National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103) prohibits an associate advising representative (AAR) from advising on securities unless that advice has been pre-approved by an advising representative (AR) designated by the firm to review that AAR’s advice.
There is no requirement for an AAR and the AR reviewing that AAR’s advice to work “side by side” in the same office. However, there are potentially greater compliance risks associated with having them work from separate locations, such as in the current environment where many people are working remotely from home. For example, the AR and AAR might be working somewhat different hours as they juggle professional and family responsibilities, and clients concerned about market volatility might be calling them at all hours for reassurance. These factors can make it more challenging for the AR to pre-clear the AAR’s advice to the client. Maintaining organized client files including documentation of the AR’s pre-approval of the AAR’s advice can also be more difficult when people are accessing files remotely.
Nevertheless, it is critical for the firm to have and maintain adequate controls and supervision to ensure compliance with the pre-clearance rule described above. The firm also should document how it has considered and addressed the risks that arise from the AAR and AR working from separate locations, as well as documenting on an ongoing basis the AR’s review and pre-approval of any advice to be provided by the AAR.
The COVID-19 pandemic continues to present regulatory challenges for firms as they operate in this “new normal”. AUM Law is helping clients assess whether their existing policies, procedures and controls address the emerging risks and we can help you too. Please do not hesitate to contact us.
May 29, 2020
With so many registered firms operating remotely and avoiding in-person meetings with potential clients wherever possible during the COVID-19 pandemic, the question has arisen again whether electronic signatures (e-signatures) are acceptable for various agreements with the firm’s clients. The answer depends on several factors:
- What the law says: In Canada, all the provinces and territories except Québec have adopted legislation based on the Uniform Electronic Commerce Act (UCEA), which provides, in effect, that a contract, record or signature will not be unenforceable solely because it is electronic. (Québec’s legislation incorporates many of the same principles but doesn’t follow the UCEA model.) There are some provincial variations in the legislation, with some provinces having stricter requirements regarding, for example, the type of e-signature that is acceptable. For contracts governed by Ontario law, the Electronic Commerce Act (Ontario) (OECA) provides that an e-signature is acceptable if it is reliable for purposes of identifying the person signing the document and the association of the e-signature with the relevant document is reliable.
- What the parties to the contract agree to: The UCEA and similar legislation facilitate electronic contracts and e-signatures but do not require them. The parties to a contract can agree to a different arrangement. Therefore, registrants that, to date, haven’t been using e-signatures in particular contracts should check that the contract in question provides for the contract to be in electronic form and signed with e-signatures.
- The contract’s subject matter: Certain categories of contracts, such as negotiable instruments, some types of real estate agreements and some types of powers of attorney, may require a “wet ink” signature (although some of these restrictions have been relaxed during the pandemic). In Ontario, there is no prohibition on subscription agreements, investment management agreements and similar client relationship agreements using e-signatures.
- What the firm’s articles, by-laws, policies and procedures say: The registered firm should confirm that its articles, by-laws, policies and procedures do not restrict the use of e-signatures and determine if any particular form of e-signature is required. Although such restrictions are rare, it is important to verify that neither the registered firm nor any client that is an entity is subject to any restrictions on the proposed form of e-signature to be used, especially when a change in firm practice is being considered.
Of course, firms should maintain fully signed and complete electronic contracts just as they would for paper contracts with wet signatures, and they should have a contract execution policy that expressly provides for electronic contracts and e-signatures. It’s also especially important these days, when so many people are working remotely, to organize the firm’s executed contracts so that they can be easily found.
If you have any questions about whether an e-signature is acceptable for a particular type of contract or wish to update your policies and procedures to provide for electronic contracts and e-signatures, please do not hesitate to contact us.
April 30, 2020
In light of the COVID-19 outbreak, many registered firms are implementing their business continuity plans (BCPs) and having their employees work from home, except where certain individuals need to access office facilities to ensure continued service to clients. In this article, we’ll address some issues for registered firms to consider in the short and medium term while operating in such conditions. We emphasize that firms and regulators are facing an unprecedented and constantly changing situation, and so our initial views on the issues below may change as circumstances evolve and regulators issue new or updated guidance or rules.
If my firm is covered by an “essential service” exemption from a government order to close businesses, why not carry on as usual from our office? Workplaces can contribute to the spread of the virus that causes COVID-19, and so a firm needs to evaluate the occupational health and safety, public health and litigation risks of having employees work from its offices or meet physically with clients, etc. The Government of Canada has published Risk-Informed Decision-Making Guidelines for workplaces and businesses during the pandemic. If you need legal advice on employment or occupational health and safety matters, AUM Law can source, evaluate and help you retain appropriate counsel and then manage the provision of that advice so that you can focus on running your business. From a securities regulatory compliance perspective, we think that a registered firm that requires all or most of its employees to work onsite instead of working from home could attract scrutiny from securities regulators due to concerns that the firm’s BCP is not functioning effectively.
