Category: Client-Focused Reforms (CFRs)

RegTech 24/7 – OSC Releases First Report on TestLab

This month, the Ontario Securities Commission (OSC) published its first report (the Report) on the OSC TestLab, a regulatory sandbox designed to promote innovation and modernize regulation in Ontario’s capital markets by providing a space to test novel and innovative solutions. The inaugural round of tests explored how RegTech could help address two “problem statements” by improving the accessibility of product information and improving information sharing and enhanced client interactions.

To explore how RegTech can help address these challenges, the OSC invited seven companies to test solutions within the TestLab model, affording an opportunity for real-world testing and the chance to receive data-driven feedback. The tests involved over 50 investors, 50 investment advisors, two compliance staff as well as various subject matter experts from across the OSC.

Problem Statement 1 Accessibility of Product Information

Particularly since the Client Focused Reforms, it is imperative that advisors understand all facets of the products they offer including their structure, features, risks, initial and ongoing costs, and the impact of those costs. A thorough Know Your Product (KYP) process is a prerequisite for a well-informed and accurate suitability determination. Feedback from the tests found that RegTech could help improve advisors’ workflows, better understand the wide array of products available, and assist with sharing information and explaining recommendations to clients. Specifically, the first round of tests found that:

  • Product information/comparison tools can help advisors monitor and understand portfolio fluctuations to assess recommendations and support suitability reviews.
  • Automation and integration of product platforms with client information, onboarding, trading, or reporting systems can reduce friction in an advisor’s daily workflows.
  • Product information tools that incorporate additional data points (i.e., comparable securities, performance benchmarks, advanced risk metrics) and solutions that create highly customized reports can help explain recommendations to clients.
  • Solutions which include clear, simple, and intuitive visualizations for portfolio performance and benchmarking make the underlying data easier for advisors to understand and explain to clients.

Problem Statement 2 Improved Information Sharing & Client Interactions

As the KYC process becomes increasingly wholistic, including understanding a client’s personal and financial circumstances, RegTech solutions can offer effective and efficient methods to gather and maintain fulsome information to satisfy this critical requirement. Particularly for firms who still deploy a manual KYC process, RegTech solutions can offer a number of benefits including improving the speed and accuracy of client onboarding, the automating of client information refreshes, and centralizing records to improve document accessibility. One particular solution which was received positively by both advisors and clients was a secure system wherein clients could update their own information. This sort of solution has obvious appeal, so long as advisors and clients remain cognizant of how those updates can impact product suitability determinations.

In addition to improving the Know Your Client (KYC) process, the initial testing revealed meaningful ways in which RegTech could improve communications between advisors and clients. For instance, RegTech solutions can for instance increase client “buy-in” by using novel approaches to facilitate discussions, minimize errors through automation by pre-populating fields and showing clients their prior responses as a comparison, and by allowing advisors to group related accounts for aggregated review and management. Solutions with these features received positive feedback during the testing.

From these initial tests, the OSC identified some “key insights” which indicate that RegTech can help support registrants and clients through improved information sharing, more accessible product information, more engaging risk assessments and knowledge building to help facilitate more informed decision-making, and an overall improvement in efficiency, quality, and variety in our capital markets. However, the Report notes that RegTech faces a range of challenges from development and testing hurdles, to supporting an evolving regulatory framework which requires innovators to build agile solutions that support registrants while providing accurate, explainable, and interpretable results.

As a takeaway, the OSC maintained its commitment to continue its work in the following ways:

Supporting the RegTech Ecosystem the Report provided feedback that participants found real value in the opportunity to meet with other stakeholders in the space to discuss RegTech solutions. In support of this, the OSC has endeavored to continue to host periodic RegTech sessions to keep this dialogue going.

Improving Regulation Accessibility – participants in this round of testing found it challenging to craft solutions which were reliably responsive to the changing regulatory framework in light of how regulations are published. National Instruments and Companion Policies for example are currently published in PDF format making them difficult for computers to decipher. In response to this sentiment, the OSC advised that it would explore potentially making OSC rules machine-readable to support automation in developing and updating solutions when necessitated by regulatory change.

Building Support for Testing – another difficulty expressed by testing participants was a general lack of willingness on the part of market participants to engage with and test novel solutions, even under the TestLab model. In response, the OSC advised that it will be reaching out to registrants to better understand their pain points and explore why they may be reluctant to test new solutions.

Shaping/Sharing RegTech Standards – the setting of domestic and international standards was identified as a key development to help support RegTech innovation and adoption. To this end, the OSC advised it would remain active in the Global Financial Innovation Network (GFIN) to support financial innovation and explore perspectives that can help Ontario’s RegTech stakeholders and registrants.

May 31, 2023

Reminder: Training Opportunities – Avoid the Fireworks!

As we approach the end of the second quarter, it is a good time for registered firms to reflect on whether they have completed appropriate training for employees. Under National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103), firms are expected to provide training on specific topics. At a minimum, firms must provide training on conflicts of interest (COI), know your client (KYC), know your product (KYP) and suitability determination obligations during the year. As noted in our article above regarding the BCSC’s annual Compliance Report Card for 2022, COI was one of the top areas where the most deficiencies were found. The BCSC and other securities regulators can impose significant administrative penalties for contraventions. The Ontario Securities Commission has also signaled in recent annual reports and in their Statement of Priorities for 2023 that COIs are high on staff’s radar.

We would be happy to speak with you about all of our training options, including in particular with respect to COI, KYC, KYP and suitability. We can also provide training on topics such anti-money laundering, sales communications and general compliance obligations. Please feel free to reach out to us to discuss in more detail.

