Regulations

COSO and NACD issues Request for Proposal to develop Corporate Governance Framework

Jan 31, 2024

On January 31, 2024, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), in collaboration with the National Association of Corporate Directors (NACD), issued a Request for Proposal (RFP) to develop a Corporate Governance Framework (CGF).

This framework would be designed to provide principles-based guidance for organizations of all sizes and types, helping them build effective governance practices. Both COSO and NACD recognize the increasing need for strong governance, as it plays a crucial role in shaping ethical business practices, ensuring stakeholder alignment, and driving long-term sustainability.

The CGF is intended to be used by:

  • public companies seeking to self-assess and enhance governance practices, and by start-up businesses desiring to build up their governance practices and processes;
  • private organizations seeking best practices or as part of readiness activities related to initial public offering efforts; and
  • external auditors, internal auditors, rating agencies, investors, listing agencies and/or regulators finding such a framework useful in assessing governance practices at related entities.

Organizations intending to respond to the RFP must provide a Notice of Intent to Respond by February 20, 2024.

Access the press release on the NACD’s website.

Government of Canada Releases Guidance on Forced Labour Reporting Requirements

Jan 08, 2024

On January 8, 2024, the Government of Canada released guidance to assist companies in complying with the new Fighting Against Forced Labour and Child Labour in Supply Chains Act

The Government's new guidance will allow companies to determine more accurately:

  • whether they will be required to complete and file the report
  • what to include in the report and what information will be accepted, and
  • how to package the report and make it available to the public.

Of interest, the Government of Canada published an online questionnaire that is mandatory but may also assist in the preparation of the report itself. The questionnaire directs companies to answer specific questions about their business which reflect many of the report's legislative content requirements.

The Guidance clearly indicates that no industry can be assumed to be entirely free of forced labour or child labour risks. The Government does not want companies to certify that they or their supply chains are "risk-free" but rather are asking companies to demonstrate steps they have taken to identify and address those risks. Some industries have higher risks than others and those higher risk industries should take greater care in preparing this report because it may have knock-on impacts on enforcement efforts in the future. However, even those industries without previously demonstrated risks of forced labour in their supply chains should take this report seriously.

Access the Guidance on the Government of Canada website

IESBA staff releases Q&As to support adoption and implementation of International Independence Standard on group audits

Oct 23, 2023

On October 23, 2023, the Staff of the International Ethics Standards Board for Accountants (IESBA) released a questions and answers (Q&A) publication on the pronouncement Revisions to the Code Relating to the Definition of Engagement Team and Group Audits. The revisions to the Code address holistically the various independence considerations in an audit of group financial statements.

The Q&A publication is designed to highlight, illustrate, or explain aspects of the revisions in the Code and is intended to complement the Basis for Conclusions for the final pronouncement. It will assist firms, national standards setters, and professional accountancy organizations in adopting and/or implementing the revisions. The Q&As will also assist regulators and audit oversight bodies, the corporate governance community, investors, preparers, educational bodies or institutions, and other stakeholders in understanding the revisions to the Code. 

The development of the Q&As has been informed by the IESBA’s extensive discussions and consultations with a wide range of stakeholders and the IESBA’s own deliberations during the development and finalization of the pronouncement.

The pronouncement is coming into effect for audits of financial statements and group financial statements for periods beginning on or after December 15, 2023, with early adoption permitted.

Access the Staff Q&A on the IESBA website.

OSFI Unveils Two Draft Guidelines: Ensuring Integrity and Security in Financial Institutions and Enhancing Operational Resilience and Risk Management

Oct 13, 2023

On October 13, 2023, the Office of the Superintendent of Financial Institutions (OSFI) released two draft guidelines; an Integrity and Security Guideline, which sets expectations for the integrity and security of financial institutions, including protection against foreign interference and, an enhanced Guideline E-21 on Operational Resilience and Operational Risk Management

The draft Integrity and Security Guideline provides clarity on what integrity and security entail for financial institutions, how they relate to one another, and where they are already reflected in our current guidelines. Enhanced Guideline E-21 sets expectations for operational resilience. It modernizes OSFI’s guidance on operational risk management, including new expectations for business continuity management, crisis management, change management, and data risk management.

The two consultations were announced at the same time given that operational resilience and operational risk management contribute to the integrity and security of financial institutions.

The feedback on the Integrity and Security Guideline is expected by November 24, 2023 while feedback on Guideline E-21 is expected by February 5, 2023.

Review the Draft Integrity and Security Guideline and Guideline E-21 on the OSFI website.

Speech by OSFI Superintendent Peter Routledge at the Global Risk Institute Annual Summit: Check against delivery

Sep 26, 2023

On September 26, 2023, the Superintendent of the Office of the Superintendent of Financial Institutions (OSFI), gave a speech highlighting OSFI’s approach to integrity and security, which are at the core of the new changes to its mandate to promote confidence in Canada's financial system.

