Category: Regulatory Compliance

You’ve Activated Your Business Continuity Plan. What’s Next?

In light of the COVID-19 outbreak, many registered firms are implementing their business continuity plans (BCPs) and having their employees work from home, except where certain individuals need to access office facilities to ensure continued service to clients. In this article, we’ll address some issues for registered firms to consider in the short and medium term while operating in such conditions. We emphasize that firms and regulators are facing an unprecedented and constantly changing situation, and so our initial views on the issues below may change as circumstances evolve and regulators issue new or updated guidance or rules.

If my firm is covered by an “essential service” exemption from a government order to close businesses, why not carry on as usual from our office? Workplaces can contribute to the spread of the virus that causes COVID-19, and so a firm needs to evaluate the occupational health and safety, public health and litigation risks of having employees work from its offices or meet physically with clients, etc. The Government of Canada has published Risk-Informed Decision-Making Guidelines for workplaces and businesses during the pandemic. If you need legal advice on employment or occupational health and safety matters, AUM Law can source, evaluate and help you retain appropriate counsel and then manage the provision of that advice so that you can focus on running your business. From a securities regulatory compliance perspective, we think that a registered firm that requires all or most of its employees to work onsite instead of working from home could attract scrutiny from securities regulators due to concerns that the firm’s BCP is not functioning effectively.

Should my firm contact the securities regulator because we have activated our BCP? Activating your BCP does not, in itself, trigger an obligation to notify the Ontario Securities Commission (OSC). If, however, your firm finds that it might not be able to meet one or more of its regulatory obligations on a timely basis because of the pandemic, then that might trigger a filing obligation and we encourage you to speak to your usual lawyer at AUM Law as soon as possible. (See also our article in this bulletin on the blanket orders issued by members of the Canadian Securities Administrators (CSA) extending certain filing deadlines for registrants, investment funds and others.) We can advise you on your options and liaise with regulators on your behalf.

Do the home offices of registered individuals need to be approved as branch offices? Technically, having registered employees work from a location other than the address indicated on their Form 33-109F4 (Form F4), could be viewed as requiring an updated filing and/or approval of new “branch offices”. However, in light of the recent government orders and recommendations requiring or asking people to stay at home as much as practicable, we believe that at least in the short term, it is unlikely that OSC staff will expect registered firms to update Form F4s or seek approval for branch offices, provided that registered individuals are not meeting with clients in their homes or bringing home physical files that contain sensitive client information.

Cross-training: Are there functions at your firm that only one or two employees know how to perform? If you haven’t done so lately, we encourage you to review and update your list of key tasks and deadlines and the individuals responsible for performing those tasks. Identify a back-up person for each task and deadline (or group of related tasks and deadlines) and, if necessary, train that back-up person.

BCP considerations for “one-registrant” firms: If a registered firm has only one registered individual (One-Registrant Firm) to serve clients, we encourage the firm to have a plan to address a scenario where that individual is absent or incapacitated for weeks or months. We recommend that One-Registrant Firms, at a minimum, prepare standing instructions for the firm’s administrative staff and legal representatives to follow if the registered individual is absent or incapacitated for more than a brief period. Such firms also might wish to explore the feasibility of negotiating, in advance, a formal agreement with another registered firm (Temporary Successor). Such an arrangement could be a reciprocal one between two One-Registrant Firms seeking to address the same business continuity issue. Under such an agreement, the Temporary Successor would step into the shoes of the registered individual, for certain purposes, if that individual was unable to perform their duties for more than a brief period. The purpose of the agreement would only be to communicate with service providers and clients as the clients decide how best to address their account assets.

Technology risks including cyber-security and privacy risks: The rapid shift to remote work arrangements has resulted in some issues arising with respect to technology slowdowns, disruptions and hacking. Some firms are deploying new software or devices (including virtual meeting systems) that employees are having to become familiar with quickly, and many employees are dealing with the challenge of handling matters discreetly with family members or roommates present. There also are reports of some public, virtual meetings and conferences conducted over Zoom and similar systems being hacked. Finally, some employees are experiencing anxiety and confusion because of the pandemic. All these circumstances increase the risks of inadvertent cyber-security failures and opportunities for hacking. Maintaining robust cyber-security policies and procedures, adapting them as needed to address emerging or changing risks, reminding employees of the need to take precautions, and monitoring employees’ compliance with such policies and procedures are essential actions at this time both from a regulatory compliance and litigation risk perspective.

Communications with clients: Pandemic conditions and their knock-on effects in financial markets may result in a significant increase in customer call volumes or online account usage. Registered firms should review their BCPs and assess the effectiveness of their systems and processes to handle this level of increased activity. If your firm is experiencing difficulty serving customers in a timely way, please contact us to discuss measures you should undertake (including communication strategies) to address the situation. (On a related subject, please see our FAQ in this bulletin focused on ensuring that you’ve got current know-your-client (KYC) information for clients whose life situations may be changing dramatically.)

Supervision, compliance and internal controls during the new “work from home” normal: As we all adjust over the next month or so to the “new normal” of working remotely as much as practicable for an unknown period of time, we think that regulators will begin expecting to see registered firms consider whether they need to adapt their policies, procedures and controls to address any new or magnified regulatory compliance risks. AUM Law can help you assess whether  your existing supervisory system, compliance manual, procedures and internal controls should be revised to ensure compliance while many employees are operating from remote locations.

We can help: At AUM Law, we are experienced in reviewing BCPs from a regulatory compliance perspective. We can draft or update your BCP to ensure that it addresses a scenario like this one. Please don’t hesitate to contact us.

