Canadian securities regulators published a report indicating that they are generally pleased with the work of the Mutual Fund Dealers Association of Canada (MFDA), although it does need to get tougher with some of its firms to ensure compliance. And, the report indicates that the MFDA tightened data security in response to the review.

The Canadian Securities Administrators (CSA) released their latest Oversight Review Report detailing the results of their oversight review of the MFDA, which was undertaken by the seven provincial securities regulators that recognize the MFDA. They concluded that, overall, they “are satisfied that the MFDA met the terms and conditions of the recognition orders”.

However, the report did identify areas for improvement that require the MFDA to take corrective action. For example, it found a few instances where fund dealers were unresponsive or unco-operative when dealing with deficiencies identified by the MFDA during the examination process for sales compliance. “In cases that do not warrant enforcement action, the MFDA lacks the necessary regulatory tools to adequately deal with these members,” the CSA found.

The CSA recommends that the MFDA develop processes and implement regulatory tools to ensure compliance by uncooperative members. The MFDA notes that it has implemented a number of initiatives in recent years to improve compliance, but that it doesn’t have the ability to deal with deficiencies through the registration function, as the
MFDA doesn’t have this authority under its provincial recognition orders.

Nevertheless, it says that the MFDA “will consider developing a process to charge fees to members that require excessive attention to resolve examination deficiencies.”

The report also notes that the CSA identified a data security risk at the MFDA, which has since been addressed. Coming on the heels of a recent data loss by the Investment Industry Regulatory Organization of Canada (IIROC), the CSA report reveals that it found that mobile devices used by MFDA staff were not password-protected or encrypted.

In response to the review, the report notes that MFDA staff immediately implemented the use of encrypted USB keys and provided CSA staff with its policies and procedures regarding USB keys. All other mobile devices are subject to password protection and/or encryption, it notes.

As for other areas, the report found that important functions such as policymaking and enforcement are being properly carried out, and that recent reforms to its governance are appropriate.

The CSA reports that it found that enforcement files were well documented and completed in a timely manner; they were satisfied with the analysis of issues and the evidence gathered; and that its internal procedures are both adequate and followed by MFDA staff.

On the policy side, CSA staff found no evidence that MFDA members’ ability to vote on rule proposals compromised the effectiveness of its policymaking process. It found that the process is generally adequate, and that MFDA staff also appeared to take into account comments from committees and members, and revised its policy proposals based on those comments.