May 31, 2023

Eat, Beach, Sleep, Repeat – New SRO Compliance Priorities Report Repeats Importance of Conflict Documentation

On March 20, 2023, the New Self-Regulatory Organization of Canada (New SRO) published its New SRO Compliance Priorities Report for 2022/2023: Helping Firms with Compliance. The report highlights what the New SRO believes are issues and challenges faced by the industry, and the key areas of focus of its compliance reviews in 2023.

In 2022, the New SRO’s predecessor self-regulatory organizations and the Canadian Securities Administrators (CSA) conducted a sweep of the industry to examine compliance with the Client Focused Reforms (CFR) Conflict of Interest (COI) requirements. The results of the sweep for dealer firms were promising, in that the New SRO praised the fact that most dealers had controls in place that satisfied the requirements to identify, disclose, and address conflicts while adhering to the best interest standard. However, consistent with findings from the CSA (see our bulletin last month for more information here), the report noted gaps relating to the sale of proprietary funds, deficiencies relating to undocumented assessments of material conflicts and insufficient disclosure to clients. More specifically:

  • The assessments of material conflicts, and how the dealer (i.e., documented process steps) would address the conflicts in accordance with the best interest standard, were not adequately documented, and
  • Mandated disclosure to clients missed key components, such as:
  • the nature and extent of the COI;
  • the potential impact on and the risk the COI posed to the client; and
  • how the firm planned to address the COI, or how they had already dealt with the matter.

The report reminds readers that simply providing disclosure to clients does not in itself satisfy the requirements.

The CSA and the New SRO will publish a report later this year detailing the deficiencies found from their CFR reviews and provide further guidance for the industry. Firms are expected to review the guidance once published and review their policies and procedures, especially COI disclosures, and determine whether they may have gaps in their internal controls and remediate them accordingly.

Also later in 2023, as part of a co-ordinated review with the CSA, the New SRO will participate in “CFR-Phase II”, which we expect will assess compliance with, and internal processes relating to the following requirements: Relationship Disclosure, KYC, Suitability, Know Your Product/Product Due Diligence, Misleading Communications and Outside Activities.

In addition to its reminders with respect to conflicts of interest, the New SRO included a number of other items in its report. For example, the New SRO has placed continued emphasis on adequate education and reporting surrounding cybersecurity risks. The cybersecurity self-assessment tool published by IIROC in 2022 is now available to all dealers regulated by the New SRO, to help assess preparedness and identify areas of improvement related to cybersecurity risks. While the tool is not mandatory, the New SRO does recommend using it at least once every two years.

The New SRO will continue to conduct examinations on investment dealers to evaluate how dealers are demonstrating their compliance with the cybersecurity incident reporting requirements (CIRR) and how cybersecurity risks are being managed. The New SRO continues to find insufficient evidence from dealers to demonstrate their compliance with the CIRRs.

The report also advised that where the cybersecurity functions of a group of entities were centralized, policies did not address the specific requirement to conduct a separate assessment of materiality, substantial harm, significance, and other thresholds on an individual basis.

Following amendments to National Instrument 33-109, outside activities will also remain an area of focus during New SRO examinations. Dealers should be familiar with the new framework brought about by these amendments, particularly as it relates to the reporting of outside activities and the codification of new rules surrounding the definition and handling of positions of influence. The New SRO pointed to a significant increase in deficient filings uncovered as part of its ongoing reviews, particularly with respect to reportable activities.

Another item covered in the report included digital engagement practices. Given the increasing sophistication of digital engagement strategies, the New SRO will be closely monitoring potential instances of improper advertising and sales communication practices. This includes gamification strategies which may oversimplify complex products, encourage reckless behaviour, and imbue investors with a false sense of confidence.

Improper delegation was also noted; while delegation of supervisory controls/tasks is permitted under the Universal Market Integrity Rules, the New SRO continues to find instances where delegated responsibilities have not been formally documented in detail. Ambiguity around who is responsible for supervisory controls can have obvious negative consequences for investors and the market. As such, any such delegation must be clearly demarcated and well documented.

March 31, 2023

Conflict of Interest Requirements – More Than Once Per Year

Since the introduction of the new conflict of interest (COI) requirements in June 2021, the Canadian Securities Administrators (CSA) and New Self-Regulatory Organization of Canada (New SRO) have been actively testing how well the industry has adapted to the requirements, and in particular, their COI obligations. All aspects relating to COI are considered important by the regulators because conflicts, and how they are managed, are a key component of the client-registrant relationship.

In October 2022, the Ontario Securities Commission (OSC) released OSC Staff Notice 33-754, and in the same month the British Columbia Securities Commission (BCSC) held their Compliance Registrant Outreach Workshop-October 2022. Staff from both regulators shared their findings from their individual COI sweeps. There were similar findings and deficiencies noted by each regulator, including that firms had not taken the appropriate steps to:

  • identify and address COIs, especially material COIs;
  • address material COIs in the best interest of the clients;
  • disclose all material COIs;
  • ensure updates to policies and procedures were adequate; or
  • train staff on their obligations and the firms’ expectations.

The CSA has stated that throughout 2023, they will continue to examine the effectiveness of the industry’s implementation of the COI requirements and the other Client Focused Reforms. They plan to provide further guidance to help the industry moving forward, but in the meantime, if a firm is found to have deficiencies, the first will be expected to rectify their processes and internal controls, within the CSA’s typically tight timelines.

What Does the CSA Expect Firms to Have in Place When It Comes to Dealing With COIs?

Firms are expected to take reasonable efforts to be aware of the COIs that they and their individual registrants face. Firms are expected to be able to evidence the actions taken to handle conflicts in the best interest of their clients, and for conflicts deemed to be material, that all mandated disclosures have been provided. The CSA has made it clear that when it comes to material conflicts, disclosure alone will not be sufficient to satisfy the firm’s obligations. Firms must, in addition, have controls in place to mitigate and manage conflict risk exposures that may arise from a material conflict or avoid the conflict all together.

