person holding a credit card

Credit Unions, Internal Auditors Prepare for New Securitization Guidelines

Credit Unions, Internal Auditors Prepare for New Securitization Guidelines

5 Minute Read

New regulatory guidelines increase the role of internal auditors in managing securitization risks for Ontario credit unions.

Credit unions in Ontario must now provide broader oversight and more comprehensive risk management on selling mortgages to third-party investors as the Deposit Insurance Corporation of Ontario (DICO) tightens its guidelines around securitization of assets. 

The practice is used by financial institutions, including credit unions, to increase liquidity. All Ontario-based credit union stakeholders, especially internal audit teams, must now consider whether their business has taken appropriate steps to meet the Securitization Guidance Note and Application Guide, made effective September 1, 2018. 


DICO wants assurance that credit unions are adequately governing their securitization strategies and involving the right people throughout the process to evaluate and manage the risks. Citing the need to balance credit unions’ short-term cashflow needs against the long-term sustainability of their business and the interests of their depositors, the guidance memo calls for clear and independent systems of accountability to better manage, monitor and govern the pooling and sale of assets to third-party investors.

DICO has established a three-tier approach for credit unions to determine risk profile of their individual securitization programs — and therefore the level oversight required. These are based on the quantity of outstanding securitizations, the size of each individual securitization and the broader complexity of a credit union’s securitization profile. Each level of risk — low, medium and high — has a specific set of expectations which determine the degree of board oversight, internal expertise, reporting and independent review required.

Increased Accountability and Internal Audit

Beyond the treasury function, credit unions will need to look inward to determine whether they have the right people and skills in the right areas of their business to deliver the end-to-end scrutiny, prescribed controls, objective involvement and reporting capacity DICO is seeking. Spanning the board, leadership and finance levels, each participant needs the expertise to provide the independent and impartial feedback required to determine whether a securitization transaction is in the best interest of the business. 

The internal audit team will be particularly vital in this process — particularly as the credit union graduates to a Tier 2 or Tier 3 higher-risk level. They will need many of the same skills as external auditors to assess the viability of securitization practices and should not rely on a retrospective approach — casting an eye on what already occurred. The team will need comprehensive regulatory and financial knowledge to weigh the risks and have the confidence to slow down if a securitization is likely to cross the credit union’s risk threshold.

Now’s the time to question if there are chartered professional accountants or certified financial analysts in the right places to complete these functions to DICO’s standard. Otherwise, credit unions may consider contracting a third-party to either perform this function or assist with building the system internally.

Next Steps

As internal auditors continue to align their credit union’s internal practices with the new guidance note, they will want to take three initial steps: 

Review Guidance Material: Become intimately familiar with the content of the new DICO guidelines to ensure you can clearly articulate the content to various business stakeholders and gauge the new business frameworks against the regulatory requirements.

Understand Current Securitization Level: Schedule meetings with the treasurer and / or chief financial officer to get a comprehensive picture of the credit union’s securitization profile (Tier 1, 2 or 3). Because the level of scrutiny will depend highly on where each credit union sits on that spectrum, it is important for internal auditors to understand where they sit now and where they may be headed in the future. 

Create an Audit Plan: Begin with a decision tree determining who establishes the securitization strategy, who originates individual securitizations, who these transactions flow through for review and approval before being issued and how they are reported to the regulator. 

Then create a process which flags when securitizations move the credit union between risk levels and how to deal with these internally. Determine whether there are adequate resources to handle these processes internally or whether the credit union requires third-party assistance.

How Can MNP Help?

MNP works with credit unions of all sizes to help them understand their securitization risk profiles and implement the necessary risk management systems and controls. Our highly experienced team will benchmark your securitization practices compared to your industry peers and help determine where opportunities exist to improve.

Whether you need help communicating the DICO securitization guidelines throughout your organization or building the review infrastructure to ensure your credit union complies with the new regulatory environment, we work collaboratively with you to build the necessary processes and controls, provide training and conduct the requisite gap analysis. Our team has the technical expertise to ensure your calculations are correct and you effectively manage your securitization risk.

For more information, contact:

Jim Barbour, CPA, CIA, CFE
Senior Manager, Enterprise Risk Solutions
T: 647.943.4114
E: [email protected]

Jas Chahal, CPA, CA
Partner, Assurance and Advisory
T: 905.333.9888
E: [email protected] ​​​​


  • Performance

    April 24, 2024

    How monitoring your results can help you make informed decisions for your manufacturing business

    How can you make informed decisions to support the future of your manufacturing business? These tools can help you achieve the right results.

  • Performance

    April 17, 2024

    Conflict in the workplace: the ripple effect on small businesses

    Conflict in the workplace can impact small businesses, affecting team dynamics, productivity, and company culture.

  • Confidence

    April 17, 2024

    Following these steps will protect your practice value if emergency strikes

    You can’t predict the future, but building a plan helps to keep your business protected.