Product Due Diligence and Know-Your-Product

Type: Rules Notice> Guidance Note
Rule connection:
Distribute internally to:
Legal and Compliance
Senior Management


Business Conduct Compliance
Member Regulation Policy

Executive Summary

Effective Date: December 31, 2021

We are publishing guidance on product due diligence and Know-Your-Product (KYP) to outline our expectations regarding Dealer Member (Dealer) compliance with IIROC Rule 33001 , Product Due Diligence and Know-Your-Product.

  • 1In this Guidance, all rule references are to the IIROC Rules unless otherwise specified.
Table of contents
  1. Product due diligence


  1. What is product due diligence?

Section 3301 of the IIROC Rules sets out the requirement for Dealers to conduct due diligence on all securities2  they make available to clients (product due diligence). More specifically, Dealers must:

  • assess all the relevant aspects of the securities made available to clients including their:
    • structure,
    • features,
    • risks,
    • initial and ongoing costs, and
    • impact of those costs,  
  • approve all securities made available to clients, and
  • monitor all approved securities for significant changes.

By conducting product due diligence, Dealers can identify securities that should be made available to only certain classes of clients, or in certain cases, not be made available to any client. For example, where a Dealer determines that a particular security has complex or unique features making it difficult to fully understand, the Dealer may conclude that the security should not be made available to a certain class or subset of retail clients3 . Examples of such securities include, but are not limited to, the following:

  • leveraged and inverse exchange-traded funds,
  • principal-protected notes,
  • asset-backed securities, and
  • other debt-structured derivatives.

Instead, the Dealer may identify less risky, complex, or costly alternatives that offer similar benefits to its retail clients.

  1. How does a Dealer make securities available to clients? 

A Dealer makes a security available to clients by:

  • placing it on the Dealer’s product shelf,
  • purchasing it for a client,
  • recommending it to a client, or
  • advertising or promoting it in any medium, including distributing marketing material about the security to the client.
  1. How is product due diligence different from underwriting due diligence?

Product due diligence and underwriting due diligence serve different purposes. Underwriting due diligence deals primarily with disclosure. For example, in a public offering of securities, it is the process by which an underwriter:

  • takes reasonable steps to ensure that all prescribed information is included in the prospectus,
  • investigates the information provided by the issuer for inclusion in the prospectus, and
  • verifies key material facts, ensuring that a prospectus contains full, true and plain disclosure of all material facts relating to the securities being offered.

In contrast, product due diligence is focused on ensuring that the products a Dealer makes available are appropriate, or suitable, for its client base. For more information on underwriting due diligence, please consult Notice 14-0299.

  1. Is the product due diligence responsibility the same for all types of business models?

Dealers may tailor their product due diligence process based on:

  • business model,
  • types of securities offered,
  • proficiency of registered individuals, and
  • the nature of the relationship with clients.

For example, the factors considered as part of the product due diligence required may differ between order execution only (OEO) accounts and advisory accounts. This is because, unlike an advisory account, clients who have an OEO account do not receive the benefits of a suitability determination, nor do they have a Registered Representative to provide them with advice. At a minimum, the product due diligence obligation for OEO accounts will include a determination regarding whether certain products should be made available for any clients. There are various reasons for excluding certain securities, such as a lack of information available for investors to assess the security, and also significant conflicts of interest associated with the governance of certain products. In extreme cases a product may be suspected to be of a fraudulent nature. These baseline considerations do not entail a suitability obligation for individual clients.

  1. Is the product due diligence responsibility the same for all types of securities?

Dealers may use a risk-based approach to assess and approve securities. Dealers’ policies and procedures may set out different levels of assessment, approval and monitoring for different types of securities, as appropriate.

A security-by-security assessment is not expected in all circumstances. Dealers may consider a less extensive product due diligence process for less complex and less risky types of securities, such as publicly traded common shares. Complex and risky securities may warrant a more extensive product due diligence process. Typically, complex and risky securities include those that have one or more of the following characteristics:

  • new to the Canadian marketplace or to the Dealer,
  • not transparent in structure, involve leverage, options or other derivatives,
  • raise unique legal, funding, accounting, taxation, regulatory or compliance risks,
  • have new or different market, liquidity or counterparty risks.