As noted above, the regulators have found that some firms made no or insufficient updates to their policies and procedures. The BCSC noted that in the deficient policies and procedures they reviewed, firms failed to outline how the firm would comply with the requirements and why the firm believed that their procedures were adequate to meet these requirements.

In relation to COI, updated policies and procedures should include specific information, including how the firm will undertake the following items.

  • Identify: Firms are expected to take reasonable steps to identify COIs at their firm, especially material conflicts of interest that are reasonably foreseeable. Firms are encouraged to have a consistent and ongoing method of identifying conflicts so that they can be dealt with effectively. Conflicts are based on circumstances and as those change so would the impact identified conflicts would have on clients. To support this ongoing process, the CSA expects firms to have an internal reporting framework (in the event one does not already exist) to allow for the timely capture of information relating to conflicts and outside activities.
  • Assess: Firms should proactively assess the impact of a conflict and address accordingly. The assessment should be documented, and the analysis should include the nature of the “materiality” of the conflict, and the reasonability that once known the nature of the conflict could affect the client’s decision or recommendations made to the client. Professional judgement should also play a role in the analysis as to whether suggested controls are sufficient to mitigate the impact to a client.
  • Address: Once the assessment has been done, the firm should retain supporting documentation on the firm’s decision on whether to avoid or manage/control the conflict. For certain material conflicts the CSA has stated that firms are required to avoid the conflict if they do not have adequate controls in place to address the matter in the best interest of the client.
  • Disclose: For all material conflicts, disclosure to impacted clients is mandatory, even if the conflict has been resolved or avoided. The timeliness of the disclosure is a key requirement, and the CSA has mandated that disclosure provided to a client must be prominent and clear.
  • Outside Activities: Conflicts may arise due to an outside activity of a representative, particularly if the activity involves a position of influence.
  • Manage/Control: Conflicts are based on circumstances, and as circumstances change a firm’s records should reflect the changes and how the firm addressed them. The person or team responsible for oversight of the conflicts should also be documented.
  • Report: Outside activities must be disclosed via the NRD within prescribed timelines.
  • Train: Firms are required to train staff on identifying and reporting conflicts internally. Staff must be made aware of their obligations in relation to conflicts, the best interest standard, what constitutes a material conflict, and the firm’s expectations. Firms should maintain records of training sessions, attendance and the training material used.

If It’s Not Documented…

It is important to maintain a COI record of all the identified, assessed and addressed conflicts. A COI record should contain a conflict related analysis and actions taken by the firm to address and manage conflicts. The level of detail in a firm’s COI record is something that the CSA has left up to professional judgement. That said, the CSA has suggested the following as material conflicts of interest that require extensive detailed documentation to be maintained:

  • Recommendation of use of proprietary products and services in fulfilling investment objectives or meeting client financial needs;
  • sales practices;
  • compensation arrangements;
  • incentive practices;
  • referral arrangements (and fees); and
  • product-shelf development conflicts.

The companion policy of NI31-103 outlines the expectations of what the detailed documentation should contain.

Establishing a new internal reporting framework or enhancing what exists to capture in a timely manner information relating to COIs (even the non-reportable ones), is another tool firms will find helpful to have in place. A COI record will help demonstrate to regulatory staff that the firm is aware of its’ obligations and is being proactive in meeting them. If a regulator, a client, or a third party disputes the firm’s actions on a COI related matter in the future, having an analysis captured in a COI record may help the firm remediate the matter more efficiently.

February 28, 2023

Conflicts of Interest Rally – Audit Sweep Update

As you may know, many of the provincial regulators including staff at the Ontario Securities Commission (OSC), are currently conducting a wide sweep of registrant firms. This sweep is meant to review how the industry has adapted to and applied the conflict of interest requirements brought in by the 2021 client focused reforms.

The provincial regulators have indicated that they are looking to complete the review phase of these sweeps by the end of the summer, with a view to providing further guidance sometime later this year or early in 2023. This means that if you have not yet been selected for the sweep, it appears unlikely that you will be selected in this round of reviews. For those registrant firms who have not yet been subject to review, we thought it would be helpful to provide some of our observations on what regulators have been looking at during these sweeps.

  1. A Conflicts Inventory is Key: Regulators are drilling down on a registrant firm’s methodology in considering and determining materiality and mitigating or avoiding conflicts. This methodology is expected to be documented, and a detailed inventory of all conflicts considered has been a good tool to satisfy regulatory inquiries. If you haven’t created an internal conflicts inventory (separate and apart from your relationship disclosure information), this is an item that you should work towards having in the near future.
  2. Training and Policy Accuracy: Regulators appear to be taking a very detailed look at a registrant’s stated conflicts of interest policies to ensure that they address the revised conflict of interest obligations and that the stated policies are reflective of actual practice. Staff also appear to be testing that employees have received training on the new conflicts requirements.
  3. Relationship Disclosure Accuracy: By June 2021, registrant firms were required to provide each of their clients with conflict of interest disclosure, detailing how the firm mitigates all material conflicts. Similar to the above note on policy accuracy, regulators are taking a close look at this disclosure to ensure that the stated disclosure is reflective of actual practice.
  4. Proprietary Funds: Where a registrant firm has a proprietary fund, it appears that regulators are approaching this conflict review differently depending on the firm’s business model. Where the registrant firm only sells proprietary products, regulators appear to be expecting clear disclosure about the firm’s business model (e.g. that the shop only sells proprietary products). However, where a registrant firm sells both proprietary products as well as third party products, regulators are expecting that firms have done a comparative analysis of competitor products to their proprietary products.
  5. Compensation and Incentives: Regulators expect registered firms to have carefully considered their compensation arrangements and incentive practices, both at the firm-level and in respect to their staff, to determine whether they may present any material conflicts of interest and, if so, how such conflicts have been addressed. For example, the regulators are interested in whether firms employed bonuses, tiered compensation, sales contests, sales targets or revenue quotas, and/or whether the firm or its individuals may receive incentives such as embedded commissions, shelf fees, due diligence fees, shares, options, warrants, performance fees, production bonuses, gifts or other monetary or non-monetary benefits.

