On May 10, 2017, the Alberta Securities Commission (the "ASC") released the results of its exempt market dealer ("EMD") compliance reviews (the "Sweep"), which was set out in ASC Notice 33-705 — Exempt Market Dealer Sweep ("ASC Notice 33-705"). ASC Notice 33-705 is available online.

In addition, on May 18, 2017, the Canadian Securities Administrators staff (the "CSA Staff") released the results of its compliance reviews of 65 small firms in CSA Staff Notice 31-350 — Guidance on Small Firms Compliance and Regulatory Obligations ("CSA Notice 31-350"). CSA Notice 31-350 is available online.

In our view, ASC Notice 33-705 is required reading for all compliance officers. The notice set out the ASC's view of the best practices that should be followed by registrants. Many of these best practices were observed by the ASC during the course of the compliance sweep. We strongly encourage all registrants to consider the notice and update their policies and procedures accordingly.

Compliance officers of small firms should also refer to CSA Notice 31-350 as it sets out the CSA's expectations for small firms (i.e. firms with only one or a few registered individuals).

ASC Notice 33-705 - Exempt Market Dealer Sweep

Types of Firms Reviewed

During the compliance reviews, ASC Staff reviewed 66 Alberta-based EMDs (including one affiliated registrant), which involved examining material aspects of the client relationship for compliance with regulatory requirements at both the firm and individual registrant levels. The Sweep population included firms with various business models, some being registered solely as EMDs with others registered as EMDs and in other categories. Areas reviewed included compliance systems, know-your-client, know-your-product, suitability, sales practices and marketing, conflicts of interest, relationship disclosure information, and client reporting.

The 66 completed reviews were comprised of the following types of firms:

To view the diagram click here.

The ASC identified deficiencies in compliance with regulatory obligations in all areas tested. Major findings identified during the Sweep include:The Results of the Sweep

  • Inaccurate, incomplete or inadequate policies and procedures manual;
  • Failure of the chief compliance officer (the "CCO") to adequately perform responsibilities;
  • Inadequate collection and documentation of know-your-client information;
  • Inadequate know-your-product analysis of exempt market products;
  • Risk tolerances of clients that were not consistent with the risk of the product;
  • Inadequate consideration of client investment concentration levels in the suitability analysis;
  • Marketing materials that contained unsubstantiated or exaggerated claims; and
  • Inadequate identification and response to conflicts of interest.

Overall, the ASC Staff found a spectrum of compliance levels among the firms reviewed. A number of firms achieved a high level of compliance, resulting from the effective implementation of compliance systems. On the other end of the spectrum, due to the seriousness of the deficiencies identified, regulatory action and other steps were taken (as shown below):

To view the diagram click here

ASC Notice 33-705 sets out the ASC's expectations regarding best practices for EMDs and we strongly encourage all registrants to consider and update their policies and procedures accordingly. Set out below are the best practices suggested by the ASC.Suggested Best Practices

1. Suggested Compliance System Practices

a. Policies and Procedures Manuals

  • Updating individual sections of their policies and procedures manuals as changes in securities laws or in the firm's business arise, and dating each section as updates are made;
  • Communicating updates to firm personnel in a timely fashion and providing an appropriate level of training to ensure that such individuals understand the firm's policies and procedures, including changes made;
  • Implementing a comprehensive dealer representative onboarding program that includes training in each policy area and proficiency testing prior to new dealers representatives being permitted to conduct registerable activities; and
  • Requiring that dealer representatives and other registered individuals periodically read the policies and procedures manual and confirm in writing that they have read, understood and abided by, and will continue to abide by, the firm's policies and procedures.

b. CCO Performance

  • Retaining the services of qualified advisers, such as legal counsel, to review the policies and procedures manual and other documentation and provide compliance guidance to the CCO; and
  • Circulating electronic newsletters to personnel on a periodic basis discussing topics such as changes to regulations, new policies and procedures, and advice on best practices

c. Dealer Representative and Business Location Oversight

  • Providing questionnaires and interviewing dealer representatives on a periodic basis to ensure dealer representatives understand relevant topics such as compliance, regulations, and products;
  • Maintaining records of training materials, including videos and transcripts of presentations, and webinars;
  • Administering quizzes on product features, risks, conflicts of interest, etc.;
  • Establishing a risk-based schedule for reviewing dealer representatives and their business locations; and
  • Using third party educational resources for dealer representative training.