March 31, 2020

CSA and OSC Extend Certain Deadlines for Registrants and Investment Funds and Postpone Certain Initiatives

In light of the COVID-19 pandemic, the Canadian Securities Administrators (CSA), including the Ontario Securities Commission (OSC), have been providing blanket exemptive relief and taking other steps to relieve burdens for market participants. The situation is fluid and additional actions are being taken as new challenges arise, so the summary below can only be a snapshot as of the publication date of this bulletin.

Compliance Reviews: In its March 16 news release, the OSC stated that its on-site compliance reviews have been postponed until further notice. Its normal course compliance activities are continuing as planned but the OSC has signalled its willingness to be flexible on deadlines for information.

CSA Extends Certain Filing Deadlines: On March 23, the OSC and other CSA members published blanket orders providing temporary relief from certain filing requirements. We have summarized below key provisions in the OSC blanket orders concerning registered firms and investment funds.

Fee Filings and Payments

  • Who: Registered firms and unregistered capital markets participants that are required to pay capital markets participation fees to the OSC.
  • What: If the firm paid its 2019 capital markets participation fee based on an estimate of its 2019 specified Ontario revenues, it ordinarily would have to re-calculate those revenues and the relevant participation fee based on its final 2019 financial information. If the recalculated fee exceeded the estimated fee paid at the end of 2019, the firm ordinarily would have to pay the balance owing and file an updated Form 13-502F4 Capital Markets Participation Fee Calculation or Form 13-503F1 (Commodity Futures Act) Participation Fee Calculation by March 30, 2020.
  • Extension: The deadline has been extended for 45 days from the original deadline.

Financial Statements / Calculations of Excess Working Capital

  • CSA members have issued substantially harmonized blanket orders providing registered dealers, advisers and investment fund managers (IFMs) with a 45-day extension from the original deadline for certain financial statements if the deadline originally fell between March 23 and June 1. The extension applies automatically, without any terms and conditions.
    • Dealers: annual financial statements, completed Form 31-103F1 Calculation of Excess Working Capital (Form 31-103F1), and interim financial information;
    • Advisers: annual financial statements and completed Form 31-103F1; and
    • IFMs: annual financial statements, completed Form 31-103F1, completed Form 31-103F4 Net Asset Value Adjustments (Form 31-103F4), and interim financial information.
  • IIROC and MFDA Firms: Firms that are members of the Investment Industry Regulatory Organization of Canada (IIROC) or the Mutual Fund Dealers Association of Canada (MFDA) have been granted similar relief in respect of the regulatory financial questionnaires coming due.

Investment Fund Filing, Delivery and Prospectus Renewal Requirements (Funds Blanket Order)

  • Filing and Delivery Deadlines Extended 45 days: CSA members have issued substantially harmonized blanket orders providing investment funds with a 45-day extension on various filing and delivery deadlines for materials such as annual financial statements and auditor reports, interim financial statements, annual custodian compliance reports, annual mutual fund compliance reports, annual information forms, independent review committee (IRC) reports to securityholders, and annual and interim management reports of fund performance.
  • Prospectus Renewals: An investment fund distributing securities under a prospectus with a lapse date that occurs between March 23 and June 1, 2020 may add 45 days to that lapse date.
  • Fund Must Notify Regulator and Public: If an investment fund wishes to rely upon the Funds Blanket Order, it must, as soon as reasonably practicable and in advance the relevant delivery, filing or renewal deadline:
    • Notify its regulator by email that it is relying upon the Funds Blanket Order and each requirement for which it is relying upon that order; and
    • Post a statement on its public website or public website of its investment fund manager that it is relying upon the Funds Blanket Order and each requirement for which it is relying on upon that order.

Requests for Comment: The CSA indicated in their March 18 news release that all CSA proposals currently out for comment will have their comment periods extended by 45 days.

Risk Assessment Questionnaire (RAQ): In its March 16 news release, the OSC indicated that the RAQ is postponed until further notice.

Other Exemptive Relief: CSA members have also granted temporary relief to other categories of market participants (e.g. such as reporting issuers) and signalled regulatory flexibility regarding certain other requirements (such as the operation of annual general meetings).

Please contact us if you have any questions about the blanket orders described above, other requirements and temporary exemptions, and/or other operational changes adopted by CSA members that may affect your business. We can help you assess your options and, if necessary, engage with regulators on your behalf.

March 31, 2020

CSA Proposes Rules to Address Financial Exploitation of Vulnerable Investors

Overview: On March 5, the Canadian Securities Administrators (CSA) proposed amendments to National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103) and the related Companion Policy (NI 31-103CP) to clarify how registrants can deal with situations involving clients with diminished mental capacity and/or vulnerable clients who may be experiencing financial exploitation (Proposed Amendments). If the Proposed Amendments are adopted, registrants will have to take reasonable steps to obtain:

  • The name and contact information of a “trusted contact person” (TCP) from each of their individual clients; and
  • The client’s written consent for the registrant to contact the TCP in certain circumstances.

NI 31-103 also will be amended to prescribe the steps that registered firms must take if they place a temporary hold on certain transactions in the client’s account because they reasonably believe that either a vulnerable client is being financially exploited or that the client does not have the mental capacity to make financial decisions with respect to an instruction.

