On January 9, 2014, the Canadian Securities Administrators (CSA) released CSA Staff Notice 31-306 – Guidance for Portfolio Managers, Exempt Market Dealers and other Registrants on Know-Your-Client, Know-Your-Product and Suitability Obligations (the Notice). As a result of their compliance oversight reviews, CSA staff concluded that additional guidance in the areas of Know-Your-Client (KYC), Know-Your-Product (KYP) and suitability obligations was required to assist registrants, such as Portfolio Managers (PMs) and Exempt Market Dealers (EMDs), in meeting their regulatory obligations. The principal KYC, KYP and suitability obligations are set out in Part 13 of National Instrument 31-103 - Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103).
Given the emphasis that the CSA has recently placed on KYC, KYP and suitability obligations, registrants can expect future CSA compliance reviews to continue to focus on those obligations. Indeed, in the Notice the CSA states that KYC, KYP and suitability obligations are among the most fundamental obligations owed by registrants to their clients and that registrants are expected to comply not only with the letter of the securities law requirements, but also with the spirit of those requirements. All registrants should have robust policies and procedures in place with respect to KYC, KYP and suitability obligations and proper records should be maintained so that compliance with these obligations can be verified (e.g., so that product due diligence can be evidenced).
This legal update highlights selected points raised in the Notice but, given the importance of the topic, it is recommended that registrants review the entire Notice in detail.
The KYC obligation
Registrants are required to take reasonable steps to establish the identity of a client and to ensure that they have sufficient information to meet their suitability obligations. Thus, registrants should ensure that they have sufficient information with respect to a client’s (i) investment needs and objectives; (ii) financial circumstances; and (iii) risk tolerance. The extent of KYC information a registrant must collect will depend on the (i) client’s circumstances; (ii) type of security being sold; (iii) client’s relationship to the registrant; and (iv) registrant’s business model.
KYC tips for registrants based on guidance provided in the Notice:
- KYC collection should be viewed by registrants as more than a “tick the box” exercise; registrants should engage in a meaningful dialogue with the clients and explain why KYC information is required. A pure “form based” approach to collecting KYC information is not sufficient to fulfill a registrant’s obligations.
- KYC obligations cannot be delegated to an unregistered individual (such as an administrative assistant or a referrer). While an unregistered individual may assist in incidental administrative tasks related to the collection of KYC information, the registrant has the obligation to “know” the client.
- Whereas an issuer of a security (e.g., a hedge fund) can rely on a factual representation by a purchaser that it is an accredited investor (AI) provided the issuer has no reasonable grounds to believe the representation is false, a registrant’s obligation to determine whether (and how) a client satisfies the AI definition will generally be higher. Factual representations, such as a representation in a subscription agreement that the client is an AI, will generally not, by themselves, be sufficient for a registrant to satisfy its KYC obligation. Registrants should obtain a break-down of financial and net assets of the client and, where there is a reasonable doubt about the accuracy of information provided by a client, make further inquiries of the client.
- Similarly, if a registrant is relying on subsections 13.2(6) and 13.3(4) of NI 31-103, which allow a “permitted client” to waive certain KYC and suitability requirements, the registrant must collect adequate information to determine that the client is a “permitted client.” It is not sufficient to simply rely on the client's initialing or checking off the box in a permitted client certificate.
- The CSA suggests that a PM with discretionary trading authority or an EMD with an ongoing relationship with a client should update the client’s KYC information at least annually, if there is a significant change in a client’s life circumstances or a significant change in market conditions. On the other hand, if an EMD does not hold a client’s assets, receive a trailer fee with respect to a client’s ownership of a security or act for a client in a series of transactions then KYC information need not be updated until the next time the EMD recommends a product to the client.
- Although not required by NI 31-103, the CSA recommends that both the registrant and the client sign and date both the KYC information collected by the registrant and any subsequent updates to the KYC information so as to help demonstrate the registrant’s compliance with securities law requirements.
The KYP obligation
NI 31-103 requires registered individuals to understand the structure, features and risks of each product they recommend to clients. As part of their product due diligence, registrants should review and assess the information contained within the offering memorandum (OM) or other documentation provided by the issuer. If the information is not sufficient to allow the registrant to conduct a meaningful KYP assessment of the issuer and the product, the registrant must conduct further diligence on the issuer and the product or not deal with the product.
KYP tips for registrants based on guidance provided in the Notice:
- The fact that a product is on a firm’s approved product list does not mean that it will be suitable for all clients and that no review of the product is necessary by a registered individual.
- While a registrant may rely on a third-party report with respect to a product as part of its due diligence process, the existence of a third-party report does not relieve a registrant from its obligation to conduct its own know-the-product and suitability analysis.
- If the same individuals form the management of both the registrant and the issuer then the registrant should determine whether the resulting conflict of interest can be adequately managed through disclosure or control.
- When categorizing products sold on a prospectus-exempt basis, registrants should consider liquidity risks, valuation risks and conflict of interest risks.
The suitability obligation
Registrants are expected to perform a meaningful suitability assessment before recommending a product to a client and to appropriately document that assessment. The suitability assessment should be more than a “tick the box” exercise and should involve a meaningful dialogue with the client to obtain a solid understanding of the client’s investment needs and objectives, and to explain how a proposed investment is suitable for the client in light of the client’s investment needs and objectives.
Suitability tips for registrants based on guidance provided in the Notice:
- All relevant KYC information should be considered (including investment objectives, time horizon and risk tolerance) when assessing the suitability of an investment.
- Each trade should be independently reviewed to ensure it is suitable for the client.
- Client-directed trade instructions (i.e., where the client instructs a registrant to proceed with a trade notwithstanding the registrant’s opinion that the trade is not suitable for the client) are not meant to be an alternative to assessing suitability and, therefore, a registrant should not actively promote a security and then rely on boilerplate language to claim the trade was client directed. Client-directed trade instructions should not be buried at the end of a KYC form.
- Most CSA staff consider investments (either individually or taken together with prior investments) in securities of a single issuer or a group of related issuers that represent more than 10% of the investor’s net financial assets as potentially raising suitability concerns.