Insurance Law Updatehttps://www.stikeman.com/en-ca/rss/insurance-law?utm_source=ins-list-en&utm_medium=email&utm_campaign=insuranceInsurance Law Updateen-CA{F8A60A03-EE2A-4595-B070-702AA614B96F}https://www.stikeman.com/en-ca/kh/canadian-class-actions-law/who-should-pay-ontario-court-of-appeal-provides-needed-guidance-on-allocation-of-defence-costsAlan L. W. D'Silvahttps://www.stikeman.com/en-ca/people/d/alan-l-w-dsilvaGlenn Zacherhttps://www.stikeman.com/en-ca/people/z/glenn-zacherCanadian Class Actions LawInsurance Law UpdateWho Should Pay? Ontario Court of Appeal Provides Needed Guidance on Allocation of Defence Costs Among Insurers for Class Actions Spanning Decades<p><strong>In <em>Loblaw Companies Limited v. Royal & Sun Alliance Insurance Company of Canada, </em></strong><a rel="noopener noreferrer" target="_blank" href="https://canlii.ca/t/k33l5"><strong>2024 ONCA 145</strong></a><strong>, the Ontario Court of Appeal, among other things, overturned the lower court’s finding that insureds were entitled to seek 100% of their defence costs from any one of the insurers who owed a duty to defend, regardless of whether or not the claims occurred during the insurer’s policy period. The Court confirmed that a <em>pro rata</em> “time-on-risk” allocation is the appropriate method for claims that span many years (long-tail claims) where there are multiple insurers issuing consecutive policies to an insured. In doing so, the Court provides welcome guidance for liability insurers involved in lengthy long-tail claims, including class actions that involve multiple policies and policy periods. </strong></p> <h2>Background</h2> <p>The case arose from five class actions in multiple provinces seeking billions of dollars in damages against numerous defendants relating to the manufacture, distribution, and sale of opioids in Canada beginning in 1996 (the “<strong>Underlying Claims</strong>”). Three of the defendants, Loblaw Companies Limited (“<strong>Loblaw</strong>”), Shoppers Drug Mart Inc. (“<strong>SDM</strong>”) and Sanis Health Inc. (“<strong>Sanis</strong>”) (together, the “<strong>Defendants</strong>”), sought coverage from their insurers. Five insurers – Royal & Sun Alliance Insurance Company of Canada (“<strong>RSA</strong>”), AIG insurance Company of Canada (“<strong>AIG</strong>”), Aviva Insurance Company of Canada (“<strong>Aviva</strong>”), Liberty Mutual Insurance Company (“<strong>Liberty</strong>”) and Zurich Insurance Company (“<strong>Zurich</strong>”) (collectively, the “<strong>Primary Insurers</strong>”) – issued primary commercial general liability (“<strong>CGL</strong>”) policies that covered one or more of the Defendants for varying portions of the class period, with various deductibles and self-insured retentions (“<strong>SIRs</strong>”). Importantly, there were no gaps in coverage. At any given time, one of the Primary Insurers was on risk.</p> <p>The Primary Insurers acknowledged their responsibility to pay defence costs of the class actions for the years they insured the Defendants and proposed a <em>pro rata </em>allocation of defence costs based on their respective time-on-risk for the class period (the Primary Insurers had agreed beforehand on a <em>pro rata </em>time-on-risk allocation amongst themselves). The Defendants rejected this <em>pro rata </em>allocation and applied to the Ontario Superior Court of Justice to select a single Aviva policy to defend SDM and Sanis, and an RSA policy to defend Loblaw, and to pay all of the defence costs from 1996 onward, subject only to the selected insurer’s right to seek equitable allocation as between it and other Primary Insurers at the conclusion of the litigation. Notably, the policies selected by the Defendants did not include applicable or significant self-insured retentions (“<strong>SIRs</strong>”) or deductibles, or they had already been exhausted.</p> <p>The Application Judge endorsed the Defendants’ choice of the Aviva and RSA policies to defend all of the Underlying Claims. The key findings of the Application Judge included, among other things, that:</p> <ul> <li>the Primary Insurers were required to pay all reasonable costs associated with the defence of the Underlying Claims. Rather than adopting a <em>pro rata </em>time-on-risk allocation, each insured was entitled to select any single policy under which there was a duty to defend and require the applicable insurer to defend and pay all reasonable defence costs (subject only to a right of apportionment at the end of proceedings and the right to seek an equitable allocation of defence costs among other Primary Insurers of that insured); and</li> <li>the defence costs incurred by each of the insureds would be applied toward the exhaustion of SIRs/deductibles under other policies, even if they are paid by Aviva or RSA.</li> </ul> <p>In arriving at these findings, the Application Judge relied in part on <em>Hanis v. Teevan, </em><a rel="noopener noreferrer" target="_blank" href="https://canlii.ca/t/2137f">2008 ONCA 678</a> (“<strong><em>Hanis</em></strong>”), which involved a single insurer in a case involving mixed claims (<em>i.e.</em>, some covered, some not) giving rise to multiple theories of liability, and <em>Family Insurance Corp. v. Lombard Canada Ltd., </em><a rel="noopener noreferrer" target="_blank" href="https://canlii.ca/t/51sl">2002 SCC 48 </a>(“<strong><em>Family Insurance</em></strong>”), which involved a single accident in relation to which two insurers had concurrently insured the same risk during the same time period.</p> <p>The Primary Insurers appealed from the decision of the Application Judge, arguing that it rewrote the terms of the parties’ insurance contracts by, amongst other things<em>, </em>(i) obligating Aviva and RSA to defend claims for multiple years in which they did not issue primary policies to the Defendants, (ii) relieving other Primary Insurers of their contractual obligations in those same years, and (iii) permitting the Defendants to circumvent and evade SIRs and deductibles that had been freely negotiated with the other Primary Insurers.</p> <h2>Decision of the Court of Appeal</h2> <p>The Court of Appeal (the “<strong>Court</strong>”) substantially reversed the holdings of the Application Judge detailed above. The Court succinctly summarized the case as follows:</p> <p style="padding-left: 30px;">The challenge presented by these appeals is what to do with the cost of defending claims that involve allegations of continuous or progressive injury that span many years (long-tail claims) where there are insurance policies with different insurers, different provisions governing deductibles and SIRs, and consecutive rather than concurrent coverage periods and therefore different risks.</p> <h3>Defendants cannot select single policy to pay for <em>all </em>defence costs</h3> <p>The Court held that the Application Judge erred in a number of respects in finding that the insurers had the right to select a single policy to provide a defence over the entire period covered by the Underlying Claims.</p> <h4>1. Policies provide for time-limited bargain</h4> <p>Acknowledging that the relationship between an insured and an insurer is a contractual one governed primarily by the terms of the insurance policy, the Court concluded that the Application Judge ignored the express language found in the policies of each of the Defendants that prescribed temporal limits on coverage (<em>i.e.,</em> “<em>during the policy period”</em>). The Court reasoned that each insurer covered a successive period of time that captured a different risk profile, and that no insurer had agreed to cover risks falling outside their prescribed time period.</p> <h4>2. The Primary Insurers are not “concurrent” insurers</h4> <p>The Application Judge had relied on <em>Family Insurance </em>and <em>Markham (City) v. AIG Insurance Company of Canada, </em><a rel="noopener noreferrer" target="_blank" href="https://canlii.ca/t/j64b6">2020 ONCA 239</a> (“<strong><em>Markham</em></strong><em>”) </em>to support the finding that the Defendants had a right to select a single policy to indemnify them for all defence costs in respect of the Underlying Claims. The Court held that in doing so, the Application Judge had erred as both these cases dealt with allocation issues as between “coordinate” or concurrent insurers, and were distinguishable from the case at hand, where the Primary Insurers insured discrete risks in <em>successive</em> time periods and did not agree to indemnify for risks falling outside those time periods.</p> <p><em>Family Insurance </em>involved a single claimant who had been injured in a fall from a horse and whose claim against the owner of a stable had been settled. The stable owner thereafter claimed under two policies of insurance. The Supreme Court of Canada applied what it described as the</p> <p>well established principle of insurance law that where an insured holds more than one policy of insurance that covers the same risk, the insured may never recover more than the amount of the full loss but is entitled to select the policy under which to claim indemnity, subject to any conditions to the contrary.</p> <p><em>Markham </em>also involved a single accident and the allocation of defence costs between concurrent insurers providing coverage. By contrast, the proposed class actions in this case allege continuous damage over multiple policy periods.</p> <h4>3. Hanis is not applicable to situations involving multiple policy periods</h4> <p>The Court held it was an error in law for the Application Judge to apply the principles from <em>Hanis </em>(<em>i.e., </em>that an insurer who owes a duty to defend is responsible for all reasonable costs associated with the defence of covered claims, even if those costs also benefit the defence of uncovered claims) to the case at hand. Unlike <em>Hanis, </em>which involved only one insurer and focused on mixed claims giving rise to multiple theories of liability, this case involved multiple insurers and multiple policy periods.</p> <p>According to the Court, to apply the principle in <em>Hanis </em>to the class actions involving multiple policy periods would place an unreasonable burden on the selected insurers and impose costs disproportionate to the insurers’ potential liability for covered claims. Also, unlike in <em>Hanis, </em>where some claims were “uncovered”, the Court noted that in this case, the Primary Insurers collectively proposed to pay all of the defence costs for the entire period, subject only to the payment of SIRs/deductibles where applicable.</p> <h4>4. Rejection of “all sums” approach</h4> <p>The Court concluded that the proposed <em>pro rata </em>allocation of defence costs accords with the contractual policy periods agreed to between the Defendants and Primary Insurers. In doing so, the Court rejected the “all sums” approach to defence costs, where the insurer could select a single insurer over the period of risk to cover all defence costs, stating that <em>“[b]ased on learned commentary, there is limited support for this approach</em>”. Drawing on its decision in <em>Goodyear Canada Inc. v. American International Companies et al., </em><a rel="noopener noreferrer" target="_blank" href="https://canlii.ca/t/fz58s">2013 ONCA 395</a>, the Court highlighted how Canadian courts have preferred the <em>pro rata </em>approach to allocating liability to ensure that the allocation of costs to a particular insurance policy is proportionate to the damages during the policy’s term.</p> <p>The Court expressly recognized the “<em>heavy burden</em>” of funding legal costs for a class action, and found that the Application Judge’s decision placed “<em>a disproportionate and unreasonable burden on the selected insurers</em>”. The potential unfairness was particularly extreme for RSA, who the Court noted had been on risk for just eight months, or 3% of the total class period, but would have been required to defend Loblaw for the entire decades-long period.</p> <p>The Court also agreed with counsel for some of the Primary Insurers that applying the “all sums” approach adopted by the Application Judge would result in conflicts of interest, as insurers who assumed the defence would be interested in ensuring that any ultimate liability arose from damage outside their policy periods. Notably, the Court concluded that “<em>the participation of all insurers at an early stage is conducive to the conduct of the best</em><em>defence possible and also serves to promote settlement</em>”.</p> <h3>SIR in each policy must be satisfied before insurer has duty to defend</h3> <p>The Court also reversed the Application Judge on the issue of how SIRs should be treated in these circumstances.<a href="#_ftn1" name="_ftnref1"><sup>[1]</sup></a> The Application Judge held that once the SIR or deductible on the selected insurance policy had been exhausted, then the Defendants no longer had any obligation to pay defence costs toward the SIRs/deductibles on other policies.</p> <p>Since the various policies were issued over many years, unsurprisingly they included various different SIRs/deductibles negotiated between the Defendants and their insurers. One of the key reasons the Defendants had sought to rely upon only the Aviva and RSA policies was to avoid the SIRs and deductibles under the other policies – Aviva conceded that its SIRs had been exhausted, and RSA’s deductible was relatively small.</p> <p>The effect of the decision in the court below was that Aviva and RSA would be paying toward the SIRs and deductibles of the other Primary Insurers. The Court found that this did not reflect the bargain struck between the Defendants and their insurers. The Court noted that SIRs are used by sophisticated insureds such as the Defendants to reduce their premiums and exercise a degree of control over costs of investigating and defending claims prior to triggering the insurer’s duty to defend. The Court cited <em>Ontario v. St. Paul Fire and Marine Insurance Co</em>., <a rel="noopener noreferrer" target="_blank" href="https://canlii.ca/t/jw5wv">2023 ONCA 173</a>, in support of its conclusion that only after an applicable SIR has been exhausted is the duty to defend triggered. The Court held that the Application Judge’s decision was inconsistent with this principle. Until it has been determined whether the SIRs/deductibles are exhausted, the Defendants must pay their own defence costs.</p> <h3>Other findings on relief from forfeiture, and defence reporting</h3> <p>The Court also agreed with the appellants that the Application Judge had erred in granting relief from forfeiture for pre-tender defence costs (<em>i.e.,</em> costs incurred by the Defendants prior to notifying their insurer of the claim). In the Court’s view, there was no forfeiture to be relieved from because the insurer (AIG), on receipt of notice did not reject the contract. Rather, it reserved its rights and asserted that liability did not attach until the SIR had been exhausted. This, the Court observed, was very different from the situation where late notice to an insurer results in the insurer denying the duty to defend.</p> <p>The only issue of significance on which the Court substantially upheld the decision of the Application Judge was on the treatment of the Defence Reporting Agreement (“<strong>DRA</strong>”) among the Primary Insurers. The Court agreed with the Application Judge that only those insurers who entered into the DRA would be entitled to associate in defence and receive privileged defence information. The Court endorsed the DRA “split file protocol” that precluded most information-sharing between the coverage and defence sides of an insurer.</p> <p>The Court also made findings on the role of reservations of rights and conflicts of interest that will be of interest to claims handlers and insurance lawyers.</p> <h2>Key Takeaways</h2> <ul> <li>A <em>pro rata</em> time-on-risk approach to allocation of defence costs accords with the contractual allocation of risk and is the appropriate way of apportioning costs among consecutive (<em>e.,</em> non-concurrent) insurers. It is worth highlighting that the Primary Insurers in this instance acted reasonably and cooperatively and arrived at an arrangement for the sharing of defence costs among themselves, which was proposed by the Primary Insurers to the insured Defendants and was rejected.</li> <li>The decision establishes important principles regarding the treatment of SIRs and deductibles, including that defence costs covered by insurers under their policies do not count towards the satisfaction of other insurers’ SIRs.</li> <li>The decision underscores the importance of policy wording and a careful assessment of the obligations and risks undertaken by an insurer and the insured.</li> <li>The Court acknowledged (quoting an academic source) that the issues considered on appeal were “among the thorniest problems in insurance law”, and it is reasonable to think that the decision will provide lasting guidance on these issues.</li> <li>While the decision is a seminal insurance decision, it also has significant implications for class actions in which damages are claimed over long periods. The Court expressly recognized the “heavy burden” of funding lengthy class actions, and that an insurer should not be exposed to costs that are disproportionate to the extent of its potential liability.</li> </ul> <p><em>*The authors, Alan D’Silva and Glenn Zacher, were counsel of record for Aviva Insurance Company of Canada on the appeal.</em></p> <hr /> <p><a href="#_ftnref1" name="_ftn1">[1]</a> Traditionally, deductibles have been treated differently than SIRs in that a deductible goes only to reduce the insurer’s indemnity obligation but does not delay the point when the duty to defend is triggered. However, in this case the Court noted that the parties treated the RSA deductible as equivalent to a SIR, and declined to express any definitive view on the point.</p>13-Mar-2024 02:51:00{2FB0C405-CBA6-4117-BE76-7FA7DB290AA4}https://www.stikeman.com/en-ca/kh/insurance-law/osfi-releases-finalized-integrity-and-security-guidelineStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamInsurance Law UpdatePrivacy & CybersecurityFinancial Services UpdateOSFI Releases Finalized Integrity and Security Guideline<p><strong>On January 31, 2024, OSFI released its finalized Integrity and Security Guideline (“Guideline”). The Guideline is a result of the extension of OSFI’s mandate, as of January 1, 2024, to include the oversight of integrity and security-related policies and procedures of Federally Regulated Financial Institutions (“FRFIs”).<a href="#_ftn1" name="_ftnref1"><sup>[1]</sup></a> This follow-up to </strong><a rel="noopener noreferrer" target="_blank" href="https://www.stikeman.com/en-ca/kh/insurance-law/osfis-draft-security-and-integrity-guideline-whats-expected-of-frfis-and-when"><strong>our previous post</strong></a><strong> summarizes the changes that were made in the final version and notes the implementation schedule that OSFI also announced on January 31.</strong></p> <p>As discussed in our earlier post, the Guideline is structured around ten integrity and security “principles”:</p> <ul> <li><strong>Integrity principles:</strong> Character; Culture; Governance; Compliance.</li> <li><strong>Security principles:</strong> Physical premises; People; Technology; Data/information; Third-party risks; Undue influence/foreign interference/malicious activity.</li> </ul> <p>While the finalized Guideline maintains this structure, it has been significantly revised in light of comments received. <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/en/consultations/consultation-summaries/osfis-response-draft-integrity-security-guideline-consultation-feedback">OSFI’s response to this feedback</a> notes that these changes fall into three categories:</p> <ul> <li><strong>Terminology:</strong> Certain colloquial, uncommon and undefined expressions have been replaced by more standard terminology.</li> <li><strong>Proportionality: </strong>The Guideline’s final version is clearer about the proportional application of certain expectations.</li> <li><strong>Risk basis: </strong>OSFI has clarified that key expectations in the Guideline can be applied on a risk basis.</li> </ul> <p>In addition to the above, we note that (i) the finalized Guideline relaxes several overly broad and/or unrealistic compliance expectations and (ii) it refers more explicitly to foreign interference risk, in keeping with the growing recognition of that issue in Canada generally.</p> <h2>Summary of the Significant Changes</h2> <p>Some of the more significant substantive changes from the draft version are as follows. These are found in the Guideline’s overview section as well as in the sections dedicated to integrity and security.</p> <h3>Overview</h3> <h4>Application of the Guideline</h4> <p>The “Application” section now specifically states (i) that the Guideline applies on a <strong>risk basis</strong> and (ii) that the <strong>factors to be considered</strong> include:</p> <ul> <li>Business arrangements, such as joint ventures and strategic alliances; and</li> <li>Ownership structure, which is now specifically defined to encompass “parent-subsidiary or home office-branch relationships and relationships with related parties and large shareholders.”</li> </ul> <h4>Obstacles to meeting expectations</h4> <p>The finalized Guideline provides that, where a FRFI faces impediments to meeting an expectation, such as local laws or limitations associated with leased premises, it should “take appropriate mitigating actions” in keeping with the risks of the situation.</p> <h4>Key terms</h4> <p>The terms “contractor” and “leader” have been defined. In addition, several draft definitions have been revised, including a more flexible definition of “responsible persons” and a clearer definition of “integrity” that does not involve the concept of “ethical standards” (a term that commenters considered too vague). National security is now specifically referenced in the definitions of “malicious activity” and “undue influence”.</p> <h4>Outcomes</h4> <p>Actions, behaviours and decisions are now expected to be measured against “regulatory expectations, laws and codes of conduct” rather than against “ethical standards”.</p> <h4>Policies and procedures</h4> <p>The finalized Guideline provides more specifics about OSFI’s expectations for the maintenance and updating of policies and procedures, with an increased emphasis on regular review and updating in response to newly identified threats.</p> <h3>Integrity</h3> <h4>Creative compliance</h4> <p>The general discussion of the concept of integrity now contains an explicit caution respecting “creative compliance, regulatory arbitrage, and any other measures designed to circumvent codes of conduct, regulatory expectations or laws”.</p> <h4>Culture</h4> <p>The finalized Guideline attempts to clarify what is meant by “culture”. While continuing to state that “there is no ideal culture”, the Guideline now specifies that a FRFI’s culture should be consistent with its “behavioural expectations of what is considered acceptable and unacceptable”.</p> <h4>Governance</h4> <p>Under the heading of “governance”, the Guideline now requires that behavioural expectations be communicated to “employees, contractors and stakeholders” rather than to “staff, senior leaders and stakeholders”. The recommendations for codes of conduct have been reworked, e.g. to allow for the incorporation of the conflict of interest code into the code of conduct document. The Guideline clarifies that a code of conduct should include “the detection, disclosure, avoidance, and management of real, potential, and perceived conflicts of interest” and that such codes should be reviewed and updated regularly.</p> <h4>Compliance</h4> <p>One significant substantive change to the compliance principle is the expectation that FRFIs will bring to their employees’ attention “external channels to raise concerns”, such as government whistleblower programs.</p> <h3>Security</h3> <h4>Threat assessment period</h4> <p>The general discussion of the concept of security now states that security threat assessments should take place “at least annually”, rather than “regularly” as stated in the draft version.</p> <h4>Physical premises</h4> <p>The final Guideline clarifies that the scope and frequency of “periodic sweeps for covert devices” are to be proportional to the threat environment.</p> <h4>Background checks</h4> <p>The Guideline now states that background checks are to be “risk-based” and deletes the expectation that they be “equivalent to the Government of Canada’s Enhanced Reliability Check minimum standard”. The content of a background check is now stated in more flexible language, with credit checks and criminal record checks to be focused on responsible persons (e.g. directors and senior management) and “contractors occupying higher-risk positions”, although OSFI may request that specific individuals obtain a higher level of security clearance in view of their roles and responsibilities.</p> <h4>Technology assets, data and information</h4> <p>Proportionality qualifiers have been incorporated into OSFI’s expectations regarding the protection of a FRFI’s technology assets, data and information.</p> <h4>Third party risks</h4> <p>The finalized Guideline states that due diligence on a third party “should be proportional to the third party’s access to the financial institution’s physical premises, people, technology assets, and data and information” and removes what OSFI acknowledges were impractical expectations with respect to background checks of senior leaders of third parties.</p> <h4>Undue influence, foreign interference, and malicious activity</h4> <p>The expectation in the draft Guideline that any suspicion of undue influence, foreign interference, and malicious activity be reported immediately to law enforcement authorities has been reduced, in the finalized Guideline, to a statement that FRFIs are “encouraged” to report to such authorities (and to OSFI) when there are “reasonable grounds” to believe that an incident of this type has occurred. However, any such incident that the FRFI deems not to meet its reporting threshold “should be documented and inventoried … as part of the management reporting process to senior management.”</p> <h2>Implementation Schedule</h2> <p>On releasing the finalized Guideline, OSFI also published an implementation schedule that is intended to give institutions the time they require to adjust to the new regulations. The deadlines are as follows:</p> <p><strong>Immediately:</strong> Observe the expectation to notify OSFI with respect to reports that are made to CSIS or law enforcement.</p> <p><strong>July 31, 2024:</strong> Submission of a “comprehensive action plan” to OSFI with respect to the new and expanded expectations. This includes “interim deliverables to achieve compliance”.</p> <p><strong>January 31, 2025:</strong> All expectations must be observed by this date, with the exception of those relating to background checks.</p> <p><strong>July 31, 2025:</strong> Expectations relating to background checks must be observed.