Category: Cyber-security and Data Privacy

Regulatory Highlights from 2020

Dec 11, 2020 | Client-Focused Reforms (CFRs), Corporate Finance, Corporate Law, COVID-19, Cyber-security and Data Privacy, Mortgage and Real Estate Investment Vehicles, News, Regulatory Compliance

How do you summarize a year like no other in history? Well, the shift to a remote work environment didn’t do much to slow our regulators who, along with the Canadian asset management industry, rose to meet the multi-faceted challenges presented by the COVID-19 pandemic.

A. Burden Reduction and Capital Markets Modernization Initiatives

Regulators moved forward with initiatives intended to reduce regulatory burdens and modernize the regulatory framework, including the following:

Crowdfunding: In February, the Canadian Securities Administrators (CSA) proposed a harmonized, start-up crowdfunding regime. In July, after the comment period closed on the CSA proposal, the Ontario Securities Commission (OSC) issued an interim class order (Order) providing prospectus and registration exemptions for start-up crowdfunding that are similar to the exemptions already in place in a number of other provinces. The Order is expected to remain in place until the earlier of the date the new CSA regime is adopted or January 31, 2022.

SRO Reform: When market participants and regulators weren’t coming to grips with remote work arrangements, they were debating whether and how to reform Canada’s self-regulatory organizations (SROs) for registrants. The Mutual Fund Dealers Association of Canada (MFDA) kicked things off in February when it published its Proposal for a Modern SRO. The CSA followed up in June with its own consultation paper on SRO reform, and the Ontario Government’s Capital Markets Modernization Task Force (Task Force) set out its draft recommendations on the subject in its July consultation report.

OSC Burden Reduction Initiatives: In early 2019, the OSC kicked off a multi-year process to identify and implement actions to reduce regulatory burdens in Ontario and improve the investor experience. Check out our December 2019 regulatory recap if you’d like to refresh your memory. In May 2020, the OSC provided a progress report on its regulatory burden reduction initiatives and provided a further update in the June 2020 Interim Progress Report on its 2019-2022 priorities. We also reported on several specific projects, including the following:

• In June, the CSA announced changes designed to make it easier for advising representatives (ARs) of portfolio managers (PMs) to register as client relationship management (CRM) specialists.
• In July, the CSA published guidance on flexible CCO arrangements.
• In August, the CSA published final amendments that raise the threshold for when non-venture reporting issuers are required to file business acquisition reports.
• In October, the Ontario government proposed changes to the Business Corporations Act (OBCA) that, if enacted, will eliminate director residency requirements for OBCA corporations and introduce a more flexible regime for privately held OBCA corporations regarding written shareholder resolutions.

B. Business Continuity and Risk Management

Business continuity planning and risk management have been top of mind for firms and regulators this year, and not just because of the COVID-19 pandemic.

• In March we discussed pandemic-related business continuity issues for firms to consider in the short and medium and term.
• In July, we highlighted an interesting publication by the North American Association of Securities Administrators (NAASA) focusing on the need for firms to be prepared to deal with colleagues experiencing diminished capacity.
• In September, we discussed the CSA’s guidance on liquidity risk management for investment fund managers as well the discussion paper issued by Office of the Superintendent of Financial Institutions (OSFI) on core principles for operational resilience in a digital world.

C. Crypto Assets

Crypto-currency issues remained in the news in 2020.

• In January, we highlighted CSA Staff Notice 21-327 Guidance on the Application of Securities Legislation to Entities Facilitating the Trading of Crypto Assets.
• In February, we discussed U.S. Securities and Exchange Commission (SEC) Commissioner Hester Pierce’s informal proposal for a safe harbour for token offerings.
• In July, we wrote about the OSC’s approval of a settlement agreement with Coinsquare Ltd and its executives regarding market manipulation on a crypto-asset trading platform.
• In August, we highlighted the CSA’s first decision registering a crypto-asset trading platform under its regulatory sandbox program.
• In October, we discussed the settlement reached by Kik Interactive with the SEC regarding its unregistered token offering.

D. COVID-19

Regulators responded to the COVID-19 pandemic in impressive fashion by, among other things, extending regulatory deadlines, granting temporary relief from certain requirements, and scaling back certain initiatives. They also turned their attention to compliance and other risks affecting market participants that were specific to, or exacerbated by, the pandemic.

A number of the pandemic-related regulatory actions we wrote about in 2020 were temporary in scope, so we have highlighted below the pandemic-related articles we wrote in 2020 that continue to be relevant for market participants.

• In March, we wrote about factors for registered firms to consider in the short to medium term after they activated their business continuity plans.
• In April, we reported that the CSA had extended the deadline for implementing the CFRs concerning conflicts of interest and related relationship disclosure information (RDI) reporting requirements by six months to June 30, 2021.
• In May, we wrote about guidance provided by the Financial Services Regulatory Authority of Ontario (FSRA) to mortgage brokers and administrators regarding their disclosure and other obligations in respect of mortgage-based investments during significant market disruptions, such as the COVID-19 pandemic.
• In August, we wrote about the U.S. SEC’s risk alert on COVID-related compliance risks relevant to dealers and advisers as well as the task force established by the North American Securities Administrators Association (NASAA) to target COVID-19 fraudsters.
• The CSA and FSRA extended the expected deadline for implementation of changes to the regulatory framework for syndicated mortgages in April and again in August. As recently announced, the new framework is now expected to take effect on July 1, 2021.
• In October, we wrote about the CSA’s biennial report on their continuous disclosure review program, which included guidance for reporting issuers on how to disclose COVID-19 impacts.