Dealers may want to consider a more extensive product due diligence process for securities sold under a prospectus exemption because they are typically less liquid and there is limited disclosure available about them. 

However, Dealers should not assume that little or no review is necessary if a security is similar to one already in the marketplace, or on the Dealer’s product shelf.

  1. What product due diligence is required for transfers-in and client-directed trades?

Generally, Dealers are not required to approve securities that are transferred-in or held as a result of a client-directed trade if they do not otherwise make those securities available to clients. They, however, must take reasonable steps to assess those securities; the depth of such assessment may vary depending on the nature of the securities, the client’s circumstances and investment objectives, and the relationship between the client and the Dealer.

Approved Persons must have an understanding of all securities held in a client’s account, including those that are held as a result of a transfer-in or a client-directed trade, in order to fulfill their suitability determination obligations in Rule 3400, including with regards to a recommendation to continue to hold or reduce the securities. Approved Persons must therefore take reasonable steps to assess and understand those securities transferred into the Dealer from another Dealer or registrant, as well as those that are a result of a client-directed trade, within a reasonable time after the transfer or trade.

  1. Can Dealers rely on related-party and third-party assessments?


  1. Related-party assessment

If a Dealer’s parent or affiliate4  assesses new securities that the Dealer will put on its shelf, we expect that Dealer to participate in the parent or affiliate’s assessment process or have its own separate assessment process. We also expect that Dealer to decide on matters such as marketing materials and Approved Person training.

When making securities of related and connected issuers available to clients, Dealers must identify, avoid or otherwise address existing, and reasonably foreseeable, material conflicts of interest, as required by our conflict of interest requirements5 .

  1. Third-party assessment

We recommend Dealers exercise caution when relying on disclosure prepared by an issuer or an “independent” report prepared by a third-party which may have been commissioned by the issuer.

Where a Dealer distributes a security based on a third-party report that includes the following types of claims about the security:

  • rating of the security,
  • comparison of the security with other issuers’ securities, or
  • describes an exempt market security as “investment grade”,

the Dealer should perform its own product assessment to ensure that the report is fair, balanced and not misleading.

Third-party information can be a key component of a Dealer’s product due diligence process, but the Dealer should also conduct its own product analysis. The Dealer should base the extent of that additional analysis on their assessment of the reliability, objectivity and completeness of the third-party information.

  1. Sub-advisor reliance on other registrants

We do not expect a duplication of the product due diligence review, approval and monitoring processes where multiple registrants are involved with securities such as:

  • investment funds,
  • fund of fund structures, and
  • model portfolios, or other securities where sub-advisors have been engaged.

We expect that Dealers will comply with their product due diligence obligations as they relate to the securities involved at the level they are making them available to clients. For example, Dealers that make funds or model portfolios available to their clients should assess and understand:

  • how the funds and model portfolios are composed,
  • their features and risks, and
  • whom they would be suitable for.
  1. Effective product due diligence


  1. Maintain written policies and procedures for conducting product due diligence

We expect a Dealer’s product due diligence procedures to describe all aspects of the process including:

  • defining a new security,
  • the level and depth of assessment required,
  • the type of information to be collected, and
  • who is responsible for assessing the security.
  1. Monitor and review significant changes to previously approved products

As set out in clause 3301(1)(iii), a Dealer’s product due diligence process must include appropriate monitoring for significant changes to securities that have been approved by the Dealer and continue to be made available to clients. For example, we would consider a modification to a security that may impact the Dealer’s assessment of that security to be a significant change.

While a change in the overall market or economic conditions may affect a Dealer’s or an Approved Person’s assessment of a security, we generally would not consider it a change requiring reassessment of individual securities. However, a change in market conditions that affects only a particular security, or sector, or new information regarding a particular security or sector, may require a reassessment of the affected securities. 

A Dealer’s monitoring process may vary depending on the Dealer’s business model and the type or complexity of securities.

