In July, CSA released its IIROC oversight review report for 2016. Results indicate dealers could potentially face increased scrutiny during examinations by the self-regulatory group’s business conduct compliance (BCC) staff.

Though no oversight areas were deemed high risk, five were identified as above-average risk. That compares to two high-risk and one categorized as above average in the 2015 report.

“I’m not sure the overall riskiness changed, because you have more groups in above average than last time,” says Darin Renton, partner at Stikeman Elliott in Toronto. “Looks like it came out as a wash.”

A repeat BCC finding is that IIROC failed to update examination procedures to assess suitability in managed accounts and dealers’ compliance with NI 81-105 Mutual Fund Sales Practices. In the report, IIROC says the delay was partly due to management changes.

With these procedures now in place, “dealers can potentially expect some crackdown on the examinations going forward,” says Rebecca Wise, senior associate at Torys in Toronto.

“IIROC needs to have review procedures implemented by September 30, 2017,” notes Bernard Pinsky, partner at Clark Wilson in Vancouver, referring to processes to monitor and track the resolution of issues raised by CSA or internal audit reports. “This could result in a period of extra measures for dealers [and] advisors while IIROC assesses the best and most efficient way to do things.”

Another finding: BCC staff have failed to ensure dealer members adequately resolve deficiencies. “Part of that inability was because they didn’t have guidance to categorize deficiencies in the first place,” says Renton.

“CSA’s expecting IIROC to do more to track significant repeat offenders, and that’s going to factor into what is referred to enforcement,” says Wise. In the report, CSA says it expects IIROC to take regulatory action, such as imposing terms and conditions on dealer members or referring dealer members to IIROC enforcement, to ensure repeat or significant deficiencies are readily resolved.

Also in the report, IIROC says it will develop internal guidance documents by September 30, 2017, to help categorize deficiencies, and is also developing an analytic framework so staff can determine when to refer an issue to enforcement.

These measures should help dealers and advisors understand how to stay in compliance, says Pinsky.

Better documentation needed

Under the enforcement category, CSA asks for better documentation of pre-referral meetings, during which IIROC’s compliance and enforcement staff discuss examination findings before deciding which of them get referred to enforcement. Further, CSA says IIROC needs to create guidance to decide which cases merit referral.

“That finding highlights a concern of the CSA, which is ensuring consistency and that IIROC has the tools it needs to be efficiently pursuing various enforcement matters,” says Wise, noting the similarity between this finding and the lack of guidance to resolve deficiencies and track repeat offenders.

“The other thing CSA is saying to enforcement is you have to look at the dealer as a whole,” adds Renton. CSA says IIROC needs a process for tracking the history of regulatory actions against dealer members. That means IIROC must consider a registrant’s history when deciding whether a breach is a one-off or indicates a problem registrant, says Renton.

The report’s enforcement deficiencies result in “dealers with repeat problems not getting the kind of oversight they probably need, or the guidance that might help them,” says Pinsky.

Also, establishing a holistic view of dealer members would potentially serve those who have no repeat findings or who are responsive to issues identified by IIROC, suggests Wise.

IIROC says in the report that firms’ regulatory history will be considered and documented as part of a new compliance referral process, to be in place July 2017. A spokesperson for the SRO confirmed this measure is in place.

Documentation is a theme throughout the report, says Renton. “It isn’t good enough just to run a process. You have to keep contemporaneous notes to demonstrate that you did the right thing at the time,” he says.

Overall, “it’s a short list of items that were of any significance,” says Renton. The regulators “acknowledge that IIROC has made sufficient progress knocking off things from the previous reports. So it’s a pretty good report card.”

How MFDA did

In comparison, the MFDA’s last oversight report, issued November 2016, included findings in financial compliance and enforcement, with the latter focused on signature falsification. The report also looked at cases that take action against approved persons only, instead of including dealer members when warranted.

The regulators’ focus on such cases demonstrates their holistic approach, says Renton, and that’s also shown in the IIROC oversight report. Rather than looking at a particular incident, the SROs must “identify firms where there are continuing or a significant number of deficiencies, so that the firm can be tracked as opposed to the individual actors,” he says.

Renton notes the IIROC review report is the second under CSA’s new and more frequent review process. The 2016 and 2015 reports each cover 16 months, compared to 2014’s nearly three-and-a-half years. But there’s no established timeline.

“It remains to be seen whether the regulators will review IIROC more than once every two years,” says Pinsky. “It will likely depend on the fullness of the response IIROC provides to the medium- and high-level risk areas identified,” he adds, referring to the priority ratings given to the findings.

“It’s helpful that the report is issued on a more frequent basis,” says Renton. “And it is comforting to the industry that there is not a long list of significant deficiencies.”

The report’s focus on processes and documentation “probably suggests that, overall, the CSA thinks IIROC is doing a good job,” says Wise. “We’d expect to see a lot more in this report if IIROC wasn’t getting a passing grade.”