Should my firm contact the securities regulator because we have activated our BCP? Activating your BCP does not, in itself, trigger an obligation to notify the Ontario Securities Commission (OSC). If, however, your firm finds that it might not be able to meet one or more of its regulatory obligations on a timely basis because of the pandemic, then that might trigger a filing obligation and we encourage you to speak to your usual lawyer at AUM Law as soon as possible. (See also our article in this bulletin on the blanket orders issued by members of the Canadian Securities Administrators (CSA) extending certain filing deadlines for registrants, investment funds and others.) We can advise you on your options and liaise with regulators on your behalf.
Do the home offices of registered individuals need to be approved as branch offices? Technically, having registered employees work from a location other than the address indicated on their Form 33-109F4 (Form F4), could be viewed as requiring an updated filing and/or approval of new “branch offices”. However, in light of the recent government orders and recommendations requiring or asking people to stay at home as much as practicable, we believe that at least in the short term, it is unlikely that OSC staff will expect registered firms to update Form F4s or seek approval for branch offices, provided that registered individuals are not meeting with clients in their homes or bringing home physical files that contain sensitive client information.
Cross-training: Are there functions at your firm that only one or two employees know how to perform? If you haven’t done so lately, we encourage you to review and update your list of key tasks and deadlines and the individuals responsible for performing those tasks. Identify a back-up person for each task and deadline (or group of related tasks and deadlines) and, if necessary, train that back-up person.
BCP considerations for “one-registrant” firms: If a registered firm has only one registered individual (One-Registrant Firm) to serve clients, we encourage the firm to have a plan to address a scenario where that individual is absent or incapacitated for weeks or months. We recommend that One-Registrant Firms, at a minimum, prepare standing instructions for the firm’s administrative staff and legal representatives to follow if the registered individual is absent or incapacitated for more than a brief period. Such firms also might wish to explore the feasibility of negotiating, in advance, a formal agreement with another registered firm (Temporary Successor). Such an arrangement could be a reciprocal one between two One-Registrant Firms seeking to address the same business continuity issue. Under such an agreement, the Temporary Successor would step into the shoes of the registered individual, for certain purposes, if that individual was unable to perform their duties for more than a brief period. The purpose of the agreement would only be to communicate with service providers and clients as the clients decide how best to address their account assets.
Technology risks including cyber-security and privacy risks: The rapid shift to remote work arrangements has resulted in some issues arising with respect to technology slowdowns, disruptions and hacking. Some firms are deploying new software or devices (including virtual meeting systems) that employees are having to become familiar with quickly, and many employees are dealing with the challenge of handling matters discreetly with family members or roommates present. There also are reports of some public, virtual meetings and conferences conducted over Zoom and similar systems being hacked. Finally, some employees are experiencing anxiety and confusion because of the pandemic. All these circumstances increase the risks of inadvertent cyber-security failures and opportunities for hacking. Maintaining robust cyber-security policies and procedures, adapting them as needed to address emerging or changing risks, reminding employees of the need to take precautions, and monitoring employees’ compliance with such policies and procedures are essential actions at this time both from a regulatory compliance and litigation risk perspective.
Communications with clients: Pandemic conditions and their knock-on effects in financial markets may result in a significant increase in customer call volumes or online account usage. Registered firms should review their BCPs and assess the effectiveness of their systems and processes to handle this level of increased activity. If your firm is experiencing difficulty serving customers in a timely way, please contact us to discuss measures you should undertake (including communication strategies) to address the situation. (On a related subject, please see our FAQ in this bulletin focused on ensuring that you’ve got current know-your-client (KYC) information for clients whose life situations may be changing dramatically.)
Supervision, compliance and internal controls during the new “work from home” normal: As we all adjust over the next month or so to the “new normal” of working remotely as much as practicable for an unknown period of time, we think that regulators will begin expecting to see registered firms consider whether they need to adapt their policies, procedures and controls to address any new or magnified regulatory compliance risks. AUM Law can help you assess whether your existing supervisory system, compliance manual, procedures and internal controls should be revised to ensure compliance while many employees are operating from remote locations.
We can help: At AUM Law, we are experienced in reviewing BCPs from a regulatory compliance perspective. We can draft or update your BCP to ensure that it addresses a scenario like this one. Please don’t hesitate to contact us.
