Regulatory Alerts2014-11-30
Regulatory Compliance Management (RCM) Guideline
The Office of the Superintendent of Financial Institutions (OSFI) requires federally regulated financial institutions to establish and maintain an effective, enterprise-wide Regulatory Compliance Management framework that identifies, assesses, and mitigates compliance risk through a proportionate, risk-based approach. The guideline replaces the 2003 Legislative Compliance Management framework and mandates clearly defined Chief Compliance Officer responsibilities, robust day-to-day and independent oversight controls, structured internal reporting to senior management, and periodic validation by internal audit. Institutions must tailor these controls to their specific size, complexity, and risk profile while ensuring senior management actively oversees compliance policies, addresses cross-organizational deficiencies, and maintains adequate documentation to demonstrate ongoing regulatory adherence.