Minister of Finance Financial Risk Management Guidelines For Crown Corporations

August 2009

Crown corporations undertake a wide range of corporate activities that engender financial risk, including raising financing, managing investments and using derivatives. It is important that Crown corporations follow a comprehensive, entity-wide approach to risk that allows the entity to identify and manage financial risks on a timely basis across all business lines and areas under corporate control. Crown corporations should also have a culture of risk awareness that is embedded in the way the entity operates and covering all areas and activities.

While many Crown corporations operate at arm’s length from the government, as public institutions, they are ultimately accountable to the government. It is in the government’s and taxpayers’ best interest that prudent and appropriate financial risk management policies and practices are in place.

Section 15, Part I of the Financial Administration Act (FAA) states that "the Minister of Finance is responsible for the supervision, control and direction of all matters relating to the financial affairs of Canada not by law assigned to the Treasury Board or to any other minister". Prudent financial risk management is also supported by various pieces of federal legislation, including Part X of the FAA for most Crown corporations and specific enabling legislation for those Crown corporations exempted from the FAA, that generally call for a system of control and reporting for those entities.

Consistent with this overarching responsibility, the Minister has resolved to provide guidance to Crown corporations on the prudent management of financial risks. Such guidance is informed by leading practices for similar private sector financial intermediaries and other comparable sovereign entities, where applicable, and by applicable Canadian and international regulatory standards, as they evolve. These guidelines also draw from several reports, including the report by the Institute of International Finance Committee (IIF) on Market Best Practices: Principles of Conduct and Best Practice Recommendations, the Report of the Financial Stability Forum on Enhancng Market and Institutional Resilience and the Counterparty Risk Management Policy Group (CRMPG) III Report Containing Systemic Risk: The Road to Reform.

These guidelines apply to a broad spectrum of Crown corporations accountable to the Government of Canada and listed in Schedule III, Parts I and II of the FAA (including those corporations exempted under Part X, section 85 (1))^[1], as well as the Canadian Wheat Board, newly-created Crown corporations and any wholly-owned subsidiaries of these entities. The levels of distinction range from non-financial Crown to financial Crown corporations, with those with extensive treasury operations being differentiated from those with liquidity pools (e.g. endowment funds), small cash operations and less sophisticated treasury operations.

These guidelines provide direction from the Minister on prudent risk management policy and practices. It is the responsibility of the governance authority of each entity to develop risk management policies and practices that are appropriate for its corporate and treasury activities and these guidelines. The governance authority responsible for the entity, typically the Board of Directors, may approve exceptions to these guidelines where the nature of the business line or portfolio type warrants it. Under such circumstances, an entity will be deemed as fulfilling the main intent of the guidelines if senior management has advised the governing authority on the deviation from these guidelines, and approval is granted. This stipulation applies to all sections of these guidelines. The Minister of Finance will not play a governance role, but reserves the right to request information relating to Crown corporation financial risk management policies, practices and exposures as needed.

The purpose of these guidelines is to set forth a principles-based framework for financial risk management for all Crown corporations. Within this framework, the governance authority is responsible for setting and applying risk management policy and procedures to manage the financial risks and is fully accountable for outcomes. It is expected that Crown corporations will tailor risk management policies and practices to take into account their mandate, scope, size and the nature of their risk exposures. These guidelines set out the position of the Minister of Finance with respect to the standards of financial risk management that are expected to be followed by Crown corporations of the Government of Canada. It is the expectation of the Minister of Finance that all approaches should be consistent with these guidelines and evolving leading practices.

