Contact: Paige Ward
General Counsel & Vice-President, Policy
February 6, 2013
Phone: (416) 943-5838
For Distribution to Relevant Parties within your Firm
Member Regulation Notice MR-0057 – The Role of Compliance and
Supervision – Revised Notice and Summary of Comments
On February 24, 2012, MFDA staff published revisions to Member Regulation Notice MR-0057
– The Role of Compliance and Supervision (“MR-0057”) for a 60-day public comment period.
Eight submissions were received during the public comment period, which expired on April 24,
2012. A summary of the comments received, together with the responses of MFDA staff, is
attached as Appendix “A”.
The Notice has been revised to reflect registration reform related amendments contained in
National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Requirements
and conforming changes to MFDA Rules.
Page 1 of 8
On February 24, 2012, MFDA staff published revisions to Member Regulation Notice MR-0057
– The Role of Compliance and Supervision (“MR-0057”) for a 60-day public comment period.
The public comment period expired on April 24, 2012.
Eight submissions were received during the public comment period:
1. Association of Canadian Compliance Professionals (“ACCP”);
2. Desjardins Financial Security Investments Inc. (“DFSI”) & Desjardins Financial Services
Firm Inc. (“DFSF”);
3. Federation of Mutual Fund Dealers (“FMFD”);
4. IGM Financial Inc. (“IGM”);
5. Independent Financial Brokers of Canada (“IFB”);
6. Investment Funds Institute of Canada (“IFIC”);
7. Royal Mutual Funds Inc. (“RMFI”) and Phillips, Hager & North Investment Funds Ltd.
8. TD Investment Services Inc. (“TDISI”).
The following is a summary of the comments received, together with the MFDA’s responses.
Several commenters expressed concern that the Notice overstates the jurisdiction of the MFDA
concerning individuals who may be subject to enforcement action. These commenters requested
clarification as to possible circumstances in which the MFDA would have the authority to
exercise its jurisdiction against a non-registered individual, such as a compliance officer
(excluding the Chief Compliance Officer – “CCO”)) or a non-registered delegate of a registered
Commenters raised questions respecting the responsibility for compliance and supervisory
authority of different parties at the Member (e.g. compliance officers, legal counsel, supervisors
and others). Commenters indicated that certain types of activities should not result in
supervisory authority/liability being attributed to an individual, for example, day-to-day guidance
and direction provided by legal counsel, where counsel does not have immediate responsibility
for or control over Approved Persons. In this regard, clarification was sought as to what it
means to have assumed supervisory authority. Commenters also referenced the section of the
Notice respecting the liability of compliance officers, and indicated that the Notice should
Page 2 of 8
highlight the responsibilities and liability of supervisors in failing to identify rule violations and
to sufficiently escalate and follow up on identified issues.
As set out in the Notice, compliance is a firm-wide responsibility. Accordingly, compliance
issues at a Member will be considered in the context of the Member’s compliance/supervisory
structure as a whole, particularly where the issue involves an individual at the Member who is
not a registrant under securities legislation. Consideration would be given to the formal
responsibilities/accountability and day-to-day activities of the non-registered individual and the
Approved Person that the non-registered individual reports to directly.
Non-registered individuals at a Member should be given a clear understanding of their
responsibilities, including, as applicable, those in respect of the monitoring, reporting and
escalation of compliance issues. We expect Members to have policies and procedures that
address this issue clearly and in a manner that is consistent with requirements under MFDA
Rules and this Notice.
The MFDA is aware that it does not have direct regulatory authority over individuals at the
Member that are not registrants under securities legislation. As a result, we have amended the
Notice to better reflect our intention and jurisdiction. Amendments to the Notice now clarify that
enforcement action may only be brought against those who are Approved Persons.
With respect to comments seeking clarification as to what it means to have assumed supervisory
authority, we note that the circumstances contemplated are those where such authority, including
the accompanying responsibility or ability to affect conduct, has been specifically delegated.
While the Notice highlights the responsibilities of the compliance officer, it is not intended to
exclude the responsibility and liability of supervisors in failing to identify rule violations and to
sufficiently escalate and follow up on identified issues. As set out in the Notice, Members are
responsible for the actions of all of their employees, whether or not such individuals are
Approved Persons, and for ensuring that they carry out their mandate, including regulatory
Comments respecting the liability of compliance officers, as noted above, also asked for
examples as to what would/would not constitute sufficient follow up and escalation. Given the
fact-specific nature of a determination in respect of these matters, staff is of the view that
providing examples would have a greater potential to mislead and give Members a false sense of
comfort rather than provide guidance.
Approved Persons versus Employees
One commenter recommended that the second paragraph of the “Distinction between
Supervisory and Compliance Roles” section be revised to read: “a person in the role of
supervisor has responsibility and authority to manage the day-to-day activities of other
employees and Approved Persons of the Member…”.
Page 3 of 8
We agree and have made this change.