Disclaimer Time! The summary above is just some observations we have seen while assisting clients with this regulatory sweep. While addressing the above would be a very good idea (where you believe you might have existing deficiencies), we will have to wait for either the written general guidance or formal deficiency letters to know what regulators will officially expect. This summary is meant to provide early indicators of regulatory expectations so that holes can be plugged as soon as possible. If you have any questions, please contact your usual lawyer at AUM Law.

June 30, 2022

Summer is Here! And So Are the Amendments to NI 31-109 and NI 33-103

Identifying OAs: Regulators have been busy with the implementation of the client focused reforms (CFRs) and the recent amendments to National Instrument 33-109 Registration Information (NI 33-109) and National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103). As a result, many registered firms have been inundated trying to navigate these changes.

Recently, BLG and AUM issued an article summarizing some of the key amendments and their impact on registrants, including the introduction of five new categories of reportable outside activity (OA), which replaces the prior concept of an OBA. All OAs must be formally assessed – first to determine if an OA qualifies as one of the five reportable OA categories – and the OA must be approved (or denied) by the firm. If approved and reportable, the OA must be reported via the NRD. Firms are also expected to continue to monitor and supervise a registrant’s outside activities. Registrants should pay particular attention to the position of influence category (category #5) of an OA, because Section 13.4.3 of the Companion Policy to NI 31-103 indicates that firms must restrict the client base of a registrant whose OA is deemed to be a position of influence over said clients.

Regulators have provided guidance outlining what firms must implement (if not already in place), including an internal reporting system through which registrants can submit their OA requests for approval. Prior to approving (or denying) the OA, firms are expected to assess the information provided and determine whether:

  • The activity impacts existing conflicts of interest, or the OA may create a potential material conflict of interest and/or potential client confusion; and
  • The firm’s internal controls are sufficient to address a material conflict of interest in the best interest of the client and any other issues that could arise from an OA. If the firm does not have sufficient controls in place, then the OA should not be permitted.

Firms are required to disclose material conflicts of interest to clients before opening an account or at least in a timely manner after a material conflict is identified.

Training, Training, Training! The regulators expect firms to provide training and education sessions for employees on the new OA and conflicts of interest requirements. These sessions convey to employees what their obligations are and help demonstrate to regulators that there is an effective compliance system in effect at a firm.

A Few Other Items You May Have Missed: NI 33-109F1 is now called the Notice of End of Individual Registration or Permitted Individual Status – but why? The regulators want the final day an individual is authorized to work in a registered capacity on behalf of their (former) firm captured in the NRD. In the past, some firms used the last day a registrant was paid by the firm as their “termination” date, even though the person has no capacity to act on behalf of the firm as at a different date. The regulators want the cessation date to be the last day that a registrant is authorized to act on behalf of the firm or the last day on which an individual was a permitted individual of their sponsoring firm.

Standard of Conduct: NI 33-109 introduces this term, which requires firms to confirm for registrants leaving whether the firm or an affiliate investigated the individual relating to possible material violations of fiduciary duties, regulatory requirements or the compliance policies and procedures of the firm or an affiliate (e.g. engaging in undisclosed outside activities). NI 33-109F4 further requires a prospective registered individual to disclose all allegations that existed against the person at the time of their last resignation or termination, including any allegation of a failure to meet any standard of conduct of the sponsoring firm or professional body. The required internal reporting system, and updated policies and procedures (to include this language, as well as the aforementioned amendments) will be beneficial to firms as they operate under the new regime.

Updating the NRD: There are new questions and sections of the relevant registration forms to accommodate the amendments. Required updates to individual registration forms must be done by the earlier of (i) the deadline related to the change to the registration information and (ii) June 6, 2023. For anyone currently trying to update any of the forms, you may have noticed some of these changes, particularly if the previous response recorded in the NRD stated “there is no response to this question”. A response must now be provided to these questions to complete the filing. If it has been determined that a new OA creates a conflict that requires a change or update to previously reported responses to prior Item 6.2 Conflicts of Interest of Form 33-109F6, then the firm will have 30 days to report this change via the NRD.

Finally, titles and designations must be reported via the NRD. This requirement is complementary to new CFR rules which prohibit misleading business titles and designations. Your AUM contact would be happy to discuss any or all of these changes with you.

June 30, 2022

CSA Staff Notice 25-503 – 2021 CSA Annual Activities Report on the Oversight of Self-Regulatory Organizations and Investor Protection Funds – The Show Must Go On

Despite the impending consolidation of IIROC and the MFDA discussed earlier in this bulletin, staff of the Canadian Securities Administrators (CSA) are required to assess both self-regulatory organizations (SROs) and their respective investor protection funds (IPFs) for their compliance with securities legislation requirements. The latest report, released on April 28, covered the period from January 1 – December 31, 2021. Staff were generally of the view that the CSA continues to fulfill its oversight obligations, and the report sets out key highlights of some of these activities, including:

  • Work related to the consolidation of the two SROs and two IPFs, including nine specific workstreams to manage the integration project and hiring Deloitte as an integration manager;
  • Continuing to deal with issues arising from the COVID-19 pandemic;
  • A project to streamline and modernize various orders and memoranda of understanding relating to CSA oversight;
  • A project to identify and implement improvements to the CSA methodology for coordinated oversight, including updates to the CSA risk assessment framework; and
  • Conducting a risk-based desk review of IIROC, targeting specific processes within IIROC’s equity market surveillance and debt market surveillance functions.