The principles of these guidelines apply to all sources of financial risk arising from the activities of Crown corporations, and entities they control. The practices of these guidelines apply to treasury management activities, including raising financing, managing investments and using derivatives (hereinafter referred to as "risk-generating activities"). It is expected that entities will also have in place appropriate mechanisms for monitoring and managing the financial risks associated with internally- and externally-managed pension funds, while taking into account laws and arrangements that support differential standards with respect to management and financial risk-taking.^[2]

Financial risks that should be covered within the financial risk management framework include credit risk (including settlement risk), liquidity risk, market risk (including foreign exchange and interest rate risk, and other market value-related risks such as equity risk and commodity risk), as well as operational and legal risks related to risk-generating activities. A list of definitions is provided in Annex A.

These Minister of Finance Financial Risk Management Guidelines for Crown Corporations ("FRMG") supercede the Minister of Finance Financial Risk Management Guidelines for Crown Corporations (November 1996); the Minister of Finance Credit Policy Guidelines for Crown Corporations (Swap Downgrade) (March 1995); all other similar guidelines and all side letters and amending letters in respect of all such guidelines, provided that the Minister of Finance Guidelines for Market Borrowings by Crown Corporations (August 1989) ("MBCC") remain in effect except in the case of any inconsistency between the FRMG and the MBCC, where the provisions of the FRMG prevail.

Crown corporations should have policies and procedures in place to monitor and prudently manage the financial risks they incur through their risk-generating activities. Those policies and procedures should be based on the principles listed below. Crown corporations should:

• engage only in risk-generating activities that are consistent with their mandated corporate activity and do not involve taking additional risk to earn a speculative financial return;
• adopt and adhere to risk management policies and procedures that a reasonable and prudent person would apply to avoid undue risk of loss and obtain a reasonable return;
• have a clear articulation of overall risk tolerances and an ongoing awareness of risk exposures across all business lines and areas of corporate control;
• have risk management frameworks that are guided by applicable leading practices, including Canadian and international regulatory standards^[3], and by practices followed by private sector financial intermediaries and comparable sovereign entities; and
• support transparency and accountability by ensuring that information that flows to internal and external stakeholders is timely, understandable and properly presented.

Ultimate responsibility for each Crown corporation, including the risk management and internal control processes, should rest with the Board of Directors (herein referred to as "the Board") or as otherwise provided by law. All Crown corporations should have documented risk management policies that are approved by the Board, or where no Board exists, the authority responsible for the entity within the government, and supporting procedures approved by senior management.

The governance framework should provide for effective oversight of risk management policies and procedures and, as such, should include a suitable organizational structure and the establishment of oversight committees as deemed appropriate. Robust communication mechanisms should be established so that the Board, senior management, business lines and control functions can effectively exchange information about risk. In fulfilling their responsibilities, the Board should ensure the proper dedication of resources and senior level attention required to support effective and timely risk management and the periodic review of risk management policies and processes.

While the Board has oversight responsibility for risk management and control, it will delegate, unless already delegated by law, responsibility for the management of financial risks to senior management. The Board should be made regularly aware of any significant financial risks facing the institution, including the consequences of potential significant losses related to those risks. The Board should ensure that there are properly qualified Board members on key Board committees, where possible, or engage appropriate expertise.

The Board should:

• review and approve the overall risk philosophy and the broad risk tolerance levels. The Board should be made aware of material changes to the institution’s risk limits within which individuals are authorized to act;
• review and approve risk management policies or changes in policies for identifying, measuring, monitoring, controlling and reporting the financial risks to which the corporation is exposed annually, or more frequently as circumstances warrant, and be advised in writing of adherence to these policies;
• require from senior management timely and accurate reporting on financial risks faced by the institution, the procedures and controls in place to manage these risks and the overall effectiveness of financial risk management policies;
• approve procedures to address material breaches of and requests for exceptions to Board-approved financial risk policies and controls within the corporation, the nature of reporting to the Board, and the consequences within the institution, when breaches are identified and exceptions requested;
• ensure that the risk management activities of the institution, however organized, have sufficient independence, status and visibility and are subject to periodic review by the Board; and
• ensure that the Crown corporation’s risk guidelines are included as part of the internal audit plan (or external as appropriate)
• ensure that the existence of financial risk management guidelines is publicly reported on an annual basis.

