Earlier in March, the Investment Industry Regulatory Organization of Canada (IIROC) released its 2021/2022 Compliance Priorities Report, outlining its past actions and current issues that are impacting IIROC-regulated firms that should be a compliance focus for those firms in 2022. The report notes that these initiatives, including those related to cybersecurity, client focused reform sweeps and proficiency requirement updates, are in the context of the ongoing SRO consolidation with the Mutual Fund Dealers Association of Canada (MFDA), which is currently scheduled to occur by year-end.
In connection with the work of the Financial and Operations Compliance group (FinOps), the report noted that cybersecurity remains a key risk for all dealer firms and thus FinOps looks at how such risks are managed during regularly scheduled reviews. The importance of self-assessments is mentioned, as is the fact that IIROC has engaged Deloitte to create a cybersecurity self-assessment checklist for firms to assess their own risk and identify potential improvements. The reliance on technology and associated risks has also been incorporated into the FinOps risk model. It is noted that FinOps intends to review supply chain risks, and systemically important vendors to the industry, with a view to identifying and managing these risks.
The report indicates that IIROC, together with the Canadian Securities Administrators (CSA) and the MFDA, is conducting reviews to look for compliance with the new conflict of interest requirements that were enacted in connection with the client focused reforms back in June 2021. The objective of the review is stated to be to determine if dealers have met the “spirit” of the new rules and implemented controls to address material conflicts in the best interest of clients (rather than disclosure alone, which is not sufficient). IIROC (and we suspect, the CSA), will focus next on KYC and suitability requirements. IIROC, along with the CSA, has a prohibition on using a corporate officer title unless a person has been appointed as an officer pursuant to corporate law. In its reviews, the Business Conduct Compliance (BCC) group of IIROC will also look at the substance and nature of the relationship between an Approved Person and the dealer where the person uses a corporate officer title in dealing with clients to ensure it is appropriate – such as whether the individual is really part of the mind and management of the dealer. In its exams, BCC staff will also assess compliance with the amended rules regarding older and vulnerable clients, which are intended to address issues of diminished mental capacity and/or financial exploitation of clients.
Dealers are required to have a supervisory framework to ensure management of all significant areas of risk within a firm. IIROC has existing guidance to help dealers with these policies and procedures, and it is expected to publish additional guidance regarding permitted delegation of the responsibilities of executives to manage these risks shortly. IIROC will also be focusing in on order-execution-only firms and any advertising done through social media platforms.
Finally, the report notes that IIROC is working on amendments to some of the registration and proficiency provisions within the IIROC rules, to clarify expectations. In addition, while draft competency profiles have been released for Directors, Executives, UDPs, CCOs and CFOs, IIROC is continuing to work on all other approved person categories (i.e. supervisors, associate PMs, PMs and traders). There is a lot for dealers to focus on in 2022, in addition to any forthcoming changes in advance of the SRO consolidation.
March 31, 2022