CSA Published Guidance on Expectations for Compliance Consultants Performing Regulatory Mandates
On August 22, the Canadian Securities Administrators (CSA) issued guidance for regulated securities firms such as portfolio managers, exempt market dealers and investment fund managers about the CSA’s expectations when consultants are put forward to perform regulatory engagements required by a CSA member after a compliance review or enforcement action. Such consultants confirm that changes required by regulators in registrant policies, procedures and practices have been implemented effectively. Consultants can also develop the policies and procedures where they don’t yet exist and also perform other functions.
The CSA guidance emphasizes the securities regulators’ concern with consultant competence and independence when a registered securities business is required to retain a consultant to close a compliance review, resolve an enforcement proceeding or otherwise.
The main take-aways are:
- Compliance consultants can be accounting firms or compliance professionals who have acquired relevant expertise as securities regulators or employees of regulated businesses. Lawyers are also eligible to act as consultants but the guidance makes clear that there are special considerations confronting a law firm which undertakes a consulting arrangement which are discussed below.
- The consultant will be expected to do more than react passively to policies and procedures that the registrant puts forward. The consultant is expected to ensure that they are workable, improve them if necessary and to apply knowledge of the registrant’s business as well as industry knowledge.
- The registrant is expected to be open and provide the consultant with relevant background materials, including confidential compliance reports prepared by securities regulators or, if the matter has been dealt with at the enforcement level, the relevant settlement agreements or enforcement decision.
- Regulators do not negotiate the engagement terms. The consultant usually does so with the registrant. The consultant usually has a standard form of engagement letter to work with as a starting point. Typically, a consulting engagement may not be terminated by a registrant without CSA prior approval.
- Because they have to “accept” the consultant, regulators are concerned with the identity and experience of the consultant and have to be comfortable with the consultant proposed. The registrant is expected to research the experience and credentials of its candidate and put forward reasons why the candidate is qualified for the particular mandate and respond to ensuing regulator questions. The CSA guidance says that, in some cases, more than one consultant will need to be retained to do the job.
- It isn’t unusual for a securities regulator to test the independence of the proposed consultant. If that consultant has acted as an expert or done other work for the registrant, that ought to be disclosed and discussed. Prior work by the consultant for the registrant is not necessarily disqualifying but the registrant has to be prepared to explain why the prior work or the prior work relationship does not impair the independence of the consultant.
- Where lawyers agree to act as compliance consultants, the concern that they will be nothing more than advocates for the views of the business can be an issue. The lawyer team should ideally be different from the team that regularly represents the registrant. Also, most consulting arrangements require that the registrant provide consent to allow the securities regulator access to information from the consultant without restriction so that the regulator can evaluate the conclusions that the consultant is arriving at in doing its work. This can raise issues on the part of lawyers who are concerned about giving up solicitor/client privilege. Lawyers may, therefore, hesitate to take on this role if they have a regular commercial relationship with the registrant.
- It is necessary to have a work plan for the consultant. The CSA guidance envisages a compliance plan, progress reports, a final report and post-implementation testing. The final report can be narrative or a slide presentation and the appropriate format will also be discussed in advance of the delivery of a particular report. The guidance says the engagement can last a year or more.
- The aim of the compliance consultant’s work may include confirming compliance with securities law. Consultants who are not lawyers will hesitate to provide conclusions that sound like legal opinions and will often provide disclaimers in the engagement letters confirming that legal advice is not being provided.
- Training in new procedures has to be addressed. If it can’t be done with internal resources, the consultant may have to assist with that too.
CSA compliance consultants terms and conditions CSA Staff Notice 31-356 - Guidance on Compliance Consultants Engaged by Firms Following a Regulatory Decision