Insurance Board Governance in Canada: What the Numbers Say in 2026 - Aprio

Insurance Board Governance in Canada: What the Numbers Say in 2026

Aprio is a board portal built for Canadian insurance company boards, with board data hosted in Canada, used by The Mutual Fire Insurance Company of BC, Pro-Demnity Insurance, and Carleton-Fundy Mutual Insurance Company. Insurance boards in Canada sit under some of the most explicit governance expectations of any sector, and the numbers explain why. The industry is enormous, the regulator spells out exactly what the board must approve and oversee, and the cost of getting the record wrong keeps climbing. This guide lays out what the data shows: how big the sector is, who regulates an insurer’s board, why there are fewer life insurers than a decade ago, what a breach costs, and what OSFI actually expects a board to document.

How big is Canada’s insurance sector, and why does it matter for boards?

Insurers are the largest single group of institutions under federal supervision. Of the roughly 340 institutions the Office of the Superintendent of Financial Institutions supervises, 210 are insurance institutions, about 61 percent, according to OSFI’s 2024 audit of its insurance supervision. On the property and casualty side, the Insurance Bureau of Canada counts more than 196 private P&C insurers actively competing in Canada, an industry that contributed $38 billion to nominal GDP and employed 140,500 Canadians as of 2022. On the life and health side, CLHIA reports insurers paid a record $143.3 billion in benefits in 2024 and employ more than 180,000 Canadians.

210
of ~340 OSFI-supervised institutions are insurers
$143.3B
in benefits paid by life and health insurers in 2024
$38B
P&C industry contribution to nominal GDP (2022)
Where the record $143.3 billion went in 2024

Life and health insurance benefits paid in Canada, by type (CA$ billions)

Retirement and annuity Health claims Life insurance Disability $71.4B $53.3B $18.6B $10B

Source: CLHIA, 2025 release on benefits paid in 2024.

Numbers that size come with a matching documentation burden. Every one of those 210 federally regulated insurers, and every provincially regulated one beside them, has a board that must be able to show a regulator exactly what it approved, when, and on what information. That is the practical backdrop for everything below, and it is the problem Aprio was built to solve for insurance boards: keeping the packages, votes, signatures, and minutes in one Canadian-hosted record instead of scattered across inboxes.

Who regulates an insurance company board in Canada?

It depends on where the insurer is incorporated. Federally regulated insurers answer to OSFI, whose Corporate Governance Guideline (in effect since September 2018) is unusually specific about the board’s job. The board must approve and oversee the business plan and significant strategic initiatives, the Risk Appetite Framework, the internal control framework, capital and liquidity policies, and the appointment and compensation of the CEO and key senior officers. The Board Chair must be separate from the CEO. The audit committee is statutory, made up of non-employee directors with a majority unaffiliated. The Board Risk Committee must be entirely non-executive, including its chair. And the Chief Risk Officer must be independent of operational management, with unfettered access and a functional reporting line to the board or its risk committee.

Where the insurer is regulated Regulator What it means for the board
Federal Office of the Superintendent of Financial Institutions (OSFI) Corporate Governance Guideline: board approves the Risk Appetite Framework, Chair separate from CEO, independent audit and risk committees, independent CRO
Ontario Financial Services Regulatory Authority of Ontario (FSRA) 282 insurance companies regulated or registered as of March 31, 2025
British Columbia BC Financial Services Authority (BCFSA) Adopts OSFI’s Corporate Governance Guideline for BC P&C and life insurers, effective September 2018
Quebec Autorité des marchés financiers (AMF) Sound Commercial Practices Guideline puts governance and corporate culture first among its expectations

Notice the pattern: BC did not write its own board rulebook, it adopted OSFI’s, and the AMF leads its guideline with governance. Wherever a Canadian insurer sits, the expectations converge on the same evidence: an approved and dated Risk Appetite Framework, committee mandates and membership, minutes showing what the board challenged and approved, and a trail proving who saw what. When that record lives in one system with a complete audit trail of access, votes, and signed documents, the way Aprio keeps it for insurance boards, an examination request is a lookup rather than a reconstruction project.