  1. What are the components of an effective product due diligence process?

We consider the following to be components of an effective product due diligence process:

  • A documented approval process, standardized for all securities, or alternatively for various defined categories of securities.
  • A preliminary assessment by qualified staff to determine whether the proposed security is a new security or a significant change to an existing security, and the appropriate level of internal review and approval.
  • For complex or novel securities, a detailed and documented review by an appropriately qualified and experienced committee or working group of representatives from all relevant Dealer departments, including compliance, legal, finance, marketing, sales, and operations, that considers the factors in section 1.4 of this Guidance.
  • A formal decision on the security by a new product committee or other authorized group that includes senior staff.
  • If the security is approved, a determination and documentation of the appropriate level of post-approval follow-up, including:
    • monitoring of client complaints and grievances related to the security,
    • reassessment of training needs on a continuing basis,
    • monitoring of compliance with restrictions placed on the sale of the security, and
    • periodic reassessment of the appropriateness of the security.

Dealers should consider these components when assessing their policies and procedures and implement those that work best for them given their size, structure, operations and business model.

  1. What are the key considerations when conducting product due diligence?

In conducting product due diligence, Dealers should ask appropriate questions to be able to determine whether the security should be offered, and identify important features for marketing and training. Dealers should perform due diligence with an open and questioning mind.

Factors that Dealers should consider as part of their product due diligence process include:

  • The reasonable likelihood of a return on investment or benefit for the investor.
  • The investment need(s) or objective(s) the security is designed to fulfill.
  • The type of investor the security is appropriate for.
  • Any potential conflicts of interest between clients and the Dealer or its affiliates and Approved Persons the security may create, including compensation related conflicts of interests. 
  • The specific risks associated with the security.
  • The security’s liquidity and complexity.
  • The costs and fees associated with the security.
  • How the security compares to similar securities offered by the Dealer.
  • Any changes to compliance or other systems required to support the security.
  • Whether concentration limits or controls on the use of the security in client portfolios are required.
  • The training required for Approved Persons who trade in, or advise on the security.
  • The parties involved in the security, including, for example, management of the issuer, portfolio manager, product manufacturer or sponsor, guarantors or significant counterparties.

If, following a product due diligence review, the Dealer determines that the security would be:

  • unsuitable or inappropriate for all of its clients, it should not make the security available on its product shelf, or
  • suitable for certain clients, it should conduct any necessary analysis prior to making recommendations to, or accepting orders from, its clients.
  1. PDD Exemptions

The product due diligence requirement set out in section 3301 does not apply to accounts maintained at a Dealer who is a carrying broker for those accounts or who only provides trade execution, clearing, settlement or custody services to another Dealer, portfolio manager, exempt market dealer or their respective clients. The rationale behind this exemption is that, in each of these cases, the Dealer is providing services to another registrant or their clients and the product due diligence requirement is the obligation of, and is conducted by, the other registrant (i.e., Dealer, portfolio manager or exempt market dealer). For a summary of all exemptions, refer to the chart in Appendix A.

  1. Know-your-product


  1. What is KYP?

Section 3302 provides that an Approved Person6  of a Dealer may not purchase, sell or recommend securities for a client unless the Approved Person takes steps to understand the securities (KYP). More specifically, Approved Persons must take steps to understand the securities, including their structure, features and risks, initial and ongoing costs and the impact of those costs, sufficient to enable the Approved Persons to meet their suitability determination and other regulatory obligations.

Also, Approved Persons must ensure that any securities that the Approved Person purchases, sells or recommends for a client have been approved by the Dealer to be made available to clients, pursuant to the Dealer’s product due diligence obligation.

We expect Registered Representatives, Portfolio Managers and Associate Portfolio Managers to understand the terms, features, risks and potential returns of the securities, transactions and trading strategies they recommend, including how:

  • they can assist the client in achieving their investment objective(s), and
  • market volatility could affect potential returns.

KYP is also an extension of each Approved Person’s general duty to deal fairly, honestly and in good faith with their clients7 . It is one of the most fundamental responsibilities owed by Approved Persons to their clients and, along with the KYC and suitability determination obligations, is a cornerstone of our investor protection regime.

  1. What should Approved Persons be doing?


  1. Understand all products an Approved Person purchases, sells or recommends for clients

Approved Persons must conduct KYP for all securities they purchase, sell or recommend for clients.

