As we reported in our October special bulletin, the Canadian Securities Administrators (CSA) recently finalized their client-focused reforms (CFRs) to National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103) and its related Companion Policy (NI 31-103CP) (Policy). These provisions are expected to come into force on December 31, 2019 and will take effect in two phases, beginning on December 31, 2020.

This month, we highlight the know-your-client (KYC), know-your-product (KYP) and suitability requirements. These provisions are scheduled to come into effect on December 31, 2021. To streamline our discussion, we generally refer to NI 31-103 and NI 31-103CP in their current form as the Current Rules and Policy and to the amended versions as the Revised Rules and Policy.

This article is the second in a series of closer looks at the CFRs. We discussed the conflict of interest provisions in our monthly October bulletin. Stay tuned for our third publication in the series, coming in January 2020.

A. Overview

Crack open the CSA’s Revised Rule and Policy, and you’ll see a lot of blacklined text in the KYC, KYP and suitability sections. But fear not. Many of the changes in the rules and guidance reflect a codification of good industry practice and/or pre-existing regulatory expectations. For registrants, this means that you might not have to change as many practices as you think you do. You should expect, however, to have to update aspects of your policies, client-facing documentation, books and records, and training. And AUM Law can help you do that.

Below, we draw your attention to some changes in the regulatory framework that we think might have an impact on registrants’ operations.

B. KYC Requirements

Section 13.2 of the Revised Rules requires registrants to take reasonable steps, among other things, to establish their clients’ identity and ensure that they have sufficient information to make the suitability determination prescribed by section 13.3 of NI 31-103 or by the rules of a self-regulatory organization (SRO).

  • Establishing identity of individuals: The Revised Policy includes more guidance on the meaning of “reasonable steps” to establish an individual’s identity, including steps to confirm the accuracy of information to form a reasonable belief about an individual’s identity.
  • Information to be collected: The Revised Rules are more prescriptive about the information to be collected to support the registrant’s suitability determination, but for the most part these new rules codify good practices that many market participants have already been following.
  • Currently, registrants must collect information about a client’s financial circumstances, investment needs and objectives, and risk tolerance.
  • When the CFRs come into effect, registrants also will need to collect information about a client’s personal circumstances, investment knowledge, and investment time horizon. In addition, “risk tolerance” in the Current Rule is replaced with “risk profile”. The Revised Policy explains that “risk profile” encompasses risk tolerance (willingness to accept risk) and risk capacity (ability to endure loss). Many registered individuals probably are already taking the new factors mentioned in this paragraph into account in their suitability determinations. It will be important, however, for the related documentation (e.g. KYC questionnaires and registrants’ written analyses) to explicitly address these items.
  • Client to confirm the collected information: New subsection 13.2(3.1) requires the registrant to take reasonable steps to have the client confirm the accuracy of the information within a reasonable time after the registrant collected it.
  • Tailored KYC process: The Revised Policy emphasizes that registrants should tailor their KYC process to reflect their business model, their relationships with clients, and the securities and services that they offer to them. By way of example, the Revised Policy states that if the securities being sold are illiquid or highly risky, more information on a client’s financial circumstances, including investments held elsewhere, might need to be gathered to support a suitability determination. We believe that the regulators are more likely to consider exempt market securities as “illiquid or highly risky”. And so we think that registrants who deal in or advise on exempt market securities may find that they’re expected to collect information about their clients’ investments held elsewhere, whenever practicable, unless there are clear and well-documented reasons not to do so.
  • Keeping KYC information current: Subsection 13.2(4) currently requires registrants to take reasonable steps to keep the client’s KYC information current. Revised subsection 13.2(4) elaborates on this requirement by stating that it includes updating the client’s KYC information within a reasonable time after the registrant becomes aware of any significant change in the client’s KYC information. The Revised Policy indicates that updates should be based on “meaningful and documented interaction” with the client.

New subsection 13.2(4.1) sets minimum intervals for reviewing clients’ KYC information. For example, even if there has been no triggering event for a KYC review pursuant to subsection 13.2(4), new subsection 13.2(4.1) will require a registrant to review a client’s KYC information:

  • For managed accounts, at least every 12 months;
  • If the registrant is an exempt market dealer, within 12 months before making a trade for or recommending a trade to a client; and
  • In any other case, at least every 36 months.

Since many market participants are already performing annual KYC updates, subsection 13.2(4.1) should have little impact on their practices.

C. KYP Requirements

KYP has been an implicit component of registrants’ obligations to conduct a suitability determination. The Revised Rules will make KYP an explicit requirement for registered firms and individuals. In summary, new subsection 13.2.1(1) requires each registered firm to:

  • Assess the securities it offers to clients, including the securities’ structure, features, risks, initial and ongoing costs, and the impact of those costs (Attributes);
  • Approve the securities to be made available to clients; and
  • Monitor the securities for significant changes.