More on the TCP Requirements: According to the Proposed Amendments to NI 31-103, registrants must take reasonable steps to obtain their individual clients’ consent to contact the TCP named in their account to confirm or make inquiries about any of the following:

  • Possible financial exploitation of the client;
  • Concerns about the client’s mental capacity in respect of the client’s financial decision-making or lack of decision-making; and/or
  • The name and contact information for: (a) a legal guardian of, or any other personal or legal representative of, the client; or (b) an executor of an estate or trustee of a trust under which the client is a beneficiary.

New guidance to be included in NI 31-103CP describes the intended role of a TCP and emphasizes that the TCP doesn’t replace a client-designated attorney under a power of attorney (POA). Similarly, the TCP does not have authority to transact on the account or make any other decision on the client’s behalf as a result of being named a TCP. There is no prescribed form to complete but NI 31-103CP will be revised to describe the information that the registrant should provide to the client and request from the client regarding the TCP.

The proposed guidance also emphasizes that a registrant may still act for a client who refuses to provide a TCP, provided that the registrant took reasonable steps to obtain the TCP information and the client’s consent to contact the TCP in the circumstances described above. In addition, the guidance describes the circumstances when registrants should speak to the client and/or the TCP about the registrants’ concerns about financial exploitation or mental incapacity. It also outlines the CSA’s expectations with respect to registrants’ policies, procedures, and relationship disclosure information (RDI) concerning TCPs.

We have been advising clients for a while about the benefits of obtaining the name and contact details for a TCP as part of the account opening process, and the proposed guidance provides helpful confirmation about the role of TCPs.

What Do “Financial Exploitation”, “Mental Capacity”, and “Vulnerable Client” Mean? The Proposed Amendments will add the following definitions to NI 31-103:

  • “Financial exploitation” means, in respect of an individual, the use, control or deprivation of the individual’s financial assets through undue influence or wrongful or unlawful conduct;
  • “Mental capacity” means the ability to understand information or appreciate the foreseeable consequences of a decision or lack of a decision;
  • “Temporary hold” means a hold that is placed on the purchase or sale of a security or withdrawal or transfer of cash or securities from a client’s account; and
  • “Vulnerable client” means a client of a registered firm or a registered individual who may have an illness, impairment, disability or aging process limitation that places the client at risk of financial exploitation.

More on the Temporary Hold Provision: NI 31-103 will be amended to indicate that a registered firm or individual must not place a temporary hold:

  • In relation to the financial exploitation of a vulnerable client unless the firm reasonably believes that the client is a vulnerable client and that financial exploitation has occurred, is occurring, has been attempted, or will be attempted; or
  • In relation to the lack of mental capacity of a client unless the firm reasonably believes, with respect to an instruction given by the client, that the client does not have the mental capacity to make financial decisions.

If a temporary hold is placed on a client’s account, the registered firm must:

  • Document the facts that caused the firm or individual to place and continue the temporary hold;
  • As soon as possible after the temporary hold is placed, notify the client of the temporary hold and the reasons for doing so;
  • As soon as possible after the temporary hold is placed and until the hold is terminated, further review the facts that caused the hold to be placed; and
  • Within 30 days of placing the temporary hold, and within every 30 days thereafter until the hold is lifted, notify the client of the firm’s decision not to terminate the hold and the reasons for that decision.

The Proposed Amendments also will amend NI 31-103CP to provide guidance on, among other things, the purpose of a temporary hold, the scope of a temporary hold, and the CSA’s expectations regarding firms’ policies, procedures and RDI regarding temporary holds.

Clients dealing with vulnerable clients have asked us whether they are permitted to refuse a withdrawal or redemption request due to concerns about financial exploitation or the client’s mental capacity. The proposed, regulatory “safe harbour” for temporary holds provides comfort and helpful guidance on how to handle such scenarios consistently in these difficult situations.

Comment Deadline and Timeline for Implementation: In the Notice, the CSA asked for comments by June 3, 2020 and indicated that their goal was to adopt the Proposed Amendments and have them come into force at the same time as the know-your-client provisions in the client-focused reforms (CFRs) to NI 31-103 (i.e. December 31, 2021). As a result of the CSA’s March 18 news release on COVID-19 matters, the June 3 comment deadline has been extended to July 18. If you would like to discuss the potential impact of the Proposed Amendments on your business, please contact your usual lawyer at AUM Law.

March 31, 2020

IIROC Fines TD Waterhouse $4 Million for Deliberate Non-Compliance with RDI Requirements

On March 23, the Investment Industry Regulatory Organization of Canada (IIROC) released reasons (Reasons) for a hearing panel’s decision to fine TD Waterhouse Canada Inc. (TDW) $4 million for its failure to include position cost information in its quarterly account statements for about 8% of its accounts from January 2016 to mid-2017. In our view this case highlights the importance for registrants of communicating frankly with their regulator when they foresee difficulties complying with existing or new rules as written.

Background: As our Canadian readers are no doubt aware, the Canadian Securities Administrators (CSA), IIROC and the Mutual Fund Dealers Association (MFDA) adopted a set of regulatory amendments known as the Client Relationship Model (CRM), which were phased in over time. The requirement to provide retail clients with individual position cost information for the securities in their account was part of the second phase of CRM (CRM2). Effective December 31, 2015, IIROC required its members to provide retail customers with position cost information for all account positions held at quarter-end (Position Cost Requirements). The Reasons noted that the implementation date for these rules followed several years of discussion among IIROC members, IIROC and other regulators and was disclosed to IIROC members in January 2015.

TDW’s Calculated Risk: In the spring of 2015, TD Waterhouse identified what it considered to be potential litigation risks and client experience issues resulting from its planned approach to implement the Position Cost Requirements. After considering various options, management decided to accept the business risk that about 8% of client positions would not be compliance with the Position Cost Requirements for a period of time. The goal was to bring the non-compliant account position disclosures into compliance by mid-2016. The completion date was then delayed until 2017 and, as of the date of the hearing, the 2015 data still had not been supplied.

