The Financial Consumer Agency of Canada (FCAC) recently published the following two documents for comment: Proposed Supervision Framework and Publishing Principles for FCAC Decisions (Consultation). The consultation period runs until November 14, 2016, and written comments can be submitted here.
The FCAC last updated its Compliance Framework in 2011 (2011 Compliance Framework) and the current Consultation aims to address the expansion of FCAC’s mandate since that period to “new types of regulated entities and new activities”, as well as its increasing focus on “proactive and risk-based supervision”. This Consultation is part of a larger modernization process that Canada’s Department of Finance has begun in order to address the evolving nature of the financial services sector (see our August 2016 Blakes Bulletin: Canada’s Financial Sector: Legislation for the Future).
The Consultation documents differ from the 2011 Compliance Framework and the previous Publishing Principles in several respects and this bulletin highlights some key points for regulated entities.
PROPOSED SUPERVISION FRAMEWORK
The Proposed Supervision Framework outlines the FCAC’s general approach to supervising and monitoring federally regulated financial institutions, external complaints bodies and payment card network operators (regulated entities) and describes “the principles and processes FCAC uses to supervise the market conduct of federally regulated financial entities and to ensure that financial consumers and merchants continue to benefit from the applicable protections”.
Further initiatives to support the Proposed Supervision Framework (including additional guidance documents and redesigned internal processes) will be developed by the FCAC and phased-in over time.
Guiding Principles and Pillars of Supervision
The Proposed Supervision Framework states at the outset that all supervisory activities and decisions will be driven by the four guiding principles of transparency, proactivity, proportionality and accountability. The FCAC’s newly stated commitment to transparency and providing predictability for regulated entities marks a potential shift within the federal regulatory agency.
Additionally, the Proposed Supervision Framework sets out the FCAC’s three interdependent pillars of supervision of promoting responsible market conduct, monitoring market conduct, and enforcing market conduct obligations. The three pillars of supervision provide a clearer framework and improve upon the complicated flow chart previously provided under the 2011 Compliance Framework.
Two-Tier Classification System
In line with its risk-based approach to supervision, the Proposed Supervision Framework puts forth a new two-tiered system for classifying regulated entities that will “guide the nature and intensity of FCAC’s supervisory interactions” with such entities. The FCAC had previously noted in its 2011 Compliance Framework that it utilized a risk assessment model to evaluate the relative levels of risk of regulated entities. The new two-tier classification system sets out how the risk assessments of regulated entities will impact their supervisory interactions with the FCAC.
Regulated entities will be classified as tier 1 if they present a “higher inherent risk of breaching their market conduct obligations, due principally to their business models and/or their product and service offerings”. The FCAC cites examples of tier 1 entities as those offering retail products and services to consumers, those whose participants offer payment services to merchants and those offering dispute resolution services to their member banks.
Tier 1 entities will be subject to the new monitoring tool of Market Conduct Profiling. Under this tool, the senior officer assigned to a tier 1 regulated entity will devise annual supervision plans and then compile and assess information on the entity focusing on factors such as the effectiveness of its oversight functions of compliance, risk management, internal audit, senior management and board of directors, and its history of investigations and breaches. The senior officer will then use the information collected to update the Market Conduct Profile, which will subsequently be shared, either individually or in aggregate, with FCAC senior management.
Tier 2 entities present a “lower inherent risk of breaching their market conduct obligations” and examples of tier 2 entities listed by the FCAC include entities that do not offer retail products and services or those whose businesses are restricted to the sale of insurance. Tier 2 entities are not typically assigned a senior officer, but will have access to a liaison officer to address questions. Monitoring of tier 2 entities will be less intensive and will be carried out through activities such as annual examinations.
The introduction of a rulings process has the potential to be one of the major improvements proposed by the new framework. The Proposed Supervision Framework states that a rulings process would “assist regulated entities in the interpretation of their market conduct obligations” by providing “direction to entities whose situations are substantially similar”. However, the FCAC also emphasizes that the rulings are case-specific and that rulings would “not restrict the FCAC in its approach to similar situations”. This language mirrors OSFI’s approach to rulings, which also states their rulings are not necessarily binding on their consideration of subsequent issues; while rulings are informative for situations with the same or similar facts, additional or different considerations may be raised in a different case.
The Proposed Supervision Framework does not currently included detailed information on how the rulings process would operate, but the introduction of a rulings process by the FCAC could allow regulated industries to gain clarification and guidance on FCAC expectations and interpretations.
Notices of Breach
Notices of Breach are a new enforcement tool introduced in the Proposed Supervision Framework in addition to Notices of Violation and Notices of Non-Compliance. A Notice of Breach may be issued following the investigation process and will be issued if the breach falls within one of the three levels outlined by the Proposed Supervision Framework:
- Level 1 notices are issued for breaches that are “isolated or minor”.
- Level 2 notices are issued if a regulated entity is “required to take specific action to address the breach”. Entities that are issued level 2 notices must enter into an action plan to correct the breach and recurrence of the breach could lead to an escalation in enforcement action.
- Level 3 notices are issued when there is a heightened sense of urgency, the breach is a symptom of a broader compliance deficiency, the entity has demonstrated a low level of cooperation towards voluntary compliance or there is a specific need to escalate related concerns within the regulated entity. Entities issued level 3 notices will generally be required to enter into an action plan or compliance agreement.
PUBLISHING PRINCIPLES FOR FCAC DECISIONS
FCAC’s principles with regard to publishing of Commissioner’s decisions were published on its website to provide guidance following the change in FCAC practice from publishing condensed summaries of decisions to publishing the decisions in their original form. The proposed new Publishing Principles clarify FCAC’s policies with respect to published decisions and make a new distinction between the publication of Notices of Violation and Notices of Decision and the publication of Notices of Non-Compliance.
Notices of Violations and Notices of Decision
Under the previous Publishing Principles, the FCAC had generally stated that it was “essential to preserve the factual circumstances and the legal requirements that feature in a decision”. The proposed Publishing Principles specify that when a regulated entity commits a violation, the FCAC “will always make public the nature of the violation and the [administrative monetary penalty] AMP imposed” once all the related proceedings are complete.
The proposed Publishing Principles includes references to the statutory discretion of the Commissioner to disclose the name of the regulated entity. If the Commissioner exercises its discretion not to disclose the name of the regulated entity, the FCAC will publish a redacted version of the Notice of Violation or Notice of Decision that omits the name of the regulated entity and the facts of the violation. Additional information may “be redacted on privacy or confidentiality grounds”. In cases where the Commissioner decides to release the name of the entity, the FCAC will publish the final copy of the Notice of Violation or Notice of Decision. The final copies of these decisions will include the facts of the violation; however some information may still be redacted where deemed necessary due to privacy or confidentiality concerns. In either case, the Commissioner may issue a press release.
The proposed Publishing Principles also stipulates that when a decision is redacted, the “FCAC will provide the regulated entity with advance notice of the redacted version before it is posted”. This documents the current practice.
Notices of Non-Compliance
If the FCAC issues a Notice of Non-Compliance to a regulated entity that breaches its obligations under a voluntary code of conduct or public commitment, the FCAC will publish this information anonymously and may redact information to protect the privacy of consumers or confidential or sensitive business information. The Commissioner may also issue a press release.
Similarly to Notice of Violations and Notices of Decision, the FCAC will provide the regulated entity with advance notice of the redacted Notice of Non-Compliance before it is published.