The Staff Notice reports that during regular meetings held with IIROC, key subjects were discussed including IIROC’s COVID-19 response, order-execution only service levels (particularly client complaints with respect to delays and service disruptions), crypto assets, and the client focused reforms (CFRs). Of interest, it is stated that the CSA, IIROC and the MFDA intend to publish findings from their coordinated review of the CFR conflicts of interest rules and provide implementation guidance to the industry on these enhanced requirements.

With respect to the MFDA, topics such as the COVID-19 response (focusing on the MFDA’s process in granting exemptive relief), the CFRs and the MFDA’s targeted review on performance data reporting to clients by members was discussed.

Going forward, CSA Staff intend to publish an activities report on the new SRO and new IPF on an annual basis.

May 31, 2022

FAQ Corner: CFR FAQ – The Sequel

Since the enhancements introduced as part of the Client Focused Reforms (CFR) came into force in 2021, the Canadian Securities Administrators (CSA) has been providing the industry with additional guidance by publishing an FAQ with a few updated responses to questions posed by the industry. The latest was released on April 29, 2022, and it provides some clarity to previous responses. The responses below relate to the regulators’ expectations regarding business titles and a few EMD-specific scenarios.

Question: I was appointed as an officer with my firm before CFR came into effect, can I still use my title?

Answer: The answer to this question depends on whether you are responsible for specific duties and functions within the firm that warrants a corporate level title, such as “Director” or “Vice-President”. If the title does not match your specific function within your firm or your level of responsibility, then use of the corporate title is prohibited. The CSA is concerned about public misunderstanding, when the public deals with someone that has a title that doesn’t reflect a registrant’s true role. The CSA have stated in previous communications that the use of titles that do not accurately portray the level of responsibility and the authority a registrant has within their firm could be confusing to the public (i.e., can this person bind the firm legally, or is the person part of the “mind and management” that makes decisions on behalf of the firm?). The CSA has made it clear that it does not matter if the client is sophisticated enough to qualify as a “permitted client” and that the use of a corporate level title that is not consistent with the registrant’s true role is prohibited.

The CSA will pay rapt attention to the titles and designations used by all registrants during their next wave of compliance reviews. To reinforce the importance the CSA has placed on the use of titles and designations, they have also published amendments to NI 33-109, that come into effect June 6, 2022, mandating that all business titles and professional designations used by registrants must be reported via the NRD.

Question: We have a referral arrangement in place with some clients, and they pay fees based on those arrangements. We disclose this to all our clients on our website, isn’t that enough?

No, the CSA expects full transparency. The CSA strongly believes that clients, especially those of a similar size, asset holdings and sophistication, receiving similar products and services should all be charged the same for the products and services provided. If there are referral arrangements or other considerations in place with some clients that reduce the fees those clients pay, then clients that do not benefit from such an arrangement must be made aware of this so that they can make an informed decision about the fees they pay versus the products and services provided to them. Full transparency allows for informed decisions; if the client is not happy, and the situation cannot be resolved in the client’s best interest, then the client can go elsewhere. A firm cannot claim that they have met the standard of care principle by simply disclosing that referral arrangements exist on their website. The CSA expects firms to be able to demonstrate that in carrying out their obligations they are treating all clients in similar circumstances fairly. This should be part of an on-going process whereby clients are duly informed of differing fees and charges in effect. The CSA will be specifically focused on differing fees charged for similar products and services rendered, and firms should be prepared to defend the difference during the next compliance review.

Question: My firm is an EMD, why do I have any suitability obligations when my firm’s interaction with these clients is limited?

No matter the relationship with a non-permitted client, whether it be transactional or an ongoing relationship, at the time that a service is provided (i.e., product or advice) the suitability requirement applies. The CSA believes that suitability cannot be waived simply because the nature of the relationship is brief, i.e., until the transaction closes, or the ink is dry.

Even prior to the April 2022 FAQ release, CSA regulators have always maintained that for transactional relationships, firms should always understand the requirements for each client prior to a trade being executed or a recommendation given. The EMD must know that client and must still gather the required information needed to make an informed suitability assessment of the client’s requirements prior to conducting and concluding the client’s business.

Once the transaction is over, the requirement to keep KYC information current on an annual basis would not apply, unless there is another service provided for that client within that period. Similarly, when it comes to changes to the nature of a product which is the subject of the sale, if product information changes prior or during a transaction, the EMD would be required to report this to the client. However, if the client is strictly a “one time client”, and there is a significant change to the product after the transaction concludes then the EMD would not be obligated to report to the “one-time client” regarding any changes to the product. It is very important to maintain evidence of the client relationship to support the nature of the relationship with the client.