d. Books and Records

  • Ensuring that electronic files are encrypted and backed-up on a server in a secure off-site location;
  • Establishing a centralized books and records system to avoid books and records being maintained independently from the firm;
  • Establishing a systematic process to periodically review opportunities to improve the way in which the firm maintains its books and records;
  • Conducting regular internal audits to ensure that items such as client files, marketing approvals, and anti-money laundering files contain sufficient information to support the firm's and its representatives' compliance activities;

e. Complaint Handling

  • Reviewing the firm's operations and policies and procedures as part of complaint handling to identify and address areas of weakness;
  • Reviewing dealer representative and client files to ensure that accurate and thorough notes of interactions and communications with clients are maintained;
  • Diarizing actions relating to client complaint handling to ensure that the firm responds in a timely fashion and in compliance with section 13.16 of NI 31-103; and
  • Reviewing the activities of individuals who are subject to complaints beyond the specific complaint matters to determine if the nature of the complaint is pervasive.

2. Suggested Know Your Client Practices

a. Know Your Client Collection

  • Reviewing know your client information with the client after collection to ensure accuracy;
  • Ensuring that know your client forms and updates to know your client information are initialled/signed and dated by the client and the firm;
  • Performing an online search of the investor to verify the investor's profession and position, and, in turn, determine (at least at a high level) whether that profession and position corresponds with the income and net financial assets reported in the investor's know your client form and to help identify potential concerns as to whether the investor meets the prospectus exemption requirements;
  • Conducting quality assurance calls with a sample of clients prior to processing trades to ensure that: all know your client information is correct; the client qualifies for the prospectus exemption relied upon; the investment is suitable; the client has received relationship disclosure information and the offering documents; and the client understands the features and risks of the investment;
  • Providing clients with a periodic reminder to update the firm on material changes to personal and financial circumstances; and
  • Utilizing questionnaires to assist in the know your client collection process.

b. Prospectus Exemption Practices

  • Checking the know your client form, or supplemental information form, that collects necessary personal and financial information to substantiate the exemption relied upon;
  • Having policies and procedures to ensure the prospectus exemption criteria relied upon in the subscription agreement is consistent with the know your client information collected;
  • Maintaining a database of client exempt market purchases to allow compliance staff to (i) verify that investors have not exceeded the offering memorandum caps, and (ii) assess suitability; and
  • Collecting financial information in ranges that are not only relevant for suitability assessment purposes, but also assist in determining qualification for prospectus exemptions.

3. Suggested Know Your Product Practices

  • Having policies and procedures that guide the know your product process, including key criteria used in assessing the investment;
  • Documenting analyses and bases for know your product decisions;
  • Establishing an independent board or a committee to review due diligence materials and approve products or provide recommendations to those ultimately responsible for product approval;
  • Conducting background checks on issuer principals and key individuals;
  • Creating an offering sheet summarizing the due diligence performed and the merits of the investments as well as key product information;
  • Using independent expert and unbiased third party services as part of the due diligence process; and
  • Monitoring changes to the issuer's financial and operational status, including amendments to offering documents.

4. Suggested Suitability Practices

  • Including a written suitability assessment for each client trade demonstrating how the trade is suitable;
  • Escalating transactions with "red flags" to the CCO for a second level review;
  • Adopting policies and procedures regarding seniors — Firms should consider the following guidance:
  • Adopting policies and procedures regarding other vulnerable clients (in addition to seniors);
  • Taking into account a client's concentration levels, including concentration in exempt market securities (such as investments in real estate-backed exempt market securities);
  • Including and documenting in the suitability assessment evidence that the firm has considered concentration risks;
  • Implementing policies and procedures on concentration risk that explain how concentration is to be assessed (e.g., based on net financial assets) and why such method is the most appropriate based on the firm's business model and investor base; and
  • Establishing stricter/lower concentration thresholds for clients who require liquidity or have limited ability to withstand losses.

