The Investment Industry Regulatory Organization of Canada (IIROC) is living up to its regulatory responsibilities overall, but there is room for improvement in some of its enforcement and compliance practices, according to a new report from the Canadian Securities Administrators (CSA).

The CSA published the Oversight Review Report Thursday detailing the results of its latest oversight review at IIROC. The review, which was conducted jointly by eight of the provincial securities regulators (including authorities in Alberta, British Columbia, Manitoba, New Brunswick, Nova Scotia, Ontario, Quebec, and Saskatchewan),
concluded that overall, “IIROC met the relevant terms and conditions of the recognition orders in the areas covered during the review period.”

That said, the review all flagged a number of areas for improvement. In particular, the report suggests that certain aspects of the self-regulatory organization’s enforcement and business conduct compliance departments needs work.

For example, the report notes that the CSA found that IIROC was more likely to close investigations into possible violations of trading rules without taking any disciplinary action, compared with investigations involving dealer conduct. It also found that cases involving possible suitability issues, or instances of unauthorized trading, may be closed prematurely.

The report includes IIROC’s responses to each of the CSA’s findings, generally setting out how it has addressed the issue. For example, on the question of whether cases involving possible suitability issues were closed too soon, the report indicates that IIROC maintains that the cases reviewed by the CSA were typically closed for several reasons, such as “the existence of compelling contradictory evidence and the absence of any pattern of misconduct or significant harm.” It also notes that it has since revised its case selection process.

The CSA says that it “will continue to monitor IIROC’s progress in resolving these findings as part of its ongoing oversight activities.”

The oversight review covers the period from Oct. 1, 2009 to Dec. 31, 2013; which includes the episode of an IIROC employee losing a laptop that contained the unencrypted personal data of thousands of brokerage clients. In that area, the CSA didn’t find any notable shortcomings, indicating that the SRO has taken steps to tighten data security in the wake of that incident.

IIROC pushing forward with security review

“As part of the ongoing oversight of IIROC, staff will continue to monitor events surrounding the loss of the portable device, improvements associated with the noted IT processes, as well as IIROC’s ability to ensure critical systems as identified in [its recognition order] have appropriate internal controls that effectively manage the risks associated with its operations and the integrity and security of information,” the report says.

“The Canadian Securities Administrators (CSA) plays an important oversight role and we appreciate receiving this valuable feedback and analysis of our operations. We are pleased with the finding that IIROC, overall, is in compliance with the terms and conditions of the Recognition Orders, and we intend to fully address any outstanding findings in order to enhance our regulatory effectiveness,” said IIROC’s new president and CEO, Andrew Kriegler, in response to the CSA report.

“This review spans three-and-a-half years and during that period the capital markets have evolved significantly. IIROC has worked diligently, together with our regulatory partners, to enhance our regulatory effectiveness while adapting to this quickly changing environment. We are committed to ensuring our regulatory processes remain efficient, consistent and fair and continue to strengthen our internal capabilities to protect investors and promote a culture of compliance within the industry,” he added.