Regulatory Advisory

OSFI Guideline E-23

Model Risk Management for Canadian Financial Institutions

Compliance Deadline

Office of the Superintendent of Financial Institutions

—

Months to Mandatory Compliance

For federally regulated financial institutions

Effective Date

May 1

2027

Regulatory Timeline

May 2022

OSFI signals modernization intent

Nov 2023

Draft guideline released

Mar 2024

Consultation closes

Sep 2025

Final guideline published

May 2027

Mandatory compliance

Today

What Mortgage Professionals Need to Know

What is E-23?

A comprehensive model risk management framework requiring federally regulated financial institutions to govern all models used in business decisions, explicitly including artificial intelligence and machine learning systems.

Why Does It Affect Brokerages?

FRFIs must govern third-party models to the same standard as internal models. Lenders will contractually flow E-23 compliance requirements downstream to mortgage brokerages through updated broker agreements and due diligence processes.

What Should You Do?

Transition to enterprise-grade AI tools, implement prompt logging practices, mask personal information before prompting, validate AI outputs before use, and complete AI governance training before lender enforcement begins.

Official Definition

What Constitutes a “Model” Under E-23?

“An application of theoretical, empirical, judgmental assumptions or statistical techniques, including AI/ML methods, which processes input data to generate results.”

OSFI Guideline E-23, September 2025

AI Usage Categories for Mortgage Professionals

Full Lifecycle Governance Required

AI use cases directly connected to mortgage transactions and credit decisions require complete documentation, logging, and human validation.

Client communications containing financial details
Underwriting notes and deal structuring support
Rate comparisons and product recommendations
Analysis of borrower financial documents
Any prompt containing PII or deal-specific data

Lighter Governance (Negligible Risk)

Routine administrative AI use may qualify for simplified tracking under OSFI’s negligible risk pathway, subject to institutional classification.

General email drafting without client financials
Marketing content for general audiences
Summarization of public policy documents
Administrative task assistance
General research without deal application

Anticipated Lender Requirements for Brokerages

AI Usage Attestations

Updated broker agreements requiring formal acknowledgment of AI governance policies and acceptable use requirements.

Prompt Logging

Documentation of AI interactions by deal ID with input/output audit trails available for lender review.

Data Protection Evidence

Proof of PII masking protocols and enterprise-grade AI tool usage with appropriate security certifications.

Validation Records

Human review attestations confirming AI-assisted outputs were verified before client or lender submission.

Reference Documents

PDF

Strategic Advisory Report

Comprehensive analysis and compliance framework for Canadian mortgage brokerages. Prepared for DLCG.

Download Report →

PDF

OSFI Guideline E-23

Official regulatory text from the Office of the Superintendent of Financial Institutions. Effective May 1, 2027.

Download Guideline →

PDF

OSFI Stakeholder Letter

Summary of industry consultation feedback and OSFI responses regarding the final guideline provisions.

Download Letter →

Document History

This advisory supersedes the preliminary Strategic Advisory Report issued July 14, 2025, which analyzed the draft Guideline E-23 and projected downstream compliance implications for mortgage brokerages. Following OSFI’s publication of the final guideline on September 11, 2025, this updated report reflects the definitive regulatory requirements and revised compliance timeline.