</p> <hr /> <p><a href="#_ftnref1" name="_ftn1"><sup>[1]</sup></a> The Guideline follows amendments to FRFI statutes in Division 33 of Bill C-47, the <a rel="noopener noreferrer" target="_blank" href="https://www.parl.ca/documentviewer/en/44-1/bill/C-47/royal-assent"><em>Budget Implementation Act</em></a>, which received Royal Assent on June 22, 2023. In effect as of January 1, 2024, the amendments extend OSFI’s mandate to include the supervision of FRFIs to determine whether they have established policies and procedures adequate to protect against threats to integrity and security, including foreign interference.</p>12-Feb-2024 09:44:00{AF04F9C3-4DD2-4B73-AD45-BA0231B3C1E7}https://www.stikeman.com/en-ca/kh/canadian-securities-law/amf-publishes-draft-climate-risk-management-guidelineStéphane Rousseauhttps://www.stikeman.com/en-ca/people/r/stephane-rousseauStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersAlix d'Anglejan-Chatillonhttps://www.stikeman.com/en-ca/people/d/alix-d-anglejan-chatillonRamandeep K. Grewalhttps://www.stikeman.com/en-ca/people/g/ramandeep-k-grewalCanadian Securities LawFinancial Services UpdateInsurance Law UpdateAMF Publishes Draft Climate Risk Management Guideline<p><strong>Late last year, the Autorité des marchés financiers (“AMF”), the organization that oversees Québec’s financial industry, published a draft <a rel="noopener noreferrer" target="_blank" href="https://lautorite.qc.ca/fileadmin/lautorite/consultations/lignes-directrices/2024-01-30-fin/2023nov30-LD-changements-climatiques-cons-en.pdf">Climate Risk Management Guideline</a> (the “Guideline”) which will apply to licensed insurers, financial services cooperatives, authorized trust companies and other authorized deposit institutions. Given the likelihood and potential impacts of climate-related risks, which are considered systemic, the Guideline aims to strengthen the resilience of the financial industry in general along with the financial institutions the AMF regulates.</strong></p> <h2>Background</h2> <p>Climate change could have significant consequences for the security and soundness of financial institutions as well as the financial system as a whole. In this context, the AMF developed the Guideline so that Québec financial institutions would soundly and prudently address and manage climate change risks. The Guideline incorporates the recommendations of the Task Force on Climate-related Financial Disclosures (“TCFD”), the International Association of Insurance Supervisors and the Bank for International Settlements. The Guideline follows the publication in June 2022 of the AMF’s report entitled <a rel="noopener noreferrer" target="_blank" href="https://lautorite.qc.ca/fileadmin/lautorite/grand_public/publications/professionnels/rapport-changements-climatiques_en.pdf">Climate Change Risks: Measures implemented to date by financial institutions</a>.</p> <h2>The AMF’s Expectations</h2> <p>The Guideline sets out the AMF’s expectations regarding six (6) topics relating to climate change risk:</p> <ul> <li><strong>Governance:</strong> the roles and responsibilities of the members of the Board of Directors and senior management should be clearly defined so that they may assume their duties in addressing climate-related risks. The financial institution should address climate change-related impacts and the transition to a lower-carbon economy in its strategy.</li> <li><strong>Integrated risk management</strong>: the financial institution should identify and assess the potential impacts of climate-related risks and implement mitigation measures, while stating how its activities are integrated into its overall risk management and control framework.</li> <li><strong>Climate scenarios and stress testing:</strong> the financial institution should carry out climate scenario analysis to assess the impact of climate risk factors on its risk profile, business strategy and business model.</li> <li><strong>Capital and liquidity adequacy:</strong> the financial institution should maintain sufficient capital and liquidity to cover its climate risk exposures.</li> <li><strong>Fair treatment of clients:</strong> the financial institution should take into account changes in climate-related risks when designing, marketing and advertising new products or altering existing ones, so that its products deliver the benefits and features reasonably expected by different client groups. The disclosures sent to clients before, upon and after purchase of a product offered by the financial institution should address changes in climate-related risks.</li> <li><strong>Financial disclosure:</strong> the financial institution should publicly disclose the main elements of its governance, integrated risk management, and its climate scenarios and climate-related stress testing at least annually. In doing so, the financial institution should follow five principles for effective disclosure: (i) provide relevant, specific and comprehensive information; (ii) provide information that is clear, balanced and understandable for both the general public and more sophisticated stakeholders; (iii) maintain a neutral stance in its disclosure, disclosing in particular reliable, verifiable and objective information; (iv) disclose information appropriate for its size, nature and complexity; and (v) disclose consistently from one fiscal year to another. The financial institution should also disclose its greenhouse gas emissions and its targets used to manage climate-related risks and assess its performance against its targets.</li> </ul> <p>The AMF’s expectations follow the principles of <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b15-dft.aspx">Guideline B-15 of the Office of the Superintendent of Financial Institutions on Climate Risk Management</a>. This convergence reflects the objective shared by the federal and Québec regulators, i.e., to strengthen the resilience of the financial industry and financial institutions, as well as the influence of the guidelines of international organizations and task forces on the federal and Québec guidelines.</p> <p>The Guideline is notable in that it sets out its expectations for the fair treatment of clients. This reflects the AMF’s twofold mission to regulate the financial industry and oversee consumer protection.</p> <h2>Additional Information</h2> <p>The Guideline has been published as a draft for a consultation period that will end on January 30, 2024.</p>17-Jan-2024 09:19:00{6A88AEB3-A18A-4D7A-9B1D-9E9F23E35309}https://www.stikeman.com/en-ca/kh/insurance-law/osfis-draft-security-and-integrity-guideline-whats-expected-of-frfis-and-whenAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersInsurance Law UpdateFinancial Services UpdateOSFI’s Draft Security and Integrity Guideline: What’s Expected of FRFIs and When?<p><strong>On October 13, 2023, OSFI released its draft </strong><a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/is-si.aspx"><strong>Integrity and Security Guideline</strong></a><strong> (“Guideline”).</strong><strong> The Guideline, which would layer new and expanded expectations over existing applicable guidance, would apply to all Federally Regulated Financial Institutions (“FRFIs”), including foreign bank and insurance company branches in relation to their Canadian business.</strong></p> <p>The consultation period is short, with <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/osfi-bsif/med/Pages/e21-is-nr.aspx"><strong>responses due by November 24, 2023</strong></a>. OSFI will issue the final Guideline by January 31, 2024.</p> <h2>Background</h2> <p>The Guideline follows amendments to FRFI statutes in Bill C-47, the <a rel="noopener noreferrer" target="_blank" href="https://www.parl.ca/DocumentViewer/en/44-1/bill/C-47/second-reading"><em>Budget Implementation Act</em></a>, which received Royal Assent on June 22, 2023. In effect as of January 1, 2024, the amendments extend OSFI’s mandate to include the supervision of FRFIs to determine whether they have established policies and procedures adequate to protect against threats to integrity and security, including foreign interference. Among other things, this requires OSFI to assess FRFIs with respect to their adoption of adequate policies and procedures at least once per year.</p> <h2>Key Concepts</h2> <p>The concepts of <strong>integrity</strong> and <strong>security</strong> ground the 10 principles set out in the Guideline. As noted below, the subject matter of many of the principles is already considered in existing and pending OSFI guidelines: in those cases, the new Guideline is intended to complement the existing guidance rather than as a replacement for it.</p> <h3>Integrity Principles</h3> <h4>1. Character</h4> <p><em>Senior leaders are of good character and demonstrate integrity through their words, actions, and decisions.</em></p> <p>See also <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/E17_final.aspx">Guideline E-17: Background Checks on Directors and Senior Management</a>.</p> <h4>2. Culture</h4> <p><em>Culture consistent with ethical norms is deliberately shaped, evaluated and maintained. </em></p> <p>While this does not mean that there is one “ideal culture”, all organizations should strive for a culture that reflects a commitment to ethical behaviour.</p> <p>See also <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/cbrsk_dft.aspx">OSFI’s draft Culture and Risk Behaviour Guideline</a>, as discussed in <a rel="noopener noreferrer" target="_blank" href="https://www.stikeman.com/en-ca/kh/insurance-law/osfi-releases-draft-culture-and-behaviour-risk-guideline">our previous post</a>.</p> <h4>3. Governance</h4> <p><em>Governance structures subject actions, omissions, and decisions to appropriate scrutiny and promote ethical behaviour.</em></p> <p>This includes (among others) effective governance of all important decisions, oversight of senior leaders, conflict of interest policies and codes of conduct applying to all staff and backed up with regular training.</p> <p>See also OSFI’s <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/CG_Guideline.aspx">Corporate Governance Guideline</a> and, in the case of foreign banks and insurers, <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/e4.aspx">Guideline E-4: Foreign Entities Operating in Canada on a Branch Basis</a>.</p> <h4>4. Compliance</h4> <p><em>Effective mechanisms to identify and verify compliance with standards, regulations, and the law exist.</em></p> <p>Key compliance requirements include (among others) the establishment of an enterprise-wide Regulatory Compliance Management (“RCM”) Framework to evaluate actions, omissions and decisions against applicable laws, regulations and standards, while also providing channels for feedback and whistleblowing.</p> <p>See also <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/e13.aspx">Guideline E-13: Regulatory Compliance Management</a>.</p> <h3>Security Principles</h3> <h4>5. Physical premises</h4> <p><em>Physical premises are safe and secure and monitored appropriately.</em></p> <p>This includes not only office space but other sensitive areas such as file storage locations and technology assets. Security inspections, including sweeps for covert devices, should be carried out at intervals appropriate to the “threat environment”.</p> <p>See also <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b13.aspx">Guideline B-13: Technology and Cyber Risk Management</a> and <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/e21-dft.aspx">draft Guideline E-21: Operational Risk Management and Operational Resilience</a>.</p> <h4>6. People</h4> <p><em>People should be subject to appropriate background checks and security screening, and strategies should be put in place to manage risk</em>.</p> <p>Security controls should be established to ensure that individuals in the organization are not under undue influence, foreign interference or involved in malicious activity. The extent of security screening will depend on factors such as authority, seniority and access to sensitive information. The Guideline provides general guidance on the nature of the necessary background checks.</p> <p>See also <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/E17_final.aspx">Guideline E-17: Background Checks on Directors and Senior Management</a>.</p> <h4>7. Technology assets</h4> <p><em>Technology assets should be secure, with weaknesses identified and addressed, effective defences in place, and issues identified accurately and promptly.</em></p> <p>See also <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b13.aspx">Guideline B-13: Technology and Cyber Risk Management</a>.</p> <h4>8. Data and information</h4> <p><em>Data and information should be subject to appropriate standards and controls ensuring its confidentiality, integrity, and availability.</em></p> <p>Data security should be in place at all stages of the data life-cycle. Data should be classified with respect to its vulnerability and data access by personnel should be restricted accordingly, with mechanisms in place to detect unauthorized access.</p> <p>See also <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b13.aspx">Guideline B-13: Technology and Cyber Risk Management</a>.</p> <h4>9. Third-party risks</h4> <p><em>Third parties should be subject to equivalent and proportional measures to protect against threats.</em></p> <p>This principle requires consideration of potential security risks posed by third parties such as contractors and their subcontractors. It states, among other things, that accountability for outsourced business functions remains with the financial institution. It also recommends transparent procurement processes with objective selection and decision-making procedures.</p> <p>See also <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b10_dft_2022.aspx">Guideline B-10: Third-Party Risk Management</a>.</p> <h4>10. Undue influence, foreign interference, and malicious activity</h4> <p><em>Threats stemming from undue influence, foreign interference, and malicious activity should be promptly detected and reported.</em></p> <p>OSFI has additional expectations for threats involving undue influence, foreign influence or malicious activity. Measures should be in place to detect such threats promptly and to ensure that investigations are confidential and independent. Instances involving foreign interference should be reported to the RCMP, CSIS and OSFI.</p> <h2>Timing Issues</h2> <p>On October 20, 2023, <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/is-si-faq.aspx">OSFI published a FAQ</a> document clarifying a number of issues, including some relating to timing. While the legislation is effective January 1, 2024, the Guideline may not be finalized until the end of that month. In the interim, FRFIs should ensure that they have adequate policies and procedures in place to protect against threats to their integrity and security, follow all relevant existing Guidelines, and meet specific expectations in the Guideline, such as the expectation that foreign interference, undue influence and malicious activity be promptly reported to law enforcement (see Principle 10, above).</p> <p>FRFIs must immediately develop adequate policies and procedures for <strong>all new risk areas identified in the Guideline</strong>. However, they are <strong>not</strong> expected to meet expectations in the Guideline, prior to its finalization, other than those that are specific and actionable without further guidance. In other words, they must address the new risk areas but do not have to do so in accordance with expectations for which further guidance is required, some of which are referred to in <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/osfi-bsif/med/sp-ds/Pages/ty20231013.aspx?utm_source=osfi-bsif&utm_medium=email&utm_campaign=osfi-bsif-email">remarks by OSFI Assistant Superintendent Tolga Yalkin</a>, published on October 23, 2023, including character assessment of board members and senior management. The FAQs note that required background checks do not have to have been conducted by January 1, 2024. Timelines for the completion of background checks will be announced later.</p> <p>The FAQs state that FRFIs are not expected to meet expectations in <strong>existing guidelines</strong> before their effective dates.</p> <h2>Foreign Operations</h2> <p>In addition, the FAQs state that nothing in the Guideline prevents a FRFI from operating in any foreign jurisdiction.</p>24-Oct-2023 02:13:00{169BEE3F-483C-47F1-A498-FD548C6B1BB6}https://www.stikeman.com/en-ca/kh/insurance-law/department-of-finance-Launches-periodic-review-of-financial-institutions-statutesStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersInsurance Law UpdateDepartment of Finance Launches Periodic Review of Financial Institutions Statutes, Seeks Public Input on 12 Key Questions<p><strong>On October 5, 2023, the Department of Finance (Canada) launched a </strong><a rel="noopener noreferrer" target="_blank" href="https://www.canada.ca/en/department-finance/programs/consultations/2023/consultation-on-upholding-the-integrity-of-canadas-financial-sector.html"><strong>public consultation</strong></a><strong> as part of its periodic review of the key statutes governing federally-regulated financial institutions: the <em>Bank Act, </em>the<em> Insurance Companies Act,</em> and the <em>Trust and Loan Companies Act</em></strong><strong> (the “Acts”). The consultation is seeking public input on 12 key questions relating to security and integrity, sectoral structure, consumer protection, framework modernization and federal-provincial co-operation. </strong></p> <p>The periodic review process for federal financial industry statutes was established in 1992. While these reviews initially took place every 5 years, they have more recently occurred at less regular intervals. The deadline for the completion of the current review is June 30, 2025. <a rel="noopener noreferrer" target="_blank" href="https://www.canada.ca/en/department-finance/programs/consultations/2023/consultation-on-upholding-the-integrity-of-canadas-financial-sector.html">Comments will be accepted</a> until <strong>December 4, 2023</strong>.</p> <h2>Questions for Public Comment</h2> <p>The public consultation is designed to elicit stakeholders’ opinions and insights on how the Acts (including related policies, legislation, and regulations) should respond to evolving trends in the financial sector. The 12 key questions are as follows:</p> <h3>National security and integrity</h3> <ol> <li>What are emerging risks to the security and integrity of the Canadian financial sector, whether from national security threats, foreign interference, technological changes, or other developments?</li> <li>What if any additional measures are needed to protect the security and integrity of the financial sector and maintain Canadians’ confidence in their financial institutions?</li> </ol> <h3>Sectoral structure</h3> <ol start="3"> <li>What would be the risks and benefits of potential consolidation in the federal financial sector?</li> <li>How should the federal legislative and policy framework adapt to protect Canadian consumers' interests and uphold the financial sector's integrity?</li> <li>What are the risks and benefits from the emergence of new financial services providers, and how should the federal legislative and policy framework adapt?</li> <li>Are changes needed to Canada's financial sector legislative framework, as federally regulated financial institutions continue to expand abroad, to ensure the sector continues to serve the best interests of Canadians?</li> </ol> <h3>Consumer protection</h3> <ol start="7"> <li>What additional protections could help ensure Canadians receive high-quality, low-cost banking services?</li> <li>What barriers do Canadians face in accessing banking services, including cost barriers? How could these barriers be addressed?</li> <li>Do financial consumers benefit from sufficient protections when using innovative or digital financial products and services?</li> </ol> <h3>Framework modernization</h3> <ol start="10"> <li>How could artificial intelligence and other innovations be used in the financial sector, and how should the framework adapt to harness the benefits and manage any risks and ensure responsible innovation?</li> <li>How can the framework be updated to ensure it remains effective, technically sound and reflects modern business practices and technologies?</li> </ol> <h3>Federal-provincial co-operation</h3> <ol start="12"> <li>What role can the federal government play to improve and formalize collaboration with provinces and territories and ensure that Canada is better able to address pressing financial sector policy issues, given shared responsibilities for the financial sector?</li> </ol> <h2>Going Forward</h2> <p>As noted above, the consultation period ends December 4, 2023. Submissions are encouraged, to the following email <a rel="noopener noreferrer" target="_blank" href="mailto:legreview-examenleg@fin.gc.ca">legreview-examenleg@fin.gc.ca</a>, with the subject line: “Financial Institutions Statutes Review.” More information is available in the <a rel="noopener noreferrer" target="_blank" href="https://www.canada.ca/en/department-finance/programs/consultations/2023/consultation-on-upholding-the-integrity-of-canadas-financial-sector.html">federal Department of Finance consultation announcement</a>.</p> <p>The federal Department of Finance is also continuing work on digital assets, as part of the financial sector review and separate from this consultation. In a related development, OSFI launched a consultation on its draft <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/is-si.aspx">Integrity and Security Guideline</a> on October 13, 2023. While this process is separate from the Department of Finance consultation described above, it is related to Questions 1, 2 and 4 from that consultation. We will publish a post on the OSFI process shortly.</p> <p><em><span style="color: black;">The author would like to acknowledge the support and assistance of <a href="/en-ca/people/e/sandra-elashmouny">Sandra Elashmouny</a>, articling student at law.</span></em></p>19-Oct-2023 03:57:00{77B1E365-6708-4FCE-94F0-80DDAA574856}https://www.stikeman.com/en-ca/kh/insurance-law/osfi-releases-new-supervisory-framework-for-frfis-and-pension-plansStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamInsurance Law UpdateFinancial Services UpdateOSFI Releases New Supervisory Framework for FRFIs and Pension Plans<p><strong>On October 4, 2023, the Office of the Superintendent of Financial Institutions (“OSFI”) </strong><a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/eng/osfi-bsif/rep-rap/blueprint-plan-directeur/Pages/supervision-surveillance-let.aspx?utm_source=osfi-bsif&utm_medium=email&utm_campaign=osfi-bsif-email"><strong>released details</strong></a><strong> of a new </strong><a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/eng/osfi-bsif/rep-rap/blueprint-plan-directeur/Pages/supervision-surveillance-let.aspx?utm_source=osfi-bsif&utm_medium=email&utm_campaign=osfi-bsif-email"><strong>supervisory framework</strong></a><strong> (“New Framework”) that will apply as of April 1, 2024 to federally-regulated financial institutions (“FRFIs”) and pension plans. This initiative is part of OSFI’s comprehensive “</strong><a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/osfi-bsif/rep-rap/Pages/bl-pd.aspx"><strong>Blueprint</strong></a><strong>” transformation program, and will be the most comprehensive update to OSFI’s supervisory framework in the last 25 years. OSFI will publish more information about the New Framework in early 2024.</strong></p> <p>OSFI has constructed the New Framework to give it the flexibility it considers it needs to respond to the current risk environment, with a particular focus on:</p> <ul> <li>macro-economic risks that may impact FRFIs and pension plans;</li> <li>new business models; and</li> <li>new risks, including non-financial risks.</li> </ul> <p>A more analytic and data-driven approach to risk supervision will be an important element of the New Framework, allowing for more timely responses to potential issues.</p> <h2>Expanded Risk Ratings</h2> <p>Under the New Framework, OSFI will supplement its existing intervention stage ratings with three new or expanded ratings:</p> <ul> <li>A rating based on size, complexity and potential for contagion;</li> <li>A “viability risk” rating on an 8-point scale; and</li> <li>Specific ratings for business risk, financial resilience, operational resilience and risk governance (for large institutions only).</li> </ul> <p>The switch-over to the New Framework is not expected to have an immediate effect on existing intervention ratings. However, because the New Framework is designed to be more responsive to changes in the risk environment, financial institutions should be prepared for more frequent fluctuations in their ratings – a change that OSFI anticipates will assist the institutions’ own efforts to respond more effectively to potential issues.</p> <h2>Enhancing OSFI’s Capacity</h2> <p>OSFI’s basic approach will continue to be, in OSFI’s view, forward-looking and principles-based, but the New Framework includes a review of best practices of prudential regulators in other jurisdictions as well as a Supervision Institute that will focus on skills development for OSFI’s supervisory staff, particularly with respect to new tools and technologies.</p> <h2>Going Forward</h2> <p>OSFI is committed to providing more information about timelines and requirements well in advance of the New Framework’s April 1, 2024 implementation date, and has released a <a rel="noopener noreferrer" target="_blank" href="https://www.youtube.com/watch?v=3yAoK1pGNmc">video discussing OSFI’s supervisory priorities</a>. Those interested in learning more may wish to attend a <a rel="noopener noreferrer" target="_blank" href="https://osfibsif.qualtrics.com/jfe/form/SV_5AZdmSQ0jnWXgqi">webinar for regulated financial institutions</a> that OSFI is holding on November 2 and 9, 2023.</p>10-Oct-2023 02:36:00{62CD6E19-0F7D-4850-80DA-6A4C271CEA25}https://www.stikeman.com/en-ca/kh/tax-law/new-gst-hst-notice-on-services-provided-by-insurance-intermediariesJean-Guillaume Shoonerhttps://www.stikeman.com/en-ca/people/s/jean-guillaume-shoonerStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersGeneviève Beebehttps://www.stikeman.com/en-ca/people/b/genevieve-beebeTax Law UpdateInsurance Law UpdateNew GST/HST Notice on Services Provided by Insurance Intermediaries<p><strong>In July 2023, the Canada Revenue Agency (“CRA”) released </strong><a rel="noopener noreferrer" target="_blank" href="https://www.canada.ca/en/revenue-agency/services/forms-publications/publications/notice325/services-provided-certain-insurance-intermediaries.html"><strong>GST/HST Notice 325</strong></a><strong> (the “Notice”) with respect to services provided by certain insurance intermediaries. The Notice essentially makes official the 180-degree turn the CRA has taken with respect to the taxable status of commissions and other consideration payable to insurance intermediaries – including Third Party Administrators (“TPAs”) and Managing General Agents (“MGAs”) – after the industry requested clarification with respect to the tax treatment of a range of specific scenarios.