General Counsel, Corporate Secretary and Vice President, Policy
MSN - 0057
Dec 5, 2006
Joint Regulatory Notice on the Role of Compliance and Supervision
MFDA Staff Notices are intended to assist Members and their Approved Persons in the interpretation, application of and compliance with requirements under MFDA By-laws and Rules. Notices make reference to these requirements and set out MFDA staff's interpretation of how to comply with these requirements. Notices may also include best practices or guidance.
On December 5, 2006, staff of Market Regulation Services Inc., the Mutual Fund Dealers Association of Canada (the “MFDA”), the Bourse de Montreal Inc. and the Investment Dealers Association of Canada1 (now Investment Industry Regulatory Organization of Canada – “IIROC”), issued the Joint Regulatory Notice on The Role of Compliance and Supervision (“Joint Regulatory Notice”, issued by the MFDA as Member Regulation Notice MR-0057), which set out the expectations of the self-regulatory organizations (“SROs”) regarding the compliance function at Member firms, as well as the role, responsibility, and accountability of Member firms, their Board of Directors, management, Compliance Departments, and compliance officers.
This updated Notice is being issued in response to Registration Reform related amendments contained in National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (“NI 31-103”) and conforming changes to SRO Rules. The Registration Reform related amendments to NI 31-103 include: new registration categories, changes to the scope of registerable activities, updates on compliance-related functions, as well as updates on supervisors’ roles and responsibilities. The purpose of this Notice, as revised, is to ensure consistency and conformity between the Registration Reform related amendments and the previously issued Joint Regulatory Notice.
As a result of changes to IIROC registration categories and to ensure that guidance is provided to Member firms of both the MFDA and IIROC with an appropriate degree of specificity and clarity, the revised Notice is being issued separately by each SRO. However, MFDA staff has worked with IIROC staff during the course of revisions to this Notice to ensure that concepts and principles remain harmonized.
Responsibility for Compliance
A strong culture of compliance, which focuses not only on compliance with all applicable rules and regulations, but also emphasizes the importance of personal integrity and the need to deal with clients fairly, honestly, and in good faith at all times, is the responsibility of each individual acting on behalf of a firm. Toward that end, and as noted in the Companion Policy to NI 31-103, the existence of an Ultimate Designated Person (“UDP”), Chief Compliance Officer (“CCO”), a Compliance Department, and other staff with compliance responsibilities does not relieve anyone else of the obligation to act on or escalate compliance issues. Everyone at the Member should understand the standards of conduct of their role, including the Board of Directors (or equivalent), employees, and agents, whether or not they are registered. Furthermore, compliance should not be viewed as an isolated activity of the Compliance Department, but as an integral part of a Member’s general business activities. As such, it is the responsibility of the UDP, CCO, Board of Directors, management, and supervisors to consider and implement advice provided by those performing a compliance function. The role of the Compliance Department is to identify, assess, advise on, communicate, monitor, escalate, and report on the Member’s compliance with regulatory requirements.
Industry compliance professionals play an important role in the system of securities regulation. The MFDA and industry compliance professionals share a common objective of promoting compliance at their Member firms and setting high industry standards. In order to achieve this objective, the MFDA needs to clearly communicate its expectations of Members, including their respective Board of Directors (or equivalent), UDP, CCO, Compliance Department, management, supervisors, and other individuals at the Member. The purpose of this Notice is to provide Members with MFDA expectations of the compliance function at Member firms and the role, responsibility, and accountability of the above-noted individuals.
In the past, the MFDA has issued notices and bulletins that address many of the matters outlined below. In addition, certain MFDA Rules and Policies deal specifically with supervisory and compliance responsibilities. This Notice should be read in conjunction with those regulatory instruments.
Distinction between Supervisory and Compliance Roles
While Compliance Departments and compliance officers carry out similar functions across Member firms, they have responsibilities tailored to the size, resources, and business needs of the particular Member. In some cases, their sole responsibility will be fulfilling the compliance function, in others, they may also have supervisory roles.
In contrast to the compliance role, a person in the role of supervisor has responsibility and authority to manage the day-to-day activities of other employees and Approved Persons of the Member so as to ensure their compliance with all applicable rules and regulations.
