Contact:
We are pleased to present IIROC’s annual Compliance Priorities Report for 2018/2019. This report highlights current issues and challenges that Dealer Members (dealers) should address to improve investor protection and foster market integrity. Together with our guidance notes, day-to-day contact, annual compliance conferences and other forums, this report helps dealers focus their supervision and risk-management efforts to comply with our regulatory requirements in a way that is appropriate for their unique business models.
IIROC uses models to assess each dealer’s risk and to inform the frequency and content of our compliance examinations1 . This allows us to focus on dealers and business activities that present the highest risk. In FY17, we conducted a comprehensive review of the Business Conduct Compliance, Trading Conduct Compliance, and Financial and Operations Compliance risk models. The goal was to ensure the models remain current and achieve their intended predictive purpose. As a result of this review, we have implemented changes to the models, and added measures that consider each dealer’s potential impact to market integrity and investor protection. We will consider both the risk and impact of each dealer to determine how often we will examine them. We will be releasing a web video to provide further details about the structure and operation of the models.
We also continue to improve our examination programs to enhance our risk-based approach. Among other things, we are strengthening our planning process, refining our exam modules, focusing on dealers’ corporate governance and enhancing our examiners’ training.
IIROC has received interest from current and prospective dealers about digital assets. We are working closely with the Canadian Securities Administrators (CSA) to develop an appropriate regulatory framework for this growing market that addresses both market integrity and investor protection concerns.
Among IIROC’s continuing priorities is our commitment to help dealers with their cybersecurity preparedness. In November 2018, we sent our second cybersecurity self-assessment survey to all dealers. Once we compile and review the results, we will respond with initiatives that help dealers further enhance their cybersecurity resilience.
We continue to focus on dealers that fail to address significant compliance findings and/or fail to demonstrate a commitment to a strong compliance culture. IIROC may impose terms and conditions on dealers to ensure continuing compliance with its requirements under Section 9208 of IIROC’s Consolidated Enforcement, Examination and Approval Rules (the Consolidated Rules). We will continue to consider using this regulatory measure and recommend terms and conditions on dealers where we consider it appropriate.
Cybersecurity threat is a business risk for all IIROC dealers regardless of size and complexity. Each dealer must have appropriate controls in place to safeguard customer information that is under its custody and control.
As part of our ongoing commitment to support the cybersecurity resiliency of dealers, IIROC organized tabletop exercises in Toronto and Calgary in 2018 for small and mid-sized dealers facilitated by consultants from Juno Risk Management. At these sessions, we simulated three scenarios. Together, the learnings from these scenarios highlighted:
In November 2018, we sent a second self‐assessment survey to all dealers. The results will help us assess whether the recent tabletop exercise and other IIROC initiatives have helped dealers strengthen their cybersecurity resilience.
IIROC issued regulatory guidance for dealers that provide recordkeeping and custody services on behalf of clients of PM Registrants2 . This guidance complements CSA Staff Notice 31-347, “Guidance for Portfolio Managers with Service Arrangements with Dealer Members”.
Compliance with this guidance will be an examination priority in 2019. Dealers should pay specific attention to the following minimum requirements:
In 2018, we made changes to our risk-based approach to conducting dealer examinations. When a dealer has in place an operationally mature, enterprise-wide risk-management framework, we focus on how the dealer identifies, mitigates and manages the risks associated with their financial and operational activities in compliance with IIROC rules. This approach is consistent with domestic and international banking regulatory authorities and was launched by FinOps in 2017-18 at all the large integrated dealer subsidiaries of Canadian federally regulated financial institutions.
The enforceability of customer account guarantees has been a central issue in the events leading up to some past insolvencies. Recent litigation by bankruptcy trustees resulting from the collapse of a dealer also demonstrates the need to review and strengthen certain aspects of how guarantees are used to support the capital position of dealers.
To that end, our exams are focusing on:
We implemented changes to the supervision of trading requirements on March 27, 20183 .
We encourage dealers to apply a principles-based approach that addresses the specific risks associated with their business models and trading activity. Dealers should assess and document the risks associated with their trading-related activities to determine where their compliance and supervisory efforts should be focused. A dealer may rely on an existing enterprise risk management program if the program includes its trading-related activities.
During our review, we will look at the assessments to ensure that the risks have been identified and the dealer’s policies and procedures address those risks.