IIROC Learned of the Non-Compliance through a Customer Complaint: The Reasons indicate that the issue first came to IIROC staff’s attention when they received a complaint from a client about the non-compliance, after the client had complained directly to TDW.

Reasons for Sanction: In reaching its decision to impose a $4 million penalty on TDW, the hearing panel commented:

“[The] Respondent’s failure to consult or advise its regulator about the non-compliance is deeply concerning. Consultation with IIROC should have been the first step for TDW. Its failure to do so is damaging to the integrity of the regulatory regime.”

Other factors influencing the sanction include the hearing panel’s findings that, among other things;

  • TDW’s failure to implement the Position Cost Requirements was intentional;
  • TDW’s board and key committees were are aware, or should have been aware, that there was continuing non-compliance; and
  • Although there were no complaints about harm, securityholders were deprived of information to which they were entitled.

The Hearing Panel rejected IIROC staff’s submission that the maximum penalty of $5,000,000 should be imposed, stating that the penalty should be seen as severe but also leave room for cases that involve “equally egregious” facts but also a significant harm component.

Our Takeaways: Especially in the current environment, where market participants are encountering unforeseeble situations as a result of the COVID-19 pandemic, it is important for registered firms to address potential compliance challenges promptly. AUM Law has substantial experience advising firms in difficult situations. We can help you identify and assess the potential deficiencies and compliance risks, help you develop plans for remediation, and liaise with regulators on your behalf. Please do not hesitate to contact us for assistance

March 31, 2020

No Jail Time for Mr. Tiffin After All, But His Conviction Stands

In 2018, we wrote twice about the saga of Daniel Tiffin, who had appealed his conviction for trading in securities without registration, distributing securities without filing a prospectus, and trading in securities while subject to a cease-trade order. As we wrote in May 2018, the Ontario Superior Court of Justice (Superior Court) concluded that the promissory notes issued by Tiffin Financial (TFC) to Mr. Tiffin’s clients were securities. Then, in September 2018, we reported that Mr. Tiffin was sentenced to six months in jail. (The Court also ordered him to pay restitution and serve 24 months of probation.)

He appealed the merits of the Superior Court’s decision and the sanctions. Earlier this month, the Ontario Court of Appeal ruled that the promissory notes were securities and that Mr. Tiffin’s conviction should be upheld, but that a jail sentence in these circumstances was disproportionate because the Court did not consider Mr. Tiffin’s conduct to be deceitful. The probation and restitution orders were upheld.

AUM Law has extensive experience in the interpretation of Ontario securities laws, as well as insight into how securities regulators have exercised their discretion to grant exemptive relief from broadly worded provisions such as the definition of “security”. Please do not hesitate to contact us if you wish to discuss how the laws apply to the activities you are contemplating.

March 31, 2020

FAQ Corner: In light of the COVID-19 pandemic, what should we be doing with respect to our suitability determination and KYC obligations to clients?

Answer: The pandemic is likely to be a life event for many individual clients, who might experience, among other things, a loss or significant decrease in employment or business income, a significant decrease in the value of their investments, and/or become seriously ill. This means that such clients’ know-your-client (KYC) information could need updating and that transactions, holdings and/or accounts might no longer be suitable for them.

Remember that, for accounts subject to the suitability determination requirements in National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103), registrants must take reasonable steps to keep current the client’s KYC information. In addition, before making a recommendation, accepting a client’s instruction to buy or sell a security, or making a purchase or sale of a security for a managed account, the registrant must take reasonable steps to ensure that the purchase or sale of the security is suitable for the client.

The challenge, of course, is that a registrant may have hundreds or thousands of clients whose circumstances have changed, or are about to change, as the COVID-19 crisis continues to evolve. And the potential need to update KYC information is occurring while individual clients and registrants are coping with the dislocations caused by quarantine measures and the shift to work-from-home arrangements.

Given, however, the fundamental importance of the KYC and suitability requirements as investor protection mechanisms, we don’t expect securities regulators to take a lax approach to compliance in this area. Pandemic or not, registered firms should have policies and procedures for updating KYC information, including in situations like these where registrants might have reason to believe that clients’ circumstances have changed, or are about to change, significantly. We expect that in a compliance review or other inquiry, regulators will want to documentation showing that a registered firm has:

  • Effective policies and procedures for updating KYC;
  • If necessary to accommodate the need to update KYC information on a wide scale and rapid basis, the firm has revised its procedures;
  • Pursuant to those policies and procedures, reached a well-reasoned decision on how to communicate with clients whose KYC information might need updating now;
  • Executed on the firm’s plan to update KYC as needed; and
  • Revised the plan, if necessary, and executed the revised plan if the changing circumstances warrant it.

AUM Law can help you develop a plan for updating clients’ KYC information in light of COVID-19. Please do not hesitate to contact us.

March 26, 2020

Is This the Very Model of a Modern SRO?

On February 3, the Mutual Fund Dealers Association (MFDA) released A Proposal for a Modern SRO (Special Report) and an accompanying Guiding Framework. The MFDA recommends that the Canadian Securities Administrators (CSA) take over direct regulation of markets while giving up direct oversight of exempt market dealers (EMDs), scholarship plan dealers (SPDs), and certain portfolio managers to a new self-regulatory organization (NewCo). NewCo would take on direct responsibility for registration, business conduct, prudential oversight, policymaking and enforcement functions in relation to the registrants mentioned above, plus those currently overseen by the MFDA and the Investment Industry Regulatory Organization of Canada (IIROC).

