IIROC has some catching up to do.
Canadian Securities Administrators (CSA) has released IIROC’s oversight review report, which evaluates whether specific regulatory processes operate effectively and outlines required corrective action.
CSA reports a repeat finding in IIROC’s business conduct compliance (BCC) department, given the self-regulatory organization (SRO) didn’t implement necessary changes in a timely manner to its examination programs. Those programs are associated with suitability in client-managed accounts and with dealer members’ compliance with aspects of NI 81-105. CSA has prioritized the finding as high.
In response to the finding, IIROC says in the report that it will implement a process so that changes are reviewed internally by IIROC’s general counsel’s office “before the finding will be considered resolved.” In an email to Advisor.ca, IIROC says this measure will help ensure “more timely” resolution of issues identified in oversight reports.
CSA also reports IIROC didn’t make sufficient progress in resolving an issue raised during the previous oversight review in information technology (IT). Specifically, IIROC didn’t provide an information security program report to a board committee on a quarterly basis. The finding is prioritized as medium.
In response, IIROC says it will provide the report on a quarterly basis from now on, “even if no new significant updates are available since the previous report.”
Other medium-priority findings revealed by CSA are:
- an inability to resolve report deficiencies (BCC),
- untimely internal reporting and inadequate methodology for control verification procedures (IT),
- inadequate meeting processes (enforcement) and
- inadequate processes to provide a holistic view of dealer members, such as a history of regulatory actions for each dealer member (enforcement).
IIROC’s responses to all findings are included in the report. For instance, in response to providing a holistic view of dealer members, IIROC says it will “ensure the regulatory history of a firm is appropriately considered” as part of its new compliance referral process.
Further, in an email to Advisor.ca, the SRO says it has established a working group to develop guidance to help BCC staff categorize findings in dealer member examination reports as “repeat and/or significant.” Also, “IIROC is drafting guidance to assist staff in determining whether a compliance issue should be referred to enforcement.”
To address methodology for control verification procedures, IIROC says in the report it will “create a formalized procedure document outlining the control verification process undertaken for enterprise risk management.” And, via email to Advisor.ca, IIROC confirms the procedure will be used in testing of all business units, including IT.
CSA says in the report that it will actively monitor IIROC’s progress in addressing the report’s findings.
About the report
Based on the annual assessment of IIROC’s functional areas and key processes, the regulators selected above-average risk areas as the focus for the review, including BCC, IT, enforcement, market surveillance, and trade review and analysis.
The regulators considered the previous oversight review and whether findings identified in that review had been resolved, as well as current issues and market conditions that could affect IIROC.
Read the full report.