. As of 31 March 2019, the corporation had 85 member institutions. These included Canada’s 6 largest banks: the Bank of Montreal, the Bank of Nova Scotia, the Canadian Imperial Bank of Commerce, the National Bank of Canada, the Royal Bank of Canada, and the Toronto-Dominion Bank. Also included were other deposit-taking institutions providing residential or commercial mortgages, business loans, consumer loans and credit cards, and fee-based services. The corporation has its headquarters in Ottawa and has approximately 120 full-time employees.
5. As of the same date, the corporation insured deposits totalling $807 billion. This compared with $512 billion of insured deposits at the time of our 2010 special examination report.
6. Since our last special examination, Parliament has amended the corporation’s enabling legislation. Some of the changes have come into effect—for example, the introduction of an additional resolution tool to be used specifically for Canada’s largest banks (see paragraph 36). Some changes have yet to come into force, such as the expansion of the corporation’s deposit insurance coverage (see Exhibit 1).
7. The past decade has brought technological developments that could have an impact on the corporation’s ability to fulfill its mandate. For example, social media platforms can spread news of instability at a member institution instantaneously, and customers can easily move their deposits to a different institution electronically. These developments heighten the risk that a large number of customers will withdraw their deposits at the same time, creating liquidity problems for the member institution.
8. The corporation has acted to adapt to its changing environment and ensure a systematic, comprehensive approach to managing a crisis. The measures it has implemented include the following:
- Since 2012, amendments to the Canada Deposit Insurance Corporation Act have provided the corporation the authority to enter into agreements with other parties to share information and coordinate actions for resolution. It has entered into information and cooperation agreements with domestic and international regulators.
- Since 2016, it has refocused its public awareness activities to keep Canadians better informed about the corporation and its deposit insurance program.
- In 2018, it appointed its first Chief Risk Officer, responsible for risk management of the corporation’s operations. In addition, it established a Centre of Excellence for Crisis Simulations in 2019 (see paragraph 38).
- In 2019, it merged its Insurance and Risk Assessment Division with its Resolution Division so that it can identify problems early and take coordinated, timely action.
Focus of the audit
9. Our objective for this audit was to determine whether the systems and practices we selected for examination at the Canada Deposit Insurance Corporation were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively, as required by section 138 of the Financial Administration Act.
10. In addition, section 139 of the Financial Administration Act requires that we state an opinion, with respect to the criteria established, on whether there was reasonable assurance that there were no significant deficiencies in the systems and practices we examined. A significant deficiency is reported when the systems and practices examined do not meet the criteria established, resulting in a finding that the corporation could be prevented from having reasonable assurance that its assets are safeguarded and controlled, its resources are managed economically and efficiently, and its operations are carried out effectively.
11. On the basis of our risk assessment, we selected systems and practices in the following areas:
The selected systems and practices, and the criteria used to assess them, are found in the exhibits throughout the report.
12. More details about the audit objective, scope, approach, and sources of criteria are in About the Audit at the end of this report.
Findings, Recommendations, and Responses
Corporate management practices
The corporation had good corporate management practices, but compensation was lower for the President and Chief Executive Officer than for other executives, and there was a weakness in risk management
13. We found that the corporation had good practices for corporate governance, strategic planning, and risk management. However, we found that the compensation range for the President and Chief Executive Officer was lower than the compensation ranges for the corporation’s other executives. We also found that the corporation did not set out its risk appetite and risk tolerance levels.
14. The analysis supporting this finding discusses the following topics:
15. The corporation’s Board of Directors consists of the Chairperson and up to 5 other private sector members. In addition, 5 director positions are reserved for
- the Governor of the Bank of Canada
- the Deputy Minister of Finance
- the Commissioner of the Financial Consumer Agency of Canada
- 2 members from the Office of the Superintendent of Financial Institutions Canada (that is, the Superintendent, and a deputy or other senior officer)
In 2018, all of the 5 private sector directors were new appointees.
16. The board has formed the following committees:
- Audit Committee
- Governance and Human Resources Committee
- Risk Committee
17. The board has a charter outlining its mandate, including operational principles and expectations.
18. The board oversees the strategic direction of the corporation and ensures that significant business risks are identified and well managed.
19. Our recommendations in this area of examination appear at paragraphs 24, 25, and 30.
20. Analysis. We found that the corporation had good governance practices. However, the compensation range for the President and Chief Executive Officer was lower than the compensation ranges for the corporation’s other executives (Exhibit 2).