May 31, 2022

It’s Still Ongoing – OSC Continues with its Conflict of Interest Focused Reviews

In early March, a number of registrants were selected by staff at the Ontario Securities Commission (OSC) to undergo a focused review on their conflict of interest policies and procedures. The OSC is searching for information on how firms have operationalized the amendments introduced through the Client Focused Reforms initiative, the first part of which came into force on June 30, 2021. We plan to keep you updated on guidance and commentary that comes out of this focused review but, in the interim, the information request itself and the questions it contains may provide some helpful guidance in reviewing your own conflicts regime:

  • The OSC is going beyond confirming the existence of policies and procedures concerning conflicts of interest. They are looking for evidence of:
  • employee training;
  • client disclosure; and
  • the creation and maintenance of an inventory/matrix that identify, assess, and address material conflicts.
  • The OSC is specifically requesting information on conflicts that firms previously dealt with through disclosure and, post CFR implementation, now avoid outright. It is possible that the OSC may be looking to collect trend information to develop an industry standard on what conflicts should be avoided. We anticipate that staff will provide disclosure of any such trends in future guidance, and firms should look out for any such information if such guidance is released.
  • The OSC questions appear to focus around the two main thematic conflicts of: i) proprietary conflicts (i.e. selling related products); and ii) compensation arrangements. Firms should be reviewing their approaches to these conflicts to ensure they are robust.

As always, if you wish to better understand the questions contained in the OSC information request or want to generally discuss your conflict of interest compliance regime, please contact your usual lawyer at AUM Law.

April 29, 2022

Additional Derivatives Proposals Taking Root

On April 21, the Investment Industry Regulatory Organization of Canada (IIROC) released another version of proposed amendments to its rules relating to the futures segregation and portability customer protection regime. As noted in our August 2021 bulletin, the changes are required as a result of expected changes to the rules of the Canadian Derivatives Clearing Corporation (CDCC) which themselves are changing to comply with international standards for the protection of clients in the event of a default by a clearing participant. The proposed amendments will make it easier to port client positions and the value of any posted collateral if there is such a default. The purpose of the amendments remains in part to reduce the linkages between a dealer’s futures business and securities business (i.e. which could otherwise force a dealer to use margin from other accounts to post the higher margin required under the new CDCC rules, which are based on a gross customer margin model). This republication aims to clarify the original amendments and increase the likelihood that client positions would be ported in a default situation.

Among other changes, the new proposed amendments would now require a dealer’s client to acknowledge the dealer’s porting disclosure document, which is to include disclosure on the risks, benefits, conditions and requirements of porting futures positions to another dealer member as well as a requirement for a client identification record. The acknowledgement requirement is intended to make clients aware of the need for them to pre-arrange a replacement clearing member. The proposed amendments include draft guidance as an appendix, with guidance on the information to be included in both the disclosure document and client identification record. IIROC is accepting comments on the proposed amendments until May 24, 2022.

IIROC also republished its Proposed Derivatives Rule Modernization, Stage 1 earlier in April. The purpose of the proposed rule changes remains to modernize and simplify IIROC’s derivatives related requirements such that there is a harmonized framework for securities and derivatives, whether they are listed or traded over-the-counter. Most the amendments have not changed from IIROC’s earlier proposal in November 2019, except to reflect updates to other IIROC rules (for example, changes that have been made to reflect the client-focused reforms). A few new changes have been proposed to address suggestions made in comment letters. For example, new risk factors will be added to a dealer’s risk disclosure statement, and dealer members offering order execution only accounts to trade OTC derivatives will now need to disclose the percentage of accounts that were profitable for clients for each of the 4 most recent quarters. In addition, dealer members will have a new requirement to have records indicating they have made an assessment of their clients’ qualifications as a hedger and an institutional client for purposes of the rules relating to derivatives trading. The comment period will end on June 13.

April 29, 2022

FAQ Corner: Fixing the Leaks: Common OSC Audit Questions

You just got a formal request from the Ontario Securities Commission (OSC) that they would like to come by for a visit, accompanied by a request for all the inner workings of your firm, what do you do?! First, respond. Second, get ready, any regulatory review will be much smoother if you are prepared. Below are a few frequently asked questions we receive from firms.

Question: Why Me? Why is the OSC Targeting Our Firm?

Answer: The OSC is required to review each registered firm on a regular basis. With more than 1000 registered firms, it is impossible to review all firms each year. To narrow their focus, one technique employed by the OSC is to send out risk assessment questionnaires (RAQ) to the industry, and firms are then risk ranked based on their responses. Selections are then made from each registration category. Registrants can also be subject to a targeted review or “sweep”, specific to an issue/trend in the industry. Over the last three years the OSC has focused their sweeps on issues such as the following: seniors/vulnerable investors, crypto currency use, continuous disclosures, marketing/sales practices, and derivatives use. Registrants could also be selected due to a complaint received, a referral from another regulatory body, or randomly.

Question: What Do They Typically Ask For and Do During a Compliance Review?

Answer: The OSC will send a written notice to the CCO requesting the firm’s Books and Records (lists per registration category are posted on the OSC website), for a specified period. The OSC will schedule a kick-off meeting with senior management. A typical OSC review can take six weeks to conclude (especially if the firm has branch offices) but in our experience can go on for even longer depending on the complexity of the organization. During the review the OSC will want to interview senior management and key employees, assess the firm’s compliance systems, disclosures, internal controls, marketing materials, and all policies and procedures, as well as any outstanding deficiencies noted during a previous review.

Question: What Happens After the Review?

Answer: Once the OSC has completed the assessment portion of the review, they will schedule an exit interview with senior management to go over their preliminary findings. The OSC typically takes about three to five weeks to send their final written report. If they have identified significant deficiencies during their review, they will inform the firm immediately. There will usually be a deficiency report advising the firm of the deficiencies that have to be addressed, and the time within which the firm must either correct and/or correct and send proof of the required changes. If the deficiency is significant (i.e. a material breach of securities law) then OSC staff can take stricter action, such as impose terms and conditions on the firm’s registration or activities, refer the matter to the Enforcement Branch, or even suspend or revoke the registration of the firm or impacted individual.

Question: What Are the Top Deficiencies Identified by the OSC?