Could your board reconstruct last year’s approvals if a regulator asked this week?

Aprio keeps every board package, vote, and signed minute in one Canadian-hosted record built for regulated financial services boards.

Why are there fewer life insurers in Canada than a decade ago?

The life and health side of the industry has been consolidating, the same story playing out in Canadian credit unions and hospital networks. CLHIA’s industry facts put the number of active life insurers at 97, comprising 85 companies and 12 fraternal benefit societies, down from about 125 a decade earlier. One caveat worth stating plainly: CLHIA’s published count is not dated to a specific year, so treat the exact figures as directional rather than a precise annual series. The direction, though, is unambiguous, and earlier editions of the same CLHIA publication counted more than 150 insurers in the mid-2010s.

Canada’s life insurer count is shrinking

Active life and health insurers in Canada, per CLHIA industry facts (counts are directional; see caveat in text)

0 50 100 ~125 97 A decade ago Most recent count

Source: Canadian Life and Health Insurance Association (CLHIA) industry facts.

What consolidation means for governance is the same lesson the chart taught credit union boards: fewer institutions, each carrying more. CLHIA’s 65 member companies now account for 99 percent of Canada’s life and health business, and roughly 30 million Canadians rely on the coverage those boards oversee. A merged or acquiring insurer inherits multiple legacy boards, subsidiary entities, and committee structures, and its directors answer for a bigger balance sheet with more regulatory eyes on it. Keeping those entities and committees cleanly separated, with role-based access so each director sees exactly the materials for the boards they sit on, is precisely the multi-entity problem Aprio’s committee workflows and per-document permissions were designed for.

What does a data breach cost, and what does OSFI expect boards to do about cyber risk?

Board materials at an insurer are a concentration of everything an attacker wants: capital plans, claims exposure, executive matters, and personal data decisions. The financial stakes are now well documented. According to IBM Canada’s Cost of a Data Breach findings for 2025, a breach in Canada’s financial sector averaged CA$9.97 million, the most expensive sector in the country and well above the Canadian all-industry average of CA$6.98 million. Globally, IBM’s 2025 report puts the financial industry average at USD 5.56 million per breach against a USD 4.44 million all-industry average. Whichever currency you measure in, financial services pays a premium when records leak.

Financial services is Canada’s costliest breach sector

Average total cost of a data breach in Canada, 2025 (CA$ millions)

Financial services Industrial Canada all-industry average $9.97M $8.39M $6.98M

Source: IBM Canada, Cost of a Data Breach 2025 (Canadian figures, CA$).

The regulator has moved accordingly. OSFI’s Guideline B-13 on technology and cyber risk management took effect on July 31, 2022 and organizes expectations into three domains: governance and risk management, technology operations and resilience, and cyber security. Senior management owns the execution, but the board oversees technology and cyber risk through the Corporate Governance Guideline, including making sure tech and cyber risk appetite is reflected in the Risk Appetite Framework it approved. And when something goes wrong, OSFI’s incident reporting advisory requires federally regulated institutions to report technology and cyber incidents within 24 hours, or sooner if possible. Reportable incidents explicitly include those escalated to the board.

Two board-level implications follow. First, the channel the board uses to receive and discuss its most sensitive materials is itself part of the institution’s cyber posture, which is why insurance boards on Aprio point their security reviewers at ISO 27001 certification, SOC 2 Type 2 auditing, AES 256-bit encryption, and board data hosted in Canada. Second, a 24-hour reporting clock leaves no room for “which version did the board see” archaeology. The record has to already exist.

Is there a required board size or tenure limit for Canadian insurers?

No, and that surprises people. OSFI’s Corporate Governance Guideline is deliberately principles-based: it sets no numeric board size, no required percentage of independent directors, and no tenure cap. What it requires instead is structural. The Chair cannot be the CEO, board and committee chairs must be independent non-executive directors, and the director-independence policy must consider tenure. Each board is expected to decide, and document, what composition fits its own size and risk profile.

