CSA cites oversight issues in IIROC review

The report found gaps in several medium- and high-priority oversight areas

CSA cites oversight issues in IIROC review
The Canadian Securities Administrators (CSA) has released its Oversight Review Report of the Investment Industry Regulatory Organization of Canada (IIROC). The report assessed the effectiveness of selected regulatory processes and highlighted areas that require corrective action.

Seven of the provincial securities regulators that recognize IIROC conducted the review. These include the Alberta Securities Commission; the Autorité des marchés financiers; the British Columbia Securities Commission; the Financial and Consumer Affairs Authority of Saskatchewan; the Manitoba Securities Commission; the Nova Scotia Securities Commission; and the Ontario Securities Commission.

The latest assessment focused on above-average risk areas such as business conduct compliance (BCC), information technology, enforcement, market surveillance, and trading review and analysis. Priorities were considered based on findings of the previous oversight review released in March 2016, as well as current issues and market conditions relevant to IIROC.

The report noted a repeat finding in terms of business conduct compliance. While it said IIROC resolved a 2015 oversight report finding concerning approvals lists, the CSA found revised examination procedures with respect to client-managed accounts were implemented in October 2016 — eight months after IIROC said the changes had been made.

The report also said IIROC “failed to implement procedures to assess dealer member compliance with NI 81-105 as previously agreed upon with [CSA] staff.” New examination procedures to assess such compliance should have been implemented by June 30, 2016, but they were implemented in February 2017. Related to this, CSA staff found that BCC staff did not have written guidance to categorize their findings in examination reports or definitions for repeat, significant, and other types of findings. The lack of guidance contributed to difficulties in ensuring that certain dealer members resolved deficiencies on a timely basis.

In the area of information technology, CSA staff called IIROC out on not providing a quarterly information security program report to a board committee — even though the board directed IIROC staff to do so based on an IIROC response to a finding in the 2015 oversight report. The regulators also noted that the methodology to test controls for enterprise risk management (ERM) systems was not clearly defined and documented.

As for enforcement, the report cited two medium-priority findings: inadequate processes in pre-referral meetings with IIROC compliance staff, particularly in terms of documenting discussions and passing of cases to enforcement staff; and a lack of a formal requirement or central process to ensure a holistic view of dealer members.

A low-priority finding of incomplete documentation within debt-market surveillance records was noted under the area of market surveillance. There were no findings reported under the area of trading review and analysis.

For more of Wealth Professional's latest industry news, click here.

Related stories:

IIROC’s Rule 42 viewed as good first step
Responding to IIROC, IFIC calls for consistency in requirements