The Financial Consumer Agency of Canada (FCAC) recently published its new Supervision Framework, following extensive consultation with stakeholders. The Supervision Framework will come into effect November 1, 2017. It updates and replaces FCAC’s current Compliance Framework.
Among other things, the Supervision Framework implements FCAC’s vision for robust and effective oversight of the entities that it regulates, including federally regulated financial institutions (FRFIs), external complaints bodies (ECBs) and payment card network operators (PCNOs). In announcing the Supervision Framework, FCAC highlighted that internal processes and functions will be redesigned and phased in over time to support the core components of the new framework.
GUIDING PRINCIPLES AND PILLARS OF SUPERVISION
The Supervision Framework states that all supervisory activities and decisions will be driven by the four guiding principles of transparency, proactivity, proportionality and accountability. Additionally, the Supervision Framework identifies three interdependent pillars of supervision: promotion, monitoring and enforcement. Old and new supervisory tools will be employed by FCAC to support these pillars through three separate divisions: the Supervision Division, the Enforcement Division and the Promotion and Policy Division. This is a shift from the FCAC Compliance Framework, which currently combines the Supervision and Enforcement Divisions.
The Supervision Framework emphasizes FCAC’s increasingly proactive efforts to understand emerging risks before they impact consumers. As part of these efforts, FCAC expects regulated entities to proactively identify, address and monitor risks, and keep FCAC updated on their particular risks and controls.
NEW CLASSIFICATION OF REGULATED ENTITIES
Under the Supervision Framework, FCAC will implement a risk-based approach to supervision. Regulated entities will be classified as either tier 1 or tier 2, depending on the level of market conduct risk that is present or inherent in their business activities. Market conduct risk is defined as the risk of breaching a market conduct obligation that is overseen by FCAC. Market conduct obligations include both consumer provisions (statutory obligations) and voluntary codes and commitments.
Examples of tier 1 regulated entities include FRFIs offering retail products and services to consumers, PCNOs whose participants offer payment services to merchants and ECBs offering dispute resolution services to their member banks. FCAC will supervise tier 1 entities proactively and assign each entity an FCAC senior officer as their liaison.
Tier 2 regulated entities will include regulated entities such as banks and trust companies that do not offer retail products and services or insurance companies that restrict their business to the sale of insurance. FCAC will monitor tier 2 regulated entities significantly less intensively than tier 1 regulated entities, but may reclassify a tier 2 regulated entity if its business model expands into product or services that increase its federal market conduct risk.
PROMOTING RESPONSIBLE MARKET CONDUCT
FCAC will continue to promote responsible market conduct using FCAC guidelines and decisions, which will be published according to FCAC’s Publishing Principles. In addition, FCAC will introduce a rulings process through which regulated entities may obtain FCAC’s views on the applicability of a market conduct obligation to a conduct or practice. Rulings will be published to provide direction as to how a specific fact situation is viewed by FCAC.
MONITORING MARKET CONDUCT
The Supervision Framework introduces new tools that will allow FCAC to monitor the market conduct of regulated entities. One such tool is the maintenance of a market conduct profile for each tier 1 regulated entity, which will help identify the entity’s risk profile. FCAC officers will also devise annual supervision plans for each tier 1 regulated entity and update the market conduct profile as additional information is gathered through FCAC examinations (on-site and off-site).
FCAC will continue to use third-party intelligence to initiate investigations based on information obtained through complaints, media coverage or other regulators, as well as gather information from multiple regulated entities and stakeholders on matters relating to the financial services sector and market conduct.
ENFORCING MARKET CONDUCT OBLIGATIONS
The Supervision Framework sets out an enforcement regime that begins with the process of investigating any potential breach of a market conduct obligation. Such investigations may lead to the issuance of either a compliance report (previously included in the FCAC Compliance Framework) or notice of breach (a new tool under the Supervision Framework).
Notice of Breach
Notices of breach are a new enforcement tool introduced in the Supervision Framework, which allow FCAC to categorize a notice of breach within one of three levels depending on the severity of the breach:
- A level 1 notice of breach may be issued if the breach is isolated or minor, when a systemic breach has been promptly identified, corrected and remediated, or when harm or impact was minimal and the regulated entity has shown there is a low risk of recurrence.
- A level 2 notice of breach may be issued when the severity of the breach is elevated.
- A level 3 notice of breach may be issued when the severity of the breach is further elevated or when there is a specific need to escalate concerns within the regulated entity. This would include if an entity has demonstrated a low level of cooperation with FCAC on voluntary compliance, there is a heightened sense of urgency to complete corrective actions, or the breach is a symptom of a broader compliance deficiency or concern that needs to be addressed.
In connection with notices of breach, FCAC may require the regulated entity to enter into an action plan or compliance agreement. Both action plans and compliance agreements detail the corrective measures required to address a breach of a market conduct obligation or prevent recurrence of the breach, and the timeframes for action. For legislative or regulatory obligations, breaching a compliance agreement may result in a notice of violation, while a breach of non-legislative obligations may result in a notice of non-compliance. There are no similar consequences in the Supervision Framework for breach of an action plan.
The notice of breach provides FCAC with a new tool to address less severe breaches. However, the Supervision Framework does not provide a clear explanation as to when a notice of breach will be issued as opposed to a notice of violation. Additionally, the Supervision Framework does not set out when FCAC will require a regulated entity to enter into an action plan rather than a compliance agreement. Parties will be looking for FCAC guidance on how such decisions will be made under the Supervision Framework.
Under the Supervision Framework, FCAC will continue to use compliance reports to address breaches of market conduct obligations. Once FCAC’s Deputy Commissioner reviews a compliance report and any comments FCAC has received from the regulated entity, a notice of violation or notice of non-compliance may be issued.
Notices of violation specify the name of the regulated entity, the nature of the violation and any proposed administrative monetary penalty (AMP). The maximum AMP is C$50,000 per violation for a natural person and C$500,000 for all other persons. The regulated entity may make representations to FCAC’s Commissioner within 30 calendar days following the issuance of a notice of violation, pay the AMP or do nothing (the latter two options will result in the entity being deemed to have committed the violation).
Where a violation has been committed, a notice of decision will be issued. The Commissioner has the discretion to make public the nature of the violation, the name of the regulated entity and the amount of any AMP by way of an FCAC decision, which will be published according to FCAC Publishing Principles.
Notices of non-compliance may be issued when an investigation reveals that a regulated entity is in breach of its obligations under a voluntary code of conduct or public commitment. The process for a notice of non-compliance is similar to a notice of violation, although no AMP can be imposed.
FCAC PUBLISHING PRINCIPLES
The FCAC Publishing Principles were introduced alongside the draft Supervision Framework in the fall of 2016 for public comment. The proposed new Publishing Principles aim to clarify how FCAC will publish information about notices of violation, notices of decision and notices of non-compliance. Although the Supervision Framework does not include the final Publishing Principles, it is expected that FCAC will release a final version of the Publishing Principles in the near future.