Exhibit 2—Corporate governance—Key findings and assessment
21. Weakness—Board appointments and competencies. We found that during the period covered by the audit, the compensation range for the President and Chief Executive Officer was lower than the ranges for the corporation’s other executives. The Governor in CouncilDefinition i sets the compensation range for the President and Chief Executive Officer. The Board of Directors established the compensation ranges for other executive positions on the basis of market standards.
22. This weakness matters because the discrepancy could limit the corporation’s ability to attract and retain qualified individuals to the President and Chief Executive Officer position, putting at risk the management of the corporation.
23. We also found that the corporation did not publicly disclose executive compensation—for example, in its annual report. Compensation is one of the corporation’s largest operational expenditures. Disclosing executive compensation or salary structures would promote transparency and be in accordance with the practice in government and the financial industry. Disclosure would also help stakeholders better understand salary structures and issues related to them.
24. Recommendation. The corporation should continue to engage with its responsible Minister and the Privy Council Office to address the issue related to the President and Chief Executive Officer’s compensation.
The corporation’s response. Agreed. The corporation will continue to engage with its responsible Minister and the Privy Council Office to review the total compensation structure of the President and Chief Executive Officer position in light of the expansion of the corporation’s mandate, legislative framework, and powers. The objective is to ensure that the corporation continues to have the ability to attract and retain qualified candidates for the President and Chief Executive Officer position.
25. Recommendation. The corporation should consider disclosing its compensation framework as well as the total compensation for its executive positions (for example, in its annual report), to be in line with the practice in government and the financial industry.
The corporation’s response. Agreed. The corporation will improve executive compensation transparency for Canadians while protecting the privacy of all its employees. To support this commitment, the corporation will conduct a review of the annual disclosures of both the compensation framework and the total compensation for senior executive positions of peer organizations in government and in the financial industry.
26. Analysis. We found that the corporation had good systems and practices for strategic planning (Exhibit 3).
Exhibit 3—Strategic planning—Key findings and assessment
27. Analysis. We found that the corporation had good systems and practices to manage risk. However, it had not set out its risk appetite and risk tolerance levels (Exhibit 4).
Exhibit 4—Corporate risk management—Key findings and assessment
28. Weakness—Risk monitoring and reporting. We found that the corporation had not set out its risk appetite and risk tolerance levels to guide management decision making.
29. This weakness matters because risk appetite and tolerance levels would help the corporation identify a need for action; make informed, risk-based decisions; allocate resources; set priorities; and achieve corporate objectives.
30. Recommendation. The corporation should include risk appetite and risk tolerance levels in its risk identification and assessment processes.
The corporation’s response. Agreed. By March 2020, the corporation will transform its Enterprise Risk Management (ERM) program. The corporation has instituted a Risk Committee of the Board of Directors to provide oversight of the program and appointed a Chief Risk Officer to lead this effort. The corporation will articulate its risk appetite, define its risk tolerance levels, and develop an ERM framework. The corporation’s ERM program will drive strategic resource allocation and will guide management’s decision making going forward.
Management of operations
The corporation had good practices for managing its operations
31. We found that the corporation had good practices for managing its operations.
32. The analysis supporting this finding discusses the following topics:
33. The corporation provides deposit insurance against the loss of eligible deposits at member institutions in the event of a failure. The corporation insured deposits amounting to $807 billion as of 31 March 2019.
34. The corporation has a member risk assessment process, which actively monitors and assesses the ongoing performance of member institutions and their risk of failure. The purpose is to identify problems early so that appropriate action can be taken. The corporation uses a risk-based monitoring strategy, under which the level of monitoring is commensurate with the member institution’s level of risk. To help determine risk levels, the corporation has access to information from its member institutions and other financial safety net partners.
35. The corporation is Canada’s resolution authority—that is, to protect eligible deposits, it takes the lead in handling the possible failure of its member institutions. The corporation has a number of tools that it can use to help resolve a member institution’s failure.
36. The resolution tools used will differ depending on the size of the member institution. For example, an amendment to the Canada Deposit Insurance Corporation Act that came into force in 2018 added “bail-in” to the corporation’s suite of resolution tools. The bail-in tool is to be used only for Canada’s largest banks. The tool allows the corporation to take temporary control of a failing member institution and help restore it to viability by converting some of its debt into common shares.