Senior management is responsible for the management of financial risks, within the authority delegated to them by the Board or by law and in compliance with applicable guidelines, laws and regulations. As such, senior management should:

• oversee the risk management process;
• develop risk management policies and recommend them to the Board for approval;
• develop and approve risk management procedures and risk exposure limits for all market-related, credit and liquidity risks in accordance with Board-approved policies and inform the Board of any significant changes/issues as circumstances warrant;
• establish and approve risk thresholds, guidelines and/or limits, identifying the degree to which delegated individuals are authorized to act in accordance with Board-approved policies and applicable laws;
• report to the Board on material changes to risk levels and on the management of financial risks within Board-approved policies and limits;
• review annually, or more frequently as circumstances warrant, the adequacy of the institution’s policies in light of its activities, market conditions and evolving regulatory standards and private sector leading practices, where applicable, and recommend to the Board any policy changes necessitated by these developing circumstances; and
• ensure that any exceptions to limits or policies are dealt with in accordance with Board-approved policies and/or procedures.

Each Crown corporation should have a risk management function that is consistent with the breadth and complexity of its operations. Where the breadth or complexity of an entity’s operations does not justify the formation of a separate risk management function, the statement of investment policy (and/or other Board-approved policies and guidelines) and, more specifically, the permitted financial transactions, should be appropriately circumscribed. The risk management function should have appropriate seniority and a reporting line to senior management and/or the Board that is separate from the business activities that generate the risk exposures. This function should be responsible for:

• identifying, measuring, monitoring and reporting financial risk exposures in a manner consistent with Board-approved policies and limits;
• assisting senior management and the Board in understanding the financial risks faced by the institution and the techniques used to measure and manage those risks; and
• assisting senior management in the development of risk management policies, procedures and limits.

The Crown corporation’s risk guidelines should be included as part of the internal audit plan (or external as appropriate).

Financial risks should be managed in a manner commensurate with their complexity and the extent of potential losses. Treasury risk management practices should be consistent with the nature of an entity’s operations and permitted financial transactions. Risk management systems should be adequate to provide accurate, up-to-date measuring, monitoring, controlling and reporting capabilities. Pricing and risk measurement models used in relation to financial risks should be independently reviewed or validated. With respect to the management of the following specific financial risks, the Crown corporation should:

• Establish appropriate methods for measuring and stress testing current and projected liquidity and for effectively managing liquidity.
• Ensure appropriate liquidity is available to meet financial commitments as they fall due.

• Match the terms and characteristics of mandated corporate asset and liability portfolios in a manner that reflects the nature of the business line and portfolio type. Mismatches between asset and liability terms should be managed in accordance with Board-approved policies and guided by leading practices.
• Engage in transactions involving financial instruments whose prices can be independently valued in the market and whose risks can be prudently managed. If no active market exists, other valuation techniques may be used for pricing/valuation, such as recent arm’s length market transactions, reference to the current fair value of another instrument that is substantially the same, discounted cash flow analysis and option pricing models, or any other appropriate pricing models.
• Set in place risk measurement systems that evaluate the possible impact on the financial condition of the entity resulting from adverse changes in market factors (i.e. interest rates, exchange rates and other relevant market conditons), including stress testing, and which are provided in a format that can be readily understood by the Board of Directors/senior management.

• Establish effective internal controls and ensure independent review by internal audit. Review results should be reported back to senior management or Board as appropriate.
• Periodically review procedures, documentation requirements, data processing systems, contingency plans, and other operating practices through the internal control function.

• Ensure that the legal authorities and documentation pertaining to risk-generating activities are complete and up-to-date.
• Establish appropriate processes and procedures to deal with non-standard covenants of treasury transactions.