5. Suggested Sales and Marketing Practices

a. Oversight of Marketing Materials

  • Using service providers to search, capture, and archive activities in social media accounts of dealer representatives;
  • Storing marketing electronically in a firm-operated database;
  • Establishing a centralized website that hosts all dealer representative web pages to ensure the firm has control over materials and updates posted; and
  • Independently reviewing all marketing materials prepared by issuers to ensure the firm can substantiate all information contained in the marketing materials, including having back-up information for performance data.

b. Marketing Policies and Procedures

  • Establishing marketing policies and procedures that adopt the guidance in CSA Notice 31-325;
  • Creating policies and procedures that ensure that marketing materials in foreign languages are translated independently and reviewed and approved by compliance staff prior to publication;
  • Establishing policies and procedures requiring approval of all trade names prior to use; and
  • Engaging independent third party service providers to perform performance calculations.

c. Reviewing Marketing Materials

  • Evidencing review and approval of marketing materials by maintaining records of the source material reviewed and changes/comments made as a result of the review;
  • Evidencing review and approval of websites and social media with screenshots of content and changes made as a result of the review; and
  • Controlling dealer representative access to marketing materials.

d. Referral Agents

  • Standardizing marketing materials and templates for use by referral agents;
  • Conducting background checks on referral agents prior to commencing referral activities;
  • Establishing an in-depth review process for referred trades, including performing quality assurance calls to a sample of referred investors to assess the investors' understanding of the investment and of the relationship between the registrant and the referral agent, as well as to ensure that unregistered referral agents are not performing registerable activities; and
  • Requiring referral agents to take a course to ensure they understand compliance basics before they are permitted to make referrals.

6. Suggested Conflict of Interest Practices

a. Conflicts Identification and Response

  • For firms that sell their own products or sell related party products, creating a product-specific disclosure form that discusses conflicts of interest that apply to a particular product;
  • Requiring an individual such as the CCO, or a committee that includes compliance staff, to review conflicts of interest on an ongoing basis, and requiring that such review be documented and include the firm's assessment and response to the conflicts identified; and
  • Disclosing conflicts of interest in an acknowledgement form that clients are required to review and sign prior to purchasing any product.

b. Conflicts Policies and Procedures

  • Implementing an organized method, such as the use of a log, to record and track all existing and potential material conflicts of interest along with the firm's response to these conflicts;
  • Establishing a requirement for individuals acting on behalf of the firm to update and report their conflicts of interest to the firm on a periodic basis, including a requirement to report new outside business activities and personal investments;
  • Establishing a system to independently review dealer representative activities to identify existing and potential conflicts of interest between dealer representative and clients;
  • Conducting regular dealer representative training on conflict of interest identification and disclosure; and
  • Having the CCO or other compliance personnel discuss directly with each client, whether in person or over the phone, all material conflicts of interest to ensure the client understands the firm's conflicts prior to commencing trading activity.

7. Suggested Relationship Disclosure Information Practices

a. Providing Relationship Disclosure Information

  • Including a field in the know your client form for the client to acknowledge that they have received the relationship disclosure information document;
  • Including fields in the relationship disclosure information document for the client to acknowledge that each section has been discussed with the dealer representative and is understood;
  • Disclosing all fees payable by the client relating to custody (e.g., custodian fees for RRSP and TFSA accounts);
  • Combining relationship disclosure information in one document;
  • Using quality assurance calls to ensure clients have received and understood relationship disclosure information; and
  • Drafting relationship disclosure information using simple language and clear and comprehensive disclosure tailored to the firm's operations..

b. Relationship Disclosure Information Policies and Procedures

  • Establishing policies and procedures that require that relationship disclosure information be reviewed on an ongoing basis and kept up to date to reflect current regulatory requirements and the firm's operations; and
  • Implementing policies and procedures for timely delivery of relationship disclosure information.

8. Suggested Client Reporting Practices

  • Using a third party to produce trade confirmations or client statements (under the terms of an outsourcing agreement that clearly sets out the responsibilities of both parties) and conducting adequate oversight over the third party's activities;
  • Implementing policies and procedures to ensure timely delivery of trade confirmations and client statements;
  • Establishing a requirement for the client to acknowledge receipt of trade confirmations and client statements (e.g., by obtaining an electronic notice of delivery);
  • Using a back office system that automatically generates trade confirmation slips following transaction activity; and
  • For investments subject to cash calls (e.g., private equity or progress draw mortgages), providing clients with clear disclosure of committed capital and the remaining amount of capital to be called.

CSA Notice 31-350 — Guidance on Small Firms Compliance and Regulatory Obligations

The CSA identified common deficiencies for IFM, PM, and EMD:

1.

Significant business interruptions plan and succession planning — inadequate or missing (35%)

2.

Monitoring systems (e.g., inadequate written policies and procedures (71%), incomplete books and records (25%), inadequate marketing materials (15%))

3.

