Components

 Risk Type  Risk Category  Specific Risk
1. Inherent 1. Business activity
2. Strategic management
3. Financial soundness/results		 1. Lines of business or financial products
2. Strategic decisions
3. Strategic business alliances
4. Reorganization
5. Quantitative Comparison
6. Pending litigation
2. External Factors 4. Operating environment 7. Economic and political environment
8. Capital market volatility
9. Corporate structure
3. Internal Factors 5. Quality of management and staff
6. Adequacy of changes of systems
7. Adequacy of operational procedures		 10. Knowledge and experience
11. Turnover
12. Adequacy of resources
13. Key person reliance
14. Technology effectiveness
15. Technology availability
16. Technology integrity
17. Information systems
18. Process and data integrity
19. Financial reporting
20. Third party

 

 Risk Control Category  Specific Risk Category
1. Board, management and staff 1. Corporate governance effectiveness
2. Management and staff culture
2. Risk management and control 3. Risk management framework
4. Existence and quality of an internal audit function
5. Timeliness and accuracy of security segregation
6. Quality of internal controls

Adequacy of changes in systems
This risk arises from the Dealer Member firm’s reliance on computer and information systems in its daily operations. It represents the risk that those application and information systems are; inadequate in meeting business needs, unreliable or does not fulfill its goals, and/or unavailable to adequately support operations.

Adequacy of operational procedures
The risk of not having formal and effective policies, procedures, and practices that ensure the effectiveness of processes, accurate and complete financial and management reporting, business continuity, etc.

Adequacy of resources
The risk of not having sufficient management and staff to ensure operating procedures and risk management practices are effectively carried out.

Board, management and staff
The risk that the governance structure and process, as well as culture or values held by the board of directors, management and staff of the Dealer Member firm, are not aligned with effective risk management.

Business activity
The risk that arises from the nature of the Dealer Member firm’s business activity. It relates to the inherent business exposure associated with providing a particular product or service, taking into consideration the type and complexity of the business.

Capital market volatility
The risk that volatility in the capital markets will adversely affect the performance of the Dealer Member firm.

Consideration should be given to the:

  • liquidity of the markets
  • size, tenor and complexity of open positions
  • stability of trading revenues
  • output of internal models of sensitivity to risk factors
  • vulnerability under various scenarios and environments (modelling and stress-testing)
  • ability to close or exit positions at a reasonable cost and in a reasonable timeframe

Corporate governance effectiveness
The risk that the governance structure and process is ineffective in ensuring effective corporate governance, including the timely, proactive flow of relevant (risk) information to all key stakeholders and the "tone at the top".

Corporate governance is the process which guides the business affairs of the Dealer Member.  It is a set of relationships amongst the Dealer Member’s management, board of directors, shareholders and stakeholders (including its regulator, IIROC) and a means to attain corporate objectives and monitor performance.

Effective corporate governance at a Dealer Member may be evidenced by a combination of the following characteristics:

  • Sufficient number of qualified directors on the board based on size of firm.
  • Appropriate ratio of the number of independent (‘outside’) directors to affiliated directors.
  • Separation of board chair and Chief Executive Officer.
  • Board appoints senior management team and determines their compensation.
  • Frequent (i.e. monthly) board meetings with documented agenda, minutes, resolutions and voting.
  • Existence of board committees (i.e. executive, audit and finance, human resources, compensation, and risk management) and that committee composition include members with subject matter expertise.
  • Board oversees corporate compliance program by reviewing regular reports on compliance with regulatory rules, adequacy of internal controls and risk management.
  • Board approves corporate strategic plan and monitors performance.

Owner/managed Dealer Members may also evidence effective corporate governance by:

  • Demonstrating their direct involvement in identifying and in monitoring the principal risks faced by the firm.
  • Establishing, maintaining, and monitoring a compliance program that identifies and addresses material risks of non-compliance.
  • In the absence of adequate segregation of duties, direct involvement in the daily supervision of the financial, trading and compliance functions of the firm.
  • Existence of a written annual strategic plan of the firm and documented regular performance monitoring.
  • Appointing outside directors (where practical).