• Establish an appropriately diversified pool of counterparties so as to avoid excessively large exposures to a small set of counterparties.
• Ensure there are sufficient technical skills and resources to understand the products and operations.
• Credit ratings should be applied using judgement, and should be used to supplement, not replace, appropriate risk analysis and management where appropriate.
• Where external credit ratings are applied, ensure that investments or counterparties have a credit rating from at least two of the four following rating agencies: Moody’s Investors Service, Inc, Standard & Poor’s Ratings Services, Fitch Ratings Ltd and DBRS Ltd. When there are two or more ratings for an entity, the lower of the highest two ratings^[4] should be used to assess eligibility, in accordance with Basel II rules. When there is an assumption of government support in the rating, stand-alone ratings should be used where available; otherwise the official rating should be used.
• As a general rule, restrict all treasury dealings to transactions and counterparties with a long-term credit standing of A (low)^[5] or higher (based on DBRS’s rating scale) or a short-term credit standing equivalent to an R-1 (low) commercial paper or deposit rating. Treasury transactions/counterparties with a long term credit rating lower than A low, or that are unrated, should only be undertaken when the nature of the portfolio/transaction type clearly warrants it. These exceptions must be approved by the Board and be guided by leading practices. Where an approved issuer/counterparty is a subsidiary of a parent organization and does not have its own credit rating, the parent’s credit rating may be used provided that the obligations of the subsidiary can be reasonably assumed to be supported by the parent, or explicitly guaranteed through a letter of support.
• Establish appropriate exposure limits, taking into account rating, term and diversification considerations, and the means by which exposures arising from changing market or credit factors can be effectively mitigated on a timely basis (including but not limited to a collateral framework, rating transition policies, downgrade clause). Exposures should be estimated using the mark-to-market value or mark-to-model where a clear market does not exist. Counterparty risk exposure should be known, and be able to be controlled on a consolidated basis across all business activities undertaken or controlled by the entity.
• Ensure that Credit Support Annexes (CSAs), eligible collateral, the level of applied haircuts and the frequency at which exposures are marked-to-market are in place and are consistent with leading practices followed by similar private sector intermediaries in Canada and other comparable sovereign entities. If no directly comparable transactions exist in the market and as such no market pricing information is available for marking-to-market the exposures, the exposures should be marked-to-model on a regular basis, commensurate with the complexity.

All risk-related reporting should occur on a timely and regular basis to appropriate committees and the Board and should provide an independent view of operations.

All public reporting should provide a comprehensive, clear understanding of the entity-wide financial risks to which the entity is or may be exposed, as guided by leading practices.

The existence of appropriate financial risk management guidelines should be reported in the annual report, or another public document if an annual report is not a statutory requirement, on an annual basis.

These guidelines will be reviewed by the Minister of Finance every three years, or more frequently as needed.

Notes:

1. The Canada Pension Plan Investment Board falls outside the ambit of these guidelines [Return to section].

2. For example the federal Pension Benefits Standards Act, the Pension Benefits Act of Ontario or any other applicable legislation [Return to section].

3. Examples include the Treasury Board Corporate Governance Guidelines, Office of the Superintendent of Financial Institutions (OSFI) Corporate Governance Guidelines and Bank for International Settlements (BIS) Basel II [Return to section].

4. In cases where two or more ratings are the same, for example, Moody’s is AA, S&P is AA, DBRS is AA- and Fitch Ratings is AA-, the rating would be AA (not AA-) [Return to section].

5. Equivalent ratings are A3 in the case of Moody’s Investors Service, Inc and A- for Standard and Poor’s and Fitch Ratings Ltd. [Return to section].

Risk Management: The process of developing policies, procedures, and practices to be applied in the identification, analysis, assessment, control, and avoidance, minimization, or elimination of financial risks.

Crown Corporation: For purposes of this document, a Crown corporation is considered to be any corporation listed as part of Schedule III, Part I or II of the Financial Administration Act (including those corporations exempted under Part X, section 85 (1)), newly created Crown corporations and any wholly-owned subsidiaries. This document also applies to the Canadian Wheat Board, which is a shared governance corporation.

