IIROC’s compliance priorities for the fiscal year ahead include implementing changes to the risk models it uses when assessing dealers, regulating digital assets and ensuring IIROC-regulated firms demonstrate a commitment to a strong compliance culture.

The SRO outlined its annual compliance priorities in a report released Tuesday. Those priorities also include compensation-related conflicts—including mutual fund sales incentives—and enhanced testing for referral arrangements and online tools used by order-execution-only firms.

In 2017, IIROC reviewed the risk models it uses and added measures to consider dealers’ potential impacts to market integrity and investor protection, it said.

“We will consider both the risk and impact of each dealer to determine how often we will examine them,” the report says.

IIROC will release a web video to provide further details about the structure and operation of the risk models, it says.

One priority under business conduct compliance is compensation-related conflicts. To strengthen IIROC’s effectiveness in examining these conflicts, the SRO implemented a conflict-of-interest test module over the last year to test for such things as conflicts management and compensation programs.

The most common finding to date is that many firms haven’t implemented an effective process for identifying and managing these conflicts, says the report. In the coming year, the examination process for conflicts will continue to be strengthened and will focus on more complex conflicts, including sales targets, mutual fund sales incentives and non-monetary incentives.

Enhanced testing will also continue to address a growing number of business models involving strategic alliances, referral arrangements, and automated advice tools used by advisors, as well as online tools used by order-execution-only platforms.

IIROC also says it’s working with the CSA to develop a regulatory framework for digital assets, after receiving interest from dealers about these assets.

And, after compiling and reviewing results from a second cybersecurity self-assessment survey sent to dealers last November, IIROC says it will respond with initiatives to further enhance firms’ cybersecurity resilience.

Under disclosure of outside business activities, the report confirms that IIROC doesn’t require reporting for coaching recreational or house-league sports, in alignment with a recent OSC staff notice.

The report says registered reps must be aware of their post-licensing requirements, such as completing the Conduct and Practices Handbook Course and 90-Day Training Program. IIROC receives an “unacceptable” number of requests for extensions to the requirements, the report says, which will continue to be denied.

“We are unlikely to grant extensions unless there are extreme extenuating circumstances,” says the report. “We will not grant extensions simply because a dealer does not have another supervisor to assume the functions.”

IIROC will also continue to focus on dealers that fail to address significant compliance findings or fail to demonstrate a commitment to a strong compliance culture by imposing terms and conditions on dealers.

For full details, read IIROC’s compliance priorities for 2018/2019.