Category: FAQs

You’ve Activated Your Business Continuity Plan. What’s Next?

In light of the COVID-19 outbreak, many registered firms are implementing their business continuity plans (BCPs) and having their employees work from home, except where certain individuals need to access office facilities to ensure continued service to clients. In this article, we’ll address some issues for registered firms to consider in the short and medium term while operating in such conditions. We emphasize that firms and regulators are facing an unprecedented and constantly changing situation, and so our initial views on the issues below may change as circumstances evolve and regulators issue new or updated guidance or rules.

If my firm is covered by an “essential service” exemption from a government order to close businesses, why not carry on as usual from our office? Workplaces can contribute to the spread of the virus that causes COVID-19, and so a firm needs to evaluate the occupational health and safety, public health and litigation risks of having employees work from its offices or meet physically with clients, etc. The Government of Canada has published Risk-Informed Decision-Making Guidelines for workplaces and businesses during the pandemic. If you need legal advice on employment or occupational health and safety matters, AUM Law can source, evaluate and help you retain appropriate counsel and then manage the provision of that advice so that you can focus on running your business. From a securities regulatory compliance perspective, we think that a registered firm that requires all or most of its employees to work onsite instead of working from home could attract scrutiny from securities regulators due to concerns that the firm’s BCP is not functioning effectively.

Should my firm contact the securities regulator because we have activated our BCP? Activating your BCP does not, in itself, trigger an obligation to notify the Ontario Securities Commission (OSC). If, however, your firm finds that it might not be able to meet one or more of its regulatory obligations on a timely basis because of the pandemic, then that might trigger a filing obligation and we encourage you to speak to your usual lawyer at AUM Law as soon as possible. (See also our article in this bulletin on the blanket orders issued by members of the Canadian Securities Administrators (CSA) extending certain filing deadlines for registrants, investment funds and others.) We can advise you on your options and liaise with regulators on your behalf.

Do the home offices of registered individuals need to be approved as branch offices? Technically, having registered employees work from a location other than the address indicated on their Form 33-109F4 (Form F4), could be viewed as requiring an updated filing and/or approval of new “branch offices”. However, in light of the recent government orders and recommendations requiring or asking people to stay at home as much as practicable, we believe that at least in the short term, it is unlikely that OSC staff will expect registered firms to update Form F4s or seek approval for branch offices, provided that registered individuals are not meeting with clients in their homes or bringing home physical files that contain sensitive client information.

Cross-training: Are there functions at your firm that only one or two employees know how to perform? If you haven’t done so lately, we encourage you to review and update your list of key tasks and deadlines and the individuals responsible for performing those tasks. Identify a back-up person for each task and deadline (or group of related tasks and deadlines) and, if necessary, train that back-up person.

BCP considerations for “one-registrant” firms: If a registered firm has only one registered individual (One-Registrant Firm) to serve clients, we encourage the firm to have a plan to address a scenario where that individual is absent or incapacitated for weeks or months. We recommend that One-Registrant Firms, at a minimum, prepare standing instructions for the firm’s administrative staff and legal representatives to follow if the registered individual is absent or incapacitated for more than a brief period. Such firms also might wish to explore the feasibility of negotiating, in advance, a formal agreement with another registered firm (Temporary Successor). Such an arrangement could be a reciprocal one between two One-Registrant Firms seeking to address the same business continuity issue. Under such an agreement, the Temporary Successor would step into the shoes of the registered individual, for certain purposes, if that individual was unable to perform their duties for more than a brief period. The purpose of the agreement would only be to communicate with service providers and clients as the clients decide how best to address their account assets.

Technology risks including cyber-security and privacy risks: The rapid shift to remote work arrangements has resulted in some issues arising with respect to technology slowdowns, disruptions and hacking. Some firms are deploying new software or devices (including virtual meeting systems) that employees are having to become familiar with quickly, and many employees are dealing with the challenge of handling matters discreetly with family members or roommates present. There also are reports of some public, virtual meetings and conferences conducted over Zoom and similar systems being hacked. Finally, some employees are experiencing anxiety and confusion because of the pandemic. All these circumstances increase the risks of inadvertent cyber-security failures and opportunities for hacking. Maintaining robust cyber-security policies and procedures, adapting them as needed to address emerging or changing risks, reminding employees of the need to take precautions, and monitoring employees’ compliance with such policies and procedures are essential actions at this time both from a regulatory compliance and litigation risk perspective.

Communications with clients: Pandemic conditions and their knock-on effects in financial markets may result in a significant increase in customer call volumes or online account usage. Registered firms should review their BCPs and assess the effectiveness of their systems and processes to handle this level of increased activity. If your firm is experiencing difficulty serving customers in a timely way, please contact us to discuss measures you should undertake (including communication strategies) to address the situation. (On a related subject, please see our FAQ in this bulletin focused on ensuring that you’ve got current know-your-client (KYC) information for clients whose life situations may be changing dramatically.)

Supervision, compliance and internal controls during the new “work from home” normal: As we all adjust over the next month or so to the “new normal” of working remotely as much as practicable for an unknown period of time, we think that regulators will begin expecting to see registered firms consider whether they need to adapt their policies, procedures and controls to address any new or magnified regulatory compliance risks. AUM Law can help you assess whether  your existing supervisory system, compliance manual, procedures and internal controls should be revised to ensure compliance while many employees are operating from remote locations.

