IMPACT ANALYSIS: Ontario regulator’s review cites suitabilty, know-your-customer lapses at exempt market dealers

November 17, 2015

By Helen Chan, Regulatory Intelligence

ONTARIO, Canada (Thomson Reuters) – The Ontario Securities Commission has highlighted Know-Your-Customer (KYC) deficiencies as one of the significant compliance problems facing exempt-market dealers in Ontario. The annual report by the OSC’s Compliance and Registrant Registration branch (CRR) of the Ontario Securities Commission signals that the market regulator of Canada’s financial capital is becoming increasingly more concerned that inadequate KYC efforts by registrants is leading to exempt securities being sold to investors who fail to qualify under a prospectus exemption.

The OSC, along with the Canadian Securities Administrators (CSA), have published numerous regulatory guidelines outlining their expectations for KYC, Know-Your-Product (KYP) and suitability obligations in recent years. The requirements in those areas for registered firms in Canada are set out in rule NI31-303. In 2014, the CSA published Staff Notice 31-336 to provide additional guidance to registrants in the three areas as well as instructions on how to comply with the regulatory requirements.

Repeated KYC, KYP and suitability issues

Many of the KYC-related deficiencies identified in the report are categorized as repeat deficiencies identified by the OSC during its annual reviews of registrants every year.

A common KYC deficiency cited by the OSC concerns a failure to collect sufficient client information. At the most basic level, some registrants failed to collect sufficient information from clients to establish their identity. Advisers and firms also encountered issues in classifying clients as accredited investors, due to a failure to collect information needed to conduct a suitability analysis.

The regulator also observed that some firms had trouble demonstrating that they had complied with KYC, KYP and suitability regulatory requirements. During reviews conducted by the CRR, the regulator observed that some firms failed to document business activities and client transactions; in other instances, these records were not up-to-date or were not readily accessible.

Inadequate annual compliance reports could explain why KYC, KYP and suitability deficiencies continue to go unchecked at registered firms. In its report, the OSC noted that it often could not find any evidence that an annual compliance report, detailing the firm’s compliance with securities laws, was submitted to a firm’s board of directors. As a result, the OSC could not determine whether the firm’s senior managers had assessed their firm’s compliance program, or were even aware of any deficiencies, including KYC, KYP and suitability issues.

Warnings and enforcement actions

The OSC has repeatedly warned exempt market dealers on KYC and suitability compliance deficiencies. Previous inspections carried out by the regulator found that nearly two-thirds of exempt market dealers that were inspected failed to collect or maintain adequate information on clients.

Compliance reviews carried out by CRR staff have also resulted in enforcement action, ranging from requirements that firms provide the OSC with detailed remedial plans to suspension of registration and referral to the regulator’s enforcement branch.

Between April 2014 and March 2015, CRR staff at the OSC initiated a total of 64 actions against registrants. Eight of those involved violations serious enough to refer to the OSC’s enforcement branch. A majority of the misconduct named in the report involved KYC, KYP and suitability failings.

Relying on third parties to conduct KYC was among the more serious deficiencies identified by CRR staff in 2014. During a compliance review of Sloane Capital Corp and Freedman, an exempt market dealer, CRR staff found that the firm routinely failed to conduct adequate KYC. Advisers at the firm did not meet with clients to obtain KYC information prior to making trades and relied on representatives of the issuer to conduct KYC. Similarly, in another case, a portfolio manager had accepted referrals from unregistered financial planners and relied on these individuals to meet with clients to collect KYC information.

Suggested practices

An initial guide to meeting regulatory KYC expectations of the OSC and the CSA is outlined in CSA Staff Notice 31-336. Additionally, the OSC has included a number of best-practice tips in the annual summary report outlining findings from reviews conducted by CRR staff.

Registrants are expected to become personally acquainted with clients with the aim of obtaining thorough understanding of a client’s personal and financial circumstances. As such, delegating the collection of KYC information to third parties, especially unregistered individuals, is almost guaranteed to raise red flags with securities regulators during compliance reviews.

Asking clients to fill out a “tick the box” form without an understanding of their personal and financial circumstances is unlikely to be considered adequate for suitability assessments, thus supporting the need for advisers to engage clients in detailed conversation about their investment needs.

When making suitability assessments, registrants need to have adequate client information to determine whether certain investments are suited to a client’s risk profile. To do so, financial advisers need to have a solid understanding of a client’s life circumstances, investment goals and attitude towards financial risk, among other considerations. These factors may change over time, giving rise to the need to review and update KYC information on a regular basis.

KYC information should be updated annually, at minimum. During a KYC review, advisers are required to evaluate whether a client’s life circumstances or a significant change in market conditions have affected their suitability for certain investments such as exempt securities. As a best practice, any changes should be recorded in writing and signed off by the client and the adviser.

Firms are also well advised to ask registered advisers to keep written records of information collected during a KYC consultation with a client and clear records of any updates or changes to a client’s KYC file. Maintaining documentation that is easily accessible enables registrants to demonstrate to regulators that they have conducted KYC in compliance with regulatory requirements.

Accurate and up-to-date KYC records are a crucial part of any registered firm’s compliance program. Advisers are increasingly expected to demonstrate that they have complied with suitability rules in selling exempt securities to accredited investors. Maintaining adequate documentation to support suitability analysis for trades enables registrants to be able to account to regulators.

In addition to managing suitability assessments, maintaining robust KYC practices also play a role in mitigating regulatory risks pertaining to anti-money laundering (AML) reporting requirements. Securities dealers in Canada are required to have a compliance program in place to provide reports to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). To satisfy regulatory requirements, firms must collect adequate KYC information to ascertain the identity of their clients and maintain accurate records of such information.

While, to date, Canadian authorities have not pursued high profile enforcement actions against investment firms, AML regulatory scrutiny may be on the horizon. Earlier this year, the Canadian government published a highly critical assessment of AML controls at Canadian banks. The report has generated much debate and could spur regulators to pay closer attention to KYC practices and AML compliance measures at financial firms.

(Helen Chan is a regulatory intelligence and e-learning expert in the Enterprise Risk Management division of Thomson Reuters Regulatory Intelligence. Email Helen

(This article was produced by Thomson Reuters Regulatory Intelligence and initially posted on Nov. 6. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @RiskMgment)

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see