A recent settlement between the Investment Industry Regulatory Organization of Canada (IIROC) and a registered representative (Representative) at Scotia Capital Inc. (Scotia) illustrates the importance for individual registrants of following through on their intentions to address any concerns they may have about how a client’s account is being handled under a power of attorney (POA).

So Many Red Flags: According to the settlement agreement, in May 2014, the son of a mentally incapacitated 90-year old woman (the Client) opened an account for the Client at Scotia with a registered representative (the First RR). The son was to manage the account pursuant to the POA and a court order appointing him as the Client’s committee. The account was subject to an irrevocable letter of direction (LOD) providing that Scotia should not release any funds, other than income earned, to anyone (including the son as POA) without the prior written consent of the British Columbia Public Guardian (Guardian).

The Client’s son began to conduct unsolicited short-term trading in the account shortly after opening it. Soon afterward, the First RR told the Client’s son that he was unwilling to facilitate such trades because they were unsuitable. The First RR then asked his supervisor to move the account to another registered representative. In July 2014, the account was transferred to the Respondent, who at the time had over fourteen years’ experience as a registered representative. In connection with the account transfer, he read a forwarded email from the First RR about his concerns regarding the Client’s son’s short-term trading in the account. The Respondent also signed off on an LOD similar to the one signed by the First RR.

Coulda Woulda Shoulda KYC: The Respondent met with the Client’s son once to effect the account transfer. He then tried unsuccessfully to meet with the Client’s son again to discuss, among other things, the Respondent’s concerns about the suitability the account’s holdings and the historical trading. The Client’s son declined to meet with him and all of their subsequent discussions were brief and by phone. Meanwhile, the Client’s son continued to engage in short-term trading and speculative trading that exceeded the account’s risk tolerance. At one point, the Representative asked the Client’s son to stop such trading. The Client’s son then placed orders by calling licensed assistants in the branch. The Respondent then advised the assistants not to take the orders, but the Client’s son aggressively pursued the assistants to place the orders.

These activities continued until September 2015, when the Guardian directed Scotia to freeze the client’s account, which had suffered significant losses. The account was moved to another financial institution in 2016 and in May 2017, the Guardian complained to IIROC. Scotia reimbursed the Client, with the reimbursement funds coming from the Respondent in the form of withheld compensation and disgorgement of all fees earned by the Respondent from the Client’s account during the relevant period. IIROC initiated enforcement proceedings against the Respondent and, earlier this month, reached a settlement with him. Among other things, he agreed to a fine of $60,000, disgorgement of $3,500 and $3,000 in costs, as well as two months of strict supervision and a commitment to rewrite the Conduct and Practices Handbook exam.

Aside from the obvious “don’t procrastinate on KYC” lesson, what are some takeaways from this case? First, the financial exploitation of senior and vulnerable clients is of continuing concern to regulators, and they expect registered firms and individuals to follow through on signs of potential abuse. Second, compliance and supervisory systems should factor in the phenomenon that even well-intentioned and experienced employees might put off uncomfortable tasks, such as following up on the completion of KYC forms and discussing concerns about account activity. To manage this risk, chief compliance officers (CCOs) should consider protocols such as flagging and consistently following up on client accounts that have POAs on file to ensure that: (a) appropriate due diligence has been completed to confirm that the POA is valid and current; (b) KYC information is complete and updated frequently to reflect the client’s current circumstances; (c) activity in the account is consistent with the account’s objectives and risk tolerance; and (d) concerns about the account have been resolved. Compliance training that facilitates discussion of challenging scenarios like this one can help employees spot problems in the future and motivate them to raise their concerns with Compliance.