Corporate structure
The risk associated with the complexity of the Dealer Member firm’s corporate structure. Specifically the risk relates to the extent to which the group as a whole has the opportunity to engage in inappropriate related party transactions.

Consideration should be given to the nature and rationale for the structure, the degree of wider group control and influence on directing business activity; relationships and pressures that might adversely affect profit retention, the frequency, size and nature of related party transactions as well as the influence of other regulatory regimes on the activities of the group.

Economic and political environment
The risk that economic and political changes in the global, national or regional environment will adversely impact the industry sector(s) and specifically the potential performance of the Dealer Member firm.

Consideration is given to the strengths, weaknesses and volatility/changes of the economic and political environment in the Dealer Member firm’s geographic location, and external risks or other systemic issues prevailing in the various geographic locations.

Existence and quality of an internal audit function
The risk of not having an internal audit function, which is independent and capable in performing objective quality assurance and consulting activities, designed to add value and improve the Dealer Member firm’s operations.

The risk is impacted by the internal audit function’s ability to systematically evaluate and help improve the effectiveness of risk management, control, and corporate governance processes of the Dealer Member firm.

External factors
Relates to the Dealer Member firm’s strategic fit with its external environment and effectiveness in responding to external influences.

Financial reporting
The risk associated with not maintaining a reliable financial reporting infrastructure that supports accurately determining and effectively disseminating financial information, including information on capital positions, in a timely manner.

Financial soundness/results
The risk that the Dealer Member firm is unable to maintain ongoing financial viability for the protection of client assets.

Information systems
The risk that information systems are not adequately developed, tested or implemented based on user requirements, resulting in operating errors and/or inefficiencies.

The risk is impacted by the amount of system change, the complexity of the system and extent of integration of the new system into the existing environment.

Inherent risk
The pure risk that is intrinsic to the specific business of the Dealer Member firm, without considering the impact of any related internal controls, established policies and procedures, or risk management practices.

Internal factors
Relate to the Dealer Member firm’s ability to operate effectively and efficiently based on its resources and processes.

Key person reliance
The risk associated with heavily relying on only one person in a key position or function.

The availability of back-up for the position, effectiveness of succession planning and/or the adequacy of cross-training provided to other individuals, impact the risk.

Knowledge and experience
The risk of management and staff not having adequate knowledge and experience to carry out their responsibilities effectively.

Consider the quality and depth of recruitment, and training and development policies and practices, the qualifications, expertise and attributes of management and staff.

Lines of business and financial products
The risk associated with the intrinsic nature of the lines of business in which the Dealer Member firm is engaged.

The risk is impacted by the diversity and complexity of the lines of business (including the extent to which judgements and assumptions are integral to the business operations), the nature of the customer base (retail vs. institutional), as well as the types of client accounts maintained by the Dealer Member firm (cash vs. margin vs. trust accounts).

The risk associated with the intrinsic nature of the financial products offered by the Dealer Member firm.

The risk is impacted by the diversity and complexity of financial products offered, location and depth of markets, volume of transactions, as well as whether the Dealer Member firm is acting as an agent or principal.

Management and staff culture
The risk that management culture does not foster and promote an environment of adherence to financial & operations compliance and control consciousness. The risk is impacted by the appetite for risk, the level of ethical and moral values displayed, and the professional conduct of management and staff on the whole.

Consider the attitude towards controls and drivers of the control process, attitude towards supervision and relationship with regulators, willingness and ability to keep abreast of current issues and concerns.

Operating environment
The risk that external factors impact the Dealer Member firm’s status quo resulting in the need to respond to such changes in the operating environment.

Pending litigation
The risk associated with adverse outcome of pending litigation against the Dealer Member firm, especially for amounts not already provided for, as well as negative reputational effect.

Process and data integrity
The risk of failing to completely and accurately process and account for transactions due to inaccurate data or process failure (including information flow, decision making processes, etc.).

The focus is particularly on transactions that impact cash, securities and client accounts.

Quality of management and staff
The risk of not having the right people with the appropriate skills and attributes in the right jobs to operate effectively.

Quantitative comparison with other Dealer Member firms
The risk that the Dealer Member is unable to maintain a sufficient and/or relatively stable level of risk adjusted capital to ensure solvency.