March 31, 2020
Answer: The pandemic is likely to be a life event for many individual clients, who might experience, among other things, a loss or significant decrease in employment or business income, a significant decrease in the value of their investments, and/or become seriously ill. This means that such clients’ know-your-client (KYC) information could need updating and that transactions, holdings and/or accounts might no longer be suitable for them.
Remember that, for accounts subject to the suitability determination requirements in National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103), registrants must take reasonable steps to keep current the client’s KYC information. In addition, before making a recommendation, accepting a client’s instruction to buy or sell a security, or making a purchase or sale of a security for a managed account, the registrant must take reasonable steps to ensure that the purchase or sale of the security is suitable for the client.
The challenge, of course, is that a registrant may have hundreds or thousands of clients whose circumstances have changed, or are about to change, as the COVID-19 crisis continues to evolve. And the potential need to update KYC information is occurring while individual clients and registrants are coping with the dislocations caused by quarantine measures and the shift to work-from-home arrangements.
Given, however, the fundamental importance of the KYC and suitability requirements as investor protection mechanisms, we don’t expect securities regulators to take a lax approach to compliance in this area. Pandemic or not, registered firms should have policies and procedures for updating KYC information, including in situations like these where registrants might have reason to believe that clients’ circumstances have changed, or are about to change, significantly. We expect that in a compliance review or other inquiry, regulators will want to documentation showing that a registered firm has:
- Effective policies and procedures for updating KYC;
- If necessary to accommodate the need to update KYC information on a wide scale and rapid basis, the firm has revised its procedures;
- Pursuant to those policies and procedures, reached a well-reasoned decision on how to communicate with clients whose KYC information might need updating now;
- Executed on the firm’s plan to update KYC as needed; and
- Revised the plan, if necessary, and executed the revised plan if the changing circumstances warrant it.
AUM Law can help you develop a plan for updating clients’ KYC information in light of COVID-19. Please do not hesitate to contact us.
March 26, 2020
Answer: Registrants have an obligation to deal fairly, honestly and in good faith with their clients. Among other things, this means that registrants must ensure that their marketing materials (and any representations that they make in social media) are clear, accurate and non-misleading and that any claims made in such materials are substantiated. In our experience, securities regulators continue to be concerned about:
- Performance data (including use of hypothetical performance data, benchmarks, and performance composites);
- Exaggerated and unsubstantiated claims (g. “We are a leading investment management firm”);
- Holding out and the use of names (g. unregistered individuals using business titles that imply they are registered, failing to use the firm’s full legal name or registered trade name in marketing materials, or misleading, inaccurate or hard-to-substantiate testimonials); and
- Inadequate policies, procedures and records in relation to marketing activities and social media.
Registrants also should be aware that there are specific rules about how they represent their registration status. In particular, subsection 44(1) of the Ontario Securities Act (Act) prohibits any person or company from representing that they are registered under the Act unless the representation is true and the representation specifies the relevant registration category or categories. OSC staff have emphasized that firms also should specify in which jurisdictions they are registered. In addition, section 46 of the Act prohibits everyone from representing that the Commission has passed in any way on the financial standing, fitness or conduct of a registrant.
AUM Law can help you stay on top of these requirements and regulators’ evolving expectations. For example, we can review your marketing materials and social media activities on an ad hoc or regular basis, review your marketing, social media and record-keeping policies and enhance them as needed, and provide compliance training to your staff. Please contact us if you would like to learn more.
February 28, 2020
Answer: The Investment Industry Regulator Organization of Canada (IIROC) and the Mutual Fund Dealers Association of Canada (MFDA) have rules against such arrangements. Although these rules do not apply to non-member firms and their employees, they reflect a general concern on the part of securities regulators about such arrangements. In particular, they are concerned about the potential conflicts of interest associated with one person performing both roles.
For example, if the client of the advising representative (Representative) passed away, the Representative could find themselves in the situation where they were expected to act as the executor of the estate and as the portfolio manager for the account now held by the estate, and these roles could come into conflict. As executor, the Representative would be expected to act in the best interests of the estate, but as portfolio manager, they would be interested in continuing to manage the portfolio. This potential conflict might cause the estate’s beneficiaries (or regulators) to smell a rat if the Representative maintained their appointment as portfolio manager in such circumstances.
Before deciding to accept an appointment as executor for a client, a registrant should consider whether the underlying exposure from a legal, regulatory and reputational perspective is worth providing such a service to clients. Similar considerations would arise if a registrant is asked to act as a trustee, hold a power of attorney or otherwise take control or authority over a client’s financial affairs outside the scope of a traditional, managed account relationship. AUM Law can help you evaluate your options and, if you decide to proceed with such an arrangement, we can draft the appropriate agreement, disclosures and protocols to manage such arrangements.
January 31, 2020