From Regulation to Assurance — Supervised.Resilient.
OSFI oversees 400+ financial institutions and $10T+ in assets across 5 overlapping regulatory guidelines. What if all of those signals could inform each other?
Federally regulated financial institutions
In assets under prudential oversight
Pension plans supervised
The Complexity Challenge
OSFI's regulatory framework has grown to encompass five overlapping guidelines covering model risk, climate, cyber, third-party, and operational resilience — each with distinct requirements, timelines, and reporting obligations.
The real challenge isn't any single guideline. It's the intersections between them: climate scenario models must meet E-23 governance standards. Third-party technology risks span both B-10 and B-13. Operational resilience depends on cyber resilience capabilities.
Meanwhile, OSFI's Strategic Plan 2024-2027 calls for becoming a data-driven regulator with “leading-edge data management, collection, and analytical capabilities.” The Data Collection Modernization initiative is underway, but the guideline intersections demand a unified analytical framework.
Five guidelines. One unified intelligence layer.
Key Regulatory Guidelines
E-23 Model Risk
Enterprise-wide model risk management guideline — soundness, accountability, and explainability requirements for AI/ML models across all FRFIs.
B-15 Climate Risk
Climate risk management with phased Scope 1, 2, and 3 GHG emissions disclosure using PCAF methodologies. Full compliance by 2028.
B-13 Tech & Cyber
Technology and cyber risk management — mandatory 24-hour cyber incident reporting, intelligence-led resilience testing, and third-party tech risk controls.
E-21 Operational Resilience
Critical operations mapping, impact tolerance setting, and scenario testing for severe but plausible disruption events.
B-10 Third-Party Risk
Comprehensive third-party risk management including vendor inventory, risk-based due diligence, exit strategies, and fourth-party oversight.
The Vision: From Regulation to Assurance
OSFI's guidelines don't exist in isolation — they form an interconnected regulatory fabric. The next step: unified intelligence that turns cross-guideline signals into supervisory assurance.
Cross-Guideline Intersections
Third-party technology risk overlaps with outsourcing risk management
Climate scenario models must meet model risk governance standards
Operational resilience depends on cyber resilience capabilities
Third-party dependencies are critical operations dependencies
Climate risk affects capital adequacy through credit, market, and operational risk
Two Sides of the Same Coin
The vision has two dimensions — compliance intelligence for institutions and supervisory assurance for OSFI. Together they create a virtuous cycle.
For Institutions
Compliance Intelligence
A unified analytical framework that maps all five OSFI guidelines into a single view. Cross-guideline gap analysis, automated Pillar 3 monitoring, and proactive compliance rather than reactive reporting.
For OSFI
Supervisory Assurance
Data-driven supervisory intelligence that surfaces early warning signals across institutions. Cross-guideline risk propagation detection, peer benchmarking, and evidence-based supervisory actions aligned with the Strategic Plan 2024-2027.
The insight that bridges both: when regulatory data flows between guidelines, every institution gets better compliance intelligence and OSFI gets stronger supervisory assurance.
The Intelligence Model
Cross-guideline synthesis creates compounding value for supervision and compliance.
Data Layer
- OSFI Guidance Library ingestion
- Pillar 3 capital disclosures
- Basel III/IV framework standards
synthesizes into
Intelligence
- Cross-guideline risk signals
- Institutional compliance patterns
- Supervisory early warnings
The question this system keeps answering:
“What if all of these signals could inform each other?”
E-23 model governance informs B-15 climate scenario quality. B-13 cyber resilience underpins E-21 operational resilience. B-10 third-party risks propagate across every guideline. The unified intelligence layer makes these connections visible and actionable.
Who We Serve
Seven stakeholder groups, one connected ecosystem. Each brings unique capabilities — shared infrastructure amplifies all of them.
D-SIBs (Big Six Banks)
RBC, TD, Scotiabank, BMO, CIBC, and National Bank face overlapping compliance requirements across E-23, B-15, B-13, B-10, and E-21 with no unified view.
Cross-guideline compliance dashboard with automated gap analysis, Pillar 3 monitoring, and proactive early warning signals.
Reduce manual compliance effort across 5 guidelines, surface cross-guideline risks before they compound.
Regional & Schedule II Banks
Smaller institutions like Laurentian Bank and CWB face the same regulatory complexity as D-SIBs but with fewer resources for cross-guideline analysis.
Peer benchmarking against comparable institutions, proportional compliance templates, and automated regulatory change tracking.
Enterprise-grade compliance intelligence without enterprise-scale teams. Level the analytical playing field.
Life & P&C Insurers
Manulife, Sun Life, Great-West, and Intact navigate IFRS 17, LICAT/MCT reporting, plus B-15 climate risk — each with unique intersection points.
Insurance-specific guideline mapping, LICAT impact analysis, and cross-guideline risk propagation from climate scenarios to capital adequacy.
Unified view of how climate risk, model governance, and capital adequacy interact in the insurance context.
Pension Funds
1,200+ federally regulated pension plans face evolving fiduciary expectations around climate risk, ESG integration, and operational resilience.
Pension-specific compliance tracking, climate risk integration guidance, and regulatory change impact analysis.
Proactive fiduciary compliance with evidence-based risk management aligned to OSFI expectations.
Credit Unions
Desjardins and federal credit unions face similar guideline requirements but with cooperative governance structures that complicate implementation.