A supervisor must have sufficient authority to take effective and timely remedial action where account activity or any other matter under his or her supervision falls or appears to fall outside the bounds of conduct, just and equitable principles of trade or good business practice, or violates any applicable rules and regulations.
The difference between a supervisory and compliance role is defined by who has the authority to resolve issues once they are identified. If a compliance officer has the authority to resolve issues themselves, then he or she is also acting in a supervisory role. If the compliance officer’s authority and ability to resolve issues is limited to escalating the matter to a supervisor, then he or she is executing a compliance function.
In determining whether an individual is acting in a supervisory role, MFDA staff will look at the individual’s responsibilities, authority, and the functions he or she performs for the Member, not simply at his or her title. While staff will consider documentation setting out an individual’s responsibilities and authority, staff will also look to confirm whether these are reflected in the day-to-day operations of the firm. In other words, it is a two-fold test: documentation and practice.
The activities of those exercising compliance functions should not be viewed by supervisors as a substitute for them discharging their responsibilities to supervise the business of the Member. For example, as set out in MFDA Policy No. 2 Minimum Standards for Account Supervision (“Policy No. 2”), tasks and procedures may be delegated to knowledgeable and qualified individuals, but not responsibility. Those who are delegated tasks must have the qualifications and required proficiency to perform the tasks and should be advised in writing of their duties. Supervisors remain responsible for the performance of the supervisory activities delegated to compliance personnel, and must conduct sufficient follow up and review to ensure that the person to whom functions have been delegated is properly executing them.
In some instances, the CCO may also have supervisory responsibility, for example as an UDP.
Role of the Member, Board of Directors, Management, and Other Individuals
I. The Member
The Member is responsible for establishing, implementing, communicating, and maintaining effective compliance programs to ensure compliance with all applicable rules and regulations. This responsibility extends to all directors of the Member with respect to their corporate governance responsibilities, and all officers of the Member with regard to areas of their management responsibility.
II. The Board of Directors
Each member of the Member’s Board of Directors (or equivalent) must ensure that the Member maintains a compliance program that identifies and addresses material risks of non-compliance and that appropriate supervision and compliance procedures to manage those risks have been implemented. Consistent with MFDA Rule 2.5.3 (Chief Compliance Officer), the Board of Directors must review the reports and recommendations of the CCO and any other information respecting instances of material non-compliance that comes to their attention to determine what actions are necessary to rectify any compliance deficiencies noted in the report, or of which they otherwise become aware, and ensure that such actions are carried out.
Each member of a Member’s management is responsible for supervising and directing the activities of the Member, as well as the individuals within the Member, in order to ensure compliance with applicable rules and regulations with respect to areas of their management responsibility. Certain management members, such as the UDP and CCO, have specific responsibilities under NI 31-103 and MFDA Rules.
The specific roles and responsibilities of the UDP, CCO and others are set out below:
(a) The Ultimate Designated Person
As noted in NI 31-103 and MFDA Rule 2.5.2 (Ultimate Designated Person), the UDP must supervise the activities of the Member that are directed towards ensuring compliance with MFDA requirements and all applicable securities legislation by the Member and the individuals acting on its behalf. The UDP must also promote compliance by the Member and individuals acting on its behalf with all MFDA requirements and all applicable securities legislation.
As highlighted in the Companion Policy of NI 31-103, a firm’s UDP is responsible for the compliance culture at the firm, including the establishment and maintenance of an effective compliance system. The UDP is expected to communicate and reinforce the importance of compliance within the firm on an ongoing basis. Furthermore, as part of his or her ultimate responsibility for compliance at a firm, the UDP is responsible for ensuring that all staff understands the importance of consulting with the Compliance Department on all relevant matters. To ensure the effectiveness of the compliance system, the UDP is also expected to ensure that there are effective procedures for identifying and escalating all instances of non-compliance. The UDP should ensure all instances of non-compliance are resolved in a timely and effective manner.