We do not expect all Approved Persons to be fully proficient in all securities made available by their Dealer. However, an Approved Person should have a general understanding of the securities available on their Dealer’s product shelf to meet its suitability obligation.8   

Under the product due diligence requirement9 , Approved Persons must not purchase for, or recommend securities to, a client unless the Dealer has approved those securities. The fact that a security has been “approved” by the Dealer in fulfilment of the Dealer’s product due diligence obligation does not discharge the Approved Person from KYP. KYP is a separate and distinct obligation on an Approved Person that is in addition to the product due diligence obligation on Dealers.

  1. Securities transferred-in and client-directed trades

Under the KYP requirement, Approved Persons are required to have an understanding of all securities held in a client’s account, including those that are held as a result of a transfer-in or a client-directed trade, in order to make the required suitability determination under Rule 3400.

  1. Explain key product features to your clients

When making a recommendation or accepting an order from a client, Approved Persons should understand and be able to explain to the client the security’s structure, features, risks, initial and ongoing costs and the impact of those costs. For example, the Approved Person should understand and be able to explain, among other things:

  • features – including potential returns, use of leverage, conflicts of interest, investment time horizon, overall complexity of the security,
  • risks – including the possibility that clients may lose some or all of the principal amount invested, liquidity risk, redemption risk, and risks from underlying derivatives or structured products, conflicts of interest risk, and
  • costs – including fees paid to registrants or other parties (commissions, sales charges, trailer fees, management fees, incentive fees, referral fees, embedded fees, executive compensation).
  1. What should Approved Persons not do?

Approved Persons should not recommend a security solely based on:

  • information from issuers or other third parties, including related parties, about the security,
  • similarities with other securities, or
  • recommendations by other market participants or by unregistered persons providing general advice.
  1. What should Dealers do to assist Approved Persons?

Dealers are responsible for ensuring that their Approved Persons understand the securities they purchase, sell or recommend10 . Dealers should use, and share, the information obtained through their product due diligence in carrying out this responsibility. The Dealer’s policies and procedures should outline the training requirements of Approved Persons. Dealers should maintain evidence of the successful completion of this training.

Dealers should create an environment that supports their Approved Persons in learning about the securities on their product shelf. This may include education opportunities such as distributing new security information, security-specific training or regular security-related conference calls.

  1. KYP Exemptions

Generally, the KYP obligation applies to Approved Persons. However, subsection 3303(2) sets out exemptions from the KYP obligation for certain account types, client types or service arrangements.  More specifically, the KYP obligation does not apply in respect to:

  • an OEO account or a direct electronic access account, as clients of such accounts do not have Approved Persons to provide them with advice,11
  • an account maintained at a Dealer who is a carrying broker for that account or who only provides trade execution, clearing, settlement or custody services to another Dealer, portfolio manager, exempt market dealer or their respective clients as, in these cases, the Dealer is only providing operational support services and the KYP obligation resides with another registrant and their Approved Persons12 .

For a summary of all exemptions, refer to the chart in Appendix A.

  1. Applicable rules

IIROC Rules this Guidance Note relates to:

  • Rule 1400
  • Rule 2600
  • Rule 3300
  • Rule 3400
  • Rule 3900
  1. Previous guidance note(s)

This Guidance Note replaces Notice 09-0087- Best practices for product due diligence.

  1. Related documents

This Guidance Note is related to Notice 21-0148 - Client Focused Reforms – IIROC Rule Amendments

  1. Appendixes

Appendix A - Summary of Exemptions 

  • 2We would expect Dealers to apply this guidance to all investment products offered, and not just securities.
  • 3As defined in subsection 1201(2).
  • 4As defined in subsection 1201(2).
  • 5See Rules 3110 -3113.
  • 6As defined in subsection 1201(2).
  • 7See for example, OSC Rule 31-505.
  • 8See Sub-clause 3402(1)(i)(e) of the retail suitability requirements which requires a consideration of a reasonable range of alternative actions.
  • 9See subsection 3301(2).
  • 10See section 2602.
  • 11See clause 3303(2)(i) and (ii).
  • 12See clause 3303(2)(iii).


Core Regulatory Obligations Exemptions Chart

Do the Core Regulatory Obligations apply in the following scenarios?

