In a recent article, credit rating agency Morningstar DBRS discusses the increasing threat of operational risk to Canadian financial institutions.
The report notes that "exposure to these risks has grown substantially", driven by rapid technological advancements, increased reliance on third parties, geopolitical tensions, and large-scale mergers. Additionally, cyber threats, fraud, and anti-money laundering (AML) risks are escalating, with some being state-supported. Canada's Office of the Superintendent of Financial Institutions (OSFI) underscored these concerns in its 2025–26 Annual Risk Outlook, identifying "integrity and security risk" as its top concern.
The report explains that managing operational risk is "intrinsically difficult" due to its opaque, interconnected, and unpredictable nature. Unlike financial risks, operational risks often lack historical data, making them harder to quantify. The continuously evolving financial landscape introduces new risks that existing operational risk management (ORM) frameworks may not fully address. Financial institutions must adopt dynamic ORM frameworks with strong governance to "minimize the frequency and intensity of disruptions and losses," Morningstar argues.
Regulators play a critical role in addressing these risks. OSFI has expanded its mandate to "include integrity and security" and issued the Integrity and Security Guideline (January 2024), focusing on cyber security, third-party risk, and governance. Its revised Supervisory Framework (April 2024) also incorporates new risk assessment categories, including "operational resilience and risk governance."
Notably, as we have discussed previously, OSFI has also emphasized the impact of culture on operational risk, resilience, and integrity. In an interview for Starling's 2022 Compendium, Peter Routledge, Canada's Superintendent of Financial Institutions, discussed how OSFI seeks to regulate and supervise the non-financial risks stemming from organizational culture and the behavior it promotes. ▸ Read More
Join The Discussion