We can help: At AUM Law, we are experienced in reviewing BCPs from a regulatory compliance perspective. We can draft or update your BCP to ensure that it addresses a scenario like this one. Please don’t hesitate to contact us.

March 31, 2020

FAQ Corner: In light of the COVID-19 pandemic, what should we be doing with respect to our suitability determination and KYC obligations to clients?

Answer: The pandemic is likely to be a life event for many individual clients, who might experience, among other things, a loss or significant decrease in employment or business income, a significant decrease in the value of their investments, and/or become seriously ill. This means that such clients’ know-your-client (KYC) information could need updating and that transactions, holdings and/or accounts might no longer be suitable for them.

Remember that, for accounts subject to the suitability determination requirements in National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103), registrants must take reasonable steps to keep current the client’s KYC information. In addition, before making a recommendation, accepting a client’s instruction to buy or sell a security, or making a purchase or sale of a security for a managed account, the registrant must take reasonable steps to ensure that the purchase or sale of the security is suitable for the client.

The challenge, of course, is that a registrant may have hundreds or thousands of clients whose circumstances have changed, or are about to change, as the COVID-19 crisis continues to evolve. And the potential need to update KYC information is occurring while individual clients and registrants are coping with the dislocations caused by quarantine measures and the shift to work-from-home arrangements.

Given, however, the fundamental importance of the KYC and suitability requirements as investor protection mechanisms, we don’t expect securities regulators to take a lax approach to compliance in this area. Pandemic or not, registered firms should have policies and procedures for updating KYC information, including in situations like these where registrants might have reason to believe that clients’ circumstances have changed, or are about to change, significantly. We expect that in a compliance review or other inquiry, regulators will want to documentation showing that a registered firm has:

  • Effective policies and procedures for updating KYC;
  • If necessary to accommodate the need to update KYC information on a wide scale and rapid basis, the firm has revised its procedures;
  • Pursuant to those policies and procedures, reached a well-reasoned decision on how to communicate with clients whose KYC information might need updating now;
  • Executed on the firm’s plan to update KYC as needed; and
  • Revised the plan, if necessary, and executed the revised plan if the changing circumstances warrant it.

AUM Law can help you develop a plan for updating clients’ KYC information in light of COVID-19. Please do not hesitate to contact us.

March 26, 2020

FAQ Corner: What are some things to watch out for when we describe our firm and its representatives in marketing materials or on social media?

Answer:  Registrants have an obligation to deal fairly, honestly and in good faith with their clients. Among other things, this means that registrants must ensure that their marketing materials (and any representations that they make in social media) are clear, accurate and non-misleading and that any claims made in such materials are substantiated. In our experience, securities regulators continue to be concerned about:

  • Performance data (including use of hypothetical performance data, benchmarks, and performance composites);
  • Exaggerated and unsubstantiated claims (g. “We are a leading investment management firm”);
  • Holding out and the use of names (g. unregistered individuals using business titles that imply they are registered, failing to use the firm’s full legal name or registered trade name in marketing materials, or misleading, inaccurate or hard-to-substantiate testimonials); and
  • Inadequate policies, procedures and records in relation to marketing activities and social media.

Registrants also should be aware that there are specific rules about how they represent their registration status. In particular, subsection 44(1) of the Ontario Securities Act (Act) prohibits any person or company from representing that they are registered under the Act unless the representation is true and the representation specifies the relevant registration category or categories. OSC staff have emphasized that firms also should specify in which jurisdictions they are registered. In addition, section 46 of the Act prohibits everyone from representing that the Commission has passed in any way on the financial standing, fitness or conduct of a registrant.

AUM Law can help you stay on top of these requirements and regulators’ evolving expectations. For example, we can review your marketing materials and social media activities on an ad hoc or regular basis, review your marketing, social media and record-keeping policies and enhance them as needed, and provide compliance training to your staff. Please contact us if you would like to learn more.

February 28, 2020

FAQ Corner: Can an advising representative act as the executor of an estate on behalf of a client?

Answer: The Investment Industry Regulator Organization of Canada (IIROC) and the Mutual Fund Dealers Association of Canada (MFDA) have rules against such arrangements. Although these rules do not apply to non-member firms and their employees, they reflect a general concern on the part of securities regulators about such arrangements. In particular, they are concerned about the potential conflicts of interest associated with one person performing both roles.

For example, if the client of the advising representative (Representative) passed away, the Representative could find themselves in the situation where they were expected to act as the executor of the estate and as the portfolio manager for the account now held by the estate, and these roles could come into conflict. As executor, the Representative would be expected to act in the best interests of the estate, but as portfolio manager, they would be interested in continuing to manage the portfolio. This potential conflict might cause the estate’s beneficiaries (or regulators) to smell a rat if the Representative maintained their appointment as portfolio manager in such circumstances.

Before deciding to accept an appointment as executor for a client, a registrant should consider whether the underlying exposure from a legal, regulatory and reputational perspective is worth providing such a service to clients. Similar considerations would arise if a registrant is asked to act as a trustee, hold a power of attorney or otherwise take control or authority over a client’s financial affairs outside the scope of a traditional, managed account relationship. AUM Law can help you evaluate your options and, if you decide to proceed with such an arrangement, we can draft the appropriate agreement, disclosures and protocols to manage such arrangements.

January 31, 2020