</strong></p> <h2>Background</h2> <p>In a 2019 technical interpretation, the CRA had stated that the predominant nature of the supply made by an MGA was a management and promotional service to the insurer that was excluded from the definition of “financial service” in <a rel="noopener noreferrer" target="_blank" href="https://laws-lois.justice.gc.ca/eng/acts/e-15/page-28.html#h-188824">Part IX of the <em>Excise Tax Act</em> (Canada)</a> (“ETA”) and was therefore taxable (GST/HST Interpretation Case Number 194986, May 6, 2019). At the end of 2019, the tax authorities began reassessing insurance intermediaries for uncollected GST/HST.</p> <p>Following representations submitted by a coalition of industry players, the CRA agreed to clarify its view regarding the application of the GST/HST to services supplied by insurance intermediaries. The coalition notably provided examples to the CRA where clarifications were necessary.</p> <p>The publication of the Notice is the result of those efforts. The Notice summarizes the CRA’s current administrative position regarding the application of the GST/HST to supplies made, directly or indirectly, to an insurer by certain intermediaries. The Notice notably provides guidance to MGAs, TPAs and managing general underwriters (“MGUs”) to determine whether the services they provide are subject to GST/HST or not.</p> <h3>Comment period</h3> <p>The CRA is <a rel="noopener noreferrer" target="_blank" href="https://www.canada.ca/en/revenue-agency/services/forms-publications/publications/notice325/services-provided-certain-insurance-intermediaries.html">accepting feedback on the Notice</a> until October 31, 2023. However as the Notice states, it can already be considered by stakeholders as an “accurate summary of the CRA’s interpretation of the law”.</p> <h2>Application of the ETA to Insurance Intermediaries</h2> <p>As a general rule, any supply of property or services made by an insurance intermediary is to be considered as a taxable supply <strong>unless</strong> it is:</p> <ul> <li>an <strong>exempt supply</strong> as provided for under Schedule V to the <em>Excise Tax Act</em> (Canada) (“<strong>ETA</strong>”); or</li> <li>a <strong>zero-rated supply</strong> as listed under Schedule VI to the ETA.</li> </ul> <p>A supply of a “financial service” (as defined under subsection 123(1) of the ETA) will generally be an exempt supply pursuant to section 1 of Part VII of Schedule V <strong>unless</strong> it is an “exported” financial service made by a financial institution and is listed in Part IX of Schedule VI as a zero-rated supply. In that context, the Notice proposes a <strong>three-step framework</strong> designed to help determine whether a supply made by an insurance intermediary is either taxable, exempt or zero-rated for GST/HST purposes:</p> <ul> <li><strong>Step 1</strong> consists in determining whether the insurance intermediary is making a single or multiple supplies;</li> <li><strong>Step 2</strong> analyzes the characteristics of each element of a supply and identifies its predominant element; and</li> <li><strong>Step 3</strong> establishes whether the predominant element of the supply meets the definition of financial service in subsection 123(1) of the ETA.</li> </ul> <h3>Step 1: single vs. multiple supplies</h3> <p>Where an agreement provides for several elements of property and/or services to be supplied by an insurance intermediary to an insurer (or another person dealing with the insurer), one must first determine whether the insurance intermediary is actually making a single supply or multiple supplies for GST/HST purposes.</p> <p>In many cases, each element to be supplied by the intermediary, if taken separately, could have a different tax treatment for GST/HST purposes. This makes the single vs. multiple supplies determination a critical aspect of the analysis framework. The CRA’s administrative instructions regarding such determination are published in <a rel="noopener noreferrer" target="_blank" href="https://www.canada.ca/en/revenue-agency/services/forms-publications/publications/p-077r2.html">GST/HST Policy Statement P-077R2.</a></p> <p>The Notice also underscores that it is ultimately a question of fact whether an intermediary is making a single supply or multiple supplies. In general, where several elements are provided and are inextricably intertwined and integrally connected to one another, such elements must be considered to form part of a single supply. It is also noteworthy that even if more than one contract exists between the parties, the CRA may still consider them to be a single supply.</p> <p>Even where the above analysis has identified multiple supplies, the possible application of the deeming provisions in sections 138 and 139 of the ETA must still be considered:</p> <ul> <li><strong>Section 138</strong> deems a supply to form part of another supply where they are supplied together for a single price.</li> <li><strong>Section </strong><strong>139</strong> provides that services that are not financial services, or properties that are not capital properties of the supplier, to the extent they are provided together with financial services as a usual practice in the ordinary course of business of the supplier, are deemed to be financial services to the extent the pure financial service portion accounts for more than 50% of the value of the combined supply.</li> </ul> <h3>Step 2: predominant element of the supply</h3> <p>To the extent one single supply of multiple elements has been identified or where multiple supplies are instead made by the intermediary, it is then necessary to identify all of the elements of each supply. Finally, the predominant element of each supply should be determined.</p> <p>As stated in case law, the CRA considers that the test to determine the predominant element of a supply is to find the element that gives the supply commercial efficacy. In this respect, the Notice states that such determination requires identifying objectively, from the recipient’s perspective, the service provided by the insurance intermediary in exchange for the consideration. The Notice also mentions that the way the consideration for the supply is calculated is not, in and of itself, a determining factor.</p> <h3>Step 3: whether the supply is a financial service</h3> <p>Once the predominant element of a supply has been identified, it is then necessary to determine whether it is a supply of a financial service.</p> <p>Generally, under Part IX of the ETA, a supply is a financial service, as defined in subsection 123(1), if it is listed within any of paragraphs (a) to (m) of such definition (collectively, the “<strong>Inclusionary Paragraphs</strong>”). However, if such supply also falls within any of the exclusions listed in paragraphs (n) to (t) of the definition (collectively, the “<strong>Exclusionary Paragraphs</strong>”), it is deemed not to be a financial service.</p> <h4>Inclusionary Paragraphs</h4> <p>The Notice focuses on Inclusionary Paragraph (l) which refers to “arranging for” a service that is referred to in any of Inclusionary Paragraphs (a) to (i) and is not referred to in any of Exclusionary Paragraphs (n) to (t).</p> <p>More precisely, the Notice considers a scenario where an intermediary is involved in the insurer’s supply of a financial service such as the issuance or renewal of an insurance policy.</p> <p>The CRA notes that in order for an insurance intermediary’s supply to be considered as “arranging for” an insurer’s supply of a financial service, the following factors described in <a rel="noopener noreferrer" target="_blank" href="https://www.canada.ca/en/revenue-agency/services/forms-publications/publications/b-105.html">GST/HST Technical Information Bulletin B-105</a> are pivotal:</p> <ul> <li>the purpose of the supply must be to act as an intermediary to bring parties together to make the insurer’s supply of the financial service;</li> <li>the insurance intermediary must have sufficient direct involvement in the insurer’s supply of insurance policies that it can be said that the intermediary causes the supply to occur (although it is not necessary for the insurance intermediary to be involved in each individual transaction); and</li> <li>there should be a high degree of reliance on the insurance intermediary by the insurer or the recipient of the insurer’s supply of the financial service.</li> </ul> <h4>Certain Exclusionary Paragraphs</h4> <p>Even if a supply made by an insurance intermediary is included in one or more of the Inclusionary Paragraphs, the supply can still be excluded from the definition of “financial service” to the extent its predominant element is also caught by one of the Exclusionary Paragraphs.</p> <p>The Notice specifically focuses on Exclusionary Paragraphs (r.4) and (t). Exclusionary Paragraph (r.4) excludes from the definition of “financial service” a service that is preparatory to the provision, or the potential provision, of a service referred to in any of Inclusionary Paragraphs (a) to (i) and (l), or that is provided in conjunction with a service referred to in any of those Inclusionary Paragraphs, and that is either:</p> <ul> <li>a service of collecting, collating or providing information, or</li> <li>a market research, product design, document preparation, document processing, customer assistance, promotional or advertising service or a similar service.</li> </ul> <p>For its part, Exclusionary Paragraph (t) also excludes certain services that are prescribed under the <a rel="noopener noreferrer" target="_blank" href="https://laws-lois.justice.gc.ca/eng/regulations/SOR-91-26/index.html"><em>Financial Services and Financial Institutions (GST/HST) Regulations</em></a> (the “<strong>Regulations</strong>”). A prescribed service for purposes of this paragraph generally includes any administrative service (including an administrative service in relation to the payment or receipt of claims or benefits, but excluding a service that is solely the making of the payment or the taking of the receipt). This means that a prescribed administrative service could include a service in relation to the payment of an insurance claim that does not involve any independent decision-making.</p> <p>However, an administrative service is generally not a prescribed service (and not excluded from the definition of financial service) if it is supplied with respect to an instrument (which is defined as money, an account, a credit card voucher, a charge card voucher or a financial instrument such as an insurance policy) by certain persons at risk (directly or indirectly through closely related groups or agents).</p> <p>A “person at risk” in respect of an instrument means a person that is financially at risk by virtue of the acquisition, ownership or issuance by that person of the instrument or by virtue of a guarantee, an acceptance or an indemnity in respect of the instrument, but does not include a person who becomes “at risk” in the course of, and only by virtue of, authorizing a transaction, or supplying a clearing or settlement service, in respect of the instrument.</p> <h2>Seven Example Scenarios</h2> <p>Seven examples are provided by the CRA in the Notice. These include situations in which a range of services are provided by insurance intermediaries, such as MGAs and TPAs, to licensed and non-licensed insurers. In each of the first five examples, the intermediary’s supply to the insurer is exempt, while in the sixth and seventh examples it is not.</p> <ul> <li><strong>Example 1</strong> concerns a typical scenario in which a Canadian MGA enters into a managing general agent agreement with a Canadian licensed insurer. In this scenario, the MGA’s supply to the insurer is a financial service covered under Inclusionary Paragraph (l) (and not excluded under any of the Exclusionary Paragraphs) that is exempt for GST/HST purposes.</li> <li>In <strong>Example 2</strong>, a Canadian TPA develops an employee benefit plan to market to employers and contracts with Canadian licensed insurers to issue group insurance policies to employers. In this case, the TPA receives a commission from the insurers for group policies sold to employers which is also exempt for GST/HST purposes.</li> <li><strong>Example 3</strong> provides for a Canadian corporation entering into an agreement with a Canadian licensed insurer. The Canadian corporation is appointed by the insurer to act on the insurer’s behalf to distribute and manage travel insurance policies sold to Canadian residents and the intermediary receives a commission based on the premiums received on policies sold by such intermediary. Again, the intermediary’s supply to the insurer is viewed as an exempt financial service.</li> <li><strong>Example 4</strong> illustrates a scenario where a Canadian TPA enters into two agreements with a Canadian insurer, where under agreement A, the TPA solicits customers to buy the insurer’s group life and health insurance policies, and under agreement B, the TPA administers all policies it has distributed under agreement A. The TPA only receives consideration (i.e., commissions) under agreement A based on the policies distributed. In this case, the TPA’s supply to the insurer under both agreements is a financial service covered under Inclusionary Paragraph (l) (and not excluded under any of the Exclusionary Paragraphs) that is exempt for GST/HST purposes.</li> <li><strong>Example 5</strong> involves a Canadian corporation entering into an agreement with a Canadian insurer where the intermediary distributes the insurer’s car replacement insurance policies to customers who purchase new cars through Canadian car dealers. A commission is paid to the intermediary based on each policy issued through the intermediary’s network of dealers. Again, the intermediary’s supply to the insurer is exempt for GST/HST purposes in this example.</li> <li>In <strong>Example 6</strong>, a Canadian corporation that is not authorized to carry on an insurance business develops a car replacement program under which, in the case of a total loss, the corporation will pay a customer the difference between the cost of the replacement car and the primary insurer’s settlement amount. An insurer that is licensed issues a contractual liability insurance to the corporation providing coverage for the corporation’s obligations towards the customers. In this case, the supply of the car replacement contracts to the customers is not an exempt financial service because the corporation is not issuing an “insurance policy” as defined in subsection 123(1) of the ETA. Premiums payable by the corporation to the licensed insurer are nonetheless exempt.</li> <li>Finally, <strong>Example 7</strong> provides for a Canadian corporation that owns an insurance claims adjudication and settlement system. The corporation adjudicates drug benefit claims made by insured employees covered by group health insurance policies issued by insurers. Employees receive the drug benefits directly at the point of purchase. For the corporation’s services, an insurer pays a fee for each claim adjudicated through the corporation’s system. By taking into account the insurer’s perspective (i.e., the recipient of the supply), the CRA concludes that the predominant element of the corporation’s supply is an administrative service. Even if such service were included in any of the Inclusionary Paragraphs, the CRA would conclude that it should be excluded under Exclusionary Paragraph (t) as a prescribed service under paragraph 4(2)(b) of the Regulations. Moreover, subsection 4(3) of the Regulations would not be applicable to exclude the supply from being a prescribed service considering the corporation is not a “person at risk” in this scenario.</li> </ul> <h2>Concluding Comments</h2> <ul> <li>The publication of the CRA’s official position regarding the exempt status of commissions payable by insurers to insurance intermediaries, including TPAs and MGAs, in typical real-life scenarios had long been awaited and requested by participants in the industry.</li> <li>Clarifications regarding the application of the “arranging for” Inclusionary Paragraph (l) could also assist businesses acting as intermediaries in connection with financial services supplied by financial institutions outside the insurance industry.</li> </ul>06-Sep-2023 03:26:00{346A4F6E-C5F9-48FD-BDDB-06EE23459B88}https://www.stikeman.com/en-ca/kh/insurance-law/osfi-releases-draft-culture-and-behaviour-risk-guidelineStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamInsurance Law UpdateOSFI Releases Draft Culture and Behaviour Risk Guideline<p><strong>On February 28, 2023, the Office of the Superintendent of Financial Institutions (“OSFI”) </strong><a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/osfi-bsif/med/Pages/cbrsk20230228-nr.aspx"><strong>announced the release</strong></a><strong> of a draft </strong><a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/cbrsk_dft.aspx"><strong>Culture and Behaviour Risk Guideline</strong></a><strong> (“Draft Guideline”). In response to feedback received in response to OSFI’s 2022 </strong><a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/in-ai/Pages/crmg_let.aspx"><strong>Culture Risk Management Letter</strong></a><strong>, the Draft Guideline includes more precise definitions of key concepts. OSFI is also planning to provide a self-assessment tool to assist with compliance efforts. The consultation period will run until May 31, 2023.</strong></p> <h2>Structure of the Draft Guideline</h2> <p>OSFI has taken a <strong>principles-based</strong> and <strong>outcomes-focused</strong> approach and is not intending to impose uniform “culture and behaviour” practices across all Federally Regulated Financial Institutions (“FRFIs”). OSFI acknowledges that each FRFI has a unique culture. The Draft Guideline should be read in conjunction with other OSFI guidance, in particular:</p> <ul> <li><a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/CG_Guideline.aspx">OSFI Corporate Governance Guideline</a>;</li> <li><a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/Docs/e21.pdf">OSFI Guideline E-21 (Operational Risk Management)</a>;</li> <li><a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/Docs/e13.pdf">OSFI Guideline E-13 (Regulatory Compliance Management)</a>.</li> </ul> <h3>Expected Outcomes</h3> <p>The expected outcomes are:</p> <ul> <li><strong>Integration of culture into governance structures:</strong> culture and behaviour are designed and governed through clear accountabilities and oversight;</li> <li><strong>Proactive promotion and reinforcement:</strong> desired culture and expected behaviours are proactively promoted and reinforced; and</li> <li><strong>Behavioural risk management:</strong> risks emerging from behavioural patterns are identified and proactively managed.</li> </ul> <h3>Principles</h3> <p>Achievement of the expected outcomes is to be guided by the following five principles, as discussed below:</p> <ol> <li>Desired culture and expected behaviours are designed to align with the purpose and strategy of the FRFI and governed through appropriate structures and frameworks.</li> <li>Leaders, at all levels, consistently promote and reinforce the desired culture and expected behaviours through their words, actions and decisions.</li> <li>Talent and performance management strategies and practices promote and reinforce the desired culture and expected behaviours.</li> <li>Compensation, incentives and rewards promote and reinforce the desired culture and expected behaviours.</li> <li>FRFIs proactively monitor for, assess, and act to address risks related to culture and behaviour that may influence their resilience.</li> </ol> <h3>Key definitions</h3> <p><strong>“Behaviour risks”</strong> – behavioural patterns that threaten a FRFI’s desired culture by being misaligned with it and/or by increasing financial and non-financial risks.</p> <p><strong>“Culture”</strong> – values, mindsets, beliefs and assumptions held in common within an organization and which shape its purposes and its expectations of employee behaviour.</p> <h2>Outcome 1: Integration of Culture into Governance Structures</h2> <p>Only one principle is associated with the first outcome. As discussed below, it generates obligations relating to governance and culture design:</p> <p><em>Principle 1: Desired culture and expected behaviours are designed to align with the purpose and strategy of the FRFI and governed through appropriate structures and frameworks.</em></p> <h3>Governance</h3> <p>The Draft Guideline notes the responsibility of senior managers for the design and oversight of institutional culture and expected behaviours. Responsibilities should be clear and sufficient resources should be allocated. While the appropriate governance structure will depend on the FRFI’s size, structure, strategies, etc., it may include frameworks related to some or all of the following (among others):</p> <ul> <li>Remuneration, performance and talent management;</li> <li>Ethics and conflict management;</li> <li>Risk and resilience;</li> <li>Whistleblowing and escalation.</li> </ul> <p>Governance policies, processes and structures should be applied consistently by the FRFI and be regularly reviewed and updated as required.</p> <h3>Culture design</h3> <p>The Draft Guideline reminds FRFIs that OSFI expects them to define the culture that supports their institutional strategies and implement a plan for promoting the desired culture within the FRFI. This includes:</p> <ul> <li>Clear articulation of the culture, including its values and expected behaviours;</li> <li>A statement of how the culture aligns with the institution’s vision, strategy and approach to risk management;</li> <li>Consideration of HR strategies;</li> <li>Consideration of polices, processes, practices and systems to support the desired culture;</li> <li>Implementation of accountability frameworks, mandates and objectives; and</li> <li>Proactive monitoring, assessment and reporting in support of oversight and improvement.</li> </ul> <h2>Outcome 2: Proactive Promotion and Reinforcement</h2> <p>At a minimum, OSFI expects FRFIs to promote the desired culture and expected behaviours through leadership, talent management practices and compensation and incentive plans. Three principles support the “proactive promotion and reinforcement” outcome.</p> <p><em>Principle 2: Leaders, at all levels, consistently promote and reinforce the desired culture and expected behaviours through their words, actions and decisions.</em></p> <p>This principle requires a consistent “tone from the top” on the part of senior management and leaders of oversight functions and embodiment of the desired culture at all levels of management, including ensuring consistent accountability at all levels.</p> <p><em>Principle 3: Talent and performance management strategies and practices promote and reinforce the desired culture and expected behaviours.</em></p> <p>All aspects of talent management – hiring, training, retention, succession, etc. – should be carried out consistently with the promotion of the FRFI’s desired culture. Performance management, such as goal setting, promotion, discipline and termination, should also promote the desired culture.</p> <p><em>Principle 4: Compensation, incentives and rewards promote and reinforce the desired culture and expected behaviours.</em></p> <p>Compensation and incentive arrangements should be designed to promote the expected behaviours throughout the organization. Practices and decisions relating to compensation should:</p> <ul> <li>Reflect the FRFI’s desired culture and expected behaviours;</li> <li>Promote sound decision-making and effective risk management; and</li> <li>Be consistent with the institution’s performance and talent management decisions.</li> </ul> <h2>Outcome 3: Behavioural Risk Management</h2> <p>FRFIs are expected to implement risk management “mechanisms and techniques” focused on behavioural patterns that are inconsistent with the desired culture and expected behaviours. Examples referred to in the Draft Guideline include complacency, excessive risk taking, poor communication and a failure to raise concerns.</p> <p>There is one principle under this outcome:</p> <p><em>Principle 5: FRFIs proactively monitor for, assess, and act to address risks related to culture and behaviour that may influence their resilience.</em></p> <p>According to the Draft Guideline, behaviour risks must be identified, assessed and responded to, as follows:</p> <h3>Identification</h3> <p>OSFI is expecting FRFIs to use quantitative and qualitative methods to identify behavioural patterns. These can include surveys, interviews, focus groups and informal conversations with employees as well as analysis of employment data such as turnover and retention patterns and performance indicators, among others.</p> <h3>Assessment</h3> <p>Where a divergence between expected and actual behaviour patterns is detected, the FRFI should conduct an assessment that focuses on:</p> <ul> <li>Root causes;</li> <li>Potential impacts;</li> <li>Unintended consequences; and</li> <li>Extent of the patterns across the institution.</li> </ul> <p>Priority should be given to risks that could affect the resilience of the FRFI or a specific part of its business.</p> <h3>Response</h3> <p>The FRFI should decide which behavioural patterns and behaviour risks require a response, and what that response should be. Potential responses referred to in the Draft Guideline include ongoing monitoring of existing behavioural patterns, actions to modify behavioural patterns that create risks for the FRFI or, where the behavioural patterns support the desired culture, actions to reinforce those patterns. Any such response should be supported by a rationale and appropriately tracked and evaluated.</p> <h2>Going Forward</h2> <ul> <li>Industry participants can submit comments on the Draft Guideline until May 31, 2023. Instructions for doing so are included in <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/osfi-bsif/med/Pages/cbrsk20230228-nr.aspx">OSFI’s News Release</a>.</li> <li>OSFI’s News Release indicates that a self-assessment tool will be provided to assist industry participants in their compliance efforts.</li> </ul>09-Mar-2023 09:35:00{A53566EA-FA3B-42FE-ABA6-41ECA12D330A}https://www.stikeman.com/en-ca/kh/canadian-securities-law/virtual-currency-regulation-in-canada-the-legal-and-regulatory-framework-for-2023Ramandeep K. Grewalhttps://www.stikeman.com/en-ca/people/g/ramandeep-k-grewalAlix d'Anglejan-Chatillonhttps://www.stikeman.com/en-ca/people/d/alix-d-anglejan-chatillonÉric Lévesquehttps://www.stikeman.com/en-ca/people/l/eric-levesqueChristian Vieirahttps://www.stikeman.com/en-ca/people/v/christian-vieiraCanadian Securities LawCorporations & Commercial Law UpdateInsurance Law UpdateFinancial Services UpdateTax Law UpdateVirtual Currency Regulation in Canada: The Legal and Regulatory Framework for 2023<p>Four Stikeman Elliott lawyers recently updated the <a href="/-/media/files/kh-general/the-law-reviews--the-virtual-currency--regulation-review-2022.ashx">Canada chapter</a> of The Virtual Currency Regulations (5<sup>th</sup> edition), published by <a rel="noopener noreferrer" href="https://www.lbresearch.com/" target="_blank">Law Business Research Ltd</a>. This chapter provides an excellent overview of the rapidly developing area of law in Canada, focusing on the following topics:</p> <ul> <li>Introduction to the Legal and Regulatory Framework</li> <li>Anti-Money Laundering</li> <li>Other Legislative Requirements</li> <li>Criminal and Civil Fraud Enforcement</li> <li>Tax</li> <li>Regulation of Miners</li> </ul> <p>We are pleased to be able to make this <a href="/-/media/files/kh-general/the-law-reviews--the-virtual-currency--regulation-review-2022.ashx">12-page publication</a> available for downloading.