The Special Report is just one perspective on whether and how to reform self-regulatory structures for capital market participants. The CSA plans to publish its own consultation paper on the self-regulatory structure later this year. We will monitor developments in this area and keep you informed.

February 28, 2020

FAQ Corner: What are some things to watch out for when we describe our firm and its representatives in marketing materials or on social media?

Answer:  Registrants have an obligation to deal fairly, honestly and in good faith with their clients. Among other things, this means that registrants must ensure that their marketing materials (and any representations that they make in social media) are clear, accurate and non-misleading and that any claims made in such materials are substantiated. In our experience, securities regulators continue to be concerned about:

  • Performance data (including use of hypothetical performance data, benchmarks, and performance composites);
  • Exaggerated and unsubstantiated claims (g. “We are a leading investment management firm”);
  • Holding out and the use of names (g. unregistered individuals using business titles that imply they are registered, failing to use the firm’s full legal name or registered trade name in marketing materials, or misleading, inaccurate or hard-to-substantiate testimonials); and
  • Inadequate policies, procedures and records in relation to marketing activities and social media.

Registrants also should be aware that there are specific rules about how they represent their registration status. In particular, subsection 44(1) of the Ontario Securities Act (Act) prohibits any person or company from representing that they are registered under the Act unless the representation is true and the representation specifies the relevant registration category or categories. OSC staff have emphasized that firms also should specify in which jurisdictions they are registered. In addition, section 46 of the Act prohibits everyone from representing that the Commission has passed in any way on the financial standing, fitness or conduct of a registrant.

AUM Law can help you stay on top of these requirements and regulators’ evolving expectations. For example, we can review your marketing materials and social media activities on an ad hoc or regular basis, review your marketing, social media and record-keeping policies and enhance them as needed, and provide compliance training to your staff. Please contact us if you would like to learn more.

February 28, 2020

Our Client-Focused Reforms in a Nutshell Publication Is Ready

To make your life easier, we have consolidated the articles we’ve written to date on the client-focused reforms (CFRs) to National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations into a snappy, little(ish) guide, Client-Focused Reforms in a Nutshell. If you would like to receive a copy, please contact us and we’ll subscribe you to our publications (if you haven’t already signed up).

February 28, 2020

OPC Consults on Regulation of Artificial Intelligence

On January 28, the Office of the Privacy Commission (OPC) published its Proposals for Ensuring Appropriate Regulation of Artificial Intelligence (Consultation Paper). This work is a subset of a larger reform project focused on federal privacy laws. According to the Consultation Paper, the OPC believes that artificial intelligence (AI) presents fundamental challenges to all of the “foundational privacy principles” formulated in the Personal Information Protection and Electronic Documents Act (PIPEDA). The Consultation Paper outlines eleven proposals and related discussion questions for consideration, and requests feedback by March 13, 2020.

These AI-related potential reforms to privacy laws are at an early stage of development, but if adopted they likely will have a significant impact on how registered firms use AI in their development and delivery of products and services as well as their compliance systems and other internal controls. For example, reforms to PIPEDA might introduce provisions similar to those in the European Union’s General Data Protection Regulation (GDPR) that grant individuals the rights:

  • Not to be subject to automated decision-making, including profiling, except when an automated decision is necessary for a contract, authorized by law, or explicit consent is obtained; and
  • To object to having their personal information processed for direct marketing purposes.

Another proposal, if implemented, might require entities to inform individuals about the use of automated decision-making, the factors involved in the decision and, where the decision is “impactful”, information about the logic upon which the decision is based.

AUM Law will continue monitoring developments in this area and update you on the status of significant proposals. In the meantime, if you have any questions about the Consultation Paper and its potential impact on your operations, please contact us.

February 28, 2020

Bulletin | Year of the Rat Edition | January 2020

In this bulletin:

  1. Client-Focused Reforms: A Closer Look at the Misleading Communications, RDI, Compliance Training and Record-Keeping Rules
  2. IIROC and FINRA Publish Their Compliance Priorities for 2020
  3. Get Ready to RAQ and Roll
  4. IIROC Fines Registered Representative for His Shoulda Woulda Could KYC
  5. ASC Schools Registrants on Compliance with OM Exemption
  6. Like Rats in a Maze: Navigating the Application of Securities Laws to Crypto Assets

FAQ Corner: Can an advising representative act as the executor of an estate on behalf of a client?

In Brief: CSA Consults on Access Equals Delivery Model for Disclosure Documents

News and Events: Lexology Recognizes AUM Law Again for Thought Leadership in Our Publications

Click the link to access a PDF of our full, monthly bulletin summarizing these recent developments. >> Monthly Bulletin | Year of the Rat | January 2020

Get Ready to RAQ and Roll

Ontario Securities Commission (OSC) staff have begun notifying registrants that they will receive a risk assessment questionnaire (RAQ) on April 15. The OSC uses the information collected from these bi-annual questionnaires as part of its risk-based supervision program. Registrants must submit the completed questionnaire to the OSC by May 27, 2020, after their Ultimate Designated Person (UDP) has certified the contents as complete, accurate, free from any misstatements and not misleading in any respect. The RAQ will ask for information for the period ending December 31, 2019.

