The COVID‑19 pandemic made 2020 a very challenging year for managing enterprise risk. Faced with significant and prolonged uncertainty amid exceptional circumstances, the Bank:
- applied its comprehensive risk management framework to assess risks across the organization
- made decisions about the appropriate actions to take in response
- developed new tools for managing these risks
Despite these challenges, the Bank successfully completed an overhaul of its approaches to managing cyber and third‑party risks. It also laid the foundation for a strategy to manage climate‑related risks.
Managing risk in a crisis
As the pandemic unfolded and the severity of the crisis came into focus, Bank leaders met regularly to discuss rapidly developing risks and consider their potential impact. In doing this, they relied on the Bank’s risk management framework to:
- provide a governance structure
- lay out clear roles and responsibilities
- provide the risk parameters and management processes needed to make risk‑informed decisions
Using this framework helped the Bank adapt its risk management practices to the rapidly shifting and highly complex environment of the COVID‑19 pandemic.
The Bank uses four broad categories to classify its risks: financial, operational, strategic and climate.
At the beginning of the pandemic, the Bank launched several large‑scale asset purchase programs to increase liquidity in core funding markets.1 As a result, its balance sheet expanded rapidly in both size and scope. This exposed the organization to additional market and credit risks. The Bank used various methods to mitigate these risks, including:
- taking securities against the lending it extends to financial institutions
- reviewing the value of that collateral periodically to ensure it is well above the value of the loans
The Bank continuously monitored its approach to managing these risks and adjusted it as needed. For certain market operations, such as the range of asset purchase programs put in place, the Government of Canada indemnifies the Bank from losses, and the Bank remits gains to the Government. Even with these indemnities, the Bank established a comprehensive risk management program for all special market operations.
The Bank also engaged specialists from its joint external auditors to review and comment on the design of controls over its extraordinary operations. Based on the specialists’ report, as well as on close monitoring when it implemented these programs, the Bank concluded that controls are generally appropriate. However, opportunities exist to further mature risk management processes and automate some activities.
The Bank dealt with a variety of operational risks arising from the pandemic, which required ongoing assessment and active management.
The Bank’s financial market and payments activities faced considerable pressure due to the increasing volume of new operations and the shift to mandatory remote work. The Bank put measures in place to ensure it could securely develop and implement these new market operations. These included:
- expanding the teams responsible for operations
- ramping up cyber security monitoring
The rapid shift to remote work increased the threat of cyber attacks. The Bank paid close attention to this aspect of the external environment. Recent significant investments in its information technology systems and processes meant that the Bank was able to effectively manage these risks.
The COVID‑19 crisis also underscored the Bank’s ongoing efforts to understand and manage the interdependencies between its own operations and those of third parties. In 2020, the Bank used its third‑party risk management framework to identify and manage such risks. The pandemic affected businesses across Canada and around the world. It was therefore critical for staff to understand the implications of third‑party relationships in order to conduct the Bank’s business in a timely and effective way.
Strategic risks arise from external conditions, such as widespread shifts in public opinion. The Bank was exposed to such risks due to:
- the extreme uncertainty brought on by the pandemic
- the extraordinary nature of the Bank’s response
To manage these risks, the Bank continuously monitored the situation and provided clear and accurate communication on its policy actions to market participants and the public. This ensured that both market users and the general public maintained a high level of confidence and trust in the Bank (see Communications and outreach for more information).
In 2019, the Bank formally added climate risk to its risk classification and monitoring processes. In 2020, it began to develop a strategy for understanding, measuring and mitigating risks related to climate change.
A great deal of uncertainty remains around the evolution of the COVID‑19 pandemic in 2021. To manage this uncertainty, the Bank will continue to be guided by its risk management framework and supported by a mature risk culture.
In particular, the Bank will:
- continue to monitor the financial, operational and strategic risks arising from the pandemic and put mitigation strategies into place as needed
- conduct scenario analysis to ensure the ongoing resilience and continuity of its operations
- make progress on its strategy for managing climate‑related risks
- increase investments in the risks and opportunities arising from automation and other innovations linked to artificial intelligence