The risk that the Dealer Member is unable to maintain an adequate and/or relatively stable level of profit.

Dealer Member firms are ranked from highest to lowest on the following quantitative factors obtained from Monthly Financial Reports based on a twelve month period.

  1. Total Equity - 12 month average of the Total Financial Statement Capital as reported on Statement A, Line 73.
  2. Total Revenue - 12 month average of the Total Revenue as reported on Statement E, Line 17.
  3. Return On Equity (ROE) - 12 month average of Total Profit/Loss as reported on Statement E, Line 23, less Interest on subordinated debt as reported on Statement E, Line 24 divided by Total Equity.
  4. Return On Assets (ROA) - 12 month average of Total Profit/Loss as reported on Statement E, Line 23 less Interest on subordinated debt as reported on Statement E, Line 24 divided by the 12 month average of Total Assets as reported on Statement A, Line 30.
  5. Liquidity - 12 month average of Total Liquid Assets as reported on Statement A, Line 13 divided by the 12 month average of Total Assets as reported on Statement A, Line 30.
  6. Level of Early Warning Reserve - 12 month average of Total Early Warning Reserve as reported on Statement C, Line 5 divided by the 12 month average of Total Net Allowable Assets as reported on Statement B, Line 3.
  7. Volatility of Early Warning Reserve - 12 month average of Total Margin Required as reported on Statement B, Line 22 divided by the 12 month average of Total Net Allowable Assets as reported on Statement B, Line 3.

Reorganization
The risk that the Dealer Member firm is unable to identify the need for and effectively implement, corporate, lines of business, or business unit reorganization(s) to enable the achievement of optimal results based on the strategic direction established by the Dealer Member.

The risk is also impacted by any recent changes in ownership.

Quality of Internal Controls
The risk associated with poorly designed or implemented internal controls.

Consider the adequacy of documented internal control policies and procedures; extent of management monitoring and supervision, segregation of duties, the maintenance of effective reconciliation processes relating to external parties, information generated from information systems, as well as on control/suspense accounts.

Risk management and control
The risk that risk management practices and internal controls of the Dealer Member firm are not effective due to inadequate/inappropriate design and/or ineffective execution, thus affecting the reliability of reported financial information and/or the safeguarding of assets.

Risk management framework
The risk that the Dealer Member firm does not have an effective method to identify, prioritize, assess, monitor and manage the risks that it faces.

Consider the existence of documented inventory of risks/risk frameworks, risk management strategy and policies, as well as evidence of effective risk management being in place.

Strategic business alliances
The risk that the Dealer Member firm is unable to identify the need for strategic business alliances, select an appropriate business partner, effectively implement the integration of operations and/or the failure to achieve synergy in operations, based on the strategic direction established by the Member.

Strategic decisions
The risk that the business strategy adopted by the Dealer Member firm is sub-optimal.

Consideration should be given to the Dealer Member firm’s ability to identify the need for change, and the frequency of changes to strategic direction.

Strategic management
The risk that the Dealer Member firm does not have an effective method for identifying the appropriate strategy to change its business/operations, effectively converting the strategy into a business plan, and/or implementing the planned changes seamlessly.

Technology availability
The risk that currently installed operational technology is not available due to system or software outage. This risk includes system unavailability due to insufficient processing capacity for volume being handled.

This risk may be due to technical failure, virus attacks, shutdown due to hacking or other external circumstances, and is compounded with inadequate system backup and/or ineffective disaster recovery procedures.

Technology effectiveness
The risk that systems and technology functionality are inadequate to meet business needs, or that technology and communications hardware and software are not adequate in meeting user requirements and impact data processing and effective operation.

This risk is higher if there is frequent and/or major system development or change projects.

Technology integrity
The risk of unauthorized access to hardware, software, communication systems, data storage systems or data resulting in intentional or unintentional record tampering and/or loss of sensitive information.

Third party
The risk associated with holding customers’ securities.

Timeliness and accuracy of security segregation
The risk of not properly calculating customer securities to be segregated.

The risk of not segregating securities on a timely basis.

Turnover
The risk associated with human resource volatility, including the change in key management and staff, organization and reporting line restructuring and/or downsizing.

Consider the rate and level of turnover and the factors that precipitated the turnover.