The OSC is making some changes to the RAQ process and questions. Some of these changes are part of its burden reduction initiative. For example:

  • For firms that completed the 2018 RAQ, some questions in the 2020 RAQ will be pre-populated with the firm’s 2018 answers (which of course, should be reviewed and revised if necessary).
  • Some questions have been deleted from the 2020 RAQ (e.g. Question G18 on other business activities).

Changes to the RAQ process include the following:

  • Authentication to enhance data security: On April 15, CCOs will receive an email from the OSC with a link asking them to create an account that is unique to the firm in the OSC’s system. Once the account is created, the CCO will be granted access to the 2020 RAQ through this account.
  • Fund Form Separated from the RAQ: The Prospectus-Exempt Fund Form, which used to be sent to investment fund managers who manage prospectus-exempt funds at the same time as the RAQ, has been removed from the 2020 RAQ. Going forward, it will be sent separately from the RAQ.

We encourage registrants to start planning for this exercise now by allocating resources to gather the needed information and draft responses, as well as scheduling time with key individuals including the UDP to review and sign off on the completed questionnaire. AUM Law has had extensive experience helping firms prepare their RAQs. If you would like us to help you complete this year’s RAQ, please contact us for a fixed-fee quote.

January 31, 2020

Client-Focused Reforms: A Closer Look at the Misleading Communications, RDI, Compliance Training and Record-Keeping Rules

As we reported in our October 2019 special bulletin, the Canadian Securities Administrators (CSA) have finalized their client-focused reforms (CFRs) to National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103) and its related Companion Policy (NI 31-103CP) (Policy). These provisions came into force late last year and will take effect in two phases, beginning on December 31, 2019.

This month, we highlight the new prohibitions on misleading communications as well as the relationship disclosure information (RDI), compliance training and record-keeping requirements. The RDI requirements will come into effect on December 31, 2020 and the other provisions discussed in this article will come into effect on December 31, 2021. To streamline our discussion, we refer to NI 31-103 and NI 31-103CP in their current form as the Current Rules and Policy and to the amended versions as the Revised Rules and Policy.

This article is the third in our series of closer looks at the CFRs. We discussed the conflict of interest provisions in our October 2019 bulletin and the know-your-client (KYC), know-your-product (KYP) and suitability provisions in our November 2019 bulletin.

A.  Misleading Communications

Securities regulators and investor advocates have been concerned for years that some registered firms and individuals use confusing or misleading titles, designations, awards and/or other descriptions of themselves and their services. The securities regulatory framework already incorporates prohibitions that are broad enough to capture at least some of this conduct. For example, subsection 44(1) of the Ontario Securities Act prohibits people and companies from making statements that a reasonable investor would consider relevant in deciding whether to enter into or maintain a trading or advising relationship with that person or company if that statement is untrue or omits information necessary to prevent the statement from being false or misleading. Section 2.1 of National Instrument 31-505 Conditions of Registration requires registered dealers, advisers and representatives to deal fairly, honestly and in good faith with clients. And in 2011, the Canadian Securities Administrators (CSA) outlined their specific concerns and provided guidance to portfolio managers regarding the use of trade names and individual titles in marketing materials in Staff Notice 31-325 Marketing Practices of Portfolio Managers.

New section 13.18 of NI 31-103 reflects the securities regulators’ conclusions that this principles-based approach is inadequate. The new rule, scheduled to come into effect on December 31, 2021, will prohibit registrants from holding out their services in any manner that could reasonably be expected to deceive or mislead any person as to:

  • Their proficiency, experience or qualifications;
  • The nature of the person’s relationship or potential relationship with the registrant; or
  • The products or services provided or that might be provided.

It also will prohibit registered individuals who interact with clients from using from any title or designation without their sponsoring firm’s approval. In addition, they will be prohibited from using corporate officer titles unless appointed to that office under corporate law, and they will not be able to use any title, designation, award or recognition based on their sales activity or revenue generation.

The Revised Policy emphasizes that particular scrutiny should be given to titles that may convey an expertise in seniors’ issues or retirement planning. It also recommends that firms consider whether a particular designation has a rigorous curriculum, examination process and experience requirements issued by a reputable or accredited organization when deciding whether to approve the designation’s use.

As registrants develop their project plan for implementing these new requirements, they should also take into account the following:

  • The CSA has indicated that there is potential for further rulemaking on the use of titles and designations. And in 2020, the Financial Services Regulatory Agency of Ontario (FSRA) intends to consult stakeholders and publish draft rules to implement the Financial Professionals Title Protection Act, which will regulate individuals’ use of “financial planner” and “financial advisor” titles in Ontario. AUM Law will monitor these developments and keep you informed.
  • As noted above, there are principles-based laws already on the books that could support enforcement action against a firm or individual for misleading communications. Therefore, although the official effective date for the new rules is December 31, 2021, we encourage firms to review their policies, procedures and practices in this area sooner rather than later.

B.  Updated RDI Requirements

Section 14.2 of NI 31-103 has been amended to reflect changes with other CFRs (e.g. relating to conflicts of interest, KYC, KYP and suitability determination requirements) and, according to the CSA, to “better implement” the principle in subsection 14.2(1) that a registrant must deliver to the client “all information that a reasonable investor would consider important about the client’s relationship with the registrant.” Among other things, when revised section 14.2 comes into effect it will:

  • Expand the existing requirement for registrants to provide a general description of the products and services that the firm offers to the client to include, as applicable, descriptions of any restrictions on the client’s ability to liquidate or resell a security and any investment fund management expense fees or other ongoing fees the client may incur;
  • Require registered firms to describe generally any limits on the selection of products or services that the registrant will offer to the client, including whether the firm will primarily or exclusively use proprietary products in the client’s account;
  • Require registered firms to explain generally the potential impact of operating charges, transaction charges, investment fund management fees, and any other ongoing fees the client might occur; and
  • Expand the requirement for pre-trade disclosure to expressly require disclosure of investment fund management expense fees or other ongoing fees that the client may incur.

