Peter Routledge participates in a fireside chat at the 2025 IIF-CBA Canada Forum

Toronto – September 25, 2025

Navigating change: Risks, resilience and reinvention

TORONTO, Sept. 26, 2025 /CNW/ –

Check against delivery

Moderator:

On the topic of geopolitical risk, what are the risks that are keeping you up at night?

Superintendent Peter Routledge:

• OSFI’s 2025 Annual Risk Outlook identifies integrity and security threats as a key supervisory priority. Geopolitical instability, fast-moving technologies, and third-party reliance makes financial institutions vulnerable to cyber-attacks, state-linked interference, and integrity-related risks. These threats are no longer hypothetical, and they aim to disrupt trust and financial stability. Indeed, these integrity & security risks can expose banks and insurers to financial losses and reputational damage.
• We’ve all seen ransomware, data breaches, and state-linked activity intensify. AI is accelerating the pace and scale of these threats.
• OSFI’S mandate is to provide guidance so institutions remain resilient. This is now more relevant than ever before in the face of heightened geopolitical risk and evolving integrity & security risks, whether related to tariffs, trade protectionism, or broader uncertainty in the global market. We at OSFI, like other government institutions, are also subject to these risks and are increasing measures and focusing resources to deal with them. We too face the same challenge.

Moderator:

Geopolitical risk has many financial and operational dimensions. How is OSFI thinking about these interlinked risks?

Superintendent Peter Routledge:

• Criminals and state-linked actors involved in money laundering, fraud, and cyber-attacks are becoming more sophisticated and harder to detect. These threats are expected to grow with advances in AI, digitalization, and increased use of third-party providers. Ransomware, software vulnerabilities, and data breaches remain high globally. These risks demand strong vigilance to maintain operational resilience.
• Heavy reliance on third-party providers can render institutions more vulnerable to cyber and insider threats. Financial institutions must conduct thorough due diligence to secure their service networks and ensure resilience against these risks.
• To address growing integrity and security risks, institutions need strong compliance, risk, and governance controls, along with ongoing updates to their risk frameworks.
• Institutions face compounding risks. For example, a cyber breach can expose sensitive data. We supervise to ensure these risks are mitigated.

Moderator:

How do you feel the Canadian financial system is positioned to manage these risks?

Superintendent Peter Routledge:

• In response, OSFI has established a dedicated Integrity and Security Risk Division and a National Security Sector. We have adjusted our supervisory work to address integrity and security deficiencies more explicitly and actively.
• We now engage institutions more directly on these risks—through thematic reviews, targeted examinations, and our collaboration with Canada’s security and intelligence agencies. This helps institutions shore up governance, third-party oversight, and cyber resilience.
• We have hosted a classified national security forum in 2024 with CSIS (Canadian Security Intelligence Service) and CSE (Communications Security Establishment) to brief institutions on emerging threats. These sessions will continue.
• Our Integrity and National Security team is equipped with the security clearance, expertise, and tools to bring a variety of classified and unclassified information resources together. This lets us better see where these risks may affect financial institutions, including attempts to influence their boards and management. We apply this knowledge in our supervision of institutions to bolster financial sector resilience.
• Institutions need to proactively guard against integrity and security risks.
• We count on boards of directors to take the long view on combatting integrity & security threats to their organizations. We expect boards to ensure their management teams are investing to protect long-term franchise values of their institutions.

Moderator:

At the Scotiabank Financials Summit earlier this month you said: “From 1990 to 2022, we were living in a world that didn’t require that level of defence investing.” You then added that “We’re in a different world and the Government has made a very clear commitment to defence spending.” I believe we would all agree the world is experiencing seismic geo-political shifts. In fact, one of our next panels will explore some of those themes. But to narrow the aperture, could you elaborate on OSFI’s thinking about risk weights to help enable defence lending?

Superintendent Peter Routledge:

• With the federal government committing to increased NATO-aligned defence spending, the lending landscape may need to evolve.
• As we would with any major policy shift, OSFI will examine whether current risk weighting adjustments can be made without compromising financial resilience.
• OSFI is not a “magic switch” for unlocking defence lending, but it could possibly be a helpful enabler.
• OSFI’s role is not to drive change, but to enable it intelligently and incrementally where we can.
• We have not come to any conclusions. Any potential changes would be subject to a rigorous public consultation process through CAR 2027.