(b) The Chief Compliance Officer
The CCO is an integral part of a Member’s senior management team. As such, the CCO must establish and maintain policies and procedures for assessing compliance by the Member and the individuals acting on its behalf, as set out under NI 31-103 and MFDA Rule 2.5.3. The CCO is responsible for monitoring and assessing compliance with all MFDA requirements and applicable securities legislation, and must report the results of this assessment to the Board of Directors (or equivalent) as frequently as necessary and not less than annually.
The MFDA expects the CCO’s annual report to the Board to identify and discuss material findings or issues relating to: capital and insurance, regulatory examinations, investigations, disciplinary proceedings and other actions, client complaints and legal proceedings and the operations of the compliance and supervisory functions, as well as any other material issues that occurred during the period covered by the report. Where an issue remains unresolved, the report should outline steps that will be taken to resolve the issue.
The mandate of the CCO is to provide the Board of Directors (or equivalent) with reasonable assurance that all standards and requirements under MFDA requirements and applicable securities legislation are being met.
The CCO must report all material incidents of non-compliance with MFDA requirements and applicable securities legislation to the firm’s UDP as soon as possible after becoming aware of the matter, including any incidents of non-compliance that create a reasonable risk of harm to clients or the capital markets, or where there is a pattern of non-compliance. In light of this obligation, the CCO must have direct access to the UDP and the Board of Directors (or equivalent) as needed to report significant issues as they arise.
Where the CCO reports to other individuals at the Member or an affiliate organization, in addition to the UDP, such reporting must not impair or impede the reporting by the CCO to the UDP in the manner prescribed under MFDA requirements and applicable securities legislation.
IV. Other Individuals
As previously noted, compliance is a firm-wide responsibility. Accordingly, everyone in the firm should understand the standards of conduct applicable to their role. More specifically:
(a) Compliance Officers
Although compliance officers, with the exception of the CCO, are not typically registrants with the securities commissions, they have certain responsibilities in executing their function as a compliance officer. These responsibilities are in addition to any other responsibilities that a compliance officer may have as a result of holding other roles (e.g. where, in accordance with MFDA requirements, a compliance officer is performing a supervisory function in addition to their compliance role).
Compliance officers are responsible for monitoring compliance, but they cannot simply identify compliance issues. Compliance officers must also take appropriate steps to assist in ensuring that corrective measures are taken by supervisors or managers to remedy any compliance issues that have been identified. Compliance officers should, therefore, after communicating their findings to the appropriate supervisor(s) who have the authority to effect the changes necessary to address the compliance issue, monitor the corrective measures taken. If supervisors fail to adequately address an issue identified by a compliance officer, the compliance officer must escalate the issue as appropriate. Escalation procedures should be detailed in the Member’s internal procedures. In some cases, the compliance officer may raise the issue with a higher level supervisor, in others, with the CCO who, in turn, should address the issue with management or, where appropriate, with the UDP or Board of Directors. The steps taken by compliance officers and corrective actions taken by supervisors must be documented, maintained, and verifiable.
All other individuals at the Member, regardless of whether they are registered with the securities commissions or are MFDA Approved Persons, are expected to comply with the Member’s internal policies and procedures, including its compliance program.
Pursuant to the Companion Policy to NI 31-103, the existence of an UDP and CCO, or a Compliance Department and/or other supervisory staff, does not relieve anyone else in the firm, whether registered or not, of the obligation to act on or escalate compliance issues. Members should note that they may be held responsible for the failures of their employees and/or agents, irrespective of whether or not such individuals are registrants under securities legislation.
When Individuals Will be Subject to Enforcement Action by the MFDA
Under appropriate circumstances, the MFDA may initiate enforcement proceedings relating to compliance or supervisory matters against one or more of a Member’s Approved Persons if:
- they violate MFDA requirements and/or applicable securities legislation, or aid and abet another in such violations; or
- they fail to satisfy their supervisory obligations.
In each case, the individual’s conduct will be judged by reference to a reasonably proficient and diligent individual holding the same position. Given that the standard is objective, it is not what the respondent actually knew or did, but rather what he or she ought to have known or done. It is always open to an individual to demonstrate that they exercised due diligence to prevent the harm that occurred.
