About CDIC

Risk Committee Charter

Approved by the CDIC Board of Directors: March 6, 2019

Download the PDF version (247 KB)


Purpose and Mandate

The purpose of the Risk Committee (the “Committee”) of the Board of Directors (the “Board”) of Canada Deposit Insurance Corporation (the “Corporation”) is to assist the Board in fulfilling its oversight responsibilities with respect to the identification, assessment, management, and reporting of key risks to which the Corporation is exposed, and the development of mitigation strategies for the management of those risks.

The Committee’s responsibilities include assisting with the Board’s oversight of the Corporation’s enterprise risk management framework and the Corporation’s identification, assessment, management, and reporting of the key risks to which the Corporation is exposed, including financial, operational, reputational and strategic risks which could have an impact upon the Corporation’s ability to carry out its mandate. The Committee’s responsibilities are set out in detail in Section C, below.

The Committee, as a standing committee of the Board, derives its mandate and responsibilities from the Board.

A. Operating Principles and Procedures

  1. Functions and Composition
    1. There shall be a Risk Committee, the members of which shall be:
      1. two or more of the non-ex officio Directors, one of whom shall be a member of the Audit Committee and one of whom shall be a member of the Governance and Human Resources Committee (“GHRC”); and
      2. one or more of the ex officio Directors, one of whom shall be a member of the Board who is either the Superintendent of Financial Institutions, a Deputy Superintendent of Financial Institutions, or an officer of the Office of the Superintendent of Financial Institutions, as named by the Board.
    2. Members of the Committee should be changed on an appropriate, regular basis. Such change should be on a rotation basis in order to ensure that the entire Committee is not changed at any one time.
    3. All members of the Committee shall be independent of Management and the Corporation.
    4. The Committee will carry out the duties outlined in this Charter and such other functions as are assigned or delegated to it by the Board.
  2. Competencies
    1. All members appointed to the Committee shall either:
      1. have a good understanding of risk management concepts and practices, upon appointment; or
      2. undertake to acquire the necessary knowledge within a reasonable time after their appointment to the Committee.
    2. Where appropriate, Committee members will enhance their familiarity with risk management concepts and practices, and other areas relevant to their responsibilities, by keeping abreast of trends and best practices in these areas including considering topical issues and their application to the Corporation, and by participating in educational sessions or other opportunities for development.
  3. Chair and acting Chair – The Chair of the Committee shall be a non-ex officio Director, other than the Director who is the Chair of the Audit Committee, as selected by the Board. Where at any meeting the Chair is absent, one of the members of the Committee, who is chosen so to act by the members present shall preside and have all the powers of the Chair.
  4. Frequency and Calling of Meetings – The Committee shall meet at the discretion of the Chair of the Committee, but not less frequently than three times each year. Meetings may also be called by any other member of the Committee, the Chairperson of the Board, the President and Chief Executive Officer (“President & CEO”) or the Chief Risk Officer (“CRO”).
  5. Meeting Agenda – A written agenda for each meeting of the Committee shall be established by its Chair, in consultation with Management, and distributed to the members of the Committee at least five days in advance of the meeting date, together with any related materials, if available.
  6. Quorum – The presence of three members constitutes a quorum for a meeting of the Committee.
  7. Supplemental Attendees – Any Director may attend any meeting of the Committee. Any person who may possess information that would be useful to the Committee in carrying out its duties may be invited by the Chair or acting Chair to attend any meeting of the Committee.
  8. Procedure and Conduct – Subject to other provisions of this Charter, the Corporate By-law, and any resolution of the board respecting a specific matter, the Chair shall determine the procedure at and conduct of meetings of the Committee.
  9. Voting – A matter put to a vote at a meeting of the Committee shall be decided by a majority of the votes cast, and in the event of an equality of votes its Chair has a second vote.
  10. Private Meetings (in camera) – The Committee shall meet privately as a committee at each regular meeting, and periodically with the President & CEO and the CRO, in separate private sessions.
  11. Minutes – The Corporate Secretary shall provide copies of the approved minutes of the proceedings of the Committee to all Directors upon request.
  12. Reporting – The Committee shall, where appropriate, provide an oral report of each meeting of the Committee at the next regular Board meeting, or as may otherwise be required by the Board. If practicable, any report to the Board shall be in writing.
  13. Disclosure – The Committee shall ensure that this Charter and its composition are publicly disclosed.
  14. Workplan – The Committee shall, in consultation with Management, develop an annual workplan responsive to the Committee’s duties and responsibilities.
  15. Self-assessment – The Committee shall review its performance regularly and assess whether the Committee has fulfilled its responsibilities and duties stated in this Charter. The Committee shall also regularly assess the effectiveness of its Chair.
  16. Review of Charter – The Committee shall review and assess the adequacy of this Charter annually. If the Committee considers that amendments are necessary, the Committee shall recommend such amendments to the Board for its approval.