The Revised Policy includes detailed guidance on these requirements, while noting that the steps taken may vary depending on, for example, a particular security’s complexity and risk, the firm’s business model, and the nature of its relationship with clients. Although many registered firms probably already carry out these functions, they will need to ensure that they have adequate KYP documentation, processes and controls.

Registered individuals will also have KYP requirements. In particular, a registered individual will not be permitted to purchase or sell securities for, or recommend securities to, a client unless:

  • The firm has approved the securities to be made available to clients; and
  • The registered individual takes reasonable steps to understand the securities, including their Attributes, to a sufficient degree to enable the registered individual to make a suitability determination.

The Revised Policy expresses the expectation that registered firms will provide registered individuals with access to information that the firm has gathered about the securities, as well as training and tools to help these individuals comply with their KYP obligations. The Revised Policy also indicates that registered individuals should have at least a general understanding of all the types of securities available through the firm, so that they can meet their suitability obligation relating to consideration of a range of alternatives for their clients.

D. Suitability

The suitability determination requirement in section 13.3 of NI 31-103 has been expanded and made more prescriptive.

  • Potential “investment action” triggers suitability determination: Under revised subsection 13.3(1), a registrant will have to make a suitability determination before most “investment actions”. According to the Revised Rule and Policy, this term includes:
  • Opening an account for a client;
  • Purchasing, sell, depositing, exchanging or transferring securities for a client account;
  • Recommending or deciding to continue to hold securities for a client following a review of the client’s account; or
  • Making a recommendation or decision to take any such action.
  • What is a suitability determination? Section 13.3 sets out in more detail the factors that must be considered in making a suitability determination. These include, among other things, the client’s KYC information, the registrant’s KYP assessment of the security, the impact of the investment action on the client’s account (including concentration and liquidity factors), the potential and actual impact of costs on the client’s return on investment, and a reasonable range of alternative actions available to the registrant through the registered firm (when the determination is made). In addition, the proposed investment action must “put the client’s interest first.” The Revised Policy includes extensive guidance on what it means to put the client’s interests first, including how this concept interacts with suitability determinations with respect to account type, how far a registrant is expected to go in assessing a reasonable range of alternative actions, and the need to take a portfolio approach to suitability. We expect that market participants will have questions for the regulators about what “put the client’s interests first” and “assess a reasonable range of alternative actions” mean in practice. As the countdown clock to implementation runs down, and registered firms start developing procedures to address real-world scenarios, we think this could be an important subject for dialogue with the regulators.
  • Periodic reviews: Subsection 13.3(2) of the Revised Rule requires every registrant to review each client’s account and the securities in it against the suitability criteria within a reasonable time after certain events occur. These events include situations such as the registrant becoming aware of a change in a security in the client’s account or a change in the client’s KYC information that could result in the security not satisfying the suitability criteria. The mandatory, periodic review of a client’s KYC information also triggers this obligation to re-assess suitability.

E. Carve-outs and Waivers

  • Investment fund managers (IFMs) are not subject to the KYC, KYP and suitability requirements in respect of their activities as IFMs.
  • Order-execution only dealers are exempt from the requirements to collect and keep KYC information current for purposes of the suitability determination, from the KYP requirements, and from the suitability determination requirement itself.
  • Waivers: Registrants are exempt from the requirements to collect and keep current KYC information for the purposes of the suitability determination and from the suitability determination requirement itself in respect of a permitted client if the client has requested in writing that the registrant not make suitability determinations for the client’s account and either:
  • The client is an individual whose account is not a managed account; or
  • The client is not an individual.

F. Training and Record-Keeping

  • Training: New subsection 11.1(2) of the Revised Rules requires registered firms to train their registered individuals on compliance with securities legislation including, among other things, the KYC, KYP and suitability determination requirements.
  • Recordkeeping: We think that for many firms, enhancing their client-facing and internal documentation (including written policies and procedures) so that these materials are fully aligned with the Revised Rules, represents one of the biggest changes brought about by the CFRs.

G. Implementation Timeline

Although the KYC, KYP and suitability provisions are scheduled to take effect on December 31, 2021, CSA members do not expect current registrants to have to update all their existing clients’ KYC information or reassess the suitability of their investments as of that date. Rather, registrants should continue scheduling reassessments according to current requirements until the effective date and then schedule reassessments according to the triggers in the CFRs after that date.

Although two years might seem like a long time, we encourage registrants to start looking closely at how these changes will affect their operations so that they can identify and resolve interpretation questions and other implementation challenges, organize and budget for the needed resources to effect the required changes, and develop project plans.