Moderator:

Since the global financial crisis, the financial system has become more resilient and stable. We have seen higher capital and liquidity requirements and tighter supervision. Recently though, we are seeing several jurisdictions begin to revisit these actions to spur economic growth. As a Canadian regulator how do you decide when to make similar types of changes to ensure the competitiveness of the Canadian financial system, and how do you calibrate those to fit the situation in Canada?

Superintendent Peter Routledge:

• We supervise Canadian financial institutions against the Basel III international banking standards to ensure their capital, liquidity, and risk management practices maintain the resilience and soundness of the financial system.
• Over the last 15 years, OSFI has built enduring resilience into Canada’s financial system. That resilience is a strategic advantage to be leveraged to support growth in the Canadian economy. A strong, stable financial system isn’t just a safeguard—it’s a catalyst for national prosperity.
• Canada’s systemically important banks are profitable. They reported Common Equity Tier 1 (CET1) ratios that averaged 13.7% in the most recent quarter. Banks could make nearly $1 trillion in loans, or other extensions of credit, and remain above current capital minimums; a material figure to Canada’s $3 trillion economy.
• Canada’s banks have ample capacity to help fund the country’s adjustment to this new era. Elsewhere, Canadian life insurers have boosted their core capital ratios by 13% over the past 6 years and maintain ample capital buffers that can be similarly leveraged for new investments in the Canadian economy.

Moderator:

How is OSFI considering AI – both for use by OSFI as the regulator, and for those OSFI regulates?

Superintendent Peter Routledge:

• AI is part of OSFI’s expanding integrity and security risk lens. AI technologies present both opportunities and risks to the financial system. OSFI is focused on how AI affects institutions’ financial resilience and operational, cyber, and integrity and security risk profiles.
• We encourage thoughtful adoption—AI tools may become essential for areas like fraud detection and cybersecurity, but institutional governance and control must keep pace with deployment.
• OSFI is taking a measured, fact-based approach to AI oversight. It has the ability to both reduce and amplify existing risks – depending on how it’s used. This makes it difficult to identify and manage, however – this is why many of our existing risk management frameworks, including those for cybersecurity, third party risk, and model risk (to name a few) remain highly relevant and provide a strong foundation for oversight.
  
  
• We are building supervisory capacity, and through our ongoing work and collaboration with experts, we are assessing how institutions are deploying AI — especially in areas like credit risk, model risk, cybersecurity, and decision-making. We’re also analyzing how AI may amplify or mask existing risks.
• Internally, OSFI is actively exploring the safe, transparent use of AI and automation to support supervision, analysis, and internal operations. Our approach prioritizes accountability, explainability, and data security.

Moderator:

AI has risks and opportunities. How is OSFI thinking about these?

Superintendent Peter Routledge:

• AI is a powerful tool—but it must be adopted responsibly. AI can enhance productivity and efficiency, both for financial institutions and for OSFI itself. But if deployed without proper safeguards, it can also amplify a range of existing risks.
  
  
• AI increases multiple risk types—both internally and externally. Internally, AI can raise model risk, operational risk, and legal or reputational risk (to name just a few). Externally, malicious actors using AI tools can increase cyber threats, financial fraud, and geopolitical interference.
• OSFI’s existing guidance already addresses many AI-related risks. We already supervise institutions’ management of model risk, cyber resilience, third-party relationships, and operational risk. These are foundational to mitigating AI risks.
• OSFI collaborates actively on AI oversight. We’re working with stakeholders and international partners to stay ahead of technological change.
• Through the Financial Industry Forum on Artificial Intelligence (FIFAI) series with the Global Risk Institute in 2022, we developed shared knowledge and responsible adoption principles, such as the EDGE framework (explainability-data-governance-ethics). In 2024, we collaborated with FCAC to co-publish the Risk Report – AI Uses and Risks at Federally Regulated Financial Institutions. Most recently we began working with partners on the second FIFAI.

SOURCE Office of the Superintendent of Financial Institutions