</p>Mon, 07 Nov 2022 12:00:00 Z07-Nov-2022 02:32:00{A60141B4-540C-4C34-897D-78E0FEA181D4}https://www.stikeman.com/en-ca/kh/insurance-law/british-columbia-conducts-consultation-on-restricted-licence-regimeStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamInsurance Law UpdateBritish Columbia Conducts Consultation on Restricted Licence Regime for Incidental Sellers of Insurance <p><strong>British Columbia’s Ministry of Finance </strong><a rel="noopener noreferrer" target="_blank" href="https://www2.gov.bc.ca/gov/content/employment-business/business/financial-institutions-act-and-credit-union-incorporation-act-consultation/restricted-insurance-agent-licences"><strong>is conducting a consultation</strong></a><strong> on the adoption of its proposed restricted insurance agent licensing regime for incidental sellers of insurance. The proposal is similar to what is already in place in the other three western provinces (and, soon, in New Brunswick) but B.C. is signalling that it may consider including additional industries and additional flexibility in its regime. B.C. businesses that see opportunities in this area should therefore consider submitting comments, which are due on October 3, 2022.</strong></p> <p>The licensing of restricted insurance agents is provided for in s. 174.1 of B.C.’s <a rel="noopener noreferrer" target="_blank" href="https://www.bclaws.gov.bc.ca/civix/document/id/bills/billsprevious/4th41st:gov37-2"><em>Financial Institutions Amendment Act, 2019</em></a>, which will be proclaimed in force once details of the restricted licence regime have been finalized. As described in the <a rel="noopener noreferrer" target="_blank" href="https://www2.gov.bc.ca/assets/gov/employment-business-and-economic-development/fia-cuia-consultation/fia-insurance-consultation-paper.pdf"><strong>consultation paper</strong></a>, the B.C. consultation is focused on the regulations and rules that will accompany the legislation, and particularly on the following issues:</p> <ul> <li>The <strong>classes of restricted licensees</strong> (i.e. the types of business that will be eligible for restricted licenses);</li> <li>The <strong>classes of insurance</strong> that can be sold under a restricted licence; and</li> <li>How this new regime <strong>will affect existing exemptions</strong> under the <em>Insurance Licensing Exemptions Regulation</em>.</li> </ul> <p>Some of the topics raised in the consultation may be included in rules of the Insurance Council of BC or in both regulations and rules. The Insurance Council will be separately consulting regarding proposed rules.</p> <h2>Classes of Restricted Licensees</h2> <p>The B.C. Ministry of Finance is proposing a “restricted licence” regime under which certain <strong>classes of business</strong> may be granted insurance agent licences that are restricted to classes of insurance that are “incidental to the licensee’s ordinary business”.</p> <p>Under the similar regimes in place in Alberta, Saskatchewan and Manitoba (and planned for New Brunswick), the classes of business for which restricted insurance licences can be issued include:</p> <ul> <li>Deposit-taking institutions – credit protection, travel and life insurance;</li> <li>Transportation companies – travel and cargo insurance;</li> <li>Travel agencies – travel insurance;</li> <li>Auto, RV, watercraft and other vehicular and equipment dealerships – credit protection, equipment warranty and guaranteed asset protection insurance;</li> <li>Sales finance companies and mortgage brokers – credit protection insurance;</li> <li>Customs brokers and freight forwarders – cargo insurance;</li> <li>Funeral services businesses – funeral insurance;</li> <li>Car (and other vehicle) rental agencies – rented vehicle insurance; and</li> <li>Portable electronics sellers – portable electronics insurance.</li> </ul> <p>While recognizing the importance of consistency among the provinces, the Ministry of Finance is not ruling out the possibility of excluding some of the above, or potentially of adding some or all of the following:</p> <ul> <li>Storage companies – personal property policies;</li> <li>Event companies and ticket sellers – event cancellation policies;</li> <li>Leasing companies (personal property and office furniture) – damage protection and product warranty policies;</li> <li>Leasing companies (equipment, vehicles, heavy machinery) – vehicle or product warranty policies;</li> <li>Educational institutions – travel medical policies for out-of-province students; and</li> <li>Tour operators and public carriers (airlines, bus companies, ferry companies) – trip interruption or cancellation policies.</li> </ul> <p>The B.C. regime could end up differing from those of the other provinces in another important respect: the Ministry of Finance has stated that it is willing to consider the possibility of granting restricted licences to B.C. licensees to sell classes of insurance that are <strong>not </strong><strong>incidental</strong> to their businesses. For this to happen, the Ministry would need to be convinced of the benefit to consumers.</p> <h2>Future of Existing ILER Exemptions</h2> <p>The Ministry of Finance is proposing that some existing exemptions under the <a rel="noopener noreferrer" target="_blank" href="https://www.bclaws.gov.bc.ca/civix/document/id/lc/statreg/328_90"><em>Insurance Licensing Exemptions Regulation</em></a> (“ILER”) be partially or wholly repealed. If this occurs, companies that have had ILER exemptions for any of the following might need to obtain one of the new restricted licences:</p> <ul> <li>Product warranty insurance;</li> <li>Credit insurance (sold by credit institutions, mortgage brokers and others);</li> <li>Vehicle warranty insurance (sold by motor vehicle dealers);</li> <li>Travel insurance (sold by travel agents or transportation companies); and</li> <li>Funeral services insurance (sold by funeral directors).</li> </ul> <p>An example scenario for a <strong>partial repeal</strong> would be keeping an exemption for products under a certain value but requiring a restricted licence for coverage above that threshold.</p> <h2>Classes of Insurance</h2> <p>The Ministry of Finance is proposing to prescribe (permit) certain <strong>classes of insurance</strong> under the restrictive licensing regime (in addition to the <strong>classes of licensee</strong> discussed above). In so doing, they would be following the lead of the other provinces, but the Ministry of Finance is clear that it may not prescribe exactly the same classes of insurance. Moreover, some classes that are currently exempt under ILER could potentially be permitted under the restricted licence regime.</p> <p>In addition to the above, the Ministry is considering including the following insurance classes in the restrictive licensing regime:</p> <ul> <li>Personal effects property insurance (storage companies);</li> <li>Purchase protection insurance (retailers, credit card companies);</li> <li>Marine craft rental insurance (marine craft rental companies);</li> <li>Damage protection insurance (personal property and office furniture leasing companies); and</li> <li>Event cancellation insurance (event and ticket sales companies).</li> </ul> <h2>Consultation Questions</h2> <p>The Ministry of Finance is looking for input from interested parties, including (but not restricted to) industry views on questions such as the following:</p> <ul> <li>Which businesses should and should not be prescribed as potential licensees?</li> <li>Which classes of insurance should and should not be prescribed?</li> <li>Which ILER exemptions, if any, should be repealed in favour of offering one of the new restricted insurance agent licences (and should the repeal be full or partial)?</li> <li>When (if ever) should exceptions be made to the general expectation that restricted licensees will be restricted to classes of insurance that are incidental to their ordinary business?</li> <li>Should there be any licence exemptions for low-value products?</li> <li>Should there be a maximum value for insurance policies (or of certain types of insurance policy) sold by restricted insurance agent licensees?</li> <li>Would a deferred sales model be advisable for any class of restricted agent (i.e., a model in which insurance could not be offered until a certain number of days after the primary purchase)?</li> <li>Which rules should apply to the conduct of a restricted licensee’s insurance business (e.g. with respect to disclosure, cooling off periods, commissions and fees, etc.)?</li> </ul> <p>Please see the <a rel="noopener noreferrer" target="_blank" href="https://www2.gov.bc.ca/assets/gov/employment-business-and-economic-development/fia-cuia-consultation/fia-insurance-consultation-paper.pdf">consultation paper</a> for the complete list of questions on which comment is sought.</p> <h2>Next Steps</h2> <p>As noted above, the public consultation is ongoing, with <a rel="noopener noreferrer" target="_blank" href="https://www2.gov.bc.ca/gov/content/employment-business/business/financial-institutions-act-and-credit-union-incorporation-act-consultation/restricted-insurance-agent-licences">comments due on or before <strong>October 3, 2022</strong></a>. The open and flexible approach of the Ministry of Finance indicates that industry submissions could have a significant impact on the eventual shape of the restricted licensing regime.</p>Mon, 19 Sep 2022 16:58:00 Z29-Aug-2022 01:51:00{E32D7B3B-CB82-4E09-B8F2-AD44910D2AF9}https://www.stikeman.com/en-ca/kh/insurance-law/alberta-initiatives-supporting-local-reinsurance-and-captive-insurance-fully-in-force-by-july-1-2022Stuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersInsurance Law UpdateAlberta Initiatives Supporting Local Reinsurance and Captive Insurance Fully In Force By July 1, 2022<p><strong>The Government of Alberta’s initiatives in support of reinsurance and captive insurance in the province, discussed in </strong><strong><a href="https://www.stikeman.com/en-ca/kh/insurance-law/alberta-introduces-insurance-law-amendments-to-foster-local-reinsurers">our post of April 20, 2022</a></strong><strong>, will soon be fully in force. </strong></p> <p>Already in force, as of <strong>May 31, 2022</strong>, are the <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.assembly.ab.ca/assembly-business/bills/bill?billinfoid=11972&from=bills">Bill 16 amendments</a> that amend the <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.canlii.org/en/ab/laws/stat/rsa-2000-c-i-3/latest/rsa-2000-c-i-3.html"><em>Insurance Act</em></a> to give Alberta reinsurers the ability to structure themselves as limited partnerships. Bill 16 also (among other things) adds “redomestication” provisions to the new <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.canlii.org/en/ab/laws/stat/sa-2021-c-c-2.4/latest/sa-2021-c-c-2.4.html"><em>Captive Insurance Companies Act</em></a> that are intended to facilitate the relocation of foreign captives into Alberta.</p> <p>In a related step, the <em>Captive Insurance Companies Act</em> has been <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.qp.alberta.ca/documents/Orders/Orders_in_Council/2022/2022_194.html">proclaimed in force</a> as of <strong>July 1, 2022</strong>, following the recent issuance of four <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.qp.alberta.ca/507.cfm">Orders in Council</a> creating the <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.qp.alberta.ca/documents/Orders/Orders_in_Council/2022/2022_196.html"><em>Captive Insurance Companies Regulation</em></a> and other regulations.</p>07-Jun-2022 06:38:00{F84481A9-D5A3-4F32-A36C-C3E5FE5801A4}https://www.stikeman.com/en-ca/kh/insurance-law/fsra-releases-draft-guidance-on-incorporating-cisro-s-principles-of-conductStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamInsurance Law UpdateFSRA Releases Draft Guidance on Incorporating CISRO’s Principles of Conduct for Insurance Intermediaries Into Its Regulatory Activities in Ontario<p><strong>On April 6, 2022, the Canadian Insurance Services Regulatory Organization (“CISRO”) adopted the </strong><a rel="noopener noreferrer" target="_blank" href="https://www.cisro-ocra.com/Documents/View/2402"><strong><em>Principles of Conduct for Insurance Intermediaries</em></strong></a><strong> (“Principles”). In conjunction with that announcement, the Financial Services Regulatory Authority of Ontario (“FSRA”) also </strong><a rel="noopener noreferrer" target="_blank" href="https://www.fsrao.ca/engagement-and-consultations/consultation-proposed-principles-conduct-insurance-intermediaries"><strong>announced a consultation process</strong></a><strong> on its own </strong><a rel="noopener noreferrer" target="_blank" href="https://www.fsrao.ca/industry/life-and-health-insurance/proposed-principles-conduct-insurance-intermediaries"><strong>draft guidance</strong></a><strong> (“Proposed Guidance”) on principles of conduct for insurance intermediaries. This post focuses primarily on the FSRA Proposed Guidance.</strong></p> <h2>CISRO’s Finalized Principles</h2> <p>As noted in <a href="https://www.stikeman.com/en-ca/kh/insurance-law/canadian-insurance-intermediary-regulators-release-proposed-conduct-principles">our 2021 post on the draft version</a>, the Principles supplement the 2018 <a rel="noopener noreferrer" target="_blank" href="https://www.stikeman.com/en-ca/kh/insurance-law/Fair-Treatment-of-Customers-CCIR-and-FSCO-Release-Finalized-Guidelines"><em>Fair Treatment of Customers Guidance</em></a> (“FTC Guidance”) of CISRO and the Canadian Council of Insurance Regulators and align with Insurance Core Principles 18 and 19 of the International Association of Insurance Supervisors (“IAIS”). As we noted at that time, the Principles set out CISRO’s expectations for insurance intermediaries, which can be summarized as follows:</p> <ol> <li>Comply with all applicable laws, regulations, rules and codes;</li> <li>Put the customers’ interests ahead of their own;</li> <li>Identify, disclose and manage conflicts of interest;</li> <li>Provide objective, accurate and thorough advice that is suitable to the circumstances disclosed by each customer;</li> <li>Disclose and explain information relevant to the customer’s decision-making clearly and understandably;</li> <li>Disclose all necessary and appropriate information about product promotions;</li> <li>Handle claims, complaints and disputes in a timely and fair manner;</li> <li>Take appropriate measures to protect personal and confidential information, while collecting only such information as is necessary, and using it solely for the purposes to which the customer has consented;</li> <li>Maintain an appropriate level of professional competence, including attendance at continuing education and training courses, while not acting outside one’s areas of competence; and</li> <li>Provide appropriate oversight of employees and third-party contractors.</li> </ol> <p>In CISRO’s finalized version, the Principles are substantively similar to the draft version. There are a few substantive changes, however: for example, the draft’s use of <strong>“must”</strong> in most of the principles has been softened to<strong> “expected to”</strong> in the finalized version. Another significant change is that intermediaries are now only “expected to seek <strong>appropriate </strong>information from the Customer” before giving advice, in contrast with the draft version’s proposed requirement that they “must seek <strong>complete</strong> information” in that situation.</p> <h2>FSRA’s Proposed Guidance</h2> <p>The<a rel="noopener noreferrer" target="_blank" href="https://www.fsrao.ca/industry/life-and-health-insurance/proposed-principles-conduct-insurance-intermediaries"> Proposed Guidance</a> sets out FSRA’s interpretation of the Principles and outlines how it intends to apply them to licenced property & casualty and life & health insurers and intermediaries, as well as to service providers – such as P&C managing general agents (“MGAs”) and third-party administrators – and certain unlicensed intermediaries, such as travel agency, bank and credit union employees who sell insurance. As we have previously discussed, <a rel="noopener noreferrer" target="_blank" href="https://www.stikeman.com/en-ca/kh/insurance-law/ontario-adopts-national-standard-for-fair-treatment-of-insurance-customers">FSRA had already adopted the FTC Guidance</a> more generally, in its <a rel="noopener noreferrer" target="_blank" href="https://www.fsrao.ca/media/2551/download">Approach on Fair Treatment of Customers in Insurance</a>, effective January 1, 2021. Members of the <a rel="noopener noreferrer" target="_blank" href="https://www.ribo.com/broker-resources/legislation/">Registered Insurance Brokers of Ontario (RIBO)</a> continue to also be subject to the RIBO and Regulations, and <a rel="noopener noreferrer" target="_blank" href="https://www.ribo.com/wp-content/uploads/2022/04/RIBO_Conduct_Sheet_040622-guidance.pdf">RIBO has issued its own Guidance</a> respecting the Principles.</p> <h3>Relationship with UDAP and other existing conduct rules</h3> <p>Certain deceptive acts are already prohibited by regulation under <a rel="noopener noreferrer" target="_blank" href="https://www.ontario.ca/laws/statute/16f37#BK4">FSRA’s enabling legislation</a>. This regulatory scheme was recently updated in FSRA’s new <a rel="noopener noreferrer" target="_blank" href="https://www.fsrao.ca/regulation/rules/unfair-or-deceptive-act-or-practices-rule"><em>Unfair or Deceptive Acts of Practices (“UDAP”) Rule</em></a> (submitted for Ministerial approval on February 1, 2022), which <a rel="noopener noreferrer" target="_blank" href="https://www.stikeman.com/en-ca/kh/insurance-law/unfair-or-deceptive-acts-or-practices-ontarios-fsra-revises-Its-proposed-udap-rule-for-insurers">we have discussed previously</a>. The Principles therefore supplement the UDAP Rule, into which (as FSRA notes) they may eventually be consolidated.</p> <h3>Proposed Guidance’s impact on industry processes and practices</h3> <p>FSRA expects that, once implemented, the Proposed Guidance would affect industry processes and practices in a number of ways, including the following:</p> <ul> <li><strong>Sharing and explaining:</strong> Intermediaries and insurers that directly distribute insurance would be expected to share and explain the Principles to their customers. This would be a new obligation in Ontario.</li> <li><strong>Self-assessment:</strong> Intermediaries, insurers and industry participants are expected to self-assess their policies, procedures, education/training and codes of conduct with respect to their consistency with the Principles.</li> <li><strong>Oversight of intermediaries:</strong> Insurers and intermediaries with oversight obligations for intermediaries will be expected to make those intermediaries aware of the Principles, including incorporating them in education or training materials.</li> <li><strong>Agent suitability screening:</strong> The Principles are to be added to insurers’ toolkits for complying with their obligation under <a rel="noopener noreferrer" target="_blank" href="https://www.ontario.ca/laws/regulation/040347">Reg. 347/04</a> to ensure that agents acting on their behalf are suitable. As FSRA states, “the insurer’s compliance program should be reasonably designed to ensure its agents generally act consistently with the Principles of Conduct.”</li> <li><strong>Complaint review process:</strong> Insurers and intermediaries will be expected to refer to the Principles as they review customer complaints related to the conduct of staff or relevant intermediaries.</li> </ul> <p>The Principles are intended to be principles-based, allowing insurers and intermediaries some latitude on how to achieve the outcomes in the Proposed Guidance, having regard to their the size, nature and complexity of their operations and activities.</p> <h3>Proposed Guidance’s impact on FSRA’s processes and practices</h3> <p>FSRA’s licensing, supervision and complaint-handling functions will take the Principles into account. As the Proposed Guidance notes:</p> <p>Failure to follow the Principles of Conduct could result in conduct that leads to FSRA requiring corrective action by industry, or FSRA may take enforcement action in line with the Act, regulations, FSRA rules or FSRA Act….</p> <p>The Proposed Guidance provides a number of examples of how the Principles may be incorporated into its processes:</p> <ul> <li><strong>Determining suitability for licensing:</strong> FSRA may consider adherence to the Principles as a factor when ascertaining suitability for licensing, at both the individual and institutional levels.</li> <li><strong>Supervision:</strong> FSRA’s targeted reviews will identify non-compliance with the Principles and may result in corrective action or enforcement action such as remediation plans, redress to affected customers, suspension or revocation of a licence, administrative penalties or prosecution in the courts, among others.</li> <li><strong>Complaint-handling:</strong> While intermediaries and insurers are the first points of contact for customer complaints, when FSRA is dealing with an ongoing dispute relating to an intermediary’s conduct, it will assess that conduct against the Principles. FSRA may also conduct more general reviews of insurers’ complaint-handling processes, which will take the Principles and other standards of conduct into account.</li> </ul> <h3>Examples of conduct that would breach the Principles</h3> <p>Appendix B to the Proposed Guidance provides a non-exhaustive list of examples of conduct that FSRA would generally find to be in violation of the Principles:</p> <ul> <li>Agent misrepresenting insurance contract as a retirement savings instrument;</li> <li>Agent borrowing from his or her customers;</li> <li>Agent falsely claiming to have sold policies actually sold by unlicensed persons under his or her direction;</li> <li>Commission payments by MGA to unlicensed individual;</li> <li>MGA neglecting to inform insurer of apparent intermediary misconduct;</li> <li>Agent soliciting business via website of corporation that was not licensed by FSRA;</li> <li>Agent repeatedly selling policies to the same customers who would terminate them as soon as the agent had received his or her commission;</li> <li>Agent agreeing to act as the executor of a customer’s estate;</li> <li>Agent being beneficiary of a client’s insurance policy; and</li> <li>Misrepresentations by an agent on his or her licensing application or with respect to the completion of a continuing education course.</li> </ul> <h2>Going Forward</h2> <p>Comments were due in early May and are viewable on the <a rel="noopener noreferrer" target="_blank" href="https://www.fsrao.ca/engagement-and-consultations/consultation-proposed-principles-conduct-insurance-intermediaries">consultation home page of the FSRA website</a>.</p>09-May-2022 08:09:00{43D44122-C430-427E-BD5B-50AB8319BA6A}https://www.stikeman.com/en-ca/kh/insurance-law/alberta-introduces-insurance-law-amendments-to-foster-local-reinsurersStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersInsurance Law UpdateAlberta Introduces Insurance Law Amendments to Foster Local Reinsurers and Advance Captive Insurance Company Initiative<p><strong>Yesterday afternoon, the Alberta government </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.assembly.ab.ca/assembly-business/bills/bill?billinfoid=11972&from=bills"><strong>introduced amendments</strong></a><strong> to the </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.canlii.org/en/ab/laws/stat/rsa-2000-c-i-3/latest/rsa-2000-c-i-3.html"><strong><em>Insurance Act</em></strong></a><strong> (Alberta) and the </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://canlii.ca/t/bb94"><strong><em>Captive Insurance Companies Act</em></strong></a><strong> (Alberta) as the next step in its initiative to provide additional Alberta-based insurance capacity and foster development of the insurance, risk management and insurtech/fintech sector in Alberta, supporting the province’s economic diversification. This follows the introduction and passage last year of the <em>Captive Insurance Companies Act</em>, as </strong><strong><a href="https://www.stikeman.com/en-ca/kh/insurance-law/alberta-introduces-captive-insurance-company-legislation">previously discussed here</a></strong><strong>.</strong></p> <p>If passed, Bill 16, the <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.assembly.ab.ca/assembly-business/bills/bill?billinfoid=11972&from=bills"><em>Insurance Amendment Act, 2022</em></a>, will amend both the <em>Insurance Act </em>and the <em>Captive Insurance Companies Act</em> to, among other things:</p> <ul> <li>allow Alberta-formed and licensed insurance companies to offer solely reinsurance and to operate via a limited partnership structure. Currently, insurers are not required to be licensed in Alberta if only offering reinsurance in Alberta and not primary insurance. Alberta is believed to be the first jurisdiction in the world to provide the option for a reinsurer to operate via a limited partnership.</li> <li>reduce the current tax on unlicensed insurance from 50% of the premium payable to 10%, and reduce the current penalty for late payment of charges and tax on unlicensed insurance from 50% to 10%.</li> <li>add new “redomestication” provisions to facilitate the relocation into Alberta of existing foreign captives.</li> </ul> <p>Regulations required to implement the <em>Captive Insurance Companies Act</em> are expected to be released later in 2022.</p> <p>Taken together, the measures are designed to achieve several complementary goals. These include providing additional Alberta-based insurance capacity to Alberta businesses, particularly in the energy sector, while preserving and creating new opportunities for incumbent insurers to co-insure alongside the captives and/or reinsure the captives or provincial reinsurers. In addition, they would help foster the long-term development of the insurance, risk management and insurtech/fintech sector in Alberta, complementing related Alberta governmental initiatives already underway and supporting long-term economic diversification in Alberta.</p> <p><strong><em><a href="https://www.stikeman.com/en-ca/people/c/stuart-s-carruthers">Stuart Carruthers</a></em></strong><em>, who leads Stikeman Elliott’s insurance sector corporate/regulatory and M&A practice, is the volunteer counsel to a broad working group of insurance industry stakeholders engaged with Alberta governmental authorities on the captive insurance and local reinsurance initiatives.