37. For small to medium-sized member institutions, the corporation has various other mechanisms that it can use to protect depositors while minimizing its exposure to loss. The circumstances would determine which tool it selects. Among the factors to be considered are the size and complexity of the institution, as well as the current availability of private sector solutions. The tools available to the corporation include helping the institution become viable again, restructuring the institution, and reimbursing insured deposits.
38. The last time that the corporation experienced a member failure was in 1996. The corporation maintains a state of readiness through regular simulation exercises. These involve various scenarios featuring different sizes of member institutions, different resolution tools, different types of assets, and multiple concurrent member failures. The corporation’s readiness preparation also includes reviewing the lessons learned from failures experienced by its counterparts in other countries.
39. We made no recommendations in this area of examination.
40. Analysis. We found that the corporation had good systems and practices to manage its members’ risk (Exhibit 5).
Exhibit 5—Management of members’ risk—Key findings and assessment
41. Analysis. We found that the corporation had good systems and practices to manage its readiness to resolve the failure of a member institution (Exhibit 6).
Exhibit 6—Management of resolution—Key findings and assessment
Conclusion
42. In our opinion, on the basis of the criteria established, there was reasonable assurance that there were no significant deficiencies in the corporation’s systems and practices we examined. We concluded that the Canada Deposit Insurance Corporation maintained its systems and practices during the period covered by the audit in a manner that provided the reasonable assurance required under section 138 of the Financial Administration Act.
About the Audit
This independent assurance report was prepared by the Office of the Auditor General of Canada on the Canada Deposit Insurance Corporation. Our responsibility was to express
- an opinion on whether there was reasonable assurance that during the period covered by the audit, there were no significant deficiencies in the corporation’s systems and practices we selected for examination
- a conclusion about whether the corporation complied in all significant respects with the applicable criteria
Under section 131 of the Financial Administration Act, the corporation is required to maintain financial and management control and information systems and management practices that provide reasonable assurance of the following:
- Its assets are safeguarded and controlled.
- Its financial, human, and physical resources are managed economically and efficiently.
- Its operations are carried out effectively.
In addition, section 138 of the act requires the corporation to have a special examination of these systems and practices carried out at least once every 10 years.
All work in this audit was performed to a reasonable level of assurance in accordance with the Canadian Standard on Assurance Engagements (CSAE) 3001—Direct Engagements, set out by the Chartered Professional Accountants of Canada (CPA Canada) in the CPA Canada Handbook—Assurance.
The Office of the Auditor General of Canada applies the Canadian Standard on Quality Control 1 and, accordingly, maintains a comprehensive system of quality control, including documented policies and procedures regarding compliance with ethical requirements, professional standards, and applicable legal and regulatory requirements.
In conducting the audit work, we complied with the independence and other ethical requirements of the relevant rules of professional conduct applicable to the practice of public accounting in Canada, which are founded on fundamental principles of integrity, objectivity, professional competence and due care, confidentiality, and professional behaviour.
In accordance with our regular audit process, we obtained the following from the corporation:
- confirmation of management’s responsibility for the subject under audit
- acknowledgement of the suitability of the criteria used in the audit
- confirmation that all known information that has been requested, or that could affect the findings or audit conclusion, has been provided
- confirmation that the audit report is factually accurate
Audit objective
The objective of this audit was to determine whether the systems and practices we selected for examination at the Canada Deposit Insurance Corporation were providing it with reasonable assurance that its assets were safeguarded and controlled, its resources were managed economically and efficiently, and its operations were carried out effectively, as required by section 138 of the Financial Administration Act.
Scope and approach
Our audit work examined the Canada Deposit Insurance Corporation. The scope of the special examination was based on our assessment of the risks the corporation faced that could affect its ability to meet the requirements set out by the Financial Administration Act.
In performing our work, we reviewed key documents related to the systems and practices selected for examination. We tested the systems and practices in place to obtain the required level of audit assurance. We also examined a selection of activities, such as risk assessment of member institutions, resolution planning for member institutions, and crisis simulations. The activities were selected on the basis of assessed risk and professional judgment.
We also interviewed members of the Board of Directors, senior management, and other employees of the corporation. In addition, we observed meetings of the Board of Directors and its committees.
We did not examine the systems and practices of the Canada Deposit Insurance Corporation’s subsidiary, Adelaide Capital Corporation, because it is not wholly owned and is therefore not subject to the Financial Administration Act.
The systems and practices selected for examination for each area of the audit are found in the exhibits throughout the report.
