Streamlining Model Risk Management for Canadian Financial Institutions: A Guide to Guideline E-23 Compliance


As the financial landscape continues to evolve, institutions face an increasing reliance on models for risk management and stress testing. However, the use of models inherently carries a risk of error and potential loss. To address this concern, the Office of the Superintendent of Financial Institutions (OSFI) has released a draft Enterprise-Wide Model Risk Management Guideline, commonly known as Guideline E-23. This blog post aims to provide model risk managers and chief risk officers with a clear understanding of Guideline E-23 and its implications for their organizations.

Understanding Guideline E-23

Guideline E-23 establishes a standardized approach to enterprise-wide model risk management, ensuring that institutions of all sizes, complexities, and risk profiles have a baseline understanding of the minimum expectations for their use of models. It applies to banks, foreign bank branches, bank holding companies, federally regulated trust and loan companies, and cooperative retail associations.

Scope and Applicability

An enterprise-wide view of risk implies that modeling is used across an institution for various applications such as regulatory capital models, internal risk management models, valuation/pricing models, and business decision-making models. Guideline E-23 applies to all models that have a material impact on an institution’s risk profile.

Prudent Practices and Responsibilities

Guideline E-23 outlines minimum prudent practices for model development, review, approval, use, and modification. Institutions are responsible for developing a consistent set of policies and procedures to identify, assess, manage, and control the risks associated with modeling based on the principles outlined in the guideline. The guideline acknowledges the specific challenges faced by small and medium-sized institutions and distinguishes between institutions approved to use internal models for regulatory capital purposes (IMAIs) and those that are not (SIs).

Key Characteristics of an Enterprise-Wide Model Risk Management Framework

To align with Guideline E-23, institutions should establish the following key characteristics within their model risk management framework:

  • Appropriate governance systems over model usage;
  • Model materiality classifications and limitations;
  • Policies and processes for model selection and development;
  • Independent vetting and ongoing validation/review processes;
  • Change control processes governing the model’s life cycle;
  • Internal audit functions to assess model risk management;
  • A model inventory to catalog the type, classification, and performance of all models.

International Standards and Best Practices

Other major jurisdictions have already implemented standards and best practices for managing and controlling the use of models. As the banking market evolves and internal models become more prevalent, the codification of these standards becomes increasingly important.

Integration with Corporate Governance

Institutions are expected to integrate the governance and implementation of Guideline E-23 into their overall governance framework established under OSFI’s Corporate Governance Guideline, taking into account the institution’s size, complexity, and risk profile.


Guideline E-23 serves as a comprehensive framework for model risk management, providing institutions with a common standard to mitigate the inherent risks associated with modeling. By aligning their practices with Guideline E-23, model risk managers and chief risk officers can enhance their institution’s risk management capabilities and ensure compliance with regulatory expectations. As the financial landscape evolves, embracing Guideline E-23 becomes essential to foster a resilient and robust risk management culture within organizations.

How We Can Help

Model Risk Management on Connected Risk is a robust platform that allows you to manage and meet all of the obligations set within Guideline E-23 from the OSFI. If you’re looking to meet regulatory requirements and obligations, our solution is the standard for your financial institution. Get started today using the form below, or learn more on our Guideline E-23 information page.

Like this article?

Share on Facebook
Share on LinkedIn
Share on XING

Ready to get started?

"*" indicates required fields

First, what's your name?*
Use this field to tell us anything you'd like us to know about your needs, implementation direction, etc.
This field is for validation purposes and should be left unchanged.

Talk to an Expert

"*" indicates required fields

Are you looking for support?

If you're looking for product support, please login to our support center by clicking here.

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit a Pricing Request

"*" indicates required fields

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit an RFP Request

"*" indicates required fields

First, what's your name?*
Which solution does your RFP require a response on?*
Drop files here or
Accepted file types: pdf, doc, docx, Max. file size: 1 MB, Max. files: 4.
    This field is for validation purposes and should be left unchanged.
    GDPR Cookie Consent with Real Cookie Banner Skip to content