While each audit and audit results are unique, firms that require some remediation of their compliance activities could expect at least some of the following deficiencies to be noted on an audit report:

Compliance Systems and Supervision

  • Out of date, or inadequate compliance manuals/policies and procedures;
  • Inadequate disclosures, no or insufficient internal mechanisms to report and address conflicts of interest;
  • Misleading or inaccurate statements in marketing materials and inappropriate sales practices, or materials lacking appropriate approvals from management; and
  • Insufficient oversight over service providers.

Registration and Business Operations

  • Inadequate monitoring for insider trading and early warning reporting (e.g. with respect to personal trading monitoring); and
  • Client confusion regarding services provided by the firm and services provided by a referral agent.


Know Your Client (KYC), Know Your Product (KYP) & Suitability

  • Missing or inadequate collection and documentation of KYC information and financial circumstances resulting in the inability to truly assess suitability;
  • Missing proof that client is an accredited investor to qualify for the accredited investor prospectus exemption (if applicable);
  • Missing or incomplete Investment Policy Statement (IPS) or Investment Management Agreement (IMA) or an incomplete suitability assessment;
  • Missing or inadequate relationship disclosure information (RDI); and
  • Missing or inadequate disclosure to clients in respect of referral arrangements.

AUM Law has extensive experience helping firms prepare for and respond to regulatory audits. Please contact your usual lawyer at AUM Law for more information.

April 29, 2022

Make Time for IIROC’s Compliance Priorities Report

Earlier in March, the Investment Industry Regulatory Organization of Canada (IIROC) released its 2021/2022 Compliance Priorities Report, outlining its past actions and current issues that are impacting IIROC-regulated firms that should be a compliance focus for those firms in 2022. The report notes that these initiatives, including those related to cybersecurity, client focused reform sweeps and proficiency requirement updates, are in the context of the ongoing SRO consolidation with the Mutual Fund Dealers Association of Canada (MFDA), which is currently scheduled to occur by year-end.

In connection with the work of the Financial and Operations Compliance group (FinOps), the report noted that cybersecurity remains a key risk for all dealer firms and thus FinOps looks at how such risks are managed during regularly scheduled reviews. The importance of self-assessments is mentioned, as is the fact that IIROC has engaged Deloitte to create a cybersecurity self-assessment checklist for firms to assess their own risk and identify potential improvements. The reliance on technology and associated risks has also been incorporated into the FinOps risk model. It is noted that FinOps intends to review supply chain risks, and systemically important vendors to the industry, with a view to identifying and managing these risks.

The report indicates that IIROC, together with the Canadian Securities Administrators (CSA) and the MFDA, is conducting reviews to look for compliance with the new conflict of interest requirements that were enacted in connection with the client focused reforms back in June 2021. The objective of the review is stated to be to determine if dealers have met the “spirit” of the new rules and implemented controls to address material conflicts in the best interest of clients (rather than disclosure alone, which is not sufficient). IIROC (and we suspect, the CSA), will focus next on KYC and suitability requirements. IIROC, along with the CSA, has a prohibition on using a corporate officer title unless a person has been appointed as an officer pursuant to corporate law. In its reviews, the Business Conduct Compliance (BCC) group of IIROC will also look at the substance and nature of the relationship between an Approved Person and the dealer where the person uses a corporate officer title in dealing with clients to ensure it is appropriate – such as whether the individual is really part of the mind and management of the dealer. In its exams, BCC staff will also assess compliance with the amended rules regarding older and vulnerable clients, which are intended to address issues of diminished mental capacity and/or financial exploitation of clients.

Dealers are required to have a supervisory framework to ensure management of all significant areas of risk within a firm. IIROC has existing guidance to help dealers with these policies and procedures, and it is expected to publish additional guidance regarding permitted delegation of the responsibilities of executives to manage these risks shortly. IIROC will also be focusing in on order-execution-only firms and any advertising done through social media platforms.

Finally, the report notes that IIROC is working on amendments to some of the registration and proficiency provisions within the IIROC rules, to clarify expectations. In addition, while draft competency profiles have been released for Directors, Executives, UDPs, CCOs and CFOs, IIROC is continuing to work on all other approved person categories (i.e. supervisors, associate PMs, PMs and traders). There is a lot for dealers to focus on in 2022, in addition to any forthcoming changes in advance of the SRO consolidation.

March 31, 2022

A Devil of a Time: When the Regulatory “Best Interest” Standard is Not a Fiduciary Standard

At a Glance: Earlier this month, the Ontario Divisional Court decision in Boal v. International Capital Management Inc. provided some clarity on the scope and nature of the duty owed by financial advisors to their clients, and their obligations under the client focused reforms (CFRs), introduced by the Canadian Securities Administrators (CSA) in 2019 (and subsequently integrated into the rules and policies of the Investment Industry Regulatory Organization of Canada and the Mutual Fund Dealers Association of Canada) (IIROC and MFDA, respectively). Specifically, the court re-affirmed that a fiduciary duty between financial advisors and their clients is ad hoc, established on an individual, case-by-case basis, and is dependent on a multi-factorial analysis as required by common law. As such, a fiduciary duty does not arise solely due to regulatory standards and professional rules which require advisors to act in the “best interest” of the client.

Background: The plaintiff, a former client of the defendant, a registered member of the MFDA, commenced a class action against the investment advisor claiming breach of fiduciary duty, knowing receipt and knowing assistance, stemming from losses sustained from an investment in promissory notes. The certification judge denied the motion, holding that the Statement of Claim did not establish the material facts necessary to support a finding of a fiduciary relationship between the class members and the financial advisor. Further, it would not be possible to establish an ad hoc fiduciary relationship with the class, unless it could be shown on an individual, case-by-case examination that each individual of the class evidenced the traditional common law hallmarks of a fiduciary relationship. The plaintiff then appealed the decision to the Divisional Court.