One commenter noted that the Notice makes reference to “ensuring compliance with MFDA
requirements and other applicable laws”. However, in other sections, reference is made to
“MFDA requirements and applicable securities legislation”. This commenter suggested that the
references in the Notice be consistent and limited to securities legislation, as dealer firms will
have other legislative and regulatory obligations unrelated to securities.
Where the Notice makes reference to applicable securities laws/legislation, this has been done to
remain consistent with wording adopted under NI 31-103. This wording is also intended to
ensure that the Notice is consistent with general principles respecting the establishment of a
compliance system, as set out in the Companion Policy to the Instrument. In addition to
compliance with requirements under MFDA Rules and securities legislation, Members should
ensure that their policies and procedures refer, as appropriate, to compliance with requirements
under all applicable rules and regulations.
Role of the Board of Directors
Two commenters expressed concern that the draft Notice appears to impose further requirements
on the Board of Directors in addition to those required under MFDA Rule 2.5.3(b)(iv), and
recommended revising the draft Notice to reflect the Rule. These commenters suggested that the
phrase “The Board of Directors (or equivalent) must ensure that the Member maintains a
compliance program…” be amended to read “must take reasonable steps to ensure that the
Member maintains…”. One commenter expressed the view that the wording under this section
does not allow the Board to consider the validity or materiality of any deficiency noted, the risk
of the deficiency occurring again, the nature of the damage or potential loss that could arise from
the deficiency, the views of others as to the validity of the Report or alternative views of counsel,
accountants or other experts, etc. This commenter also stated that the role of compliance is to
monitor and supervise and not dictate what is to be done. The other commenter expressed the
view that the role of the Board of Directors is to review the CCO’s report for the purposes of
assessing compliance by the Member and its Approved Persons and not to determine what
actions are necessary to rectify compliance deficiencies.
One commenter expressed the view that the role of the Board is to “address” and not “rectify”
deficiencies, and that only “material” deficiencies need to be considered at the Board level. The
commenter recommended that the drafting be amended accordingly.
Page 4 of 8
The Notice does not impose additional requirements on the Board of Directors but, rather,
provides guidance as to how the Board is to discharge its responsibilities related to compliance
and supervision, including those in respect of the report submitted to it by the CCO. This
guidance clarifies that the Board is required to consider and act on the CCO’s report in a manner
that adequately addresses any issues raised. The responsibilities of the Board in this regard
would be to have an action plan to rectify issues of which they are made aware. This could, for
example, include establishing a control environment that has the ability to prevent and detect
Reference to Rule 2.5.3 has been included under this section, as it is this Rule (specifically
2.5.3(b)(iv)) that sets out the requirement for the CCO to submit a report to the Board of
Directors or partners, as frequently as necessary and not less than annually, for the purpose of
assessing compliance by the Member and its Approved Persons with the By-laws, Rules, and
Policies, and with applicable securities legislation.
The obligation on the Board of Directors is to ensure that the Member maintains such a
compliance program. In discharging this responsibility, the Board will be required to act
reasonably and to exercise a reasonable degree of diligence and prudence, which would include
giving due consideration to matters such as those noted by the commenter (e.g. the validity or
materiality of a deficiency, etc.). In addition, as set out in the Notice, we note that the MFDA
expects the CCO’s annual report to the Board to identify and discuss material findings and
issues in respect of the areas noted.
Role of Management
One commenter expressed concern that the duties of some management staff do not include
specific regulatory matters, noting that the concept of “permitted individual” in National
Instrument 33-109 Registration Information (“NI 33-109”) encompasses those management
individuals who should be responsible for the regulatory conduct of Member business. This
commenter noted that other management staff of a Member may carry out duties unrelated to
MFDA-regulated areas, such as information technology. The commenter suggested that the
wording under this section be amended to reference members of management that are permitted
The introduction to this section notes that each member of a Member’s management is
responsible for supervising and directing the activities of the Member, as well as individuals
within the Member, in order to ensure compliance with applicable rules and regulations with
respect to areas of their management responsibility. Thus, while obligations in respect of
compliance and supervision extend to all members of management, the scope of such obligations
is determined by reference to what would be appropriate having regard to the individual’s
specific area(s) of management responsibility.
Page 5 of 8
Management – Chief Compliance Officer
One commenter recommended that the responsibilities of the CCO be clarified by specifying that
the CCO is responsible for “non-financial” rules in order to more accurately reflect the division
of responsibilities between the CCO and the Chief Financial Officer (“CFO”). This commenter
recommended that the MFDA provide assurances to CCOs to exclude responsibilities for
financial matters where the accountability for financial rules, or for the Anti-Money Laundering
function, has been assigned to another individual within the Member. It was noted that IIROC
has recognized the role of the CFO as having distinct responsibilities with respect to the financial
rules of IIROC.
Another commenter recommended that the MFDA recognize that only the items that fall within
the jurisdiction of the CCO be included in his or her annual report to the Board of Directors, and
issues concerning capital and insurance may fall under the jurisdiction of the financial manager,
who is usually an officer, a director, or both.
