Approach to Risk Management
While our strategy is the primary driver of all activities at BlueShore, we recognize that there are risks inherent in our strategy and business activities and therefore prudent risk management is a constant companion and a lens through which we view and manage the execution of our strategy.
These risks are managed through an Enterprise-Wide Risk Management program; a structured, consistent and continuous program across the organization for identifying, assessing, managing and reporting on the significant risks inherent in the business. The program is comprised of policies, procedures, activities, tools, reports, oversight and independent review, and designed to ensure significant risks are managed in accordance with BlueShore’s Risk Appetite Framework through its Risk Management Governance Structure.
Risk Management Governance Structure
Board Oversight
BlueShore’s Board of Directors has overall responsibility for the oversight of the Risk Appetite Framework and Risk Management policy. The Board has established sub-committees to oversee BlueShore’s risk management activities. These include the Human Resources and Compensation Committee, Investment and Loan Committee and the Audit Committee. In 2022, commensurate with our growth, the Board formally approved a Risk Committee to provide additional oversight of enterprise risk management. This Committee must satisfy themselves that the risk management processes designed and implemented by Management are acceptable and aligned with BlueShore’s strategy and the Board’s approved risk appetite and governance frameworks. It has direct oversight of the Chief Risk Officer and utilizes the tools and reporting provided by Management to independently determine the adequacy of Management’s actions to manage risk.
Management Responsibility
Management’s responsibility is to identify and assess the risks faced by BlueShore and to determine the most appropriate way to manage these risks. In carrying out this responsibility, Management monitors adherence to established risk policies and limits. Risk management policies and controls are reviewed regularly to reflect changes in the business, market conditions, product and service offerings, portfolio performance and economic trends.
Management has established various committees to oversee the organization’s risk management activities. The Management Risk Committee (MRC) is BlueShore’s highest (non-Board) risk committee. MRC is responsible for overseeing a consolidated, enterprise-wide view of BlueShore’s risks, regardless of how these risks may be managed on an individual or departmental level.
The MRC has the authority to delegate any risk-related responsibilities to other committees, as required or prudent (e.g. liquidity risk is managed through the Asset Liability Committee and credit risk is managed through the Management Credit Committee). Risks identified through other Committees are escalated back to the MRC by committee chairs for further discussion, tracking, and resolution if required.
Risk Appetite Framework
The Risk Appetite Framework sets out BlueShore’s ability and willingness to accept and manage different types of risk in the course of engaging in its business activities. The MRC ensures that significant risks are appropriately identified, assessed and managed via mitigating controls to ensure alignment with the Risk Appetite Framework. Through its ongoing review of risks, the MRC may also recommend changes to the Risk Appetite Framework to the Board at any time.
The Credit Union’s risk appetite identifies the amount and types of risk that we are willing to accept, both in our day-to-day business and in executing our strategy, given our structure, size, complexity, business model, vision, core purpose, capital capacity, and competitive marketplace. Therefore, defining our risk appetite requires appropriately balancing risk and rewards.
We also reassess our risk appetite in anticipation of, or in response to, changes in the business, economic or regulatory environment.
Three Lines of Defence
BlueShore has adopted the “Three Lines of Defence” approach. This model details the accountabilities of each line and clearly documents the responsibilities of each.
First Line of Defence
Business and Functional Department Accountabilities
- Accountable for identifying and mitigating within their respective functional departments
- Develop policies, procedures and controls to ensure the assets of the organization are protected
- Identify opportunities to optimize risk and responsibilities for ongoing effectiveness of controls
- Act within their delegated risk-taking authority as set out in established policies
Second Line of Defence
Risk Management Team Accountabilities
- Develop and review BlueShore’s risk management policies and procedures for managing significant risk to ensure that they remain appropriate
- Oversight of, but independent from, the day-to-day management of risks
- Challenge risk ratings and control effectiveness assertions from risk owners
- Establish risk policies and procedures
- Oversee the Enterprise Risk Management Program
- Provide the Board of Directors with reports that will enable it to assess whether BlueShore has an ongoing, appropriate and effective risk management program
Third Line of Defence
Internal Audit Accountabilities
- Challenge the effectiveness of the first and second line of defence
- Set an audit program independently to validate strengths and assess weaknesses
- Issue audit findings that require Management action; close findings when remediation is completed to Internal Audit’s satisfaction
2022 Risk Highlights
BlueShore enhanced its risk management framework in 2022 to improve the risk management capabilities expected of a financial institution of its size and complexity.
Key highlights include:
Appointment of a Chief Risk Officer (CRO)
BlueShore appointed a CRO in 2022 to oversee enterprise-wide risk management. The CRO is accountable jointly to the Risk Committee and the CEO.
Formal Approval of the Risk Committee
BlueShore’s Risk Committee, which was formed in 2021, was formally approved in 2022. It now oversees risk management for BlueShore under a formal mandate from the Board.
Strengthened the Risk Management Second Line of Defence
BlueShore undertook a wide variety of initiatives to strengthen the second line of defence. Notable highlights include:
- Added resources to deliver risk management improvements
- Implemented a new key control monitoring process
- Designed Key Risk Indicators for all key risk categories in our Risk Appetite Framework
- Modernized the Risk Appetite Framework and Risk Management Policy
- Continued to enhance our practices to manage Anti-Money Laundering, Anti-Terrorist Financing and Sanctions
Market Conduct Code adopted
At BlueShore Financial, we are committed to providing the highest quality service to our clients at all times and fair treatment of everyone who uses BlueShore’s products and services. To support this commitment, we implemented to our BlueShore Market Conduct Code which recognizes best practice principles we pledge to follow for soliciting, promoting, advertising, marketing, selling or distributing our products or services.
Tackling climate risk
BlueShore recognizes the importance of addressing climate change, and is committed to building resilience and managing climate-related risks. To support our clients, our community, and BlueShore’s future, we launched a new internal initiative to develop the foundations of our climate risk governance program.