Also, the existing requirement to describe compensation paid to the registered firm in relation to the types of products a client might purchase will be broadened. It will require a general description of any benefits received or expected to be received by the registrant from anyone other than the registrant’s client, in connection with the client’s purchase or ownership of a security through the registrant.

The Revised Policy includes expanded sections on:

  • Information to be included in the description of the nature or type of a client’s account;
  • Factors to consider in describing limits on the selection of products or services, including guidance emphasizing that a registrant is required to tell a client if it does not have products or services suitable for them; and
  • When a firm is expected to provide a client with the KYC information it has collected (i.e. at the time of account opening and when the firm collects updated information).

The new RDI rules will take effect on December 31, 2020. AUM Law can help you prepare for the new regime by reviewing and updating your existing disclosure materials for clients, as well as the related policies, procedures and controls.

C.  Compliance Training

Under the Current Rules and Policy, training is specifically addressed through:

  • Prohibitions on registered individuals performing registrable activities, and chief compliance officers (CCOs) performing their responsibilities as CCOs, without having the education, training and experience that a reasonable person would consider necessary to perform the activity competently; and
  • Language in the Current Policy indicating that registered firms should provide training, including ongoing communication and training on changes in regulatory requirements or the firm’s policies and procedures, to ensure that everyone at the firm understands the standards of conduct and their role in the compliance system.

Section 11.1 of NI 31-103 has been amended to introduce a broadly worded requirement for registered firms to provide training to their registered individuals on compliance with securities legislation, including without limitation the KYC, KYP, suitability determination and conflicts of interest requirements. This new rule is supplemented with guidance in the Revised Policy, which emphasizes the following concepts:

  • A firm’s compliance training will depend on the nature, size and complexity of its business. For some small firms, a formal compliance training program or written training materials might be unnecessary. However, the CSA will expect firms to exercise professional judgment in determining what training is appropriate for their operations.
  • Although Section 11.1 of the Revised Rules speaks only to the need for firms to train registered individuals, the Revised Policy retain the concept that CSA members expect firms’ training programs to ensure that everyone at the firm understands the standards of conduct when dealing with clients and understands their role in the compliance system. In our view, this broader definition of the firm’s training responsibility can be seen as flowing from the existing requirement in section 11.1 for registered firms to have a system of controls and supervision sufficient to provide reasonable assurance that the firm and every individual acting on its behalf complies with securities legislation.
  • Although the Revised Rule calls for compliance training on securities legislation generally, it and the Revised Policy specifically highlight the need for compliance training on the KYC, KYP, suitability, and conflicts of interest provisions. According to the Revised Policy, training should provide examples of how to:
  • Identify existing and reasonably foreseeable, material conflicts of interests between registered individuals and their clients;
  • Address material conflicts of interest in the client’s best interest; and
  • Put the client’s interest first when making suitability determinations.
  • Consistent with the KYP requirements, firms also will be expected to assess whether any additional training or proficiency requirements are needed so that their registered individuals understand the securities and can make appropriate determinations.
  • Firms can outsource elements of their training programs but remain responsible for demonstrating that their registered individuals have been trained on the firm’s policies and procedures.
  • Training programs should include “ongoing” communication and training on changes in regulatory requirements or the firm’s policies and procedures.
  • Firms will need to document their compliance training programs.

Although these specific, new compliance training requirements won’t come into effect until December 31, 2021, we recommend that firms begin enhancing their compliance training programs in 2020, so that your employees become familiar with the CFRs. AUM Law offers compliance training programs tailored to your firm’s needs. We can help you identify compliance gaps or topics that need reinforcement, determine who needs to be trained and when, develop the content for training sessions, update your compliance manual to reflect the new training requirements, and prepare the needed documentation to show that the compliance training requirements have been met.

D.  Record-Keeping Requirements

Section 11.5 of NI 31-103 has been expanded so that registered firms will have to maintain records that:

  • Demonstrate compliance with the new KYP and suitability determination requirements;
  • Demonstrate compliance with the conflict of interest provisions in Part 13, Division 2;
  • Demonstrate compliance with the requirements relating to misleading communications;
  • Document training actions conducted by the firm; and
  • Document the firm’s sales practices, compensation arrangements and incentive practices as well as any other compensation arrangements and incentive practices from which the firm, any of its registered individuals or any of its affiliates or associates, benefit.

The Revised Policy provides detailed guidance on the kinds of records that it expects registered firms to keep. It also stresses the importance of firms maintaining adequate documentation to support the firm’s supervision of its compliance processes in these areas. We expect that some of the more challenging aspects of these new requirements will include:

  • Documenting suitability determinations and related supervisory measures (e.g. to address patterns of unsuitable trades); and
  • Documenting the KYP process, including where the firm concludes that using proprietary products and services as opposed to a third party’s products and services puts the client’s interests first.

In addition to presenting some conceptual challenges, some of the new record-keeping requirements (such as those documentation of conflicts of interest, sales practices, compensation arrangements, incentive practices) will require a substantial deployment of firm resources to design and maintain.

AUM Law can help you implement these new requirements by, for example, assessing your existing record-keeping practices, identifying any gaps and developing new protocols and record types to cover the elements listed above.

