Definitive Guide — Canada

OSFI E-23 Compliance Timeline

A complete chronological guide to OSFI E-23 model risk management requirements for Canadian financial institutions. Last updated May 2026.

What Is OSFI E-23?

OSFI Guideline E-23 establishes the Office of the Superintendent of Financial Institutions' expectations for model risk management at federally regulated financial institutions in Canada. Released in 2024, it mandates that banks, trust companies, loan companies, and cooperative credit associations maintain complete visibility into their AI and model inventory, conduct ongoing risk assessments, and implement governance frameworks at the board level.

The OSFI E-23 Compliance Timeline

Phase 1 — Immediate (0-3 Months): Model Inventory & Discovery

Complete enterprise-wide model inventory. Identify all AI/ML models in production. Begin Shadow AI detection. Document model purposes, data sources, and business owners. Establish initial risk classification framework.

Phase 2 — Short-Term (3-6 Months): Risk Assessment & Classification

Classify all models by risk tier (Low/Medium/High). Conduct initial independent validation for high-risk models. Document model methodologies and assumptions. Establish ongoing monitoring parameters. Begin audit trail implementation.

Phase 3 — Medium-Term (6-12 Months): Governance & Controls

Implement board-approved model risk policies. Establish model risk committee with defined charter. Deploy real-time monitoring for high-risk models. Complete independent validation for all medium-risk models. Implement full audit trail logging.

Phase 4 — Long-Term (12-18 Months): Optimization & Culture

Achieve full OSFI E-23 compliance across all domains. Implement continuous improvement processes. Complete role-based training for all stakeholders. Establish board and executive AI literacy program. Integrate model risk into enterprise risk management framework.

Who Must Comply?

OSFI E-23 applies to all federally regulated financial institutions in Canada, including Schedule I and Schedule II banks, trust companies, loan companies, and cooperative credit associations. Provincial regulators increasingly reference OSFI guidelines for credit unions and provincially regulated lenders.

How Saillent Accelerates Compliance

Saillent's five-tier governance framework maps directly to OSFI E-23 requirements. Our Tier 1-5 approach covers model inventory, risk assessment, audit trails, board governance, and training — enabling institutions to compress the compliance timeline by 40-60%.

Start your OSFI E-23 readiness assessment →

Ask AI about Saillent

ChatGPT Claude Perplexity Grok Gemini