</em></p>20-Apr-2022 04:44:00{7B9E65C3-3B52-47B7-ABBB-B543781007B5}https://www.stikeman.com/en-ca/kh/insurance-law/ccir-and-cisro-release-proposed-incentives-management-guidanceStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamInsurance Law UpdateCCIR and CISRO Release Proposed Incentives Management Guidance<p><strong>On February 17, 2022, the Canadian Council of Insurance Regulators (“CCIR”) and the Canadian Insurance Services Regulatory Organizations (“CISRO”) </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.ccir-ccrra.org/Documents/View/3689"><strong>released</strong></a> <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.ccir-ccrra.org/Documents/View/3690"><strong>proposed guidance</strong></a><strong> (“Draft Guidance”) on compensation and incentive arrangements that are linked to the sale and servicing of insurance products. The Draft Guidance, which applies to insurers and intermediaries, complements and supplements the </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://stikeman.com/en-ca/kh/insurance-law/Fair-Treatment-of-Customers-CCIR-and-FSCO-Release-Finalized-Guidelines"><strong>Fair Treatment of Customers Guidance</strong></a><strong> (“FTC Guidance”) issued in by CCIR and CISRO in 2018 and is similar to </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.stikeman.com/en-ca/kh/insurance-law/quebecs-amf-releases-draft-incentive-management-guideline-for-financial-institutions"><strong>draft guidance issued by Québec’s AMF</strong></a><strong> in November 2021. (For more information, see our commentaries on </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://stikeman.com/en-ca/kh/insurance-law/CCIR-and-CISRO-Release-Draft-Fair-Treatment-of-Customers-Guidance"><strong>the FTC Guidance</strong></a><strong> and </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://stikeman.com/en-ca/kh/insurance-law/quebecs-amf-releases-draft-incentive-management-guideline-for-financial-institutions"><strong>the AMF’s draft guidance</strong></a><strong>.)</strong></p> <p>The Draft Guidance reflects CCIR/CISRO consultations with insurers and intermediaries, respecting incentives, since the release of the FTC Guidance. It is open for public comment until <strong>April 4, 2022</strong>.</p> <h2>General Principles</h2> <p>The preamble to the Draft Guidance states that “Insurers and Intermediaries are expected to put in place risk management policies, procedures and controls” to meet their obligation to “develop incentive arrangements that achieve FTC”. Because CCIR and CISRO are taking a principles-based approach, each insurer or intermediary will have the latitude to determine the strategies, policies, processes, procedures and controls that are necessary to achieve FTC in its specific context. However, insurers bear the ultimate responsibility for FTC through the product’s lifecycle. All insurance products, types of insurance and distribution channels are subject to the Draft Guidance.</p> <p>The Draft Guidance defines several key terms, generally in a manner that is consistent with common usage in the industry and as defined in the FTC Guidance and <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://stikeman.com/en-ca/kh/insurance-law/canadian-insurance-intermediary-regulators-release-proposed-conduct-principles">CISRO’s 2021 Draft Principles of Conduct for Intermediaries</a>. Note, however, that “intermediary” is defined broadly to include licenced, registered and exempted entities, while “customer” includes prospective policyholders “with whom an Insurer or Intermediary interacts”, as well as “claimants with a legitimate interest in the policy”. “Incentives” can be either monetary (bonuses, commissions, etc.) or non-monetary (travel, goods, entertainment, client referrals etc.).</p> <h2>Governance</h2> <p>The “governance and business culture” of insurers and intermediaries will be expected to prioritize FTC when incentive arrangements are being designed and managed. Boards and senior management are expected to ensure that the appropriate strategy, risk appetite and culture are in place and will be responsible for designing, approving, implementing and monitoring adherence to FTC-focused policies, procedures and controls.</p> <h2>Design and Management of Incentive Arrangements</h2> <p>In designing and managing their incentive arrangements, insurers and intermediaries are expected to include criteria that minimize the risk of unfair outcomes to customers.</p> <h3>Design</h3> <p>The design process is expected to include the assessment of risks of unfair outcomes to customers and specifically to ensure that:</p> <ul> <li>Incentives are consistent with the level of service provided throughout the life cycle of the product;</li> <li>Performance targets, whether quantitative or qualitative, are defined, measurable and aligned with FTC; and</li> <li>The customer’s cost does not depend on the distribution method.</li> </ul> <h3>Management</h3> <p>The Draft Guidance includes several expectations that apply to the management of incentive programs. Among these expectations is that “key indicators” will be examined to ensure that implemented incentives are continuing to align with FTC goals. Key indicators could include:</p> <ul> <li>Sales patterns before and after a target has been met (looking for indications that a commission grid influences the selection of products sold);</li> <li>Penetration rates for cross-selling;</li> <li>High lapse rates on new business, poor persistency rates, etc.;</li> <li>Claims repudiation rates and trends in reasons for rejected claims;</li> <li>Trends in sales-related complaints; and</li> <li>Evidence of bias toward selling products that carry a higher level of incentive.</li> </ul> <p>Other expectations relating to the management of incentives programs include:</p> <ul> <li>Periodic reviews to improve controls that promote FTC;</li> <li>Implementation of controls to discourage, detect and correct practices that could cause unfair outcomes to customers (including mechanisms for recovering compensation that has already been paid);</li> <li>Timely adjustment of incentive arrangements whose FTC risks cannot easily be managed or monitored; and</li> <li>Subject any incentive arrangements that could reasonably be expected to impact FTC to a conflict of interest analysis (see the <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.ccir-ccrra.org/Documents/View/3450">CCIR/CISRO FTC Guidance</a>, s. 6.2).</li> </ul> <h2>Risks of Unfair Outcomes to Customers</h2> <p>Insurers and intermediaries are expected to identify and assess the risk that incentive arrangements might lead to unfair outcomes for customers, in order to introduce controls to reduce any such risk and/or to adjust the incentive arrangements appropriately.</p> <h3>Situations that create risk</h3> <p>The Appendix to the Draft Guidance provides examples of incentive arrangements that, in the absence of proper design, management and controls, have the potential to increase the risk of unfair outcomes to customers.</p> <p>Among the arrangements that raise red flags with CCIR/CISRO are insurer-intermediary agreements that potentially incentivize intermediary conduct that is inconsistent with FTC. These include minimum volume requirements or deadlines and loyalty arrangements under which an intermediary receives a bonus or shares in profits or is incentivized in some other way – such as the promise of signing a distribution agreement – to place more business with a particular insurer than could be justified by customer needs.</p> <p>Other potential “red flags” in incentive arrangements include:</p> <ul> <li>Bonus rates that rise as sales volume thresholds are achieved;</li> <li>Excessive cross-selling incentives;</li> <li>Commissions linked to premium level or size of investment;</li> <li>Differences between initial sales and renewal commissions that could incentivize intermediaries to propose a replacement transaction rather than a simple renewal;</li> <li>Lifetime vesting of renewal commissions to intermediaries (which can lead to “client orphaning”);</li> <li>Incentives paid before the provision of a service or the achievement of targets;</li> <li>Incentive arrangements that can result in fees or penalties for the customer (e.g. exit fees);</li> <li>Incentives paid to intermediaries who are uninvolved in the sale and servicing of the product;</li> <li>Performance criteria that are linked mainly to quantitative objectives;</li> <li>Performance criteria that, while linked to qualitative objectives, are ineffective in aligning the insurer or intermediary’s incentives to the interests of the customer;</li> <li>Sales contests, quotas, bonuses and benefits that are linked to sales of specific products over a limited period;</li> <li>Contests, campaigns, promotions, loyalty or recognition programs that emphasize quantitative targets – such as sales volume thresholds – as a basis for receiving bonuses, rewards or privileges; and</li> <li>Chargeback mechanisms that could incentivize an intermediary to advise a customer to retain an inappropriate product.</li> </ul> <h3>Avoiding these risks</h3> <p>To help ensure that risks do not materialize as a consequence of misaligned incentive arrangements, the Draft Guidance recommends that insurers and intermediaries:</p> <ul> <li>Regularly review incentive arrangements, paying special attention to those features that could increase the risk of unfair outcomes to customers, such as quantitative performance criteria or time-limited campaigns and product promotions (or any of the others listed above);</li> <li>Consider whether persons and entities acting on their behalf are granting incentive arrangements that, in combination with the insurer or intermediary’s own incentive arrangements, could increase the risk of unfair outcomes, and share information in a way that will help to prevent this; and</li> <li>Consider the addition of different types of incentives for the same basket of sales.</li> </ul> <h2>Post-sale Controls</h2> <p>The Draft Guidance states that insurers and intermediaries are expected to establish effective post-sale controls to identify incentive arrangements that lead to unsuitable sales. Effective post-sale controls are particularly important where the insurer or intermediary has implemented an incentive arrangement that involves an elevated degree of risk. Such controls can also assist in determining residual FTC risks, while improving the design of incentive arrangements going forward.</p> <p>To achieve these outcomes, insurers and intermediaries should:</p> <ul> <li>Ensure that those conducting post-sale monitoring are competent, experienced and independent from the sales functions they are monitoring;</li> <li>Ensure that risk-based post-sale controls are consistent with: <ul> <li>the assessed levels of FTC risk for the specific incentive arrangements that are being monitored; and</li> <li>any areas of elevated risk (whether related to particular persons, teams, lines of business, sales practices, etc.) that have been identified in the monitoring of information and key indicators; and</li> </ul> </li> <li>Regularly review the results of post-sale controls to ensure that areas of concern and common issues are being identified and that post-sale monitoring focuses on FTC risks by considering sales suitability and customer outcomes.</li> </ul>04-Mar-2022 08:47:00{7A62454C-2EE4-47D1-AC32-47B5D8D373BE}https://www.stikeman.com/en-ca/kh/insurance-law/osfi-releases-final-updated-reinsurance-guidance-to-take-effect-in-2025Stuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersInsurance Law UpdateOSFI Releases Final Updated Reinsurance Guidance To Take Effect in 2025<p>On February 11, 2022, Canada’s federal prudential insurance regulator, the <strong>Office of the Superintendent of Financial Institutions</strong> (“OSFI”) released long-awaited final versions of its key reinsurance guidance, <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b3_snd.aspx">Guideline B-3: Sound Reinsurance Practices and Procedures</a> (“B-3”), and, for property and casualty (“P&C”) insurers, <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b2_pc.aspx">Guideline B-2: Property and Casualty Large Insurance Exposures and Investment Concentration</a> (“B-2”). This concluded Phase II of OSFI’s review of reinsurance practices, launched in 2018 through its <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="http://www.osfi-bsif.gc.ca/Eng/Docs/reins_frmwk.pdf">Reinsurance Framework Discussion Paper</a>, and which was followed by a lengthy and intensive consultation with the Canadian P&C insurance sector. Our <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.stikeman.com/en-ca/kh/insurance-law/The-Pendulum-Swings-Back--Thinking-about-the-OSFI-Reinsurance-Framework-Discussion-Paper">commentary on the Reinsurance Framework Discussion Paper</a> and our <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.stikeman.com/en-ca/kh/insurance-law/OSFI-Releases-Draft-Revised-Guideline-B3-on-Reinsurance-Practices-and-Procedures">commentary on the draft updated B-3</a> released in 2019 provide useful background on the process.</p> <h2>Key Points</h2> <ul> <li>The updated Guidelines take effect <strong>January 1, 2025</strong>, which is responsive to industry requests for a lengthy phase-in period. Until then, carriers are to comply with the current Guidelines <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b3_Sound.aspx">B-3</a> and <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b2_insurance.aspx">B-2</a>.</li> <li>The final B-3 is relatively unchanged from the draft released in 2019.</li> <li>The final B-2 has been meaningfully revised, in response to industry feedback, from a draft released in November 2020, which in turn had been significantly revised from a much more onerous proposal originally contained in the Reinsurance Framework Discussion Paper. <ul> <li>The final B-2 will require P&C insurers to <ul> <li>develop a comprehensive “Gross Underwriting Limit Policy” (“GUWP”) consistent with the carrier’s internal Risk Appetite Framework; and</li> <li>hold sufficient capital/assets to cover the maximum loss on its largest Single Insurance Exposure (as to be defined in its GUWP), assuming the default of its largest unregistered reinsurer on that Single Insurance Exposure.</li> </ul> </li> <li>The original version’s large loss limits had been strongly opposed by the Canadian P&C industry, which actively lobbied against them, as they would have required a massive increase in capital for certain Canadian P&C carriers and were understood to be markedly out of step with international regulatory norms.</li> </ul> </li> <li>OSFI will be holding industry information sessions later this year to provide additional clarity on its expectations and supervisory approach to the updated Guidelines.</li> </ul> <h2>Updated Guideline B-3</h2> <p>As noted above, the final B-3 is relatively unchanged from the 2019 draft. Key aspects include the following:</p> <ul> <li>One of OSFI’s principal new recommendations in the consultation process was that reinsurance receivables be paid directly to the cedant in Canada, or a person acting for, or on behalf of, the cedant in Canada. In the final B-3, OSFI has distinguished as follows between receivables from third-party reinsurers vs affiliated reinsurers: <ul> <li><em>OSFI expects reinsurance contracts with third-party reinsurers (i.e., entities that are not in the same corporate group as the cedant) to contain an insolvency clause stipulating that, in the event of the insolvency of the cedant, all reinsurance receivables are to be paid directly to a cedant in Canada, or to a person acting for, or on behalf of, the cedant in Canada.</em></li> <li><em>OSFI expects reinsurance contracts with affiliated reinsurers (i.e., entities within the same corporate group as the cedant) to contain a clause stipulating that all reinsurance receivables are to be paid directly to a cedant in Canada, or to a person acting for, or on behalf of, the cedant in Canada.</em></li> </ul> </li> <li>OSFI reaffirmed its expectation (contained in the 2019 draft, and in the current Guideline, which dates from 2010) that a cedant should not cede all or substantially all its risks (with OSFI viewing 75% or greater as constituting substantially all).</li> <li>In a Summary, released with the Guideline, of comments received on the 2019 draft, and OSFI’s responses, OSFI included what appears to be a new expectation that cedants actively monitor applicable retrocessionaires: “<em>The cedant retains the liability in the event a reinsurer is unable to meets its obligations. In order to protect policyholders, therefore, OSFI expects the cedant to be responsible for, and to monitor, its ceded business. For example, if a cedant is ceding a significant portion of its business to a reinsurer who, in turn, retrocedes 100 percent of this business to a single entity, OSFI expects the Canadian cedant to actively monitor the solvency position of the retrocessionaire.</em>”</li> </ul> <h2>Updated Guideline B-2</h2> <p>As noted above, P&C insurers will be required to develop a comprehensive “Gross Underwriting Limit Policy” (“GUWP”) consistent with the carrier’s internal Risk Appetite Framework.</p> <ul> <li>The GUWP should: <ul> <li>Define what constitutes a <strong>Single Insurance Exposure</strong> by class of insurance, as appropriate. A carrier could aggregate insurance exposures across multiple coverages and/or classes of insurance. (Many industry commenters on the draft Guideline had requested clarification on this definition, but OSFI chose to leave it to each carrier to determine for itself, while reserving the right to advise a carrier to use specific criteria or a specific approach for the determination.);</li> <li>Establish limits by class of insurance regarding the level of gross insurance risk that the carrier is willing to accept in respect of a maximum loss related to a Single Insurance Exposure; and</li> <li>Be reviewed by the carrier’s senior management at least annually.</li> </ul> </li> <li>Using relevant, reasonable and supportable information, carriers should measure and determine the maximum loss on a Single Insurance Exposure. They should make this determination without regard to the probability of the loss event occurring, while using approaches that are risked-based and forward-looking (i.e., not solely based on past losses).</li> <li>Carriers should have adequate systems to identify and actively manage insurance exposures and effective monitoring and internal reporting procedures to ensure ongoing operational compliance with the GUWP.</li> <li>Carriers are expected to provide, at OSFI’s request, all information with respect to their large Single Insurance Exposures. OSFI may, at its discretion, advise a carrier to use specific criteria or an approach to determine and measure its maximum loss on a Single Insurance Exposure.</li> </ul> <p>As noted above, a carrier’s Net Retention (as defined in the Guideline), plus its Largest Net Counterparty Unregistered Reinsurance Exposure (also as defined in the Guideline), due to the occurrence of a maximum loss on a Single Insurance Exposure, should not exceed the following limits:</p> <ul> <li>For insurance companies – 100% of Total Capital Available (as defined in OSFI’s Minimum Capital Test for P&C carriers (“MCT”)) where any entity in the carrier’s control chain is a widely held company, and/or a regulated financial institution; otherwise only 25% of Total Capital Available (and this was a change from the prior draft B-2, which, for Canadian P&C carrier subsidiaries, permitted a 100% limit only if certain criteria were met relating to the parent company’s home regulatory regime, and otherwise only 25%); and</li> <li>For branches – 100% of Net Assets Available (as defined in OSFI’s Branch Adequacy of Assets Test for P&C branches (“BAAT”)) (which was also a change from the prior draft B-2, which permitted a 100% limit only if the criteria were met respecting the home office’s regulatory regime, and otherwise only 25%).</li> <li>In summary, OSFI’s preference and position, as it noted in a Letter released with the Guidelines, is that “<em>It is prudent and reasonable to expect a P&C [carrier] to be in a position to fully cover its losses with funds available in Canada or from a <span style="text-decoration: underline;">diversified panel</span> of reinsurers [emphasis added]</em>.”</li> </ul> <p>With respect to the Largest Net Counterparty Unregistered Reinsurance Exposure, carriers should measure their ceded unregistered reinsurance exposures to a given counterparty, or group of affiliated counterparties, on both a gross and a net basis. That is, it should be measured before and after the recognition of any eligible Counterparty Risk Mitigation (“CRM”) technique. Only the aggregate net counterparty exposures for unregistered reinsurance are subject to the 100%/25% limits noted above. Eligible CRM techniques may include excess collateral, letters of credit and other CRM techniques deemed acceptable by OSFI in the MCT/BAAT (being funds withheld; and assets deposited into a reinsurance security account in Canada at a Canadian financial institution custodian). It is to be noted that B-2 limits the use of letters of credit to 30% of the Largest Net Counterparty Unregistered Reinsurance Exposure. This appears to differ from the extent of permitted use of letters of credit as collateral under the MCT/BAAT more generally, which is 30% of the aggregate of all liabilities and unearned premium reinsured with unregistered reinsurers. Industry commenters had requested higher limits on the use of letters of credit, generally, but OSFI was not persuaded.</p> <p>The investment concentration limits in B-2 are unchanged from the previous draft, and the current B-2.</p>16-Feb-2022 04:23:00{6A5601A8-BFEE-4623-A041-9AA4BF60318D}https://www.stikeman.com/en-ca/kh/insurance-law/quebecs-amf-releases-draft-incentive-management-guideline-for-financial-institutionsAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersInsurance Law UpdateFinancial Services UpdateQuébec’s AMF Releases Draft Incentive Management Guideline for Financial Institutions<p><strong>The Autorité des marchés financiers (“AMF”) recently released a draft version of its </strong><a href="https://lautorite.qc.ca/fileadmin/lautorite/consultations/lignes-directrices/2022-01-28-Fin/2021nov04-ld_gestion-incitatifs-cons-en.pdf"><strong><em>Incentive Management Guideline</em></strong></a><strong> (“<em>Draft Guideline</em>”), which applies to Québec-regulated insurers, financial services cooperatives, trust companies, savings companies and other authorized deposit institutions. </strong></p> <p>The <em>Draft Guideline</em> supplements the AMF’s <a href="https://lautorite.qc.ca/en/professionals/insurers/guidelines/commercial-practices/sound-commercial-practices-guideline"><em>Sound Commercial Practices Guideline</em></a>, drawing on international best practices and the AMF’s own experiences as a regulator. It covers some of the same ground as the <a href="https://stikeman.com/en-ca/kh/insurance-law/fair-treatment-of-customers-results-released-from-the-ccir-s-cooperative-review">CCIR-CISRO working group</a>’s ongoing consultation on incentive risk (in which the AMF plays a leading role), which could eventually result in regulatory duplication or inconsistency for the insurance sector in Québec. No other province has released incentives management guidance.</p> <p>It should be noted that the <em>Draft Guideline</em> consultation is separate from the AMF’s current, more general <a href="https://lautorite.qc.ca/fileadmin/lautorite/consultations/lignes-directrices/2021-12-03-Fin/2021oct21-LD-pratiques-commerciales-avis-cons-en.pdf">consultation</a> on its proposed updated <em>Sound Commercial Practices Guideline</em>.</p> <p>Released on November 4, 2021, the <a href="https://lautorite.qc.ca/fileadmin/lautorite/consultations/lignes-directrices/2022-01-28-Fin/2021nov04-ld-gestion-incitatif-avis-cons-en.pdf">AMF’s announcement</a> invites public comments, with a submission deadline that has been <a href="https://lautorite.qc.ca/fileadmin/lautorite/consultations/lignes-directrices/2022-01-28-Fin/avis_prolong_LDGI_20211206-en.pdf">extended</a> to February 18, 2022.</p> <h2>Background</h2> <p>One of the expectations set out in the <em>Sound Commercial Practices Guideline</em> is that real or potential conflicts of interest be avoided or managed in a way that protects the Fair Treatment of Customers (“FTC”) principle. The <em>Draft Guideline</em> focuses on financial institutions’ incentive arrangements because of their potential, when not carefully designed or managed, to create conflicts of interest. It adds further expectations relating to the management of such arrangements, which arrangements can include:</p> <ul> <li>Monetary incentives, e.g. commissions or performance-based salaries/bonuses; and</li> <li>Non-monetary incentives, e.g. performance-based rewards or privileges.</li> </ul> <p>Performance criteria can be either quantitative (e.g. sales volume) or qualitative (e.g. client satisfaction).</p> <h2>Expectations</h2> <p>The AMF’s expectations fall into four categories, as follows:</p> <ul> <li>Governance;</li> <li>Managing incentive arrangements;</li> <li>Identification and assessment of risks of practices that could adversely affect FTC; and</li> <li>Quality monitoring.</li> </ul> <p>While the AMF purports to take a principles-based approach, the <em>Draft Guideline</em> uses language that is more “mandatory” in tone than might have been expected and often appears to require financial institutions to take specific actions in order to achieve the expected outcomes. Throughout the <em>Draft Guideline</em>, the requirements/outcomes are phrased as, for example, “ensure”, “satisfy” and “identify”, rather than, for example, “reasonably designed to” ensure, satisfy or identify.</p> <h3>Governance</h3> <p>The <em>Draft Guideline</em> summarizes the AMF’s governance expectation as follows:</p> <p>The AMF expects financial institutions’ decision-making bodies to place FTC at the centre of decisions concerning the way incentive arrangements are managed.</p> <p>The implications of this expectation for directors and officers are set out in some detail in the <em>Draft Guideline</em>.</p> <p>While the <strong>board of directors</strong> might normally be expected to set the tone for FTC and provide high-level stewardship, while leaving the day-to-day details of implementation to management, the <em>Draft Guideline</em> creates specific expectations for directors at the operational level:</p> <ul> <li>Ensuring that committees responsible for monitoring changes in business structure and identifying practices that could affect FTC are also ensuring that incentive plans are consistent with client interests;</li> <li>Ensuring that incentive arrangements that are not consistent with FTC are changed in a timely manner; and</li> <li>Ensuring that clients that are harmed by a practice that adversely affects FTC are dealt with appropriately.