E. Cyber-Security and Data Privacy

Cyber-security and data privacy continued to be hot topics, with the shift to remote work arrangements due to the pandemic presenting increased risks for inadvertent cyber-security failures as well as opportunities for hacking. AUM Law addressed these and other privacy and cyber-security issues in a number of articles, including the following:

• Cyber-Resilience: We touched on cyber-resilience in our March FAQ on business continuity planning and wrote a more detailed article in our April bulletin. In September, we reported on the Office of Superintendent of Financial Institutions’ consultation paper on operational resilience in a digital world, which includes recommendations regarding cyber-resilience, and in October, we reported that the international Financial Stability Board (FSB) had finalized its cyber incident recovery and response toolkit.
• Artificial Intelligence: In February we wrote about the consultation paper on the regulation of artificial intelligence published by the federal Office of the Privacy Commissioner (OPC), and in June we discussed the consultation paper published by the International Organization of Securities Commissions (IOSCO) regarding potential regulatory measures addressing asset managers’ and market intermediaries’ use of artificial intelligence.
• Privacy: In August, we reported that the Ontario government had launched a consultation to determine whether reforms to Ontario privacy legislation are warranted. See also our article in this bulletin regarding the Canadian government’s proposed Digital Charter Implementation Act, 2020.

F. Compliance Review and Enforcement Report Cards

The summary reports that regulatory staff publish about their oversight of market participants are valuable tools that can help firms learn more about recent and proposed regulatory initiatives, what staff consider to be problematic (or, conversely, beneficial) practices, and how staff interpret legislation and rules. In 2020, we wrote about:

• Alberta Securities Commission (ASC) staff’s review of issuers’ and registrants’ compliance with the offering memorandum exemption (January);
• Insights from staff of the OSC’s Compliance and Registrant Regulation (CRR) Branch regarding their compliance program, shared during a webinar hosted by the Portfolio Management Association of Canada (PMAC) in May;
• The annual enforcement report published by the Investment Industry Regulatory Organization of Canada (IIROC) in May;
• The CRR Branch’s annual Summary Report for Dealers, Advisers and Investment Fund Managers (September) – a ‘must read’;
• The CSA’s biennial report card on reporting issuers’ continuous disclosure practices (October); and
• The OSC’s Corporate Finance 2020 Annual Report (discussed later in this bulletin).

G. Cases and Enforcement Sweeps

In 2020, we wrote about a number of regulatory decisions that we think offer lessons for our readers.

• In January, we wrote about IIROC’s decision to fine a representative for his failure to follow through on red flags regarding a client account being handled under a power of attorney.
• In March, we discussed the IIROC decision to fine TD Waterhouse $4 million for deliberate non-compliance with relationship disclosure information requirements. In the same month, the Ontario Court of Appeal upheld Daniel Tiffin’s conviction for trading in promissory notes without registration and distributing securities without a prospectus, but overturned the lower court’s decision sentencing him to six months in jail. (PS: if you’re ever tempted to conclude that a particular instrument is not a security, first read Tiffin).
• In May, we highlighted the enforcement action initiated by OSC staff against a mutual funding dealing representative who agreed to serve as executor for a client’s will even though he was alleged to have known that he was a beneficiary under that will. We also discussed undertakings given by two issuers to the Alberta Securities Commission (ASC) regarding internal controls, training and other requirements to ensure compliance with prospectus exemptions.
• In June, we discussed a significant decision issued by the Federal Court of Appeal regarding the constitutionality and application of Canada’s Anti-Spam Legislation (CASL).
• in July, we wrote about the OSC’s approval of a settlement agreement with Coinsquare Ltd and its executives regarding market manipulation on a crypto-asset trading platform.
• In September, we reported that the Financial Institutions Regulatory Authority of Ontario (FSRA) had fined Fortress Real Developments for operating without a license.
• And, as mentioned in Section C above, we wrote about two crypto-asset-related enforcement decisions, concerning market manipulation on a crypto-asset trading platform (Coinsquare) and an unregistered token offering in the U.S. (Kik Interactive).

H. FAQs

In 2020, we published a number of FAQs offering practical insights on various topics. Although many of them touched on issues arising out of the COVID-19 pandemic, we think the insights will continue to have relevance in other contexts.

• In January, we discussed whether an advising representative (AR) can act as the executor of an estate on behalf of a client.
• In February, we discussed things to watch out for when firms describe themselves and their representative on social media.
• In March, we outlined issues for registered firms to consider, in light of the COVID-19 pandemic, regarding their know-your-client (KYC) and suitability determination obligations.
• In April, we discussed the use of electronic signatures for subscription documents, investment management agreements and similar agreements with the firm’s clients.
• In May, we addressed the issue of whether an associate advising representative can work remotely or in a one-person branch office.
• In July, we described how a registered firm’s ultimate designated person (UDP) can certify the firm’s RAQ responses if they do not have online access to the survey.
• In July, we also discussed whether registered individuals (and applicants for registration) have to disclose offenses they have been charged with, if the matter hasn’t adjudicated yet. (This issue was also covered later in the year in an Advisor’s Edge interview with our Erez Blumberger).

In 2019, the CSA published its own FAQ guidance, this time focusing the client-focused reforms (CFRs). We discussed those FAQs in our September and October bulletins.

I. FSRA

Although the COVID-19 pandemic delayed implementation of the revised oversight framework for syndicated mortgages to July 2021, the good folks at FSRA kept busy in 2020 with a number of initiatives, including:

• In August, FSRA published for comment an oversight framework, including proposed rules and guidance, regarding the use of financial planner and financial titles.
• Also in August, FSRA and the OSC published for comment proposed local rules and guidance regarding syndicated mortgages, while the CSA finalized its amendments for the syndicated mortgages regime.
• In September, FSRA published proposed service standard for comment.
• In October, FSRA published its 2021-22 Statement of Priorities for comment.

December 11, 2020