Suitability, social media and robo-advisors all feature prominently in the Investment Industry Regulatory Organization of Canada’s (IIROC) compliance plans for the year ahead.
The self-regulatory organization (SRO) published a notice on Thursday setting out its compliance priorities for 2016, spelling out the areas in which it plans to focus on as well as emerging issues for securities firms to consider. The notice details a variety of areas in which the regulator will be focusing its attention this year in terms of business conduct, trading and financial and operational compliance issues.
In particular, the report indicates that IIROC is enhancing its procedures for testing suitability and know-your-client (KYC) compliance in an effort to ensure consistency in these assessments while also accommodating “the proliferation of alternative approaches to suitability, coupled with an increasing variety of KYC forms and risk tolerance assessment methods.”
The SRO notes that it has also implemented examiner training “focused on the unique realities of investment risks in the current near-zero interest rate environment” to bolster these assessments.
In the wake of the “mystery shop” research that was released last year, IIROC reports that it has “committed to assess the impact on the KYC process of the evolution of business models used by IIROC dealers — including the use of new online tools and model portfolios” and that it will consider potential regulatory reforms, or new guidance, “to ensure that IIROC’s KYC requirements appropriately align the types and depth of KYC information collected with the business models used.”
Citing a growing interest from IIROC-licensed dealers in the “robo-advice” business, the SRO also says that one of its priorities for the year ahead “will be to develop a business conduct test methodology that will identify any deficiencies associated with the various online business models, particularly with respect to assessing KYC and suitability” as dealers look to get into that business directly.
On the social media front, IIROC reports that a recent review in this area found that “a number of firms are failing to comply fully with the requirements.” As a result, the SRO is adopting enhanced test procedures “that will better equip our examiners to identify deficiencies in the oversight of social media.”
Following from recent research into firms’ conflict management processes, IIROC also says that it will be “conducting a comprehensive sweep of the oversight and monitoring of compensation-related conflicts” at dealers. In addition, the SRO will “enhance its test procedures to look more closely at compensation grids, supervisory oversight of registrants that focus on products with high commissions and monitoring of registrants, who are approaching compensation thresholds.” Reviews of compensation-related conflicts are also being planned for mutual fund dealers and other dealers by their respective regulators.
Another issue that IIROC raised in its notice is client account agreements that include exclusionary/limited liability clauses. IIROC says that in certain cases, these clauses “may be perfectly valid,” yet, in others, it says that they “appear to violate the spirit of [IIROC rules] regarding the standards of ethics and business conduct required of firms and their registered employees.”
In addition, the IIROC notice says that may also violate the rules requiring dealers to participate in alternative dispute resolution programs. As a result, IIROC it will be “implementing enhanced test procedures that will enable examiners to better identify inappropriate exclusionary/limited liability clauses” in 2016, the SRO says.
Cyber-security also remains a key issue for IIROC. In the year ahead, it is planning to build up its work in this area, including more extensive self-assessment surveys to measure the adequacy of dealers’ cyber-security infrastructure; evaluating industry practices to assess the overall vulnerability of the industry to disruption from individual dealers; and to better communicate and collaborate with dealers on cyber-security practices.
In addition, the SRO is planning a comprehensive review of its risk models “to ensure they remain current and reflect the most significant risks to those we regulate, market integrity and the investing public.”
IIROC also pledges to take enforcement action against dealers with significant compliance failings; and, the SRO notes that when its new enforcement rules take effect in 2016, it will have a new power to impose terms and conditions on dealers to ensure compliance with its requirements.