</li> </ul> <p>The AMF’s expectations for <strong>senior management</strong> include:</p> <ul> <li>Overseeing incentive arrangements in order to manage any risk they pose to FTC;</li> <li>Reviewing incentive arrangements in collaboration with the risk management, compliance and human resources departments at least once per year; and</li> <li>Assessing the impact of an identified practice that adversely affects FTC and ensuring that clients that are harmed by such a practice are dealt with appropriately.</li> </ul> <h3>Managing incentive arrangements</h3> <p>At the most general level, the <em>Draft Guideline</em> states simply that “the AMF expects incentive arrangements to be managed in a manner that ensures FTC”. However, it elaborates on this expectation in a number of ways:</p> <ul> <li>Extending the requirement to satisfy FTC obligations to intermediaries and more broadly to any other person offering the financial institution’s products or services on its behalf, which appears, in the case of insurers, to potentially blur the line between tied agents and independent brokers who are not subject to control by the carrier; and</li> <li>Establishing a set of criteria for incentive mechanism design, which include such detailed recommendations as ensuring that (among others): <ul> <li>performance targets are well defined;</li> <li>incentives are consistent with the level of service expected;</li> <li>variations in incentive arrangements do not result in differing charges for the same product depending on which intermediary is offering it;</li> <li>ensuring that incentive arrangements for managers do not result in the application of pressure on staff or intermediaries that could adversely affect FTC;</li> <li>information is collected that allows for the identification of individuals, sales teams, lines of business, products and trends that are particularly at risk of adversely affecting FTC; and</li> <li>appropriate corrective measures are established, including chargeback mechanisms by which awarded incentives can be clawed back.</li> </ul> </li> </ul> <h3>Identification and assessment of risks of practices that could adversely affect FTC</h3> <p>The AMF expects financial institutions to “identify and regularly assess the risks of practices that could adversely affect FTC arising from incentive arrangements.” Two appendices to the <em>Draft Guideline</em> provide additional detail, as follows:</p> <ul> <li>Appendix A lists <strong>17 “key indicators”</strong> that an individual or sales team is incentivized in a way that creates an increased risk of adversely affecting FTC, including, among others, frequent chargebacks/product replacements/cancellations, disproportionate sales of high-commission products and a lack of variety in products sold.</li> <li>Appendix B lists <strong>24 incentive features </strong>that increase those risks, including, among others, “Incentives awarded for sales of a specific product for a limited period of time”, “Incentives awarded on a discretionary basis” and “Monetary incentives representing a significant portion of a person’s remuneration package”. The Appendix also identifies certain incentive risks that may be created in a financial institution’s agreements with intermediaries.</li> </ul> <p>The identification and assessment of these risks requires:</p> <ul> <li>Regular review of incentive arrangements;</li> <li>Focusing on incentives that are based primarily on quantitative performance targets and criteria;</li> <li>Consideration of the combined impact of multiple sales arrangements on the same sale, of sales campaigns focused on particular products and of intermediaries’ incentive arrangements (among others); and</li> <li>Assessment of the likelihood that practices could adversely affect FTC.</li> </ul> <h3>Quality monitoring</h3> <p>Finally, the AMF expects financial institutions to have controls in place to identify any inappropriate sales or practices related to incentive agreements. This expectation is strongest for incentive arrangements that are most likely to result in practices that adversely affect FTC.</p> <p>Quality monitoring includes:</p> <ul> <li>Ensuring that those conducting the monitoring are well trained and independent;</li> <li>Taking into account the risk to FTC that each type of practice poses;</li> <li>Using various types of controls to assess interactions with clients (e.g. direct observation, mystery shopping, client surveys); and</li> <li>Regularly analyzing the results of sales quality controls to ensure that they are effective in identifying concerns or issues relating to FTC.</li> </ul> <h2>Next Steps</h2> <p>As noted above, the comment period closes on February 18, 2022. For further information and instructions for submitting comments, please see the AMF’s November 4, 2021 <a href="https://lautorite.qc.ca/fileadmin/lautorite/consultations/lignes-directrices/2022-01-28-Fin/2021nov04-ld-gestion-incitatif-avis-cons-en.pdf">announcement</a>.</p>15-Dec-2021 03:01:00{6CBE381E-E223-4FB9-8779-C6B818C88290}https://www.stikeman.com/en-ca/kh/insurance-law/osfi-releases-draft-guideline-b-13-on-technology-and-cyber-risk-managementAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersInsurance Law UpdateCanadian Technology & IP LawFinancial Services UpdateOSFI Releases Draft Guideline B-13 on Technology and Cyber Risk Management<p><strong>On November 9, 2021, Canada’s Office of the Superintendent of Financial Institutions (“OSFI”) <a rel="noopener noreferrer" rel="noopener noreferrer" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b13-let.aspx" target="_blank">launched a public consultation</a> on the newly released draft version of <a rel="noopener noreferrer" rel="noopener noreferrer" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b13.aspx" target="_blank">Guideline B-13: Technology and Cyber Risk Management</a>. The proposed Guideline is designed to complement existing Guidelines <a rel="noopener noreferrer" rel="noopener noreferrer" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/e21.aspx" target="_blank">E-21</a> (Operational Risk Management) and <a rel="noopener noreferrer" rel="noopener noreferrer" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b10.aspx" target="_blank">B-10</a> (Outsourcing of Business Activities, Functions and Processes) as well as OSFI’s <a href="https://www.stikeman.com/en-ca/kh/insurance-law/osfi-tightens-technology-and-cybersecurity-incident-reporting-requirements-for-frfis" target="_blank">Technology and Cyber Incident Reporting Policy</a>, including its <a rel="noopener noreferrer" rel="noopener noreferrer" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/in-ai/Pages/cbrsk.aspx" target="_blank">Cyber Security Self-Assessment</a> tool.</strong></p> <p>Comments on the draft version of Guideline B-13 will be accepted until <strong>February 9, 2022</strong>. The draft version is based in part on feedback received in response to OSFI’s <a href="https://www.stikeman.com/en-ca/kh/financial-services/financial-sector-risk-in-a-digital-world-osfi-discussion-paper-outlines-key-issues" target="_blank">2020 discussion paper on technology and related risks</a>. OSFI’s <a rel="noopener noreferrer" rel="noopener noreferrer" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b13-let.aspx" target="_blank">responses to specific feedback items</a> were included with the November 9 announcement.</p> <p>Relatedly, OSFI is also expecting to shortly release for comment a draft of a significantly updated and expanded version of Guideline B-10, which will include guidance respecting cloud service providers, in addition to providers of other outsourced services, and OSFI is consulting with federally regulated financial institutions (FRFIs) on operational resilience more generally.</p> <h2>Overall Approach of Guideline B-13</h2> <p>Draft Guideline B-13 takes what OSFI calls a “layered approach”. In other words, its high-level expectations apply to all FRFIs but the more granular recommendations focus on “providing sufficiently clear guidance to institutions that may benefit from it”. This approach recognizes that larger FRFIs, such as the major banks, may already have systems in place that fully address OSFI’s high-level expectations. Like most recent OSFI guidance, the Guideline is principles-based, but also includes more than 20 pages of extensive and detailed operational and governance expectations, which will be challenging for smaller institutions to comply with. However, it indicates, as customary, that FRFIs should implement the expectations in a manner commensurate with the FRFI’s particular size; nature, scope and complexity of operations; and risk profile. OSFI’s expectations are technology-neutral “anticipating the need for FRFIs to compete effectively and take full advantage of digital innovation”.</p> <p>The uppermost layer of the Guideline, which applies most generally, are five “outcomes” that are expected with respect to the five “domains” that the Guideline addresses. These are as follows:</p> <table> <tbody> <tr> <td style="width: 181px;"> <p><strong>Domain</strong></p> </td> <td style="width: 313px;"> <p><strong>Outcome</strong></p> </td> </tr> <tr> <td style="width: 181px;"> <p>Technology and Cyber Governance and Risk Management</p> </td> <td style="width: 313px;"> <p>Technology and cyber risks are governed through clear accountabilities and structures, and comprehensive strategies and frameworks.</p> </td> </tr> <tr> <td style="width: 181px;"> <p>Technology Operations</p> </td> <td style="width: 313px;"> <p>A technology environment that is stable, scalable and resilient. The environment is kept current and supported by robust and sustainable technology operating processes.</p> </td> </tr> <tr> <td style="width: 181px;"> <p>Cyber Security</p> </td> <td style="width: 313px;"> <p>A secure technology posture that maintains the confidentiality, integrity and availability of the FRFI’s technology assets.</p> </td> </tr> <tr> <td style="width: 181px;"> <p>Third-party Provider Technology and Cyber Risk</p> </td> <td style="width: 313px;"> <p>Reliable and secure technology and cyber operations from third-party providers.</p> </td> </tr> <tr> <td style="width: 181px;"> <p>Technology Resilience</p> </td> <td style="width: 313px;"> <p>Technology services are delivered, as expected, through disruption.</p> </td> </tr> </tbody> </table> <p>A second “layer” in the document consists of 18 “principles” that are scattered throughout the document, summarizing key points made in the detailed text, which constitutes the third and final “layer”.</p> <p>Our summary below is divided into five sections, reflecting the five “domains” that are considered in the Guideline.</p> <h2>1. Technology and Cyber Governance and Risk Management</h2> <p>The first section of the Guideline deals with <strong>governance and risk management</strong>. OSFI expects the FRFI’s organizational structure to be designed to manage technology and cyber risks, with clear roles and responsibilities and adequate training and resources. Senior officers with stature and visibility in the FRFI’s organization should be appointed to lead these efforts. Specific titles are not mandated, but these individuals would typically hold positions such as Chief Technology Officer (“CTO”), Chief Information Officer (“CIO”), Chief Information Security Officer (“CISO”) and/or Head of Information Technology.</p> <p>In addition, according to the Guideline each FRFI should develop:</p> <ul> <li>a <strong>strategic technology and cyber plan</strong> that aligns with its overall business plan and which is supported by the tools and processes necessary for its implementation; and</li> <li>a <strong>technology and cyber risk management framework (“RMF”)</strong> that aligns with the FRFI’s overall risk management plan. The RMF should include policies and processes as well as reporting and accountability standards, as outlined in the Guideline.</li> </ul> <h2>2. Technology Operations</h2> <p>The Guideline includes <strong>extensive operational recommendations</strong> relating to technology architecture, systems development life cycles, asset and project management, service management/monitoring and management of incidents, changes and patches. As noted above, the specific recommendations are intended as guidance and do not necessarily require organizations to change existing practices that achieve the same outcomes.</p> <h3>Technology architecture and service monitoring</h3> <p>The FRFI’s systems infrastructure should be <strong>carefully designed for availability, scalability, security and resilience</strong> in the context of the business functions and services that they support. The importance of designing systems that can evolve in response to changes in the business is also emphasized.</p> <p>The Guideline also recommends that internal technology service performance – including service desk and operations/network management, among others – be measured and monitored through the use of performance indicators and service targets.</p> <h3>Systems development life cycle (“SDLC”) framework</h3> <p>The FRFI’s technology architecture should be <strong>integrated into a SDLC framework</strong> that is structured so that new systems are never adopted without appropriate security and risk assessments. Controls recommended by the Guideline include (among others):</p> <ul> <li>peer code reviews;</li> <li>security scanning of code;</li> <li>privileged access management and key management;</li> <li>data integrity/confidentiality protection;</li> <li>removal of unnecessary services and programs; and</li> <li>authentication, authorization, security logging and monitoring.</li> </ul> <p>The Guideline also recommends an extensive <strong>change management plan</strong> for both planned and emergency situations. Such a plan should include safeguards designed to ensure that authority over the change process is distributed among multiple individuals and that all changes are traceable. Patches should also be applied in accordance with these change management processes.</p> <h3>Technology asset and project management</h3> <p>Asset management is one of the key operational functions identified in the Guideline, which includes <strong>extensive recommendations for technology inventories</strong>. Technology assets should be categorized in terms of their critical importance to the business and significant interdependencies among assets should be noted.</p> <p>The Guideline emphasizes the importance of <strong>recording all asset categories</strong>, including:</p> <ul> <li>the FRFI’s own assets, whether owned, leased or otherwise;</li> <li>any employee assets that are used for business purposes, e.g. under “bring your own device” (“BYOD”) policies; and</li> <li>assets owned by third parties, contractors, consultants, etc., that are used to provide services to the FRFI.</li> </ul> <p>All forms of technology should be continuously monitored to ensure upgrades and patches are installed while obsolete and unsupported technology is removed or replaced.</p> <p>The Guideline also recommends effective project management processes to ensure that technology projects are achieved within the FRFI’s risk tolerance.</p> <h3>Incident and problem management</h3> <p>FRFIs should implement <strong>technology incident management standards</strong> that will allow them to detect, manage, resolve and report on incidents while simultaneously minimizing their impacts. These standards would generally include:</p> <ul> <li>defining and documenting roles and responsibilities;</li> <li>establishing early warning indicators;</li> <li>classifying incidents according to priority;</li> <li>developing response procedures that mitigate incident impacts, including communications strategies;</li> <li>performing stress tests on incident response plans; and</li> <li>establishing and testing incident management strategies with third-party providers such as crisis communications agencies.</li> </ul> <p>In addition, <strong>post-incident reviews</strong> should be incorporated into the process in order to improve future incident response.</p> <h2>3. Cyber Security</h2> <p>The longest section of Guideline B-13 deals with cyber security. This section is divided into four subsections that focus respectively on (i) identifying, (ii) defending, (iii) detecting and (iv) responding to/recovering from cyber security risks and breaches.</p> <h3>Identifying security risks and breaches</h3> <p>The FRFI should identify risks, including through <strong>intelligence-led threat assessment and testing</strong> that enables technology vulnerabilities to be ranked by severity, with additional attention to cumulative risks (in which an incident engages multiple vulnerabilities simultaneously). Risks can also be identified through participation in industry-wide information-sharing forums. The FRFI’s cyber risk profile should be constantly monitored and reported on.</p> <p>Related to this is the <strong>identification of security breaches</strong>, including through periodic scans of data environments to detect changes and deviations that may indicate unauthorized access. Enabling and encouraging employees, customers and third parties to report suspicious activities is another recommended step, which may require an enhancement of employee education in the data security area.</p> <h3>Defending the business against security risks</h3> <p>The Guideline emphasizes preventative measures, recommending that the FRFI adopt <a rel="noopener noreferrer" rel="noopener noreferrer" href="https://en.wikipedia.org/wiki/Secure_by_design" target="_blank"><strong>“secure-by-design</strong></a><strong>” practices</strong> throughout its operations and implement a process to convert detection controls into prevention controls. This includes adopting strong cryptographic technologies with secured encryption keys as part of a general program to control and regularly reassess access permissions, as well as strictly enforcing security configuration baselines (with detection and remediation of unapproved deviations).</p> <p>Cyber security controls should be layered and designed to contain any cyber attack that may occur. Recognizing that <strong>data protection is critical at all points in the data life cycle</strong>, the Guideline recommends that FRFIs should:</p> <ul> <li>implement risk-based data protection controls for data residing in all environments under its direct control (including development, testing, production and backup) as well as in those under third-party control (including Cloud Service Providers (“CSPs”));</li> <li>protect backup data from ransomware and other cyber attacks;</li> <li>establish multi-layered controls for encrypting data at rest, in transit and in use; and</li> <li>implement risk-based data loss prevention strategies, focusing on high-risk cases.</li> </ul> <p>When security vulnerabilities are discovered, they should be remediated according to pre-established timelines for various risk levels (e.g., a “critical” vulnerability should be remediated within 48 hours). The Guideline recommends that progress of remediation processes be formally monitored against the defined timelines.</p> <p>In general, <strong>the FRFI is expected to safeguard its networks by minimizing their “attack surface”</strong>. External facing application services and network infrastructure should have additional layers of security and be regularly and rigorously tested. The Guideline also recommends additional security for hosts, endpoints and mobile devices. In addition, network infrastructure and other technology assets should be protected by physical access controls and processes.</p> <h3>Detecting security issues</h3> <p>According to the Guideline, the FRFI should implement and maintain <strong>continuous and centralized security event logging</strong> with retention periods sufficient to support future forensic investigations. In addition to written rules and policies, this should include:</p> <ul> <li>monitoring tools that are regularly updated to reflect the latest threat intelligence; and</li> <li>advanced behaviour-based detection of anomalies in user and entity behaviour.</li> </ul> <p>To ensure an effective response to urgent cyber security alerts, the Guideline recommends that the FRFI pre-assign roles and responsibilities in such situations in order to be fully prepared to respond when they occur.</p> <h3>Responding, recovering and learning</h3> <p>The FRFI is expected to implement protocols that integrate the cybersecurity incident responses of its technology, security, crisis management and communications functions. These should include:</p> <ul> <li>a “cyber incident taxonomy” that standardizes the terminology used in responding to, managing and reporting on cyber security incidents;</li> <li>the establishment of a cyber incident response team; and</li> <li>where aspects of cyber security are outsourced, clearly defined escalation thresholds for notification of FRFI management.</li> </ul> <p>At the recovery phase, the Guideline recommends forensic investigations to determine ongoing material risks from an incident and, for high-severity incidents, detailed assessments designed to quantify economic and other impacts as well as to identify lessons learned and possible remedial actions.</p> <h2>4. Third-Party Provider Technology and Cyber Risk</h2> <p>This section of the Guideline is intended to be read in conjunction with <a rel="noopener noreferrer" rel="noopener noreferrer" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/b10.aspx" target="_blank">Guideline B-10</a> (Outsourcing of Business Activities, Functions and Processes). The Guideline recommends the implementation of <strong>technology and cyber risk agreements between the FRFI and its CSP and/or other Third-Party Providers (“TPPs”)</strong>. In addition, it recommends that the FRFI establish mechanisms to ensure compliance by its TPPs with the technology and cyber standards that were developed in with the Guideline. These include close monitoring of a TPP’s access to the FRFI’s systems and ensuring that the FRFI has access to any of its information in the possession of the TPP, as well as ensuring that the FRFI’s standards for data protection, change management and security incident logging are applied to FRFI assets on a TPP platform.</p> <p>The Guideline recommends specific requirements <strong>to ensure that the FRFI’s use of cloud computing is consistent with its stated risk profile</strong>. These include augmenting the FRFI’s existing controls and standards with cloud-specific provisions relating to data protection, management of vulnerabilities, cryptographic key management and others. Furthermore, in designing and implementing a cloud-based solution, the FRFI should ensure that applications and data are easily portable between CSPs in order to ensure that the FRFI can switch to a superior cloud environment if necessary.</p> <h2>5. Technology Resilience</h2> <p>The FRFI is expected to develop, implement and maintain an <strong>Enterprise Disaster Recovery Framework (“EDRF”)</strong> that, in conjunction with its business continuity plan, serves as a guide to recovery from a major technology disruption. The EDRF should establish, at a minimum:</p> <ul> <li>responsibility for the availability and recovery of technology services;</li> <li>a process for identifying and analyzing technology services and key dependencies required to operate within the FRFI’s risk tolerance;</li> <li>procedures for the timely restoration of technology services to an acceptable level when a disruption occurs; and</li> <li>data backup strategy, policy and processes (backup frequency, storage, destruction and testing).</li> </ul> <p>“Key dependencies” include information security requirements for stored data (e.g. encryption) and the location of technology assets (e.g. of backup sites, service providers, etc.).</p> <p>Finally, <strong>OSFI will expect the FRFI to test its EDRF</strong> against “severe but plausible” scenarios incorporating:</p> <ul> <li>new and emerging risks or threats;</li> <li>material changes to business objectives or technologies;</li> <li>the FRFI’s incident history and any known technology complexities or weaknesses.</li> </ul> <p>Disaster recovery scenarios should test the FRFI’s backup and recovery processes to confirm that it can meet its predefined requirements in the context of key dependencies and the FRFI’s onsite and outsourced technologies.</p> <h2>Conclusion</h2> <p>As noted above, comments on Guideline B-13 will be accepted until February 9, 2022. They may be submitted to <a rel="noopener noreferrer" rel="noopener noreferrer" href="mailto:Tech.Cyber@osfi-bsif.gc.ca" target="_blank"><strong>Tech.Cyber@osfi-bsif.gc.ca</strong></a>. </p>26-Nov-2021 03:56:00{B1FF1950-AA50-4DB3-92A7-8E32D2F15B00}https://www.stikeman.com/en-ca/kh/financial-services/financial-services-innovation-in-ontario-fsra-releases-its-consultation-documentAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersFinancial Services UpdateInsurance Law UpdateFinancial Services Innovation in Ontario: FSRA Releases its Consultation Document<p><strong>On October 21, 2021, the Financial Services Regulatory Authority of Ontario (FSRA) </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.fsrao.ca/newsroom/fsra-releases-its-innovation-framework-public-consultation"><strong>released</strong></a><strong> a 35-page </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.fsrao.ca/media/4621/download"><strong>consultation document</strong></a><strong> (“Consultation Document”) detailing its proposed Innovation Framework. FSRA’s </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.fsrao.ca/about-fsra/innovation-office"><strong>Innovation Office</strong></a><strong>, created in 2020 to facilitate financial services innovation in Ontario, is coordinating the initiative. Supporting innovation in Ontario’s financial services sector is a core part of FSRA’s mandate as a regulator. The Framework set out in the Consultation Document is open for comment until November 18, 2021.</strong></p> <p>While the new framework will affect all areas of financial services under Ontario’s jurisdiction, the <strong>auto insurance sector</strong> will be the first to access the new testing environments described below. FSRA is empowered to grant certain forms of exemptive relief that may be required to implement a service or product test that it has approved.</p> <h2>Outline of the Consultation Document</h2> <p>The Consultation Document includes discussions of the following:</p> <ul> <li>The Innovation Office and its role;</li> <li>The innovation process;</li> <li>Test and learn environments; and</li> <li>Industry engagement and outreach.</li> </ul> <p>In this post, we summarize some of the highlights of the Consultation Document.</p> <h2>The Innovation Office and its Role</h2> <p>The Innovation Office will be the “central driver and coordinator” of FSRA’s mandate to foster what the Consultation Document refers to as “responsible innovation”. In an environment of responsible innovation, any risks that innovation could pose to consumers, or to businesses that deal with the auto insurance sector, will be carefully managed. The Innovation Office’s three key roles are:</p> <ul> <li>Fostering an environment that will encourage responsible innovation;</li> <li>Focusing on improved consumer choice and value while protecting consumer interests; and</li> <li>Continuously improving its approach and tools.