Client relationship model (CRM2) requirements, conflicts of interest, and cybersecurity feature prominently among the Investment Industry Regulatory Organization of Canada’s (IIROC) compliance priorities for the year ahead.

The self-regulatory organization’s published its annual Compliance Priorities Report on Thursday. The report details abroad range of issues, including business conduct concerns, trading compliance, registration and operational issues, on which IIROC plans to focus in its compliance exams in the coming year.

“The report provides IIROC-regulated firms with a view of how they are tracking against [regulatory] standards and assists them with enhancing their compliance, supervision and risk management capabilities,” says Victoria Pinnington, senior vice president, market regulation and policy, IIROC, in a statement.

In terms of business conduct, IIROC is continuing to identify concerns with dealer compliance with the CRM2 rules, particularly a lack pre-trade disclosure to clients about the fees and charges associated with investing.

Read: MFDA sets compliance priorities for 2018

Read: CRM2 disclosure is having an impact

“During our examinations, we noted many instances where dealers did not maintain documented evidence that the required pre-trade disclosure of charges had been made. We also identified instances where dealers lacked policies and procedures governing pre-trade disclosure,” IIROC says in the report. “Retail clients must be informed of all fees/charges associated with an instruction to purchase or sell a security in an account before the trade takes place.”

The report also says that IIROC is seeing dealers that are failing to collect investment-time-horizon information from clients as part of the KYC process.

Following its recent work on conflicts of interest, IIROC is adding questions and testing that focuses on compensation-related conflicts as part of its compliance exams. It’s also planning to issue guidance about discount brokers that sell mutual funds that carry embedded trailer fees — given that these trailers are ostensibly paid for advice, which these firms are prohibited from providing.

Read: IIAC calls for IIROC to review its conflicts rules

The emergence of online advisory offerings, often called robo-advisors, is also a new frontier for regulators. In its report, IIROC says it is, “developing a flexible testing module for automated/online-advice service offerings” that will examine client disclosure, the adequacy of the account-opening process, supervision and oversight.

Another top priority for IIROC in the coming year is cybersecurity. “In a landscape of heightened security, IIROC believes it is critical for firms to maintain policies and procedures that protect their clients and their businesses by safeguarding personal information and business data,” says Wendy Rudd, senior vice president, member regulation and strategic initiatives, IIROC, in a statement. “Proactive work in areas that present the greatest risk, such as cybersecurity, will remain a priority.”

Read: FINRA releases 2018 regulatory and exam priorities

Finally, IIROC reports that it is also making changes to its overall compliance exam program. “Among other things, we are strengthening our planning process, refining our exam modules, focusing on corporate governance within dealers and enhancing training of examiners,” IIROC says in the report. It warns that it will be increasingly prepared to impose terms and conditions on firms that aren’t meeting their obligations.