IIROC gets report card from CSA

The Canadian Securities Administrators (CSA) have released the Oversight Review Report of the Investment Industry Regulatory Organization of Canada (IIROC) that evaluates whether specific regulatory processes are operating effectively, and outlines findings that are significant and require corrective action.

Read: CSA adopts amendments to early warning system

This coordinated review covered the period from January 1, 2014 to March 31, 2015 and was conducted jointly by eight of the provincial securities regulators that recognize IIROC: the Alberta Securities Commission; the Autorité des marchés financiers; the British Columbia Securities Commission; the Financial and Consumer Affairs Authority of Saskatchewan; the Financial and Consumer Services Commission of New Brunswick; the Manitoba Securities Commission; the Nova Scotia Securities Commission; and the Ontario Securities Commission.

IIROC is also recognized by the Newfoundland and Labrador Office of the Superintendent of Securities and the Prince Edward Island Office of the Superintendent of Securities Office.

Based on their annual assessment of IIROC functional area or key process risks, the regulators selected high and above-average risk areas as the focus for the review, including Enforcement, Information Technology and Business Conduct Compliance. Consideration was given to the prior oversight review and whether findings identified in that review have been resolved, as well as current issues and market conditions that may affect IIROC.

Read: New Fund Facts delivery rule kicks in soon

In summary, the regulators noted two high priority findings in IIROC’s Enforcement department related to managing access to the case management database and maintaining case file standards, which had previously been identified during the 2014 Oversight Review. The regulators also noted other process-related issues in the review that IIROC must address in the Enforcement, Information Technology and Business Conduct Compliance departments.

The Oversight Review Report outlines IIROC’s responses to the findings and the regulators’ evaluation of, and intended follow-up to, those responses.

Other than the findings noted, the regulators did not identify concerns with IIROC meeting the relevant terms and conditions of the recognition orders in the areas covered.

Read: Fines, admin penalties from CSA top $138M in 2015

IIROC responds

Below is IIROC’s response to CSA’s assessment:

“The Canadian Securities Administrators (CSA) play an important oversight role and we appreciate receiving this feedback and analysis of IIROC’s operations. IIROC works diligently to enhance our effectiveness with our regulatory partners at the CSA and remains committed to ensuring our regulatory processes are efficient, consistent and fair.

“The report, published by the CSA on March 3, 2016, is the first in a new and more frequent review process, following a CSA report published in December 2014, which covered a 3.5-year period. IIROC supports this more timely, risk-based approach.

“CSA staff reduced the number of areas of IIROC’s operations examined during this review and acknowledged the challenging environment in which IIROC operates, including unsettled global economic conditions, vast technological changes, the ongoing evolution in capital markets and a shifting regulatory landscape.

“We are pleased that IIROC remains in overall compliance with the terms and conditions of the Recognition Orders.

“CSA staff also noted that IIROC has made sufficient progress in resolving most of the findings in the 2014 report.

“The CSA report sets out IIROC’s detailed response to each finding. In addition to ongoing improvements to its operations and procedures, IIROC is taking the following steps to address the higher risk areas identified in the latest CSA report:

• IIROC has made improvements to our Enforcement Case Management system a priority and has budgeted for the necessary capital expenditure in the fiscal year beginning April 1, 2016. In the interim, IIROC has implemented compensating controls until the necessary software upgrade can be made. IIROC’s actions will help ensure our Enforcement remains fair, impartial and effective.

• IIROC’s Board of Directors at all times receives comprehensive and timely information concerning implementation of IIROC’s information security plan, through the Board’s Finance, Audit and Risk Committee. IIROC remains committed to strong information security.

• IIROC’s Business Conduct Compliance team has made a number of changes in examination procedures to more thoroughly test the suitability of investment recommendations at IIROC-regulated firms. We continue to enhance our compliance program to reflect changes in markets, risks, investment products and demographics to focus on priorities such as suitability.

“In this latest review, CSA staff acknowledged these actions and all other IIROC responses to the findings.

“We intend to fully address any outstanding findings in order to enhance our regulatory effectiveness.

“We will continue to strengthen our capabilities to deliver on IIROC’s regulatory priorities, which remain focused on protecting investors, promoting compliance and fostering fair and efficient markets across Canada.”