</li> </ul> <p>The Innovation Office will have an “orchestrator” role within FSRA itself, driving FSRA’s mandate to pursue innovation. It will engage in dialogue with innovators, while functioning as a disruptor:</p> <p style="padding-left: 30px;">“The Innovation Office will challenge established structures and closed mindsets that stifle innovation. We will play a challenge function role both within FSRA and in Ontario's financial services sector, pathfinding for innovative and new ideas and services when the established approach would otherwise act as an obstacle.”</p> <p>While regulatory changes may occur eventually, the Innovation Office will initially operate within Ontario’s existing regulatory framework. It will have a research and outreach function and will make use of the Test and Learn Environment (“TLE”) described below.</p> <p>FSRA is seeking comments on the role that it should play in innovation as well as on experiences industry participants have had to date in bringing innovative ideas to FSRA.</p> <h2>The Innovation Process</h2> <p>The innovation process envisaged by FSRA includes “inside out” and “outside in” approaches. The first of these leverages the experience of FSRA’s own teams to bring new trends, problems and solutions to the surface. The second involves working with stakeholders to bring their innovation ideas to fruition. As part of this plan, FSRA is adopting an innovation culture, with Innovation Liaisons across FSRA, whose job it is to facilitate communication among innovators, the Innovation Office and FSRA as whole.</p> <p>The steps in the innovation process are as follows:</p> <ol> <li><strong>Opportunity intake:</strong> discovery and consideration of innovation opportunities;</li> <li><strong>Prioritization and management:</strong> Assessment and selection based on established criteria;</li> <li><strong>Definition and “solutioning”:</strong> Deciding which regulatory tool should be used for each selected opportunity;</li> <li><strong>Risk assessment and testing:</strong> Scrutinization of opportunities for uncertainties and risks that might require additional testing and validation in the TLE, or by other means; and</li> <li><strong>Communication and measurement:</strong> Communication of innovation opportunities and measurement of the Innovation Office’s impact.</li> </ol> <p>The intake form that will be available on the FSRA website is described in detail in the Consultation Document. FSRA is seeking comments on both the form and the innovation process more generally, as well as on the risk evaluation process described below.</p> <p>The risk assessment process will consider risks of a proposed innovation to the customer, the industry and to FSRA itself. Depending on the results of the risk analysis, the innovator might be asked to revise its proposal (if the risk is high) or given the opportunity to test it in a testing environment (if the risk is lower). If the testing process proceeds satisfactorily, FSRA will make recommendations to the Government of Ontario respecting any necessary statutory or regulatory amendments.</p> <h2>Test and Learn Environments</h2> <p>FSRA’s TLEs will provide “an adaptive, pro-innovation test environment while ensuring consumers are protected”. From an innovator’s standpoint, the TLE is “a relatively low-risk arena for gauging the market response to their innovations.” This approach is intended, in part, to level the playing field between industry incumbents and new market entrants. Importantly, FSRA will have considerable authority to grant exemptive relief that may be required to ensure that innovation proposals can be tested effectively.</p> <p>An “Approach Guidance” will be published to “provid[e] specificities on the general approach of how TLEs would work.” In the meantime, the plan set out in the Consultation Document envisages two basic TLE types:</p> <ul> <li><strong>Activity TLEs</strong> involve FSRA’s exercise of regulatory authority to approve the testing of activities that would not otherwise be permitted under the existing regulatory framework; and</li> <li><strong>Status TLEs</strong> give time-limited and conditional approvals for activities intended to test and validate innovative products and services to non-regulated entities that would not otherwise be granted such opportunities.</li> </ul> <p>As noted above, the first TLEs will be in the auto insurance sector. A detailed auto industry use case, intended as an example scenario, is included in the Consultation Document.</p> <p>The TLE fee structure has not yet been determined in detail. It appears, however, that the approach FSRA takes to fees will differ between regulated and unregulated entities – reflecting the fact that cost-recovery with respect to the former can be achieved, in whole or in part, through general assessment. FSRA is seeking comments on how fees should be charged, including stakeholder views on the fairest way to keep fees within the reach of innovators new to the market while discouraging the use of the TLE as “a free incubator or accelerator for early-stage ideas”.</p> <h2>Industry Engagement and Outreach</h2> <p>The Consultation Document outlines FSRA’s plans for extensive and ongoing stakeholder outreach, including constant engagement with sector participants and consumers. FSRA’s goal is to be knowledgeable, adaptable, proactive and responsive to consumer and industry input. Among the functions that FSRA envisages for the Innovation Office is to co-ordinate meetings and discussions among stakeholders themselves.</p> <p>Finally, transparency will be a core principle for FSRA and the Innovation Office. Public communication of decisions about TLEs will be communicated so that innovators and other stakeholders can build up an understanding, over time, of what FSRA is looking for in innovation proposals and where the boundaries lie. In the Consultation Document, FSRA requests input on how the Innovation Office’s engagement efforts should be structured.</p> <h2>Next Steps</h2> <p>The Consultation Document invites comments on many key issues, including those noted above. The deadline for receipt of comments is <strong>Thursday, November 18, 2021</strong>.</p>11-Nov-2021 03:43:00{CD633F2B-DC74-41D4-A6E8-FBE03A5BDD42}https://www.stikeman.com/en-ca/kh/insurance-law/fair-treatment-of-customers-results-released-from-the-ccir-s-cooperative-reviewAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersInsurance Law UpdateFair Treatment of Customers: Results Released from the CCIR’s Cooperative Reviews of Canadian Insurers<p><strong>The Canadian Council of Insurance Regulators (“CCIR”) has released its Fair Treatment of Customers (“FTC”) </strong><a rel="noopener noreferrer" target="_blank" href="https://www.ccir-ccrra.org/Documents/View/3669"><strong>Consolidated Observations Report</strong></a><strong> (the “Report”). The Report summarizes the findings of recent FTC reviews of Canadian insurers by the CCIR and individual jurisdictional regulators. The Report also includes generalized versions of recommendations that were provided to the applicable insurers.</strong></p> <h2>Background</h2> <p>The Report assesses the current state of the FTC principle across the industry, establishing a reference point for assessing future progress. Based on reviews conducted between 2017 and 2021, it supplements the September 2018 guidance <a rel="noopener noreferrer" target="_blank" href="https://www.ccir-ccrra.org/Documents/View/3450"><em>Conduct of Insurance Business and Fair Treatment of Customers</em></a> (“FTC Guidance”), a joint publication of the CCIR and the Canadian Insurance Services Regulatory Organizations (“CISRO”). The FTC Guidance set out expectations for the conduct of insurance businesses across the product life-cycle that would satisfy the FTC principle (see our <a href="https://www.stikeman.com/en-ca/kh/insurance-law/Fair-Treatment-of-Customers-CCIR-and-FSCO-Release-Finalized-Guidelines">previous Stikeman Elliott update</a>).</p> <p>The Report indicates that while the joint FTC reviews have to date focused on the individual life insurance line of business, CCIR members have also carried out individual FTC reviews in their own jurisdictions. In general terms, the results and recommendations contained in the Report appear to pertain more closely to the life and health (L&H) insurance agent distribution channel than the property & casualty insurance (P&C) independent insurance broker channel, although the Report indicates that the common observations and themes in the joint and individual FTC reviews can be applied to both the L&H and P&C sectors.</p> <p>Each of the joint and individual FTC reviews aims to understand insurers’ commercial practices in preventing consumer harm, and supports:</p> <ul> <li>adopting FTC principles throughout the entire product life-cycle and consumer journey;</li> <li>establishing the right tone at the top, which sets the organization’s FTC corporate culture and values;</li> <li>building strong agent onboarding, training, and supervision programs that put consumers’ needs first;</li> <li>providing adequate information to consumers at different stages of the sales process, and</li> <li>handling claims and complaints in a fair and efficient manner.</li> </ul> <h2>Topics Considered in the Report</h2> <p>The Report considered the following seven areas of review, each as discussed in greater detail below:</p> <ul> <li>Corporate governance and culture;</li> <li>Agent training and outsourcing/delegating arrangements;</li> <li>Incentive management and remuneration structure;</li> <li>Product design, marketing, and advertising;</li> <li>Information provided to consumers;</li> <li>Claims examination and settlement; and</li> <li>Complaints examination and dispute settlement.</li> </ul> <h3>Corporate governance and culture</h3> <p>The FTC Guidance establishes the expectation that FTC will be a “core component of the governance and business culture of insurers”. The reviews specifically assessed:</p> <ul> <li><strong>Roles and responsibilities</strong>, recommending clearer definition of FTC-related roles and duties, with appropriate authority for FTC-related functions to be carried out effectively.</li> <li><strong>Policies and procedures</strong>, recommending implementation of regular reviews of policies and procedures to deal with FTC risks and the implementation of FTC-related policies by insurers that have not yet done so.</li> <li><strong>Reporting on FTC objectives</strong>, recommending that senior management be provided with a “more holistic” view of progress toward FTC objectives on an organization-wide basis.</li> </ul> <p>In addition, it was recommended that insurers inform agents of changes to the insurer’s Code of Conduct and have them periodically review and acknowledge the Code.</p> <h3>Agent training and outsourcing/delegating arrangements</h3> <p>Ensuring that intermediaries understand the insurance products and the target market is another key recommendation of the FTC Guidance. In this area, the reviews resulted in the following recommendations:</p> <ul> <li><strong>Review of contracts with intermediaries:</strong> Insurer contracts with intermediaries should be reviewed and updated, if necessary, to ensure that they include detailed expectations about roles and responsibilities, notably those that are outsourced or delegated.</li> <li><strong>Monitoring of delegated training:</strong> Processes should be established to ensure that independent agents are taking the training that they are offered and that appropriate support and follow-up are being offered.</li> </ul> <p>In order to achieve these goals, proactive monitoring of intermediaries who are training agents is recommended.</p> <h3>Incentive management and remuneration structure</h3> <p>One important expectation of the CCIR and CISRO in the FTC Guidance, is that FTC outcomes should be factored into insurers’ performance evaluation, compensation schemes and incentive programs. Two recommendations in the Report followed from that:</p> <ul> <li><strong>Incentive program design: </strong>Qualitative criteria based on FTC should be incorporated into incentive programs, including as to be guided by incentive management guidance that the CCIR is currently developing.</li> <li><strong>Monitoring of intermediaries’ incentive programs</strong>: Supervision of intermediaries’ incentive programs, currently nonexistent or weak, must be improved so that insurers are aware of how sellers of their products are being incentivized with respect to FTC.</li> </ul> <p>Insurers should also be proactive in identifying, avoiding and managing conflicts of interest (“COIs”) and creating and communicating appropriate COI policies and procedures.</p> <h3>Product design, marketing, and advertising</h3> <p>Accurate, clear and non-misleading advertising is another of the expectations set forth in the FTC Guidance. The CCIR review process resulted in these recommendations:</p> <ul> <li><strong>Review of marketing materials</strong> should be carried out according to a formalized ongoing process, a practice that the review process found at only a minority of insurers.</li> <li><strong>Product design and marketing</strong> should incorporate FTC components to ensure that consumer needs are met.</li> </ul> <p>As noted in the FTC Guidance, the insurer’s responsibility for providing accurate, clear and non-misleading marketing material includes the material provided to intermediaries.</p> <h3>Information provided to consumers</h3> <p>A core expectation of CCIR and CISRO is that customers receive product information that allows them to understand the product they are considering and how well it would meet their requirements. Two related recommendations in the Report followed from the review:</p> <ul> <li><strong>Clear and accessible information:</strong> Consumers should be provided with clear information, including on insurer websites and in marketing materials, aided by glossaries, FAQs and references to policy clauses, etc.</li> <li><strong>Better guidance for intermediaries:</strong> The review found that there is a need for mechanisms and procedures to help intermediaries understand which of the documents and information provided to them should be passed on to customers.</li> </ul> <p>These recommendations reflect the fundamental principle that a customer must be given the information required to make an informed decision prior to entering into an insurance contract.</p> <h3>Claims examination and settlement</h3> <p>The FTC Guidance states that claims should be “examined diligently and fairly settled” with a “simple and accessible” procedure. It emerged from the review process that the claims process was sometimes not explained clearly, leaving customers unaware of the full range of their options. The following recommendation was made:</p> <ul> <li><strong>Clearer claims processes and documents:</strong> At all stages of the claims process, customers must be provided with complete, clear, accessible and understandable information.</li> </ul> <p>The review noted deficiencies in denial letters issued by some insurers, particularly with regard to providing complete and understandable reasons for the denial and with regard to appeal or complaint processes.</p> <h3>Complaints examination and disputes settlement</h3> <p>The fair and diligent examination of consumer complaints is one of the key expectations set out in the FTC Guidance. The review found significant deficiencies in existing practices, leading to the following recommendations:</p> <ul> <li><strong>ASMC-compliant reporting of complaints:</strong> The review found that many insurers are not reporting in accordance with the definitions in the CCIR <a rel="noopener noreferrer" target="_blank" href="https://www.fsrao.ca/industry/life-and-health-insurance/annual-returns-instructions-life-and-health-insurance/annual-statement-market-conduct"><em>Annual Statement on Market Conduct</em></a> (“ASMC”).</li> <li><strong>Improving the complaints process:</strong> While all insurers had complaints-handling policies and procedures, these were often difficult to follow, and it was therefore recommended that insurers work to ensure timely complaint resolution and clarity about complaints processes.</li> </ul> <p>Information on expected turnaround times, the options for filing a complaint and “next steps” should also be communicated clearly.</p> <h2>Next Steps</h2> <p>The Report notes that the insurer is responsible for FTC throughout the life-cycle of the insurance product, as it is the insurer that is the ultimate risk carrier. However, the Report also notes that intermediaries also play a significant role in insurance distribution, and where more than one party is involved in the design, marketing, distribution, and policy servicing of insurance products, FTC in respect of the relevant services is a responsibility that is shared amongst involved insurers and intermediaries.</p> <p>The cooperative review process will continue and CCIR expects that the results summarized in the Report will provide a tool for both P&C and L&H insurers to benchmark themselves against the reported recommendations, to the benefit of Canadian consumers.</p>01-Nov-2021 06:46:00{938D5BA1-FC82-4B67-9BCA-3CFF5F2988B9}https://www.stikeman.com/en-ca/kh/insurance-law/alberta-introduces-captive-insurance-company-legislationStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersInsurance Law UpdateAlberta Introduces Captive Insurance Company Legislation<p><strong>Earlier today, the Alberta government introduced legislation providing for the licensing and supervision of captive insurance companies in Alberta, becoming only the second province, after British Columbia, to permit captive insurers. </strong></p> <p>A captive is an insurance company established by a single shareholder or group of related shareholders, and which typically insures only the risks of that shareholder or group. Captives often then further transfer, or “reinsure”, the risks to other traditional insurance companies inside or outside Canada. Historically, most Canadian captives have been formed in certain U.S. states, Caribbean jurisdictions or Bermuda, all of which have specific captive insurance legislation, and actively market themselves as preferred homes for captives. Only a few dozen captives have ever been formed in British Columbia.</p> <p>The proposed <em>Captive Insurance Companies Act</em> draws on the British Columbia captive legislation as well as the captive legislation in key U.S. and offshore jurisdictions and the <em>Insurance Act</em> (Alberta). Uniquely among those jurisdictions, it permits a captive to be formed either as a limited partnership or as a traditional corporation incorporated under the <em>Business Corporations Act</em> (Alberta). Under the proposed legislation, a captive may be formed as a “pure” captive, an “association” captive or a “sophisticated insured” captive, each as defined in the legislation. Most of the key operating and supervisory provisions will be contained in regulations to be finalized in 2022.</p> <p>The proposed legislation is intended to be the first of a number of Alberta insurance-related initiatives designed to achieve several complementary goals. These include providing additional Alberta-based insurance capacity to Alberta businesses, particularly in the energy sector, while preserving and creating new opportunities for incumbent insurers to co-insure alongside the captives and/or reinsure the captives. In addition, it would help foster the long-term development of the insurance, risk management and insurtech/fintech sector in Alberta, complementing related Alberta governmental initiatives already underway and supporting long-term economic diversification in Alberta. Future initiatives are intended include further development of local reinsurance capacity.</p> <p><em><a href="/en-ca/people/c/stuart-s-carruthers">Stuart Carruthers</a>, who leads Stikeman Elliott’s insurance sector corporate/regulatory and M&A practice, is the volunteer counsel to a broad working group of insurance industry stakeholders engaged with Alberta governmental authorities on the captive insurance initiative and future related initiatives.</em></p>27-Oct-2021 09:15:00{142D65EF-51A5-4F17-B826-669FFBCEB8A8}https://www.stikeman.com/en-ca/kh/insurance-law/osfi-tightens-technology-and-cybersecurity-incident-reporting-requirements-for-frfisShawn Smithhttps://www.stikeman.com/en-ca/people/s/shawn-smithAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersInsurance Law UpdateCanadian Technology & IP LawFinancial Services UpdateOSFI Tightens Technology and Cybersecurity Incident Reporting Requirements for FRFIs<p><strong>On August 13, 2021, Canada’s Office of the Superintendent of Financial Institutions (OSFI) </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/osfi-bsif/med/Pages/TCSIR-nr.aspx"><strong>announced</strong></a><strong> new technology/cybersecurity incident </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/adv-prv/Pages/TCSIR.aspx?utm_source=osfi-bsif&utm_medium=email&utm_campaign=advisory"><strong>reporting requirements</strong></a><strong> for Federally Regulated Financial Institutions (FRFIs). Incidents to which the policy applies are no longer subject to an express materiality threshold and must now be reported within 24 hours, with specific consequences for failure to report. In addition, OSFI updated the </strong><a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/in-ai/Pages/cbrsk.aspx"><strong>Cyber-Security Self-Assessment</strong></a><strong> for FRFIs. This stricter approach reflects OSFI’s growing concern about the potential impact of cybercrime and technology incidents on the financial sector.</strong></p> <h2>Reportable Incidents</h2> <p>The updated Technology and Cyber Security Incident Reporting Advisory (“New Advisory”) replaces the <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://stikeman.com/en-ca/kh/canadian-securities-law/OSFI-Provides-New-Guidance-on-Technology-and-Cybersecurity">OSFI advisory</a> that has been in effect since March 31, 2019 (“2019 Advisory”). The New Advisory defines “technology or cyber security incident” as:</p> <p>An incident that has an impact, or the potential to have an impact on the operations of a FRFI, including its confidentiality, integrity or the availability of its systems and information.</p> <p>The explicit materiality qualifier in the 2019 Advisory has not been retained in the New Advisory, which instead recommends that:</p> <ul> <li>“FRFIs should <strong>define priority and severity levels</strong> within their incident management framework” (the New Advisory does not set expectations for these frameworks); and</li> <li>FRFIs <strong>consult their Lead Supervisors</strong> if uncertain whether an incident should be reported.</li> </ul> <p>In general, <strong>the New Advisory lowers the threshold for reporting while expanding the scope of reportable incidents</strong> as discussed below. Because the previous materiality test is no longer applicable, the requirement to report could potentially be triggered by almost any incident that affects a FRFI’s systems.</p> <h3>Characteristics of reportable incidents</h3> <p>The New Advisory states that reportable incidents <strong>may</strong> have any of the following characteristics (note that OSFI does not intend the examples given to be exhaustive of the points that they illustrate):</p> <ul> <li>The potential to affect other FRFIs or the Canadian financial system generally;</li> <li>An impact on FRFI systems affecting financial market settlement, confirmations or payments, or impact on payment services;</li> <li>An impact on FRFI operations, infrastructure, data, systems (e.g. an impact on the confidentiality, integrity or availability of customer information, among others);</li> <li>A disruptive effect on business systems or operations (e.g. data centre or utility centre outages or “loss or degradation” of connectivity);</li> <li>An operational impact on key or critical systems, infrastructure or data;</li> <li>An activation of disaster recovery plans or teams or a declaration of disaster by a third-party vendor, affecting the FRFI;</li> <li>An operational impact on internal users that affects business operations or external customers;</li> <li>An impact on external customers that is growing and likely to attract media attention, with a potential to negatively affect the FRFI’s reputation;</li> <li>An impact to a third party affecting the FRFI;</li> <li>The FRFI’s technology/cyber incident protocols or response team have been activated;</li> <li>An incident has been reported to the board of directors or senior management;</li> <li>A report has been made to another federal government department or to the Office of the Privacy Commissioner, to a law enforcement agency or to any other regulator or supervisory authority anywhere in the world;</li> <li>The FRFI “has invoked internal or external counsel”;</li> <li>A FRFI incident for which a cyber insurance claim has been initiated;</li> <li>The FRFI has internally assessed the incident as a Tier 1 or Tier 2 incident (high or critical severity); or</li> <li>A breach of internal risk appetite or thresholds.</li> </ul> <p>However, even if an incident does not appear to meet any of these criteria (or where the FRFI is uncertain), <strong>notification of OSFI is “encouraged” on a precautionary basis</strong>.</p> <p>Appendix I of the New Advisory lists four reportable scenarios as examples of reportable incidents. These appear to be similar to those included in the 2019 Advisory: an account takeover botnet campaign, a data centre technology failure, a breach at a material third party and DDoS extortion attacks.</p> <h2>Notification Requirements</h2> <p>The New Advisory differentiates between “initial” notification requirements and those that apply subsequently.</p> <h3>Initial notification requirements</h3> <p>In a major change, the notification timeframe has been <strong>reduced from 72 hours to 24 hours,</strong> although OSFI’s preference continues to be that notification take place as soon as possible. The New Advisory does not specify when the reduced 24-hour period begins to run, although (as noted below) it clearly contemplates that reports will sometimes have to be submitted before the FRFI has ascertained all of the required information. The 2019 Advisory stated that the 72-hour period began to run when the FRFI had determined that the incident was reportable.</p> <p>Incidents must be reported to the appropriate <strong>Lead Supervisor</strong> and to <strong>OSFI’s Technology Risk Division</strong> using the Incident Reporting and Resolution Form, whether or not all details are known. A facsimile of the form is provided in Appendix II of the <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/adv-prv/Pages/TCSIR.aspx?utm_source=osfi-bsif&utm_medium=email&utm_campaign=advisory">New Advisory</a>.