Here are some excerpts from the speech:

“These new changes to our mandate charged us with:

  • Supervising federally regulated financial institutions (FRFIs) to determine whether they have adequate policies and procedures to protect themselves against threats to their integrity or security, including foreign interference
  • As part of this supervision, examining FRFIs at least annually to determine whether they have adequate policies and procedures to protect themselves against threats to their integrity or security, including foreign interference
  • And reporting to the Minister of Finance at least annually on these examinations.

Our role is to ensure federally regulated financial institutions manage risk responsibly, and our new mandate will be to determine whether the policies and procedures they put in place are adequate to protect themselves against those types of threats.”

Re­view the speech on OFSI's web­site.

CPAB public consultation on proposed information disclosure rule changes

Sep 25, 2023

On September 25, 2023, the Canadian Public Accountability Board (CPAB) launched a public consultation to gather feedback on proposed information disclosure rule changes. The purpose of the proposed rule changes was to facilitate the implementation of their planned disclosure recommendations and address targeted changes to CPAB’s Rules to improve their effectiveness.

In September 2022, CPAB released disclosure recommendations from its 2021 consultation, with two phases of changes. They enacted phase one in 2023 and plan to adjust their rules for phase two based on this consultation. Gaining insights from stakeholders holds a significant role in their policy-setting process. Comments received in this consultation will be considered together with feedback received in the 2021 consultation.

The public consultation process is scheduled to conclude on November 24, 2023.

Review the changes and access the consultation survey on the CPAB website.

IFAC warns against regulatory fragmentation, especially on matters of materiality

Jul 11, 2023

On July 11, 2023, as the global voice of the accountancy profession, the International Federation of Accountants (IFAC) has commented on the draft delegated regulation regarding sustainability reporting standards released for comment by the European Commission in June 2022.

In its response, IFAC supports corporate reporting that better addresses a company’s ability to create long-term value and is decision useful for investors and other stakeholders. IFAC welcomes the European Sustainability Reporting Standards (ESRS) while noting significant concerns regarding the need for interoperability that supports a global system for reporting. IFAC notes that all international and regional approaches must align key concepts, terminologies, and metrics to avoid regulatory fragmentation, especially on matters of materiality.

The response notes that implementation by companies and enforcement by regulators of the new standards are essential to ESRS success. Therefore, IFAC urges additional transitional reliefs to allow companies sufficient time to implement governance, processes, reporting capacity, and internal controls.

Access the full response on the European Commission website.

US Senate Finance Committee seeks public comments on digital asset taxation by September 8, 2023

Jul 11, 2023

On July 11, 2023, the US Senate Finance Committee Chairman Ron Wyden, D-Ore., and ranking member Mike Crapo, R-Idaho, released an open letter to “members of the digital asset community and other interested parties” soliciting comments on how Congress can address current uncertainties around the tax treatment of digital assets.

The committee’s stated objective is to seek stakeholder responses to specific questions on a host of issues related to digital asset taxation.

Re­view the open letter on US Finance Senate website.

OSC issues report on internal ethics policies and procedures of public accounting firms

Jun 28, 2023

On June 28, 2023, the Ontario Securities Commission (OSC) published a report to assist public accounting firms in developing and implementing robust internal ethical policies and procedures. On September 23, 2022, the OSC announced it would make targeted inquiries to certain public accounting firms that conduct audits of Ontario reporting issuers. The report published summarizes the scope of these inquiries and communicates observations about the internal policies, practices, and procedures in place at these firms.

The report identifies select areas of focus public accounting firms should consider as part of their ethics strategies, such as clearly identifying leaders within the firm with ‘ownership’ of the ethics policies, targeted ethics education training and guidance, and establishing a robust internal whistleblower program. It also provides considerations to help firms comply with requirements related to the dating of audit working papers and internal professional training programs.

Re­view the report on OSC's website.

Verizon releases 2023 Data Breach Investigations Report

Jun 21, 2023

On June 21, 2023, Verizon released its 2023 Data Breach Investigations Report. The report indicates that 83% of data breaches involved external actors—with the majority being financially motivated. 74% of breaches involved the human element, which includes social engineering attacks, errors or misuse, while 50% of all social engineering attacks are pretexting incidents-nearly double last year’s total.

The human element still makes up the overwhelming majority of incidents, and is a factor in 74% of total breaches, even as enterprises continue to safeguard critical infrastructure and increase training on cybersecurity protocols. One of the most common ways to exploit human nature is social engineering, which refers to manipulating an organization’s sensitive information through tactics like phishing, in which a hacker convinces the user into clicking on a malicious link or attachment.

Re­view the report on Verizon’s website.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.