Risk management

As the Canadian economy continued to recover from the effects of the pandemic, risk management remained central to the Bank’s decisions and policy-making activities. In particular, the Bank focused on improving the robustness and reliability of systems and processes that support its operations. At the same time, the Bank invested in its ability to foresee and manage emerging and long-term risks.

Learn more about the Bank’s approach to risk management.

Managing risk through uncertainty

In 2021, the Bank continually reassessed the policies and programs that made up its pandemic response. As part of this process, it considered:

  • its operational capacity to reliably deploy its tools
  • the risks to its financial position

The Bank’s risk management framework consists of three lines of defence, which were used to:

  • analyze new proposals to calibrate, terminate or introduce new measures (first line)
  • ensure that proposed actions are aligned with the Bank’s risk appetite and support risk-informed decisions (second line)
  • conduct regular audits to identify lessons learned in support of a broader cycle of continuous improvement (third line)
Learn more about the three lines of defence.

Using this framework, the Bank adapted its risk management practices to address the effects of the pandemic, which changed often and were highly complex. The framework also helped the Bank better position itself for future crises or periods of market stress.

Assessing risks to the Bank

The Bank assesses and manages four broad categories of risks:

  • financial
  • operational
  • strategic
  • environmental and climate-related

Financial risk

Throughout 2021, the Bank remained exposed to market, credit and income risks associated with the pandemic-related growth of its balance sheet. While agreements with the Government of Canada protect the Bank against some specific losses, the Bank manages these risks as its own. It continues to use various methods to mitigate them, including:

  • taking securities against the lending it extends to financial institutions (or, conversely, taking cash against loans of securities)
  • periodically reviewing the eligibility and value of collateral to:
    • ensure that relevant market participants can access liquidity
    • protect the Bank against the risk of financial loss
  • conducting forward-looking scenario analyses and stress testing of the Bank’s balance sheet and income to help prepare for the future

Other potential future losses are associated with interest paid on deposits held at the Bank and their effect on the Bank’s net income. These deposits, particularly settlement balances, were significantly larger in 2021 than in the past due to the Bank’s exceptional monetary policy operations in response to the pandemic.

The Bank continued to monitor its approach to managing these risks. It also used its comprehensive risk management program established in 2020 for all special market operations.

Operational risk

The Bank’s pandemic response resulted in a significant increase in the volume and value of daily transactions and operations. Bank staff therefore needed to conduct ongoing assessments and actively manage them.

The Bank put measures in place to ensure it could securely maintain or even increase its already high level of market operations. These measures included:

  • a review of resources dedicated to financial market and banking operations, which spurred an increase in the number of staff with the required skills  
  • upgrades to, and automation of, relevant Bank systems—including for risk monitoring and reporting—saving hundreds of hours of manual labour
  • investments in information technology and processes to reduce heightened cyber risks arising from the Bank’s shift to remote work

The Bank also took steps to align itself with industry best practices and to future-proof its operations. To this end, it initiated a comprehensive assessment of the maturity of its enterprise risk management (ERM), inviting input from Bank staff and external consulting firms. Results are being integrated into a new ERM strategic plan, which will be finalized in early 2022.

Strategic risk

Strategic risks arise from external conditions, such as widespread shifts in public perceptions of central banks. The Bank continued to be exposed to such risks because of the extraordinary nature of its response to the pandemic.

To manage these risks, the Bank continually monitored the situation and provided market participants and the public with clear communication on its policy actions.

Environmental and climate-related risk

In 2021, the Bank dedicated more resources to understanding and managing climate risks. It remained actively involved internationally, helping establish best practices for central banks and other financial sector participants.

The Bank also began developing a strategy for climate risk assessment to align its financial disclosures with the recommendations of the Task Force on Climate-Related Financial Disclosures.

Learn more about the Bank’s climate change work.

Looking forward

The Bank’s risk management framework will continue to guide the Bank’s efforts to support pandemic recovery. At the same time, the Bank will remain committed to improving its risk management strategy and tools.

In particular, in 2022 the Bank will:

  • continue to monitor financial, operational and strategic risks arising from the current economic context and establish mitigation strategies as needed
  • implement the final phases of its third-party risk management framework, which includes training, enhanced monitoring and reporting, and introducing new technologies and automation
  • work toward publishing a report that follows the recommendations of the Task Force on Climate-Related Financial Disclosures and advance international standards for climate risk measurement and management
  • review some components of its core risk policies and frameworks to improve its defence approach, including:
    • clarifying its risk appetite for specific areas such as operational and cyber risks
    • developing new risk metrics and processes for monitoring and reporting
    • assigning roles and responsibilities to ensure clear accountability