The Investment Industry Regulatory Organization of Canada (IIROC) and the Mutual Fund Dealers Association of Canada (MFDA) have each released statements of priorities for 2018.
Taken together, and in conjunction with recently stated priorities of provincial securities regulators such as the Ontario Securities Commission, the statements illustrate that securities regulators will continue to focus closely on issues of conflicts of interest, transparency and cybersecurity in the year ahead.
CONFLICTS OF INTEREST AND BEST EXECUTION
In a continuation of recent regulatory trends, both the MFDA and IIROC have highlighted conflicts of interest as a key focus for 2018. Areas of regulatory focus regarding potential conflicts of interest include:
- Non-“neutral” compensation, such as differentials in compensation between different financial products or account types
- Incentive programs and promotions offered by financial products providers
- Products containing embedded or trailing fees
- Procedures and oversight regarding fee-based accounts.
On a similar note, IIROC stated that it will be focusing on compliance with newly-enacted “best execution” trading requirements. Pursuant to the new requirements, dealers must make efforts to obtain the most advantageous trade execution terms available under the circumstances.
TRANSPARENCY, DISCLOSURE AND CRM2
Both the MFDA and IIROC have identified compliance with the Client Relationship Model Project (CRM2), as well as related transparency and disclosure issues, as a regulatory focus in 2018.
CRM2, which was introduced in 2016, requires financial firms to provide their clients with enhanced disclosure relating to investments and fees. With the CRM2 program now having been fully in force for over a year, both the MFDA and IIROC have signalled that they will closely scrutinize CRM2 compliance in 2018. In the longer term, regulators have indicated that they may look to propose further enhancement of disclosure standards, beyond those required by CRM2.
In response to the continuing industry trend towards automated investment advice, IIROC stated that it will be developing testing for compliance by “robo-advisors” with regulatory requirements in 2018. Among the areas tested will be compliance with disclosure, know-your-client and supervisory obligations.
Both IIROC and the MFDA have identified cybersecurity-related risks as a top priority for 2018. Among the areas of focus, regulators will monitor members regarding:
- Conducting regular due diligence on third-party information technology vendors and service providers
- Protecting data through encryption and strong passwords
- Maintaining software-patch management systems to address security vulnerabilities
- Developing and maintaining cybersecurity incident response plans and policies.
Both IIROC and the MFDA have indicated a desire to work collaboratively with their members on development of cybersecurity practices such as those noted above. IIROC stated that it will continue to work with the Investment Industry Association of Canada to help dealers improve their cybersecurity practices, and the MFDA has similarly worked with its members and a third-party consultant on strengthening cybersecurity practices.
The statements provide an indication as to where the MFDA and IIROC will focus their attentions in 2018 as they carry out their overarching mandates of investor protection. IIROC and MFDA members should anticipate that the specific areas noted above, as well as the areas analogous to them, may be subject to increased scrutiny in the year to come.
Members should take proactive steps to ensure that they have appropriate policies, procedures and day-to-day practices in place, and that they regularly evaluate and test their policies and procedures to ensure continued compliance over time. Where appropriate, members should also consult with legal counsel on early and proactive outreach to securities regulatory bodies.