Cooperative-tailored compliance frameworks, proportional implementation guidance, and peer benchmarking within the credit union sector.
Meet OSFI expectations while preserving cooperative principles. Evidence-based compliance for board reporting.
Fintechs & Service Providers
Technology providers serving FRFIs must understand B-10 third-party requirements and B-13 cyber expectations from the vendor side.
Vendor-side compliance intelligence, FRFI expectation mapping, and proactive certification alignment with OSFI guidelines.
Differentiate in FRFI procurement by demonstrating OSFI-aligned risk management. Win trust with evidence.
The Platform
Four phases, each building on the last. From regulatory landscape mapping to data-driven supervision.
Regulatory Landscape Mapping
Phase 1
Unified view of all OSFI guidelines and their intersections. Cross-guideline dependency mapping, compliance gap identification, and regulatory change tracking.
Institutional Intelligence
Phase 2
Cross-institution compliance patterns and supervisory insights. Automated Pillar 3 analysis, peer benchmarking, and early warning signals across the D-SIB ecosystem.
Predictive Risk Analytics
Phase 3
Early warning systems using cross-guideline signal synthesis. Climate-to-capital risk propagation modeling, cyber incident trend analysis, and model risk aggregation.
Data-Driven Supervision
Phase 4
Real-time assurance and automated regulatory reporting. Continuous compliance monitoring, DCM-aligned data collection, and supervisory intelligence dashboards.
Regulatory Landscape Mapping
Unified view of all OSFI guidelines and their intersections. Cross-guideline dependency mapping, compliance gap identification, and regulatory change tracking.
Institutional Intelligence
Cross-institution compliance patterns and supervisory insights. Automated Pillar 3 analysis, peer benchmarking, and early warning signals across the D-SIB ecosystem.
Predictive Risk Analytics
Early warning systems using cross-guideline signal synthesis. Climate-to-capital risk propagation modeling, cyber incident trend analysis, and model risk aggregation.
Data-Driven Supervision
Real-time assurance and automated regulatory reporting. Continuous compliance monitoring, DCM-aligned data collection, and supervisory intelligence dashboards.
Global Regulatory Benchmarks
How OSFI compares to peer prudential regulators globally. Each sets standards that influence the others — cross-jurisdictional intelligence is essential.
APRA (Australia)
CPS 230Australian Prudential Regulation Authority. Operational resilience standard CPS 230 effective July 2025 — sets global benchmark for critical operations mapping.
PRA (UK)
SS1/23Bank of England Prudential Regulation Authority. Model risk management SS1/23 and climate risk CP6/22 set precedents OSFI has drawn from.
Fed / OCC (US)
SR 11-7Federal Reserve model risk guidance SR 11-7 and Basel III endgame implementation. The largest comparable regulatory framework by assets supervised.
BIS (Basel)
Basel III/IVBank for International Settlements. The Basel Committee on Banking Supervision sets the global standards that OSFI's CAR framework implements domestically.
OSFI leads in integrated regulatory frameworks.
Five cross-referenced guidelines spanning model risk, climate, cyber, third-party, and operational resilience. Cross-guideline intelligence turns this from a compliance burden into a supervisory advantage.
Assets supervised across federally regulated institutions
Strategic Plan Alignment
OSFI's Strategic Plan 2024-2027 prioritizes data management and analytics. This platform directly supports that vision.
Priority 4: Data Management & Analytics
Leading-edge capabilities • Data-driven regulator • DCM initiative
OSFI's strategic plan calls for “leading-edge data management, collection, and analytical capabilities and systems”. The Data Collection Modernization (DCM) initiative is transforming how regulatory data flows between institutions and OSFI. This platform provides the analytical layer that makes that data actionable.
Guideline-by-Guideline Compliance
Siloed compliance across E-23, B-15, B-13, B-10, and E-21. Manual cross-referencing. Reactive reporting.
Unified Regulatory Intelligence
Cross-guideline synthesis, automated early warnings, proactive supervisory intelligence. Data-driven assurance.
What Unified Intelligence Enables
Cross-Guideline Synthesis
Today: Manual cross-referencing across 5 guidelines
Automated intersection analysis and gap detection
Institutional Benchmarking
Today: Limited peer comparison capabilities
Real-time D-SIB and sector-wide benchmarking
Supervisory Assurance
Today: Reactive compliance monitoring
Proactive early warning signals across risk domains
The data is already flowing. OSFI's guidance library, Pillar 3 disclosures, and Basel framework standards are already in the intelligence layer. The platform turns regulatory data into supervisory insight that no manual process could produce at this scale.
The Value Proposition
Two compounding value layers — compliance efficiency that reduces manual effort, and risk intelligence that surfaces cross-guideline insights.
Compliance Efficiency
Unified analysis across E-23, B-15, B-13, B-10, and E-21
Continuous compliance gap identification and prioritization
Live monitoring of OSFI consultation papers and amendments
Risk Intelligence
D-SIB peer comparison on capital, climate, and cyber readiness
Risk propagation detection across operational, climate, and model domains
Data-driven supervisory intelligence for proactive risk management
Unified regulatory intelligence
Platform capability
Cross-guideline assurance
Analytical capability
Start the Conversation
Five overlapping guidelines. 400+ institutions. $10T+ in assets. The complexity is real — so is the opportunity for unified intelligence. Let's explore what data-driven supervision looks like together.