CCO annual report — inadequate or missing (29%)

4.

Interim financial statements and accounting principles — incorrect accounting method and insufficient procedures (15%)

5.

Inadequate excess working capital (9%)

6.

Inadequate relationship disclosure information (63%)

7.

Inadequate collection/documentation of know-your-client information (54%)

8.

Non-delivery of or inadequate client statements (45%)

9.

Inadequate or outstanding filings to regulators (34%)

Common Issues and Guidance Offered by the CSA

1. Significant Business Interruption

Small firms often have only one registered individual to operate the business and service clients. This raises concerns regarding the impact on the firm's clients in the event of the death, incapacitation or prolonged temporary absence of the sole registered individual. In most cases of business interruption, there is a period where the client's portfolio is not being managed, which could be a significant issue for clients who need to generate income to meet their cash flow needs. Client portfolios are also at higher risk especially in periods of volatile markets. As a result, business continuity planning is particularly important for small firms that manage client portfolios. It is advisable that a small firm's plan specifically address issues of significant business interruptions, with an emphasis on the loss of key personnel and succession.

In order to manage risks related to business interruption, small firms should consider: (i) developing a business continuity plan that is appropriate for their size and business model, (ii) designating an individual to execute the business continuity plan, and (iii) reviewing the business continuity plan annually

2. Monitoring Systems

Small firms may have resource constraints that make segregation of duties difficult or impossible. These challenges make ensuring good documentation practices and controls especially important for small firms in order to demonstrate good compliance. All firms must maintain records to accurately record business activities, financial affairs, and client transactions, and demonstrate the extent of a firm's compliance with applicable requirements of securities legislation.

Small firms are encouraged to consider employing non-registered staff or using technology to perform additional verification procedures. CSA Staff found that the reviewed firms often did not maintain internal books and records to evidence the due diligence conducted to support their business activities. CSA Staff also found that the reviewed firms often did not have adequate policies and procedures.

3. The CCO Annual Report

The CCO must assess the overall compliance structure and internal controls at the firm at least annually. Questions about the adequacy of the firm's compliance system, and whether the CCO is adequately performing his or her responsibilities may arise when the CCO has not drafted an annual compliance report, or submits a perfunctory report that concludes that the firm has complied with securities legislation without support for how this assessment was made.

The CSA Staff would suggest that the CCO should describe in the report the steps that were taken to perform the assessment, the results of the assessment, and what has been done or will be done to address the non-compliance. The CCO of a small firm can meet the annual report requirement by documenting this assessment in the firm's board of directors' minutes.

4. Interim Financial Statements and Accounting Principles

All firms, including small firms, may have deficiencies with respect to their financial statements, use of accounting principles, or excess working capital calculations. Firms should have detailed written financial policies and procedures clearly outlining who is expected to do what, when, and how. Firms with only one individual should at a minimum develop procedures to state when and what financial records will be prepared.

5. Inadequate Excess Working Capital

Firms must properly complete Form 31-103F1 Calculation of Excess Working Capital to ensure that all working capital calculations are accurate at all times. Some reviewed firms had inadequate excess working capital during the period covered by the compliance reviews. These firms often did not perform their working capital calculations with sufficient frequency and, accordingly, were not aware of their working capital position at all times. While these firms often maintained a nominal amount of excess working capital, as expenses were incurred it caused a working capital deficiency. In this scenario, a firm might need to calculate its excess working capital position on a more frequent basis, such as daily or weekly

Conclusions

The ASC's review of EMDs in Alberta and the CSA's review of small firms uncovered widespread compliance deficiencies. ASC Notice 33-705 states that some of the firms examined had high levels of compliance with the regulatory requirements while others prompted regulatory action to address the failings the review uncovered. The notice also indicates that some firms simply ceased business in the face of the regulator's review.

CSA Notice 31-350 provides details and guidance with respect to the deficiencies noted during the CSA's reviews. Specifically, the CSA identified that small firms can be at risk of failing to meet requirements of applicable securities legislation if they do not have: (i) a comprehensive plan to address significant business interruptions and succession issues; (ii) monitoring systems that are reasonably likely to identify non-compliance at an early stage; and (iii) supervisory systems that allow the firm to correct non-compliant conduct in a timely manner.

We strongly recommend that all registrants review ASC Notice 33-705 and that small firms review CSA Notice 31-350 and update their policies and procedures accordingly.