Members are reminded that they are responsible for the actions of all of their employees, whether or not such individuals are Approved Persons, and for ensuring that they carry out their mandate, including regulatory responsibilities. As such, the MFDA may initiate enforcement proceedings against a Member in cases where, for instance, a compliance officer:
- fails to identify violations of MFDA requirements and/or applicable securities legislation according to the standard of a reasonably proficient and diligent compliance officer; or
- after identifying the violation, fails to escalate a matter in accordance with the firm’s established escalation procedures.
Creating an Effective Compliance Program
In order to be effective, compliance programs must be reasonably designed to identify and control the risk of compliance failure that could result in investor and/or market harm and financial losses and reputational damage to the Member.
Members have an obligation to establish, maintain, and apply policies and procedures that establish an effective compliance system that provides assurance that the firm and individuals acting on its behalf comply with MFDA requirements and applicable securities legislation and manage business risk in accordance with prudent business practice. This includes: allocating sufficient resources, creating measures and systems that encourage and reward compliant behaviour and discourage non-compliant behaviour, and ensuring that compliance officers have appropriate access to supervisors and senior management. There are many steps that a Member can take to promote the importance of compliance, including the following:
- Promote a culture of compliance by clearly identifying, prioritizing and communicating compliance goals.
- Insist on compliance and high ethical standards throughout the Member, with senior management leading by example.
- Ensure that effective execution of compliance and supervisory roles is an explicit element of compensation and promotion decisions.
- Ensure that others in the firm have a clear understanding of the role of compliance within the firm, including the roles of the UDP, CCO, compliance officers, and the Compliance Department.
- Communicate compliance and regulatory information to individuals within the Member. Emphasize compliance and regulatory subjects in training. Training should include educating individuals about their compliance responsibilities on an ongoing basis.
- Make available to all individuals an effective means of communicating (confidential or anonymous, if appropriate) compliance, regulatory, or ethical concerns to compliance officers, supervisors, senior management, or the Board of Directors, if necessary, without fear of retaliation.
- Encourage the development, training, professionalism, and retention of the Member’s compliance officers with compensation, benefits, and recognition in keeping with their contributions, and implement sanctions or other corrective actions for non-compliant behaviour. Further, staff the Compliance Department with sufficient, qualified, experienced, and knowledgeable professionals.
- Ensure sufficient access to information for compliance officers to enable them to carry out their responsibilities.
- Develop a cooperative relationship between regulators and Members.
Tips for Compliance Officers
There are many steps that compliance officers can take to ensure that they have discharged their responsibilities in connection with regulatory expectations, including the following:
- Ensure that they have a clear understanding of the nature of their responsibilities. This includes having a detailed job description with clearly established reporting lines and a clear understanding of whether they are expected to act in a supervisory capacity.
- Maintain written records that detail all steps that were taken to correct, report, or escalate issues that were identified, along with any supporting documentation that demonstrates actions taken.
- Lawyers who perform compliance functions in addition to legal functions should make it clear to other individuals when they are acting as legal counsel and providing legal advice.
- Compliance officers should be active in promoting compliance-related initiatives both inside and outside of the Member, and be available to individuals within the Member for consultation on compliance issues.
- Ensure that steps in the compliance process are appropriately tailored to the size and nature of the Member’s business, and that they are tested to ensure that they adequately address any compliance gaps.
- Ensure that MFDA Rule/Policy changes, bulletins, and notices are reviewed and incorporated into the Member’s compliance policies and procedures in a timely and effective manner that addresses the nature and size of the Member’s business.
- Test compliance policies and procedures to ensure that existing procedures continue to effectively reflect the business practices of the Member and are in compliance with new rules and regulations.
- Periodically review the websites of provincial regulators and the MFDA and, where possible, attend MFDA meetings or seminars devoted to regulatory issues. Doing so will give compliance officers advance notice of proposed and imminent changes under MFDA requirements and/or applicable securities legislation that may affect the compliance officer and the Member firm.
- Develop a cooperative relationship between regulators and Members.
1 Effective June 1, 2008, Market Regulation Services Inc. merged with the Investment Dealers Association of
Canada to form the Investment Industry Regulatory Organization of Canada.