B. Authority

  1. Investigation – In assisting the Board in discharging its oversight responsibilities, the Committee is empowered to investigate any matter under its responsibility, with full access to all books, records, facilities and personnel of the Corporation.
  2. Information – The Committee is empowered to seek any information it requires from Management or employees of the Corporation regarding any matter under its responsibility.
  3. Input of Other Board Committees – The Committee may request the input of other Board Committees regarding any matter under its responsibility. In particular, the Committee may confirm that material risks are being addressed by appropriate Committees of the Board and may collect information from the Committees to be able to provide a comprehensive reporting to the Board at least annually.
  4. Independent Counsel or Other Advisors – The Committee has the authority, in accordance with the Board’s Policy respecting Engagement of Separate Independent Counsel or Other Advisors, to engage outside advisors, including but not limited to counsel, independent consultants and other experts, as needed, to review any matter under its responsibility.

C. Duties and Responsibilities

  1. Enterprise Risk Management (“ERM”) Framework – The Committee’s duties and responsibilities with respect to ERM are set out below. The Committee shall:
    1. review and recommend to the Board for approval, annually, an ERM framework for the Corporation to support its strategic objectives. This framework is an integrated and disciplined approach to risk management that includes the Corporation’s risk appetite statement and confirms that appropriate and prudent risk policies and processes are in place to identify, assess and report on management’s control framework and identify, assess and report on material risks, including actions being taken to address and/or mitigate these risks.

      The ERM framework addresses:

      1. the inherent risks to the Corporation’s strategic objectives and its operations;
      2. how the Corporation defines material types of risk to which it is exposed;
      3. risk management governance, risk culture, and organizational design; and
      4. how the Corporation manages risk through policies and processes that identify and assess, measure, control, monitor and report risk.

      The ERM framework provides for the robust management of individual risk types that could have a material impact on the Corporation. The Corporation’s major risk types include: financial risk (e.g., investments), operational risk (e.g., people, information systems and technology, conduct risk); reputational risk (e.g. depositor, public awareness) and strategic risks (e.g., risk planning, strategies and priorities). Management oversight of risk types is provided by Management and Board Committees supported by a robust control framework;

    2. receive reports on the effectiveness of the ERM framework, regularly assess the effectiveness of the ERM framework, and recommend to the Board any changes that are considered advisable;
    3. regularly review and recommend to the Board for approval a risk appetite statement that communicates the aggregate levels and types of risk that the Corporation is willing to accept to achieve its strategic objectives. In defining its risk appetite, the Corporation takes into account its mission, purpose, strategy, shared commitments, risk philosophy and capacity to bear risk;
    4. review and monitor the Corporation’s information systems strategies, including its risk management approach to and methodology for identifying, assessing and managing any cyber or other risks that could affect the Corporation’s information systems, including systems that would be used for a payout, thereby affecting the Corporation’s operations or its ability to carry out its mandate;
    5. ensure there is a system in place for monitoring the Corporation’s ethical and legal compliance, receive regular reports from Management on areas of significant risk to the Corporation, for example, but not limited to legal claims, environmental issues, health, safety, and other regulatory matters, and obtain on an annual basis reports that the Corporation is in conformity with applicable legal requirements;
    6. receive and review regular reports on the key and emerging risks:
      1. to which the Corporation is exposed directly; and
      2. to which the Corporation is exposed arising from key and emerging risks to which member institutions are exposed;

      and the policies, systems and controls in place to manage those risks;

    7. on a regular basis, obtain reasonable assurance that the ERM framework, including the risk appetite statement, and the Board risk policies, are being adhered to (reports received by the Committee should also be provided to the Audit Committee, as appropriate); and
    8. review the strategies developed by Management for the identification, assessment, mitigation and management of the key risks to which the Corporation is or may be exposed, and regularly review such strategies, including to ensure that any lessons learned are reviewed and considered to ensure such strategies remain appropriate.
  2. Member Risk Assessment, Preparedness and Resolution – The Committee shall review methodology for member risk assessment and regularly review Domestic Systemically Important Bank (“D-SIB”) and non-D-SIB member assessments, as well as watchlist and high-risk members and new member organization assessments, for the purpose of identifying, assessing, mitigating and managing key risks to which the Corporation is or may be exposed.

    The Committee’s oversight of member risk assessment provides an opportunity for an in-depth discussion of member risk assessment prior to Management’s presentation to the Board. The Committee’s oversight of member risk assessment does not affect the requirement that the Board approve certain interventions under the Corporation’s Board risk policies.

  3. The Chief Risk Officer (CRO) – In order to assist the Committee in fulfilling its responsibilities, the Committee shall:
    1. have oversight of the risk management function, establish a functional reporting line from the risk management function to the Committee, have unfettered access to the risk management function through the CRO and vice versa; and
    2. at least once a year, meet privately with the CRO to confirm that the function is objective (free of conflicts), has the capacity and capabilities to perform the work plans, and sufficient organizational authority to facilitate the provision of complete, accurate and timely reports to the Committee.
  4. Reports and Information, General – The Committee should receive and review any information or reports that may be relevant to or assist the Committee with the fulfilment of its responsibilities, and where any information or reports may be relevant to or assist another Committee with the fulfilment of its responsibilities, the Committee should share or cause same to be shared with such other Committee. This includes confirming with the GHRC and the Audit Committee that material risks are being addressed by these Committees and collecting information from these Committees to be able to provide a comprehensive reporting to the Board at least annually.

Back to top