Business Conduct

​The role of Business Conduct Compliance staff is to monitor IIROC-regulated firms to ensure they implement policies, procedures and appropriate controls in compliance with all non-financial regulatory requirements, including those of IIROC, provincial securities acts and federal legislation such as the Proceeds of Crime (Money Laundering) and Terrorist Financing Act 2001.

Risk Assessment Model

The Business Conduct Risk Assessment Model is a risk management tool designed to identify, define, assess and “weigh” risks in respect to IIROC-regulated firms to determine priority focus in the Business Conduct examination cycle.

The model shows the comparable risk assessed for each regulated firm relative to all other firms and relative to other firms in a peer group. The objective of Business Conduct Compliance’s Risk Assessment Model is to identify Dealer Members having a higher than average or lower than average indication of risk in their business models. With this information, IIROC further ensures that its regulatory focus is placed on higher risk firms.

The model identifies three risk types, six risk categories and seventeen specific risks. Each specific risk is assessed and weighted to determine a business risk score for each firm.

The model then calculates the risk control score by identifying two risk control categories and seven specific risk controls. Each specific risk control is assessed and weighted. Risk control is the method the firm uses to mitigate or reduce its business risk. The higher the risk control score, the higher the quality of overall risk control in that category.

To assess financial and compliance risk, IIROC staff weigh various kinds of risk alongside the controls that firms use to manage that risk. In summary, the formula for the FinOps risk assessment model is as follows: 

Residual Risk Score = Business Risk Score - [40% of Risk Control Score]

  1. Business Risk Weightings: Each risk type is assigned a fixed weighting to differentiate the level of its importance in the model; Inherent Risks have an aggregate weigthing of 76% and Internal Factors have an aggregate weighting of 24%.

  2. Residual Risk Rating: IIROC can assess a firm’s financial operations and compliance residual risk as low, moderate-low, moderate-high or high, compared to other dealer firms.

Several factors are considered when we assess a dealer firm’s business conduct risk.

View a diagram of the assessment structure.


arrowback to top



United Nations Reporting system

IIROC’s business conduct compliance operations provide resources to help dealer member firms fulfil their requirements under certain United Nations regulations and resolutions. These include forms, databases, links to reporting systems or instructions.

Report under section 83.11 of the Criminal Code and under section 7 of the United Nations Suppression of Terrorism Regulation.

Report under subsection 11(2) of the Regulations Implementing the United Nations Resolution on the Democratic People's Republic of Korea, or subsection 8(2) of the Regulations Implementing the United Nations Resolution on Iran, or subsection 6(2) of the Special Economic Measures (Venezuela) Regulations or subsection 7(1) of the Justice for Victims of Corrupt Foreign Officials Act.

Step 1 - On or before the 15th day of the month; Read Instructions

  • 83.11 Instructions

  • 11(2) Instructions

Step 2 - Check your accounts against OSFI's lists

  • 83.11 Lists

  • 11(2) Lists

Step 3 - Log in to the UN Reporting System.

  • Access the UN Reporting System

  • Use the Nil Form if you have verified that you have no accounts to declare.

  • Use the Positive Form if you have accounts to declare.

Note: If you need information or help with any of these procedures, please contact [email protected].


arrowback to top



Reviews and Examinations

Staff conduct regular reviews and on-site examinations of investment dealers, focusing on issues such as suitability, client account supervision and due diligence, corporate finance and research, employee activities and internal controls.

Providing best practice guidance on the application of IIROC rules is also part of Business Conduct Compliance’s work, as well as providing feedback on policy development to the Policy Department.

The department, which has staff in all IIROC regional offices, performs regular reviews and onsite examinations of specific issues to ensure firms are in compliance with key and emerging issues. Business Conduct Compliance examinations focus on issues ranging from suitability of investments, account opening documentation, to the supervision of advisors, branches and staff, and employee activities such as personal trading and outside business activities. They also examine the firm’s supervision and internal compliance testing on all these activities.


arrowback to top


       tool bar