Issue: On appeal, the primary issue was whether an ad hoc fiduciary relationship could be established between the class members and the defendant based on the “best interest” regulatory standard enshrined in the rules, regulations and by-laws of the MFDA and the FP Canada Standards Council Code of Ethics (professional standards).

Decision: In a 2 to 1 decision, the majority of the Divisional Court held that because ad hoc fiduciary relationships arise based on the specific circumstances of a given relationship, a fiduciary duty between a financial advisor and a client will only be found where the multi-factor test stated in the Ontario Court of Appeal decision of Hunt v. TD Securities Inc. (taken from the Supreme Court of Canada test in Hodgkinson v. Simms) is satisfied, on an individual basis. The Hunt test considered five factors: a) the client’s degree of vulnerability; b) the degree of trust between the client and advisor; c) the history of reliance and any representations of special skills and knowledge by the advisor to the client; d) the extent of the advisor’s discretion over the client’s account; e) and any professional rules or codes of conduct which inform the duty owed by the advisor and the standard of care.[1] As such, the majority found that a fiduciary duty could not be established on a class wide basis as strictly the result of standards imposed by regulatory rules and regulations which require advisors to act in the “best interest” of the client.

The key distinction between the dissent and majority opinions centered around the weight afforded to the fifth factor (professional rules or codes of conduct). Sachs J. in dissent, placed a strong emphasis on a self-regulating body to set the standard for their profession, relying on the remark in Hodgkinson, that “It would be surprising indeed if the courts held the professional advisor to a lower standard of responsibility than that deemed necessary by the self-regulating body of the profession itself.”[2] While in the majority’s view, the dissent had reduced the five-factor analysis to a “’one-size-fits-all’ duty that would apply to every investor, regardless of discretionary authority over the account, or sophistication of the client.”[3] The majority also took the view that imposing a fiduciary duty in the absence of the other four indicia would negatively impact both investors and capital markets.

Additional points and takeaways: It is important to note that the dissent of Sachs J. opens the door for the plaintiff to appeal the Divisional Court’s decision to the Ontario Court of Appeal. Even so, parties should keep in mind, as the majority notes, that even if the “best interest” regulatory standard does not impart a fiduciary relationship between financial advisors and their clients, “duties of good faith, care, confidentiality and disclosure apply to a variety of non-fiduciaries as well.”[4]


  1. [1] Hunt v. TD Securities Inc. (2003), 66 OR (3d) 481 (CA), at para 40.
  2. [2] Hodgkinson v. Simms, [1994] 3 SCR 377 at 425.
  3. [3] Boal v. International Capital Management Inc., 2022 ONSC 1280 at para 68.
  4. [4] Ibid at para 70.

March 31, 2022

Important Reminders: Reminder Regarding Timely Preparation and Delivery of Annual CCO Report

If not already completed, firms with a December year end should turn their attention to the required annual report from the Chief Compliance Officer. National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations requires that a CCO submit an annual report to a registered firm’s board of directors (or individuals acting in a similar capacity if there is no board) for the purpose of assessing compliance by the firm and individuals with securities legislation.

Staff at the Ontario Securities Commission have provided guidance in compliance audits and annual reports with respect to their expectations for these reports, including in OSC Staff Notice 33-751 Summary Report for Dealers, Advisers and Investment Fund Managers, and this guidance should be reviewed to help ensure the report includes all expected commentary. While each report must be individually prepared based on the events of the past year, they should typically include items such as:

  • compliance highlights;
  • the operation of a firm’s policies and procedures;
  • any changes made to a firm’s compliance infrastructure or individual registrations; and
  • a description of any compliance issues, including with respect to any reports made, complaints filed and a firm’s personal trading program.

For the year ended December 31, 2021, we would expect that such reports would include a description of changes made to a firm’s policies and procedures to implement the client focused reforms, as well as the new expectations around vulnerable clients and trusted contact persons. AUM Law frequently helps firms with these reports, and we would be pleased to assist.

March 31, 2022

FAQ Corner: What Are My KYC Update Requirements Post December 31, 2021 under the Client Focused Reforms?

Answer: As set out in National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (31-103), as a registrant you are now required to follow all the new KYC and suitability requirements. Section 13.3(2) of NI 31-103 provides, among other things, that a registrant must take reasonable steps to ensure it has sufficient information about its clients regarding certain factors to enable it to meet its suitability determination, including the client’s personal and financial circumstances, and the client’s investment needs, objectives, investment knowledge, risk profile and investment time horizon. In addition, Section 13.2(4) of NI 31-103 specifically provides that you must “take reasonable steps” to keep the KYC information current, including updating the information within a reasonable time after becoming aware of a significant change in the client’s information that you have in your files.

As noted in the CSA’s FAQs on the Client Focused Reforms, CSA staff have stated that they expect registrants to schedule KYC updates in accordance with the triggers set out in Section 13.2 (4.1). CSA staff specifically note that as a registrant, you must use your professional judgement, when interacting with clients, to determine if you need to ask about any significant changes to the client’s circumstances and then update the KYC information accordingly. With respect to how often you need to reach out to clients (assuming they do not reach out to you to let you know of a significant change), the expectation is that you will periodically confirm with clients that the information you have is current. One suggestion provided is that you consider having more frequent interactions at set intervals; again, all depending on your relationships and mandate with your clients. In all cases, your policies and procedures must demonstrate that you have taken reasonable steps to keep KYC information up to date. Your firm must also provide training to all registered individuals on compliance with securities legislation, including the KYC obligations.

March 31, 2022