The Autorité des marchés financiers implements new Supervisory Framework for Financial Institutions and Credit Assessment Agents

At the start of 2025, the Autorité des marchés financiers (AMF, Quebec’s financial markets regulator) updated its Supervisory Framework for Financial Institutions and Credit Assessment Agents (Supervisory Framework). Several changes have been incorporated, as the last version of this document dates back to 2020.

Financial institutions concerned include insurers, deposit-taking institutions, financial services cooperatives, trust companies and savings companies. The Supervisory Framework now also covers credit assessment agents (CAAs), in view of the Credit Assessment Agents Act, which came into force in 2021.

Certain changes are expected in the way the AMF supervises financial institutions and CAAs. More specifically, the AMF wishes to adopt a more dynamic approach based on emerging risks and maintain ongoing dialogue with regulated entities.

As such, the AMF seeks to give regulated entities greater predictability and deepen their understanding of the supervision to which they are subject, notably by clearly communicating potential areas for improvement arising from monitoring. In addition, the AMF aims to improve the risk profile of regulated entities and to integrate the assessment of the commercial practice risk for clients into the Supervisory Framework. The AMF's mission is to ensure the institutions it supervises are solvent and meet their obligations to protect the interests of the investing public.

A revised supervisory methodology

The new Supervisory Framework departs from the previous 2020 version, which provided for supervisory work to be carried out according to a three-year supervisory plan based on the risk profile of each covered entity. In fact, the new Supervisory Framework takes a more risk-based supervisory approach. The aim of this approach is to focus efforts on risks with the greatest potential impact on financial stability and the protection of clients’ interests.

The methodology now used by the AMF has four components:

• Identification of risks and trends. This activity is carried out through information gathering, monitoring, identification of emerging risks, information from other regulators, as well as complaints and reporting. It is carried out in the internal and external environments of regulated entities and covers in particular potentially inappropriate commercial practices. 
• Assessment of the risks of each of the regulated entities. The risk profile of each regulated entity is determined on the basis of the following four components, as well as the commercial practice risk for clients and the institution (applicable to CAAs):
  • Culture, governance and oversight functions (applicable to CAAs);
  • Financial and insurance risks;
  • Non-financial risks (applicable to CAAs);
  • Financial condition (applicable to self-regulatory organizations and reciprocal unions).
• Supervisory strategy. Entities are categorized according to their level of risk, and an annual monitoring plan is put in place. The intensity of work at the level of a specific institution may vary according to the existing level of risk.
• Results of supervisory activities. The AMF communicates the results of its work to the concerned entity, and the latter must put in place an action plan with a timetable for correcting any identified shortcomings. Public communications may also be issued in the case of industry-wide work.

We also note that the non-exhaustive list of risks analyzed by the AMF has been modified by (i) adding information and communication technologies risk and commercial practice risk, and by (ii) removing interest rate risk, strategic risk and reputation risk.

What are the potential implications for regulated entities?

The above approach shows that the AMF is seeking to be more agile in its supervision, adapting it to emerging risks and new trends. Risks related to commercial practices also appear to be receiving greater attention.

The AMF also wants to be more transparent in its assessment of the risks applicable to each of the regulated entities.

Regulated entities may therefore be in continuous or more frequent communication with the AMF. They will need to incorporate points for improvement more frequently in order to maintain sound and prudent management practices. In this context, it will be even more relevant for them to monitor the risks and regulatory obligations applicable to them.