The concerns highlighted include cybersecurity, compensation-related conflicts, and disclosure issues
The Investment Industry Regulatory Organization of Canada (IIROC) has published its Compliance Priorities Report for the 2018/19 period.
“This report is an important overview of issues and challenges that firms should address to better comply with IIROC's regulatory standards,” said IIROC Senior Vice President for Market Regulation and Policy Victoria Pinnington. “Ensuring compliance with IIROC's high standards is an integral part of our mandate to protect investors and maintain confidence in the integrity of Canada's capital markets.”
The organization highlighted its continuing focus on cybersecurity threats as “a business risk for all IIROC dealers regardless of size and complexity.” IIROC outlined key learnings from a series of tabletop exercises it organized for small and mid-sized dealers, including the need for a robust and tailor-made cybersecurity program; a detailed and specific incident response management plan; employee training and awareness programs; and cyber insurance.
The organization also noted the results of a dedicated conflict-of-interest test module that it implemented over the past year. “[M]any firms have not implemented an effective process for identifying and managing compensation-related conflicts,” IIROC said. It vowed to bolster the examination process and look for potential systematic issues, areas to increase focus, and identification of best practices. Non-monetary incentives, sales targets, and mutual-fund sales incentives were also identified as future priority areas for examiners.
“We continue to see filing deficiencies as highlighted in past Compliance Priorities Reports,” the report continued. Identifying shortfalls in Notices of Termination and filings on outside business activities, routine filings, and other necessary submissions, IIROC said it will conduct mandatory training in early 2019 for Authorized Firm Representatives and Chief Compliance Officers at dealers with repeat deficiencies.
“Once we have met with a dealer, we will take a strict approach to compliance with our requirements,” the organization said, adding that it may reject deficient filings, impose terms and conditions on non-compliant dealers, and refer cases for potential disciplinary action to its Enforcement division.
IIROC also discussed developments related to automated/online advice services as well as order-execution-only (OEO) platforms. Through a test module dedicated to dealers that offer automated/online advice directly to clients, IIROC examines risk factors including quality of relationship-disclosure information, adequacy of know-your-client (KYC) and risk-tolerance information relative to the complexity of products offered, and quality of supervisory reviews of new client applications.
The report also noted April 2018 guidance that laid out IIROC’s expectations and regulatory requirements applicable to all OEO firms. It discussed the scope of tools, services activities, and information consistent with the OEO regulatory framework such the definition of a recommendation, pricing incentives, hyperlinks and portals, and various associated tools.
“Whether or not a particular tool is appropriate under the OEO regulatory framework depends on the relevant facts and circumstances,” IIROC said, adding that it has enhanced its compliance test processes to consider the factors outlined in determining the acceptability of any particular tool.