In carrying out the special examination, we did not rely on any internal audits.
Sources of criteria
The criteria used to assess the systems and practices selected for examination are found in the exhibits throughout the report.
Corporate governance
Meeting the Expectations of Canadians: Review of the Governance Framework for Canada’s Crown Corporations, Treasury Board of Canada Secretariat, 2005
Corporate Governance in Crown Corporations and Other Public Enterprises—Guidelines, Department of Finance Canada and Treasury Board of Canada Secretariat, 1996
Corporate Governance Guideline, Office of the Superintendent of Financial Institutions Canada, 2018
20 Questions Directors Should Ask about Risk, Canadian Institute of Chartered Accountants, 2006
Performance Management Program for Chief Executive Officers of Crown Corporations—Guidelines, Privy Council Office, 2016
Practice Guide: Assessing Organizational Governance in the Public Sector, The Institute of Internal Auditors, 2014
Strategic planning
20 Questions Directors Should Ask about Strategy, Canadian Institute of Chartered Accountants, 2012
Guidelines for the Preparation of Corporate Plans, Treasury Board of Canada Secretariat, 1996
Recommended Practice Guideline 3, Reporting Service Performance Information, International Public Sector Accounting Standards Board, 2015
Corporate risk management
20 Questions Directors Should Ask about Risk, Canadian Institute of Chartered Accountants, 2006
Enterprise Risk Management—Integrating with Strategy and Performance, Committee of Sponsoring Organizations of the Treadway Commission, 2017
Control Objectives for Information and related TechnologyCOBIT 5 Framework—APO13 (Manage Security), BAI10 (Manage Configuration), DSS05 (Manage Security Services), MEA03 (Monitor, Evaluate and Assess Compliance with External Requirements), Information Systems Audit and Control AssociationISACA
Operational management
Plan-Do-Check-Act management model adapted from the Deming Cycle
Key Attributes of Effective Resolution Regimes for Financial Institutions, Financial Stability Board, 2014
Best Practices in Crisis Management Planning, Tamara Parris, 2017
Organisation for Economic Co-operation and DevelopmentOECD Risk Management: Strategic Crisis Management, Organisation for Economic Co-operation and Development, 2013
20 Questions Directors Should Ask About Crisis Management, Canadian Institute of Chartered Accountants, 2008
Period covered by the audit
The special examination covered the period from 1 January to 31 October 2019. This is the period to which the audit conclusion applies.
Date of the report
We obtained sufficient and appropriate audit evidence on which to base our conclusion on 26 November 2019, in Ottawa, Canada.
Audit team
Principal: Normand Lanthier
Director: Laurie Girard
List of Recommendations
The following table lists the recommendations and responses found in this report. The paragraph number preceding the recommendation indicates the location of the recommendation in the report, and the numbers in parentheses indicate the location of the related discussion.
Corporate management practices
Recommendation | Response |
---|---|
24. The corporation should continue to engage with its responsible Minister and the Privy Council Office to address the issue related to the President and Chief Executive Officer’s compensation. (20 to 23) |
The corporation’s response. Agreed. The corporation will continue to engage with its responsible Minister and the Privy Council Office to review the total compensation structure of the President and Chief Executive Officer position in light of the expansion of the corporation’s mandate, legislative framework, and powers. The objective is to ensure that the corporation continues to have the ability to attract and retain qualified candidates for the President and Chief Executive Officer position. |
25. The corporation should consider disclosing its compensation framework as well as the total compensation for its executive positions (for example, in its annual report), to be in line with the practice in government and the financial industry. (20 to 23) |
The corporation’s response. Agreed. The corporation will improve executive compensation transparency for Canadians while protecting the privacy of all its employees. To support this commitment, the corporation will conduct a review of the annual disclosures of both the compensation framework and the total compensation for senior executive positions of peer organizations in government and in the financial industry. |
30. The corporation should include risk appetite and risk tolerance levels in its risk identification and assessment processes. (27 to 29) |
The corporation’s response. Agreed. By March 2020, the corporation will transform its Enterprise Risk Management (ERM) program. The corporation has instituted a Risk Committee of the Board of Directors to provide oversight of the program and appointed a Chief Risk Officer to lead this effort. The corporation will articulate its risk appetite, define its risk tolerance levels, and develop an ERM framework. The corporation’s ERM program will drive strategic resource allocation and will guide management’s decision making going forward. |