Follow TopicFollow Contributor Share Feedback
The Threat of Operational Risk in Canada

The Threat of Operational Risk in Canada

by Starling Insights

Starling Insights Editorial Board

Apr 04, 2025

Observations

In a recent article, credit rating agency Morningstar DBRS discusses the increasing threat of operational risk to Canadian financial institutions.

The report notes that "exposure to these risks has grown substantially", driven by rapid technological advancements, increased reliance on third parties, geopolitical tensions, and large-scale mergers. Additionally, cyber threats, fraud, and anti-money laundering (AML) risks are escalating, with some being state-supported. Canada's Office of the Superintendent of Financial Institutions (OSFI) underscored these concerns in its 2025–26 Annual Risk Outlook, identifying "integrity and security risk" as its top concern.

The report explains that managing operational risk is "intrinsically difficult" due to its opaque, interconnected, and unpredictable nature. Unlike financial risks, operational risks often lack historical data, making them harder to quantify. The continuously evolving financial landscape introduces new risks that existing operational risk management (ORM) frameworks may not fully address. Financial institutions must adopt dynamic ORM frameworks with strong governance to "minimize the frequency and intensity of disruptions and losses," Morningstar argues.

Regulators play a critical role in addressing these risks. OSFI has expanded its mandate to "include integrity and security" and issued the Integrity and Security Guideline (January 2024), focusing on cyber security, third-party risk, and governance. Its revised Supervisory Framework (April 2024) also incorporates new risk assessment categories, including "operational resilience and risk governance."

Notably, as we have discussed previously, OSFI has also emphasized the impact of culture on operational risk, resilience, and integrity. In an interview for Starling's 2022 Compendium, Peter Routledge, Canada's Superintendent of Financial Institutions, discussed how OSFI seeks to regulate and supervise the non-financial risks stemming from organizational culture and the behavior it promotes. ▸ Read More

Join The Discussion

See something that doesn't look quite right?

We strive to provide high quality and accurate content at all times. With that said, we realize that sometimes links break, new information becomes available, or there is something that you feel we may have missed.

If you see something that you think we should be aware of, we would love to hear from you. Feel free to drop us a note below and leave your name and contact info if you'd like to hear back from us.

Thank you for being a key part of the Starling Insights community!