E.  Now What?

This is the last article in our introductory series highlighting the CFRs. Giving registered firms practical advice on compliance with NI 31-103 is one of AUM Law’s core services, and we have already started with working with some of our clients on implementation. We can help you understand the implications of the CFRs for your business, develop a pragmatic implementation plan, revise any of your policies and client-facing documentation that are looking a little “ratty” in light of the recent reforms, update your record-keeping protocols, and train your employees on the new requirements. Please contact your usual lawyer at AUM Law for assistance or, if you’re not already a client, request a free consultation.

January 31, 2020

IIROC Fines Registered Representative for His Coulda Shoulda Woulda KYC

A recent settlement between the Investment Industry Regulatory Organization of Canada (IIROC) and a registered representative (Representative) at Scotia Capital Inc. (Scotia) illustrates the importance for individual registrants of following through on their intentions to address any concerns they may have about how a client’s account is being handled under a power of attorney (POA).

So Many Red Flags: According to the settlement agreement, in May 2014, the son of a mentally incapacitated 90-year old woman (the Client) opened an account for the Client at Scotia with a registered representative (the First RR). The son was to manage the account pursuant to the POA and a court order appointing him as the Client’s committee. The account was subject to an irrevocable letter of direction (LOD) providing that Scotia should not release any funds, other than income earned, to anyone (including the son as POA) without the prior written consent of the British Columbia Public Guardian (Guardian).

The Client’s son began to conduct unsolicited short-term trading in the account shortly after opening it. Soon afterward, the First RR told the Client’s son that he was unwilling to facilitate such trades because they were unsuitable. The First RR then asked his supervisor to move the account to another registered representative. In July 2014, the account was transferred to the Respondent, who at the time had over fourteen years’ experience as a registered representative. In connection with the account transfer, he read a forwarded email from the First RR about his concerns regarding the Client’s son’s short-term trading in the account. The Respondent also signed off on an LOD similar to the one signed by the First RR.

Coulda Woulda Shoulda KYC: The Respondent met with the Client’s son once to effect the account transfer. He then tried unsuccessfully to meet with the Client’s son again to discuss, among other things, the Respondent’s concerns about the suitability the account’s holdings and the historical trading. The Client’s son declined to meet with him and all of their subsequent discussions were brief and by phone. Meanwhile, the Client’s son continued to engage in short-term trading and speculative trading that exceeded the account’s risk tolerance. At one point, the Representative asked the Client’s son to stop such trading. The Client’s son then placed orders by calling licensed assistants in the branch. The Respondent then advised the assistants not to take the orders, but the Client’s son aggressively pursued the assistants to place the orders.

These activities continued until September 2015, when the Guardian directed Scotia to freeze the client’s account, which had suffered significant losses. The account was moved to another financial institution in 2016 and in May 2017, the Guardian complained to IIROC. Scotia reimbursed the Client, with the reimbursement funds coming from the Respondent in the form of withheld compensation and disgorgement of all fees earned by the Respondent from the Client’s account during the relevant period. IIROC initiated enforcement proceedings against the Respondent and, earlier this month, reached a settlement with him. Among other things, he agreed to a fine of $60,000, disgorgement of $3,500 and $3,000 in costs, as well as two months of strict supervision and a commitment to rewrite the Conduct and Practices Handbook exam.

Aside from the obvious “don’t procrastinate on KYC” lesson, what are some takeaways from this case? First, the financial exploitation of senior and vulnerable clients is of continuing concern to regulators, and they expect registered firms and individuals to follow through on signs of potential abuse. Second, compliance and supervisory systems should factor in the phenomenon that even well-intentioned and experienced employees might put off uncomfortable tasks, such as following up on the completion of KYC forms and discussing concerns about account activity. To manage this risk, chief compliance officers (CCOs) should consider protocols such as flagging and consistently following up on client accounts that have POAs on file to ensure that: (a) appropriate due diligence has been completed to confirm that the POA is valid and current; (b) KYC information is complete and updated frequently to reflect the client’s current circumstances; (c) activity in the account is consistent with the account’s objectives and risk tolerance; and (d) concerns about the account have been resolved. Compliance training that facilitates discussion of challenging scenarios like this one can help employees spot problems in the future and motivate them to raise their concerns with Compliance.

AUM Law can help you address these challenges by, for example, drafting or enhancing your senior and vulnerable clients policy, conducting focused training on this subject for your employees, and/or conducting focused compliance risk assessments. Please contact us to discuss how we can help.

January 31, 2020

ASC Schools Registrants on Compliance with OM Exemption

On January 16, the Alberta Securities Commission (ASC) published Staff Notice 45-705 Compliance with Investment Limits under the Offering Memorandum Prospectus Exemption (the Notice). It outlines the results of staff’s recent review of over 80,000 (!) recent distributions, purportedly in reliance upon the offering memorandum (OM) exemption from the prospectus requirements. From our perspective, the most interesting feature of the Notice was its reminder to issuers, as well as to managers of fully managed accounts, that the prospective beneficial owners of the securities themselves must complete Form 45-106F4 Risk Acknowledgment Form (RAF) where the issuer is relying on the OM exemption to distribute the securities. Managers cannot complete the form on their clients’ behalf. This contrasts with situations where securities are distributed to the beneficial owner of a fully managed account in reliance upon the accredited investor (AI) exemption, which contains a provision deeming the manager of a fully managed account to be purchasing as principal.

AUM Law helps issuers, registrants and investors navigate Canada’s exempt capital markets and avoid potholes like these. Please contact us if you have questions about how the rules apply to transactions that you are contemplating.

January 31, 2020