While in certain circumstances dealers may authorize a third party to perform a specific risk management or supervisory control or activity, we continue to identify authorizations that do not comply with IIROC’s requirement. We remind dealers that a written agreement must be in place for each risk-management or supervisory control before authorizing a third party to perform the control. At least annually, the dealer must confirm that the terms of the agreement continue to be met. We note that the dealer retains full responsibility for the control or supervisory activity despite having authorized its performance by a third party.
We introduced changes to best execution requirements on January 2, 2018. We will focus our reviews on the efforts undertaken by dealers to address the changes in the requirements.
Our areas of focus include:
We expect non-executing dealers to have an informed understanding of how their executing dealer achieves best execution and how the approach taken will reasonably achieve best execution for their clients.
We continue to see issues with dealers’ electronic trading controls required under the electronic trading rules. Specifically, we continue to see:
We will continue to focus on a dealer’s risk controls and whether the limits are set appropriately for their firm and clients.
IIROC considers any trade printed on a marketplace that does not result in a change in beneficial or economic ownership to be a wash trade. We understand that in an automated electronic trading environment some wash trading with non-manipulative or deceptive intent may occur. However we expect each dealer to:
Each dealer must report any trade not cancelled by the marketplace through a gatekeeper report. The dealer can file a gatekeeper report on a monthly basis listing all wash trades not cancelled on a marketplace during that month.
BCC continues to focus on compensation-related conflicts of interest. In April 2017, IIROC published guidance that outlines the findings of our review of compensation-related conflicts at dealers4 . The review identified significant deficiencies in a number of areas, including:
To strengthen our effectiveness in examining compensation-related conflict management, BCC developed and implemented a dedicated conflict-of-interest test module, which includes testing for:
We implemented this module over the last year and the most common finding to date is that many firms have not implemented an effective process for identifying and managing compensation-related conflicts. IIROC requires that dealers maintain policies and procedures to identify and manage all real and potential material conflicts of interest.
In the coming year, BCC will continue to strengthen the effectiveness of our examination process by collecting data related to conflict-of-interest findings and assessing it for:
BCC examiners will also focus on more complex conflicts including:
BCC has developed a testing module for automated/online-advice services offered directly to clients by IIROC dealers. The module examines a number of different risk factors that are relevant in the context of online advice, including the:
BCC will also continue to enhance its testing to address a growing number of business models involving strategic alliances, referral arrangements, and automated advice tools used by advisors.
In April 2018, we published guidance that sets out IIROC’s expectations and the regulatory requirements applicable to all OEO firms5 . The guidance discusses the scope of tools, services, activities and information that we consider consistent with the OEO regulatory framework in the areas of:
Whether or not a particular tool is appropriate under the OEO regulatory framework depends on the relevant facts and circumstances. We have enhanced BCC test processes to consider the different factors outlined in the guidance to determine whether any particular tool is acceptable or not. We encourage OEO firms to contact their IIROC BCC manager with any questions.
We continue to see filing deficiencies as highlighted in past Compliance Priorities Reports, including:
We plan to deliver training in early 2019 to dealers with repeat deficiencies. The Authorized Firm Representatives (AFRs) and Chief Compliance Officers (CCOs) of these dealers will be required to attend a training session with our Registration team to ensure they understand their obligations. We will review basic registration functions, as well as issues specific to the dealer, to ensure that our expectations are clear and to outline the consequences of future non-compliance.
Once we have met with a dealer, we will take a strict approach to compliance with our requirements and may take any or all of the following steps:
We will provide the same training to other dealers upon request. As this includes a review of basic registration functions, IIROC will also provide it to new dealers, either during the new membership process or shortly thereafter.
Dealers must make reasonable efforts to provide true and complete information in their Notice of Termination (NOT) filings. The dealer must carefully consider the questions contained in the NOT and accurately state the reason(s) for the cessation/termination of employment. The cessation date should reflect the day on which the individual ceases to have authority to act as a registered individual with the dealer. The dealer must consider whether it still has the appropriate number and category of Approved Persons to carry out its activities where the NOT relates to a dealer’s only Registered Representative (RR), Investment Representative (IR) or Supervisor. We expect dealers to notify us immediately in cases where they are planning to terminate their only RR, IR or Supervisor, or that individual has advised they will resign.
Approved Persons must disclose their Outside Business Activities (OBAs) under item 10 of Form 33-109F4 (Form 4) within 10 days of starting the activity. Also, before engaging in the OBA, RRs and IRs must disclose and obtain approval from their dealer, under IIROC Dealer Member Rule 18.14(c).