Subsidiary: A corporation is a subsidiary of another coporation if it is controlled by that other corporation.

Control: A corporation with share capital is controlled by a person if (a) shares of the corporation to which are attached more than fifty per cent of the votes that may be cast to elect directors of the corporation are held, otherwise than by way of security only, by, on behalf of or in trust for that person; and (b) the votes attached to those shares are sufficient, if exercised, to elect a majority of the directors of the corporation.

Treasury Activities: Treasury activities are comprised of raising financing, managing investments (e.g. liquidity and treasury investment portfolios) and use of derivatives to raise funds or manage financial risks. Treasury activities are undertaken in support of a Crown corporation’s corporate activities. Activities of the treasury will be carried out in accordance with policies approved by the Board of Directors.

Investment: An investment transaction is defined as a commitment of funds in expectation of deriving income or profit as defined within the context of individual portfolio objectives approved by the Board and guided by leading practices.

Speculation: An assumption of risk in anticipation of gain but recognizing a higher than average possibility of loss. The distinction from the term investment is one of degree of risk. The treasury should not be a profit centre and thus its activities should not be undertaken with the aim of seeking profit from future market movements.

Derivative: Derivatives are financial instruments whose value changes in response to the changes in underlying variables. The main types of derivatives are futures, options and swaps.

Risk Tolerance: The risk of loss that the firm is willing to accept over a specified time horizon at a given level of confidence.

Financial Risk: Credit (settlement), liquidity, market (i.e. interest rate and foreign exchange) or market-related (equity, commodity), operational and legal risks associated with a Crown corporations risk-generating activities as defined in the introduction of this document.

Credit Risk: The risk that a counterparty will fail to fulfil its contractual obligations.

Liquidity Risk: The risk that a financial instrument cannot be sold quickly and at full market value. It includes market liquidity and funding liquidity risks.

• Market Liquidity Risk: The risk that an institution may not be able to, or cannot easily, unwind or offset a particular market position at or near the previous market price because of inadequate market depth or disruptions in the market place.
• Funding Liquidity Risk: The risk that the institution will be unable to meet its payment obligations on settlement dates or in the event of margin calls.

Market Risk: The risk to an institution’s financial condition resulting from adverse movements in the level or volatility of market factors. It includes currency risk, interest rate risk, equity risk and commodity risk.

Currency Risk: The risk that the market value of a financial instrument will fluctuate due to changes in exchange rates.

Interest Rate Risk: The risk that the market value of a financial instrument will fluctuate due to changes in market interest rates.

Equity Risk: The risk that the market value of a financial instrument will fluctuate due to changes in the market value of the underlying equities.

Commodity Risk: The risk that the market value of a financial instrument will fluctuate due to changes in the price of the commodities.

Operational Risk: The risk that deficiencies in the information systems or internal controls will result in unexpected loss. Operations risk can be assessed through periodic review of procedures, documentation requirements, data processing systems, contingency plans and other operating practices.

Legal Risk: The risk that counterparty contracts may not be legally enforceable or appropriately documented and executed (e.g. the use of inadequate master agreements). Legal risk can also arise from the institution not having ensured that its counterparties have the legal and necessary authority (capacity) to engage in the relevant transactions and from not having ensured that the terms of any contract governing its activities with a counterparty are legally sound (including any netting provisions).

Marking-to-Market: The process of revaluing a position, portfolio, or transaction on the basis of prevailing market prices.

Non-Standard Covenants: Examples of non-standard covenants include waiver of sovereign immunity, dividend-limiting clauses and pledging of real assets.

Stress Testing: A risk management method used to examine the potential effects on a firm’s financial condition of a set of specified changes in risk factors, corresponding to exceptional but plausible events.

Risk Management Framework: The risk management system is the total set of rules and measures used to monitor and protect against risks.