Scenario: Core Regulatory Obligation:

Account Appropriateness
(Rule 3211)

Account Suitability1  
(Rule 3402(3))

Product Due Diligence (PDD)
(Rule 3301)

Know your product (KYP)
(Rule 3302)

Know your client (KYC)
(Rule 3202)

Portfolio Suitability
(Rule 3402)

(i) Type of Account:  

Order Execution Only Account

(see 3211(2)(i))

(see 3404(1)(i))

Yes No
(see 3303(2)(i))

(see 3208(1)(i))

No (see 3404(1)(i))

Direct Electronic Access Account

 (see 3211(2)(ii))

 (see 3404(1)(ii))

Yes No
(see 3303(2)(ii))

 (see 3208(1)(ii))

No (see 3404(1)(ii))
Advisory Account Yes Yes Yes Yes Yes Yes

Discretionary Account/Managed Account

Yes Yes Yes Yes Yes Yes
(ii) Type of Client:  
All Institutional Clients




Yes Yes

(see 3208(1)(iv))

(see 3404(3)(ii) for potential waiver)

Subcategories of Institutional Clients
(Dealer Member, regulated entity, exempt market dealer, portfolio manager, bank, trust company or insurance company)

(see 3211(3)(ii))

(see 3404(4))

Yes Yes

(see 3208(1)(iv))

(see 3404(3))

(iii) Service Provider8 :  
Carrying Broker No
(see 3211(3)(i))
(see 3404(2))
(see 3303(1))
(see 3303(2)(iii)

(see 3208(1)(iii))

(see 3404(2))

Trade Execution, Clearing, Settlement (e.g., to a PM)

(see 3211(3)(i))
(see 3404(2))
(see 3303(1))
(see 3303(2)(iii)

(see 3208(1)(iii))

(see 3404(2))
Custodian No
(see 3211(3)(i))
(see 3404(2))
(see 3303(1))
(see 3303(2)(iii)

Partially4 (see 3208(1)(iii))

(see 3404(2))
  • 1The Account Appropriateness and Account Suitability obligations mirror each other. However, Account Appropriateness is conducted prior to account opening and Account suitability is an ongoing obligation conducted after the account has been opened.
  • 2 a b Order Execution Only Accounts and Direct Electronic Access Accounts are subject to 3211(1)(i) [that the action [of opening the account with the Dealer] would be appropriate for the person]. However, they are exempt from 3211(1)(ii) [that the scope of products, services and account relationships which the person would have access to within the account are appropriate for the person].
  • 3 a b The applicability of Account Suitability for Order Execution Only Accounts and Direct Electronic Access Accounts tracks the applicability of Account Appropriateness for these account types.
  • 4 a b c d e f Subsection 3208(1) provides an exemption only from the KYC provisions relating to suitability (3202(1)(iii) and 3202(4)). Dealers remain obligated to collect other types of KYC information (e.g., AML/Client ID information, institutional client status, etc.).
  • 5 a b Note that as the account appropriateness determination is conducted prior to account opening, 3211 uses the language “person” rather than “retail client” or “institutional client”.
  • 6 a b c d The Portfolio Suitability and Account Suitability obligations set out in Rule 3402 apply only with respect to “retail clients”. As such, Rule 3402 does not apply to “institutional clients”. However, Rule 3403 sets out the institutional client account and portfolio suitability obligations (and applicable exemptions) with respect to institutional clients.
  • 73208(1)(ii) uses the term “institutional client” and therefore captures all subcategories of institutional clients.
  • 8Service providers are Dealer Members who provide certain back-office services to another Dealer Member, portfolio manager, exempt market dealer or their respective clients.  In these cases, the other Dealer Member, portfolio manager or exempt market dealer is generally responsible for the core regulatory obligations.

Welcome to!

We have a new look! You can find the Canadian Investment Regulatory Organization (CIRO) at with our fresh look and feel.

You can now find new publications published by CIRO since January 1, 2023 on If you are looking for past notices or bulletins published by MFDA or IIROC, you can find those on our legacy websites. Enforcement related content will continue on those websites as well.

You can now find previous Annual Reports and Enforcement Reports on, along with Halts and Resumption, and our ePublications sign up (for all previous MFDA and IIROC subscriber lists).

We will continue moving items off MFDA and IIROC in 2023/2024. Stay tuned for future updates.