Dealers should require Approved Persons to provide periodic attestations regarding OBAs and to notify them of any material change to their OBAs.
Dealers must provide sufficient detail when describing an OBA and must address the potential for conflicts of interest or client confusion that may arise in the specific case (instead of providing “boilerplate” disclosure). If the dealer determines an OBA does not result in any conflicts of interest or client confusion, the dealer must outline their reasons for this conclusion.
OSC Staff Notice 33-749 recently stated that activities such as coaching recreational or “house league” sports do not generally require reporting. IIROC shares this view and agrees that these activities do not amount to a position of influence. Guidance about what is a reportable OBA is available in the Companion Policy to NI 31-103, in previously published IIROC guidance6 , and CSA Staff Notice 31-326 - Outside Business Activities.
Approved Persons must disclose material changes concerning the following disclosures, within 10 days of the change:
Dealers should file supporting documentation with a material change notice, rather than wait for IIROC to request this information. These delays affect our ability to conduct a “fit and proper” review and can be misleading to clients.
We continue to see applications for approval that are missing financial disclosure, criminal disclosure and regulatory reporting of disciplinary actions, including those levied by other licensing agencies (e.g. insurance). IIROC shares the views contained in CSA Staff Notice 33-320 - The Requirement for True and Complete Applications for Registration - that a false or misleading application is a serious regulatory issue.
Dealers need to ensure their applicants and Approved Persons understand the questions in Form 4 in order to provide accurate and complete information when submitting filings. Individuals must also ensure they have an opportunity to discuss the questions in Form 4 with the dealer to ensure they respond to questions correctly. Carelessness or misunderstandings are not satisfactory explanations for non-disclosure.
We continue to receive deficient exemption applications for Portfolio Management. Dealers should review the email sent to all CCOs on December 4, 2017 before submitting an application. This approval category has the most onerous proficiency requirements because of the discretion the position affords. Individuals who seek an exemption must demonstrate a high level of experience that is clearly relevant to discretionary portfolio management activities.
Individuals seeking approval in this category may either (a) meet IIROC’s current requirements under Dealer Member Rule 2900, Part I. A. 6, or (b) seek exemptive relief from Dealer Member Rule 2900, Part I. A. 6, on the basis that they have both:
We also remind dealers that IIROC has arranged a 50% enrolment price discount for certain people rewriting courses within 10 years of previously writing them. For more information, please visit the applicable course enrolment page at www.csi.ca.
Approved Persons and dealers must be aware of their post-licensing requirements. IIROC automatically suspends anyone who does not complete the requirements within the relevant time period.
RRs must complete the Canadian Securities Course, Conduct and Practices Handbook Course and 90-Day Training Program to be eligible for approval. They have 30 months after approval to complete the Wealth Management Essentials course. If incomplete, dealers should be aware that suspension is automatic under Dealer Member Rule 18.4. Similarly, Supervisors have 18 months to attend the Effective Management Seminar. RRs and Supervisors should schedule attendance at a seminar well in advance of the expiration of 18 months. This is particularly critical for dealers that do not have other Supervisors to cover the functions of a suspended Supervisor. If incomplete, dealers should be aware that suspension is automatic under Dealer Member Rule 38.3(b).
Our view is that RRs and Supervisors have adequate time to complete these requirements and that dealers have more than enough time to ensure that they do so. However, we receive an unacceptable number of applications for extensions without compelling reasons. We are unlikely to grant extensions unless there are extreme extenuating circumstances. We will not grant extensions simply because a dealer does not have another Supervisor to assume the functions.
In February 2018, we issued guidance requesting that dealers provide IIROC a list of individuals approved as designated Supervisors7 . We used this data to update CE requirements in IIROC Services. This information was due to IIROC by March 31, 2018.
To date, we have not received lists from all dealers. Any firms that have not provided this information should review the Notice, which outlines our expectations on this matter.
We remind Dealer Members that they must comply with IIROC notice and approval requirements, including allowing enough time for staff review and District Council approval, as applicable, in advance of a transaction, particularly for significant equity interests in a Dealer Member and new related or associated companies.
MFDA and IIROC have consolidated
As of January 1, 2023 the MFDA and IIROC have come together as New Self-Regulatory Organization of Canada (New SRO).
New SRO has assumed the regulatory responsibilities of the MFDA and IIROC.
We have set up an interim website for updates and information related to the New SRO including:
Enforcement proceedings, membership lists, continuing education, investor education resources and any other information not set out above continue to reside on www.mfda.ca and www.iiroc.ca.