“Chief Financial Officer” is a specific registration category under IIROC Rules. However, under
MFDA Rules, there is no requirement to designate an individual as CFO. Policy No. 2 provides
that tasks and procedures may be delegated to a knowledgeable and qualified individual but not
responsibility. Accordingly, the CCO may delegate such tasks and procedures respecting
financial compliance to the CFO or another designated individual at the Member. However, the
CCO’s reporting responsibility includes an assessment of the Member’s compliance with all
MFDA requirements and applicable securities legislation and not only those for which the CCO
is personally responsible. As such, the CCO’s report must include the reporting of both financial
and non-financial matters.
The CCO’s mandatory annual report to the Member’s Board of Directors must address all
compliance issues related to MFDA requirements and applicable securities legislation, but does
not extend to matters relating to Anti-Money Laundering (“AML”) legislation. Where the CCO
has been delegated responsibility for compliance in any area of regulatory responsibility outside
of securities legislation, including compliance with requirements under AML legislation, the
MFDA expects the CCO to make the Board aware of any issues of non-compliance in these other
areas of regulatory responsibility.
Other Individuals – Compliance Officers
One commenter referenced the section of the Notice that refers to compliance officers having to
take appropriate steps to ensure that corrective measures are taken and to escalate inadequately
addressed issues as appropriate. This commenter expressed the view that this suggests that
compliance officers would be obliged to go over the supervisor’s head, which would not be
reasonable or workable.
Page 6 of 8
Compliance officers are delegated tasks/functions by the CCO. However, the CCO retains and
may not delegate the responsibility for those tasks/functions. Accordingly, for the CCO to
satisfy his or her regulatory responsibilities under MFDA Rules and securities legislation,
including those in respect of delegated matters, there must be a process in place at the Member
that allows issues of non-compliance to be appropriately escalated and/or reported back to the
CCO by the compliance officer.
As set out under the Notice and noted by the commenter, compliance officers are required to take
appropriate steps to assist in ensuring that corrective measures are taken and to escalate
inadequately addressed issues as appropriate. Thus, while a compliance officer has an obligation
to escalate any unresolved/inadequately resolved issues, the extent of this obligation (i.e. what
would constitute appropriate escalation in any given circumstance) would be determined on a
case-by-case basis and include considerations such as the compliance officer’s specific
duties/responsibilities and scope of authority.
Role of Others
One commenter recommended maintaining the wording of the original Notice in this section.
The commenter noted that it is reasonable for “others” to comply with a Member’s internal
policies and for such policies to be consistent with regulatory requirements, but it is not
reasonable to expect all “others” to know and directly follow all applicable regulatory
We have revised this section of the Notice to clarify our regulatory intent. The section, as
revised, now states that all other individuals at the Member, regardless of whether they are
registered with the securities commissions or are MFDA Approved Persons, are expected to
comply with the Member’s internal policies and procedures, including its compliance program.
Compliance for Integrated Financial Groups
One commenter recommended that the Notice take into account the realities and distinctiveness
of integrated financial groups, where certain compliance activities may, with the consent of the
Board of Directors, be carried out in part by parties outside the Compliance Department, who
may report to the CFO, the Treasury, Internal Audit, or other bodies. The commenter noted that
in such organizations, Internal Audit ensures the quality and uniformity of supervision of a given
matter throughout the financial group and its various entities, and must report its findings to the
senior management or Board of Directors of the Member’s parent company.
The circumstances referred to by the commenter with respect to compliance for integrated
financial groups represent a delegation of the compliance supervisory function. As we have
Page 7 of 8
noted in our responses above, the CCO retains responsibility for delegated tasks/functions.
Accordingly, for the CCO to satisfy his or her regulatory responsibilities under MFDA Rules and
securities legislation, there must be a process in place at the Member that allows issues of non-
compliance to be appropriately escalated and/or reported back to the CCO. The CCO should be
in a position to perform regular monitoring and supervision in respect of such issues of non-
Standard of Care
One commenter recommended clarifying that the reference to standard of care refers to the
MFDA’s internal standard and expressed the view that the standard should not be purely
“objective”, but should consider the individual’s actions based on what they actually knew at the
material time. The reasonableness of an individual’s action should be determined on the basis of
the facts that were actually known at the relevant time and the reasonableness of the inquiries
and actions that followed.
The standard of a reasonably proficient and diligent individual holding the same position is
modeled on the common law objective standard of the reasonable person and is consistent with
the standard of conduct generally adopted under securities legislation. While the standard is an
objective one (i.e. based on what the respondent ought to have known or done), it is open to the
individual, as set out in the Notice, to demonstrate that they exercised due diligence to prevent
any harm that may have occurred. The opportunity to show that due diligence was exercised is
where consideration may be given to the reasonableness of the individual’s actions having regard
to what they knew and the circumstances at the time.
Page 8 of 8