Firms failing to grasp compliance basics: IIROC

The industry is shifting due to radical changes in market structures, sales practices and product lineups, says IIROC in its 2014/2015 compliance report.

And even though firms are struggling to keep up with these changes, they have to meet regulators’ minimum requirements — too few are making the grade.

Read: Make compliance a sales tool

One major problem discovered in 2014, says IIROC, is many firms aren’t “collecting precise KYC information.” Instead, “some dealer members were assigning clients to one of a small number of investor profiles, based on general client information.

“The information collected relating to [a] client’s current financial situation and investment knowledge was sufficiently thorough. [But] the depth and quality of information collected regarding client’s investment objectives, time horizon and risk tolerance was much more varied.”

Read:

• Prove you know your clients
• How to deal with client complaints

As well, many firms’ have inadequate written internal control policies. Typically, most have been creating policies by writing out IIROC’s minimum requirements and rules verbatim.

Instead, says IIROC, firms should “consider not just the minimum requirements […] but also other [regulatory] sources.” When recording internal policies, IIROC expects firms to reference “authoritative literature, comments made by internal and external auditors, and industry practices.”

Read: 5 ways to make compliance an advantage

Further, the SRO finds many firms:

• aren’t catching accounting and reporting errors (Read: How regulators catch trading errors);
• aren’t properly outsourcing services and monitoring third parties; and
• aren’t properly reporting and supervising advisors’ outside business activities.

For the full list of deficiencies, see Section 4 (pages 19 through 34) of IIROC’s report.

In the report, IIROC adds the results of its mystery shopping project with OSC and MFDA will be published this year.

Focus for 2015

IIROC conducted more integrated examinations in 2014 than in previous years—during these types of audits, two out of three of IIROC’s compliance units review dealer members at the same time, rather than one unit at a time.

Read: 5 items regulators focus on when you’re audited

This approach will continue and is more effective, says IIROC, since it “provides […] a holistic risk assessment of [a] dealer member’s business activities, and eliminates the duplication of information requests that the firm would otherwise receive.” Also, firms are provided with consolidated examination reports.

Read: When must firm auditors call regulators?

Based on audits and reviews in 2014, the SRO has also identified several key priorities for the coming year. These fall under three categories, which are:

• Financial and Operational Compliance;
• Trading Compliance; and
• Business Conduct Compliance.

Under the first category, IIROC wants to see that firms have adequate policies regarding cyber security, and policies related to handle leveraging and maintaining liquidity. Under the second, the SRO plans to focus on firms’ post-trade surveillance processes, and look at how they fix trading errors.

Under the final category, IIROC will focus most on whether firms are successfully implementing CRM2. However, the SRO is also interested in firms’ use of social media, and in how dealers handle seniors’ issues and conflicts of interest.

Read:

Stay compliant on social media

Regulators won’t stop at CRM2

How to become an EMD