For context on what large Canadian boards actually do, the Spencer Stuart Canada Board Index of the country’s 100 largest public companies (large-cap context, not insurer-specific) reports that women now hold 39 percent of directorships, up from 15 percent in 2010, the average age of a newly appointed director is 60, and non-executive director turnover runs at roughly 10 percent per year. An insurance board benchmarking itself against peers has to translate those numbers through its own regulatory lens, then be ready to show a supervisor the reasoning. That is a records question as much as a policy one: composition decisions, independence assessments, and committee mandates all live or die by whether the documentation can be produced. Aprio’s board assessments and automated archiving keep those recurring governance reviews, and the evidence they generate, in the same system as the minutes they inform.

Pull all of this together and the shape of good insurance board governance in Canada is clear. The board approves the strategy and the Risk Appetite Framework and can prove it. Committees are independent, mandated, and documented. Cyber oversight is visible in the record, not just asserted. And every package, vote, signature, and minute sits in one secure, Canadian-hosted system rather than in email threads. That is what Aprio does for Canadian insurers today, including The Mutual Fire Insurance Company of BC, Pro-Demnity Insurance, and Carleton-Fundy Mutual Insurance Company, with a complete audit trail, e-signatures, and board data hosted in Canada.

A governance record that is ready before the examiner asks

Aprio keeps every approval dated, signed, and archived, with board data hosted in Canada.

Frequently asked questions

Who regulates an insurance company board in Canada?

Federally regulated insurers answer to OSFI under its Corporate Governance Guideline. Provincially, FSRA regulates 282 insurance companies in Ontario as of March 31, 2025, BCFSA has adopted OSFI’s Corporate Governance Guideline for BC insurers, and Quebec’s AMF sets governance expectations through its Sound Commercial Practices Guideline. All of them expect the board to be able to document its approvals and oversight.

What does OSFI’s Corporate Governance Guideline require of an insurer’s board?

The board must approve and oversee the business plan and significant strategic initiatives, the Risk Appetite Framework, the internal control framework, and capital and liquidity policies, and it appoints and reviews the CEO and key senior officers. The Board Chair must be separate from the CEO, the audit committee is made up of non-employee directors with a majority unaffiliated, the Board Risk Committee must be entirely non-executive, and the Chief Risk Officer must be independent with a functional reporting line to the board.

Does OSFI set a required board size or director tenure limit?

No. OSFI’s approach is principles-based, with no numeric board size, independence percentage, or tenure cap. It requires structural safeguards instead: Chair and CEO separation, independent non-executive committee chairs, and an independence policy that considers tenure. Each insurer decides and documents the composition that fits its size and risk profile.

How quickly must a Canadian insurer report a cyber incident?

Federally regulated insurers must report technology and cyber security incidents to OSFI within 24 hours, or sooner if possible, under OSFI’s incident reporting advisory. Reportable incidents include those with material impact on operations, confidentiality, integrity, or availability, and explicitly include incidents reported to the board. Guideline B-13 sets the broader expectations for technology and cyber risk management.

Is there a board portal built for Canadian insurance companies?

Yes. Aprio is a board portal built for Canadian insurance company boards, with board data hosted in Canada, a complete audit trail of access, votes, and signed documents, and committee workflows built for multi-entity structures. Canadian insurers on Aprio include The Mutual Fire Insurance Company of BC, Pro-Demnity Insurance, and Carleton-Fundy Mutual Insurance Company.

For more on how regulated financial services boards run on the platform, see Aprio’s board portal for financial services, or book a demo.

Ready to upgrade your board management?

Let’s talk about what’s not working with your current setup and see if Aprio can help.
Board Management Software
Features Why Aprio Industries Pricing About News Start a Conversation
Resources Careers Support Contact

See how Aprio compares on pricing, security & support

Get a Custom Pricing Comparison

Before you go…

Get a personalized comparison of Aprio vs. your current board portal — including real pricing data, migration timeline, and security audit results.

Request Your Free Comparison
Platform Guides: Board Directors | Board Managers | Corporate Secretaries | IT Security | Portal Efficiency | Materials | Meeting Minutes | Security | Evaluating Software | ROI Calculator