IIROC Guidance Distinguishes Compliance From Supervision

In the wake of a disciplinary panel's reasons given in 2012 in Re Northern Securities (Northern Securities),1 the Investment Industry Regulatory Organization of Canada (IIROC) has issued fresh guidance on the compliance and supervision responsibilities of IIROC-regulated personnel.

According to IIROC Notice 12-0379 (Notice) issued in mid-December, 2012, compliance is not to be viewed as an isolated activity, but rather as the collective responsibility of the Ultimate Designated Person (UDP), Chief Compliance Officer (CCO), Chief Financial Officer (CFO), as well as executives, directors, management and supervisors of IIROC-regulated firms (Dealer Members). The authority and responsibilities of these parties are different.

A compliance officer can identify an issue, but his or her authority to act is limited to escalating a matter to a supervisor or executive. In contrast, a person acting in a supervisory role has the responsibility and the authority to identify and to resolve issues once they are identified. In practical terms, a supervisor acts quickly, in real time if practicable, to identify and respond to issues as they arise, while a compliance officer’s functions may involve after-the-fact analysis, issue identification, monitoring and escalation of compliance matters.

IIROC has latitude to determine who the actual supervisors are. Documentation purporting to set out an individual’s title, responsibilities and authority is relevant to that inquiry, but the individual’s actual functions in the day-to-day operations of the firm are also significant.

A supervisor:

  • may delegate specific supervisory functions to a properly qualified compliance officer;
  • must conduct sufficient follow up and review to ensure that the delegated functions are executed properly; and
  • remains responsible for such delegated activities.

The UDP:

  • must supervise Dealer Member activities that are directed towards ensuring compliance with all applicable regulatory requirements of the Dealer Member and the individuals acting on its behalf;
  • must promote compliance by the Dealer Member and individuals acting on its behalf with such regulatory requirements;
  • is responsible for the compliance culture at the firm;
  • is responsible for the establishment and maintenance of an effective compliance system; and
  • should avoid conflicts of interest with respect to their UDP obligations, as IIROC may view such conflicts negatively (Northern Securities, paragraphs 52-53).

The CCO:

  • is an integral part of the Dealer Member’s executive management team;
  • must report all material incidents of non-compliance with IIROC requirements and securities laws to the UDP as soon as possible;
  • must have direct access to the UDP and the Dealer Member’s board of directors;
  • must identify and discuss in his annual report material findings contained within:
    • IIROC compliance reports;
    • early warning designations;
    • gatekeeper reports;
    • disciplinary actions;
    • compliance risk trend results, and
    • any other relevant findings or reports;
  • as confirmed by Northern Securities:
    • must make diligent inquiries when faced with non-compliance red flags even if doing so would challenge the UDP (Northern Securities, paragraph 105(a));
    • should ensure that clients have been fully advised of conflicts of interest and that proper disclosure documentation is on file (Northern Securities, paragraph 105(d));
    • must diligently and proactively monitor and update practices and procedures (Northern Securities, paragraph 102);
    • must question business practices until he receives an explanation which satisfies him that nothing untoward is happening (Northern Securities, paragraph 102);
    • must act as the moral compass to ensure regulatory compliance (Northern Securities, paragraph 102);
    • must be prepared to diligently challenge practices, longstanding or new, even if they are championed and defended by superiors (Northern Securities, paragraph 102); and
    • should be aware that the wording of IIROC rules setting out a CCO’s standard of conduct does not fully describe a CCO’s responsibilities (Northern Securities, paragraph 102).

Compliance officers, including the CCO:

  • are responsible for monitoring compliance;
  • must take steps to ensure that necessary corrective measures are taken by supervisors and executives;
  • should monitor the corrective measures taken;
  • should escalate the issue as appropriate if supervisors fail to adequately address the issue;
  • should document all steps taken to correct, report or escalate issues; and
  • who also perform legal functions should make it clear to other individuals when they are acting as legal counsel.

The board of directors, in response to matters escalated by the CCO, must:

  • review the reports of the CCO;
  • determine, based on the CCO’s recommendations, necessary remedial action to any compliance deficiencies noted in the reports; and
  • ensure that such remedial actions are carried out.

Each member of the board of directors must ensure that:

  • the Dealer Member maintains a compliance program that identifies and addresses material risks of non-compliance; and
  • appropriate supervision and compliance procedures to manage those risks have been implemented.

IIROC may initiate enforcement proceedings against a Dealer Member’s directors, executives, UDP, CCO, CFO, supervisors or any other IIROC-regulated personnel if they fail to satisfy their supervisory obligations.

IIROC will assess an individual’s conduct by reference to the objective standard of a reasonably proficient and diligent individual holding the same position. Therefore, the focus will be on what the individual ought to have known or done, not on what they actually knew or did.

A Dealer Member may be the subject of IIROC enforcement proceedings if a compliance officer:

  • fails to identify rule violations; and
  • after identifying the violation, fails to escalate the matter in accordance with firm policies.

Both the Notice and the Northern Securities shed light on the degree to which Dealer Members can disagree with IIROC as to the interpretation of its rules and directives. Dealer Members are admonished not to use their particular interpretation as a basis for refusing to comply with rules as directed by IIROC. After the Notice and the Northern Securities decision, Dealer Members who persist in rule interpretations that IIROC staff considers to be incorrect are at some risk of facing enforcement proceedings.


1 2012 IIROC 63

Authors