</p> <p>Note that the 24-hour reporting period is shorter than the corresponding requirement under section 10.1 of <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://canlii.ca/t/7vwj">PIPEDA</a>, which requires that notifications be made “as soon as feasible after the organization determines that the breach has occurred”. The FRFI continues to be responsible for complying with the PIPEDA requirement, however.</p> <h3>Subsequent notification requirements</h3> <p>The <strong>subsequent notification requirements are more open-ended</strong>. In whatever form it takes, such notification should be “regular (e.g. daily)”, although OSFI may issue more specific requirements in specific cases. The regular updates should continue until the incident is contained or resolved and are expected to include both short-term and long-term remediation actions and plans. A post-incident review, including “lessons learned” should also be submitted at an appropriate time.</p> <h3>Failure to report</h3> <p>Failure to report incidents as required can now lead to <strong>specific consequences</strong>, such as increased supervisory oversight, e.g. enhanced monitoring of a FRFI’s activities, or watch-listing or staging of the FRFI (among other potential consequences).</p> <h2>Cyber Security Self-Assessment</h2> <p>The Cyber Security Self-Assessment (“Self-Assessment”) <strong>assists the FRFI in identifying areas of potential vulnerability to cyber incidents</strong> and addresses both incident prevention and incident response. Changes in the <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/in-ai/Pages/cbrsk.aspx">revised version</a> were designed in part to reflect recent rapid growth in financial services digitization. While not mandatory, the Self-Assessment will supplement OSFI’s forthcoming guidance for the sound management of technology and cyber risk, referred to in the <a rel="noopener noreferrer" rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/in-ai/Pages/prupol-let.aspx">Near-Term Plan of Prudential Policy</a>, issued on May 6, 2021.</p> <p>The Self-Assessment encompasses <strong>90 “control statements” </strong>such as “The FRFI conducts regular reviews of the cyber risk strategy and cyber risk framework, to ensure compliance with legal and regulatory requirements” (no. 3). The control statements are divided into the following categories:</p> <ul> <li>Planning and strategy</li> <li>Policy</li> <li>Risk management</li> <li>Business environment</li> <li>Asset management</li> <li>Risk assessment</li> <li>Identity management and access control</li> <li>Network security</li> <li>Data security</li> <li>Vulnerability management</li> <li>Change and configuration management</li> <li>Monitoring and logging</li> <li>Benchmarking, reviews and assessments</li> <li>Secure software development</li> <li>Incident management</li> <li>Testing and planning</li> <li>Continuous improvement</li> <li>Security education</li> <li>Governance and management</li> <li>Cloud service providers</li> </ul> <p>In completing the Self-Assessment, the <strong>FRFI will rate each control statement on a scale from 0-5</strong> with respect to “cyber security maturity”. The data produced by this exercise will help the FRFI focus its future cyber security planning on its most pressing areas of deficiency.</p> <h2>Next Steps</h2> <p>Steps that FRFIs should consider in light of the New Advisory include (among others):</p> <ul> <li>Assessing the implications of the changes to the reporting standards in the New Advisory on their internal procedures;</li> <li>Reviewing and (if necessary) updating supplier and outsourcing agreements to ensure compliance with the new requirements; and</li> <li>Undergoing a Cyber Security Self-Assessment based on the new template.</li> </ul>01-Sep-2021 07:55:00{A66AE3E8-E744-460A-B092-B6E3EB0A64F9}https://www.stikeman.com/en-ca/kh/insurance-law/unfair-or-deceptive-acts-or-practices-ontarios-fsra-revises-Its-proposed-udap-rule-for-insurersStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamInsurance Law UpdateUnfair or Deceptive Acts or Practices: Ontario’s FSRA Revises Its Proposed UDAP Rule for Insurers<p><strong>On July 14, 2021, the Financial Services Regulatory Authority of Ontario (“FSRA”) </strong><a rel="noopener noreferrer" target="_blank" href="https://www.fsrao.ca/newsroom/fsra-releases-its-revised-proposed-unfair-or-deceptive-acts-or-practices-rule-public-consultation"><strong>released a revised version</strong></a><strong> of its proposed Unfair or Deceptive Acts or Practices Rule (“UDAP Rule” or “Rule”). The changes in the revised version are primarily in response to comments received from industry participants and other interested parties. After an additional comment period that ends August 11, 2021, FSRA will finalize the Rule. </strong></p> <p>We <a href="https://www.stikeman.com/en-ca/kh/insurance-law/ontario-s-fsra-consults-on-proposed-insurance-sector-rule-on-unfair-or-deceptive-acts-or-practices">previously discussed </a>the December 2020 draft of the Rule (the “First Draft”) in detail. In this post, we look at some of the changes that FSRA has made to the First Draft in light of the comments that it received. These changes include reaffirming the existing prohibition on incentives and rebates for life, sickness and accident insurers and clarifying some of the considerations that will be employed in applying the proposed principles-based approach, notably as regards reasonableness.</p> <h2>Background</h2> <p>As noted in our previous post, FSRA’s intention in adopting a principles-based UDAP Rule is to better protect consumers while building in the flexibility required as a diverse industry responds to social and technological change. The UDAP Rule will be FSRA’s first Rule and will replace the current <a rel="noopener noreferrer" href="https://canlii.ca/t/54b71" target="_blank">UDAP Regulation 7/00</a> under Ontario’s <em><a rel="noopener noreferrer" href="https://canlii.ca/t/552rs" target="_blank">I</a></em><em><a rel="noopener noreferrer" href="https://canlii.ca/t/552rs" target="_blank">nsurance Act</a></em> – a regulation that both FSRA and many industry participants agree is outdated and overly prescriptive and hinders innovation.</p> <p>The UDAP Rule will apply to insurers, brokers, intermediaries, adjusters and providers of goods and/or services that are connected to insurance claims, such as certain legal practitioners, health service providers, tow-truck operators, automobile storage facilities and automobile repair shops. Once the Rule is in place, FSRA plans a further stage of rulemaking in this area that (among other things) will assist in the transition toward principles-based regulation.</p> <h2>Response of Stakeholders to the First Draft</h2> <p>Stakeholders who commented on the First Draft generally supported the principles-based, outcomes-focused approach, although some asked for greater clarity on how principles such as reasonableness requirements would be applied. On the other hand, some responses to the proposal to relax restrictions on rebating and incentives were less enthusiastic, particularly in the life and health sector. These comments led FSRA to propose some changes to the First Draft, as described below.</p> <p>Some of the most common feedback on the First Draft is summarized on pages 2-3 of FSRA’s “<a rel="noopener noreferrer" target="_blank" href="https://www.fsrao.ca/media/4356/download">Notice of Changes and Request for Further Comment</a>” (“Notice of Changes”). FSRA has also published a detailed <a rel="noopener noreferrer" target="_blank" href="https://www.fsrao.ca/engagement-and-consultations/fsras-first-proposed-insurance-rule-released-public-consultation-unfair-or-deceptive-acts-or-practices-udap-rule/summary-comments">summary</a> of the comments that were submitted.</p> <h2>Significant Changes from the First Draft</h2> <p>FSRA’s proposed changes, summarized on pages 3-5 of the “Notice of Changes”, include the following:</p> <ul> <li>Amending the definition of “contract of insurance” to refer directly to sections 171(1) and 290 of the <em>Insurance Act </em>and thereby make it clearer that life, accident and sickness insurance, as defined under the Act, fall within the Rule’s scope.</li> <li>Reworking the section concerning the “reasonable person” standard to clarify that considerations relevant to reasonableness can include an insurer’s nature, complexity, operations and risk profile, in addition to its size.</li> <li>Deleting the list of <em>Human Rights Code</em> provisions that are relevant to interpreting “discrimination” under the Rule, because this might have been taken to imply that the rest of the <em>Code</em> is not relevant, which was not FSRA’s intent.</li> <li>Clarifying that lawyers and paralegals will generally be exempt from the Rule with respect to professional services that they provide in connection with activities that are subsequently found to constitute “fraudulent or abusive conduct related to goods and services provided to a claimant”.</li> <li>Expanding the references to delay in claims “adjustment or settlement” (which are typically used in relation to P&C insurance claims) to also include “adjudication”, which customarily used in relation to life and health insurance claims .</li> <li>Requiring claim status information to be not only timely but “clear, comprehensive and adequate”.</li> <li>Broadening the scope of the prohibition on incentives, rebates, etc., to include anything of that type that is “prohibited by law”, rather than merely by the <em>Insurance Act</em> and its associated rules and regulations, so that, for example, it also includes the prohibitions in the <em>Registered Insurance Brokers Act</em>.</li> <li>Prohibiting incentives, rebates, etc. in relation to life insurance and accident and sickness insurance. The First Draft would have allowed such incentives under certain conditions. In light of the negative comments generated by that proposal, the revised proposed Rule has reverted to the status quo, although FSRA intends to hold further discussions with stakeholders on this subject.</li> </ul> <p>The remaining changes are technical in nature, e.g. to ensure that the Rule comes into force on the same day that certain related consequential amendments to the <em>Insurance Act</em> take effect.</p> <h2>Next Steps</h2> <p>As noted, the consultation period ends on August 11, 2021, after which it is anticipated that FSRA will finalize the Rule and announce a date for its implementation.</p>05-Aug-2021 03:30:00{25E3C2F4-0256-4521-8389-08DB03336560}https://www.stikeman.com/en-ca/kh/insurance-law/finalized-osfi-guideline-for-foreign-insurance-and-bank-branches-releasedStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamInsurance Law UpdateFinalized OSFI Guideline for Foreign Insurance and Bank Branches Released<p><strong>On June 28, 2021, Canada’s Office of the Superintendent of Financial Institutions released the final version of </strong><a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/E4.aspx"><strong>Guideline E-4</strong></a><strong> on Foreign Entities Operating in Canada on a Branch Basis. The Guideline replaces outdated Guidelines </strong><a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/e4a.aspx"><strong>E-4A</strong></a><strong> (insurance) and </strong><a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/e4b.aspx"><strong>E-4B</strong></a><strong> (banking) and takes effect in July 2021, although there is a 6-month compliance transition period, ending in January 2022.</strong></p> <h2>Changes from the Draft Guideline</h2> <p>The finalized Guideline incorporates a number of changes from the <a href="https://www.stikeman.com/en-ca/kh/insurance-law/osfi-releases-draft-guideline-for-foreign-insurance-and-bank-branches-in-canada">October 27, 2020 draft</a>, including several substantive amendments in response to public comments:</p> <ul> <li>While Canadian branches must still document any arrangements they have with their home offices to perform “material functions” on the branch’s behalf, <strong>the Guideline no longer requires that this take the form of a service level agreement</strong> – as we noted in our earlier post, a branch and its home office are the same legal entity and thus cannot contract with one another.</li> <li>Related to the above, transfers of funds between a Canadian branch and its home office will now require <strong>10 business days’ notice</strong> to OSFI rather than the 30 that had been proposed. While clear documentation of such transfers is required, OSFI’s approval is not required.</li> <li>With respect to record-keeping, the final version includes a new footnote clarifying that the requirement that records be “updated and accurate as at the end of each business day” is <strong>not breached</strong> when the records include accounting figures that are customarily calculated less frequently (e.g. on a monthly or quarterly basis).</li> <li>The finalized Guideline states that, as electronic records of reinsurance arrangements or files on more complex activities may not be sufficient for OSFI’s review, a branch may be required <strong>to make available an executed copy of such documents upon OSFI’s request</strong>.</li> <li>Finally, OSFI notes in its <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/E4_let.aspx?utm_campaign=E4&utm_medium=email&utm_source=osfi-bsif&utm_content=letter">response to comments</a> that<strong> the foreign entity can determine the composition of the management of the Canadian branch</strong> and that OSFI’s expectations with respect to the roles of Chief Agent (or Principal Officer, in the banking context) are unchanged. It also clarifies that, while branch management is <strong>collectively</strong> expected to have sufficient knowledge of all applicable Canadian legislation, regulations, guidelines, etc., there are <strong>no specific expectations for individuals</strong>.</li> </ul> <p>OSFI also noted in its <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/E4_let.aspx?utm_campaign=E4&utm_medium=email&utm_source=osfi-bsif&utm_content=letter">response to comments</a> that <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/Docs/b10.pdf"><strong>Guideline B-10</strong></a><strong> on outsourcing</strong> continues to apply, although it is <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/in-ai/Pages/tchrsk-sm.aspx">under review</a>. In addition, it declined to revisit Guideline E-4’s expectations regarding<strong> location of records</strong>, which some commenters had criticized as inflexible and outdated, reiterating that Guideline E-4 reflects OSFI’s legal interpretation of the current legislative requirements. A number of other concerns raised by commenters relating to a lack of specifics in the Guidelines (e.g. the absence of definitions of terms such as “material” and “materiality”) met with the response that the Guidelines are intended to be “principles-based” and context-specific.</p> <p>For a broader overview of Guideline E-4, see <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/fi-if/rg-ro/gdn-ort/gl-ld/Pages/E4_let.aspx?utm_campaign=E4&utm_medium=email&utm_source=osfi-bsif&utm_content=letter"><strong>our previous update</strong></a> on the October 2020 draft, bearing in mind the changes and clarifications discussed above.</p> <h2>Next Steps</h2> <p>In connection with the release of the finalized Guideline, OSFI has also reissued, and posted on its <a rel="noopener noreferrer" target="_blank" href="https://www.osfi-bsif.gc.ca/Eng/Pages/default.aspx">website</a>, other guidance documents with references removed to any requirements of Chief Agents or Principal Officers. As noted above, the requirements in the new Guideline E-4 will be enforceable as of January 2022, when the 6-month transition period ends. Canadian branches that had been waiting for the finalized version of the Guideline before taking concrete steps should now implement their plans, reflecting any adjustments required as a result of the changes described above.</p>06-Jul-2021 08:19:00{E7F01C39-F351-498A-81B3-A7B30493BCD9}https://www.stikeman.com/en-ca/kh/insurance-law/canadian-insurance-intermediary-regulators-release-proposed-conduct-principlesStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamInsurance Law UpdateCanadian Insurance Intermediary Regulators Release Proposed Conduct Principles<p><strong>On May 25, 2021, the Canadian Insurance Services Regulatory Organizations (“CISRO”) released its proposed </strong><a rel="noopener noreferrer" target="_blank" href="https://www.cisro-ocra.com/Documents/View/2402"><strong>Principles of Conduct for Intermediaries</strong></a><strong> (“Principles”), which are designed to complement and supplement the </strong><a rel="noopener noreferrer" target="_blank" href="https://www.stikeman.com/en-ca/kh/insurance-law/Fair-Treatment-of-Customers-CCIR-and-FSCO-Release-Finalized-Guidelines"><strong>Fair Treatment of Customers Guidance</strong></a><strong> (“FTC Guidance”) released by the Canadian Council of Insurance Regulators (“CCIR”) and CISRO in 2018. The comment period closes July 9, 2021.</strong></p> <p>The Principles reflect minimum regulatory conduct standards that are common across Canada regarding the fair treatment of customers, while recognizing that each jurisdiction has its own regulatory approach for the conduct of business. Intermediaries should conduct their business, following the relevant Principles that apply, while ensuring compliance with all applicable laws, regulations, rules or regulatory codes within their respective jurisdiction. Any stricter or more specific requirements, rules or standards of conduct take priority over the Principles. The Principles also provide consumers with a clear statement of the minimum standards of conduct that apply to adjusters, agents, brokers and other intermediaries.</p> <p>The Principles reinforce the fair treatment of customers as a core component of the intermediary business culture. This includes conducting business in an honest and transparent manner. Expectations for the conduct of insurance business may differ depending on the nature of the relationship to the customer (whether it is direct or indirect), the type of insurance provided and the distribution method. Intermediaries with oversight responsibilities must ensure that their employees and representatives meet high standards of ethics and integrity.</p> <p>Intermediary is given broad meaning and will differ based on the applicable definitions within different jurisdictions across Canada. It encompasses adjusters, individual agents, brokers and representatives as well as business entities that distribute insurance products and services, including managing general agencies and third-party administrators. It also applies to all distribution methods, including the internet. The Principles apply to all intermediaries that are authorized to do business within any jurisdiction, whether licensed, registered or exempted from licensing or registration. In the Principles, customer refers to a policyholder (which itself, as the case may be, includes a certificate holder) or a prospective policyholder with whom an insurer or intermediary interacts, and includes, where relevant, other beneficiaries and claimants with a legitimate interest in the policy</p> <p>The 10 fundamental duties of intermediaries, as set out in the proposed Principles, are as follows:</p> <ol> <li>Comply with all applicable laws, regulations, rules and codes;</li> <li>Put the customers’ interests ahead of their own;</li> <li>Identify, disclose and manage conflicts of interest;</li> <li>Provide objective, accurate and thorough advice that is suitable to the circumstances disclosed by each customer;</li> <li>Disclose and explain information relevant to the customer’s decision-making clearly and understandably;</li> <li>Disclose all necessary and appropriate information about product promotions;</li> <li>Handle claims, complaints and disputes in a timely and fair manner;</li> <li>Take appropriate measures to protect personal and confidential information, while collecting only such information as is necessary, using it solely for the purposes to which the customer has consented;</li> <li>Maintain an appropriate level of professional competence, including attendance at continuing education and training courses, while not acting outside one’s areas of competence; and</li> <li>Provide appropriate oversight of employees and third-party contractors.</li> </ol> <p>For more information, see CISRO’s <a rel="noopener noreferrer" target="_blank" href="https://www.cisro-ocra.com/Documents/View/2404">news release</a> and the proposed <a rel="noopener noreferrer" target="_blank" href="https://www.cisro-ocra.com/Documents/View/2402">Principles of Conduct</a>. As noted above, comments are due on July 9, 2021.</p>31-May-2021 05:26:00{BCDE1F42-1ECC-4B53-90BD-70F6532B3F4A}https://www.stikeman.com/en-ca/kh/insurance-law/ontario-adopts-national-standard-for-fair-treatment-of-insurance-customersAndrew S. Cunninghamhttps://www.stikeman.com/en-ca/people/c/andrew-s-cunninghamStuart S. Carruthershttps://www.stikeman.com/en-ca/people/c/stuart-s-carruthersInsurance Law UpdateL’Ontario adopte une norme nationale pour le traitement équitable des clients du secteur de l’assurance<p><strong>As of January 1, 2021, Ontario’s insurance sector is subject to a new <a rel="noopener noreferrer" rel="noopener noreferrer" href="https://www.fsrao.ca/media/2551/download" target="_blank">fair treatment of customers (“FTC”) approach </a>(“Approach”) of the Financial Services Regulatory Authority of Ontario (“FSRA”). The new Approach adopts the <a rel="noopener noreferrer" rel="noopener noreferrer" href="https://www.ccir-ccrra.org/Documents/View/3450" target="_blank">FTC guidance</a> (“National Guidance”) issued in 2018 by the Canadian Council of Insurance Regulators (“CCIR”) and the Canadian Insurance Services Regulatory Organization (“CISRO”). The Approach and National Guidance apply to insurers and other entities that FSRA regulates under Ontario’s </strong><em><a rel="noopener noreferrer" rel="noopener noreferrer" href="https://canlii.ca/t/2g6" target="_blank"><strong>Insurance Act.</strong></a></em></p> <p>The National Guidance was based on the International Association of Insurance Supervisors’ <em><a rel="noopener noreferrer" rel="noopener noreferrer" href="https://www.iaisweb.org/page/supervisory-material/insurance-core-principles-and-comframe" target="_blank">Insurance Core Principle 19, Conduct of Business</a></em> (“ICP 19”).</p> <p>The issuance of the Approach followed a FSRA consultation on the topic, which concluded in October, 2020.</p> <h2>Affected Entities</h2> <p>The Approach and the National Guidance incorporated by reference into the Approach apply to FSRA-licensed insurance companies as well as to insurance agents and adjusters (as individuals and in partnership or corporate form). The National Guidance does not apply to insurers carrying on only reinsurance business. The previous Ontario guideline on fair treatment of financial services consumers –<em><a rel="noopener noreferrer" rel="noopener noreferrer" href="http://www.fsco.gov.on.ca/en/about/superintendent_guidelines/Pages/fair-treatment-guidelines.aspx" target="_blank"> Superintendent’s Guideline 03/18</a></em> – applied to the insurance sector, as did the National Guidance, resulting in duplication and possible inconsistency between the two standards. The previous Ontario guidance continues to apply to mortgage brokers, loan and trust companies, credit unions and caisse populaires.</p> <h2>Requirements under the National Guidance</h2> <p>The National Guidance includes sections on:</p> <ul> <li>Conduct of business</li> <li>Fair treatment of customers</li> <li>Business culture</li> <li>Relationships between insurers and intermediaries</li> <li>Relationships with regulatory authorities</li> <li>Customer outcomes and expectations</li> </ul> <h3>Customer outcomes and expectations</h3> <p>The majority of the National Guidance deals with customer outcomes and expectations. Twelve specific expectations are listed:</p> <ul> <li><strong>Governance and corporate culture</strong> to have fair treatment of customers at its core;</li> <li><strong>Conflicts of interest</strong> to be avoided if they could affect the fair treatment of customers;</li> <li><strong>Outsourcing</strong> not to be allowed to affect the fair treatment of customers;</li> <li><strong>New and modified insurance products</strong> to take the interests of the target consumer group into account;</li> <li>Distribution models to be tailored to the product and interests of the target consumer group while ensuring that consumers are consistently protected under all distribution models;</li> <li><strong>Disclosure</strong> to be adequate to enable the consumer to make an informed decision whether to enter into an insurance contract;</li> <li><strong>Promotional material</strong> to be clear and accurate and consistent with the result that the consumer can reasonably be expected to achieve;</li> <li><strong>Advice</strong> required by law prior to concluding a contract to be relevant and take into account the customer’s circumstances, as disclosed;</li> <li><strong>Ongoing disclosure</strong> to ensure that customers are reminded about options available to them during the lifecycle of their contract;</li> <li><strong>Claims handling and settlement</strong> to be conducted fairly and diligently using a simple and accessible procedure;</li> <li><strong>Complaints handling and dispute resolution</strong> to be conducted fairly and diligently using a simple and accessible procedure; and</li> <li><strong>Personal information</strong> to be protected in accordance with legislation and industry best practices. </li> </ul> <p>The points above are discussed in greater detail in the <a rel="noopener noreferrer" rel="noopener noreferrer" href="https://www.ccir-ccrra.org/Documents/View/3450" target="_blank">National Guidance.</a> Some of them are also discussed in our posts relating to the original release of the National Guidance by CCIR and CISRO in 2018.</p> <h2>Application and Remedies</h2> <p>The Approach and National Guidance together provide a comprehensive set of standards under which FSRA examines internal policies and procedures relating to risk identification and risk management on the part of licensees.</p> <p>Because the Approach and National Guidance are principles-based, licensees are able to tailor their policies and procedures in ways that are appropriate to the size and type of business in which they engage, provided that the chosen policies and procedures are designed to achieve the expected outcomes.</p> <p>Where non-compliance with the Approach/National Guidance is found, FSRA can respond with a range of remedies, from education to regulatory discipline and intervention.</p> <h2>Going Forward</h2> <p>Recognizing the value of nationwide harmonization, the Approach specifies that revisions to the National Guidance adopted by CCIR and CISRO will automatically be adopted into the Approach at the same time.</p> <p>The Approach took effect in Ontario on January 1, 2021 and is scheduled for a three-year review on or before January 1, 2024.</p>20-Jan-2021 06:04:00