Chapter 16 - Reporting Requirements.pdf

Transcript

Reporting Requirements 16

CONTENT AREAS

Overview of Reporting Requirements

Reporting to Management and the Board of Directors

Other Reporting Obligations

LEARNING OBJECTIVES

1 | Describe a chief compliance officer’s reporting responsibilities to management.

2 | Describe the issues that should be included in a chief compliance officer’s report to the board of
directors.

3 | Identify the other reporting obligations a chief compliance officer should be aware of.

© CANADIAN SECURITIES INSTITUTE
 CHAPTER 16      REPORTING REQUIREMENTS 16 3

INTRODUCTION
In the previous chapter, we discussed the types of situations that might require an internal investigation and
we explained the guidelines for conducting such an investigation. You learned that failure to comply with legal
and regulatory obligations can result in time-consuming and costly consequences to a dealer member and its
registrants.
In this chapter – the final chapter in this course – we discuss the reporting obligations of both the dealer member
generally and the chief compliance officer specifically. These requirements go hand-in-hand with investigations and
are articulated clearly by CIRO and other regulatory bodies.
We discuss what CIRO considers to be the minimum reporting obligations. However, a dealer member or CCO may
choose to report on a more frequent basis. Such proactive reporting promotes enhanced transparency between the
CCO or firm and the recipient of the report in question, whether it be the board of directors, CIRO, or a provincial
securities commission.

OVERVIEW OF REPORTING REQUIREMENTS

1 | Describe a chief compliance officer’s reporting responsibilities to management.

The role of the CCO is an integral part of a dealer member’s executive management team. The CCO has a
responsibility for the overall operation of a dealer member’s compliance department. IDPC Rule section 3912
outlines various other CCO responsibilities, including a specific duty regarding reporting.
The duty to report certain matters is imposed on both the CCO and the dealer member. For example, the
importance of disclosure is particularly apparent in the reporting obligations that are imposed generally on dealer
members and specifically on the CCO.
As shown in Exhibit 16.1, CIRO provides prescriptive requirements on the CCO in terms of reporting certain matters
to the Ultimate Designated Person and to the dealer member’s board of directors. The dealer member also has
specific reporting responsibilities over and above those of the CCO.
Exhibit 16.1 | Excerpt from CIRO’s IDPC Rules

3915. Report to Dealer Member’s board of directors
1. At least annually, the Chief Compliance Officer must provide a written report to the Dealer Member’s board
of directors for the purpose of assessing compliance by the Dealer Member, and its employees and Approved
Persons, with CIRO requirements and securities laws, other than those required under subsection 3915(2).
2. At least annually, the Chief Financial Officer must provide a written report to the Dealer Member’s board of
directors for the purpose of assessing compliance by the Dealer Member, and its employees and Approved
Persons, with the financial CIRO requirements and securities laws, as necessary.
3. The Dealer Member’s board of directors must review the reports and recommendations submitted to
it pursuant to section 3915 to determine the appropriate action to be taken to remedy any compliance
deficiencies that are identified and must ensure that such action is taken.
4. The Dealer Member’s board of directors must maintain records of the actions it determines necessary to
correct compliance problems and the monitoring done to ensure that the actions are carried out.

© CANADIAN SECURITIES INSTITUTE
16 4 CHIEF COMPLIANCE OFFICERS QUALIFYING EXAMINATION      SECTION 5

REPORTING TO MANAGEMENT AND THE BOARD OF DIRECTORS

2 | Describe the issues that should be included in a chief compliance officer’s report to the board of
directors.

MANAGEMENT
A key responsibility of the CCO is to ensure effective and prompt reporting of compliance-related matters and
proper escalation of problems and issues. CIRO reporting requirements apply both to the UDP and the board of
directors of the dealer member. The CCO is also expected to act professionally and in a manner fitting the seniority
of the role when advising executive management as to how such matters can be resolved.

BOARD OF DIRECTORS
The CCO must provide an annual report to the board of directors that assesses compliance by the dealer member
and its staff with CIRO rules and securities legislation in general. This report should provide the board with the
information needed to fulfill its oversight responsibilities. In effect, the report prevents the board members
from asserting that they were not aware of an issue. The benefit of a report from the CCO is that it originates
from a control function that is separate from business line management. The specific obligation to report in this
fashion also ensures the independence of the CCO in regard to the board of directors, without interference from
management. The CCO should take the opportunity to report on all matters to the board that are of concern.
The report should include enough detail so that a reader can understand the material’s importance. Without
sufficient detail, the board may overlook important issues. Omissions or lack of candour may be viewed as a failure
by the CCO to carry out his or her regulatory responsibility.
The report is not required to be in writing; however, a written report demonstrates more clearly the CCO’s
compliance with his or her obligations. It is recommended that the report be documented in writing as evidence
that it was completed as required. Oral reporting is also acceptable. However, such discussions may frequently
occur outside of meetings with the board, so they should be properly documented by both the CCO and the board
in notes or memoranda so that they can be filed.
Although CIRO does not specifically prescribe what matters should be covered in the report, Table 16.1 outlines a
sample of issues and considerations that may be included.

Table 16.1 | Issues and Considerations to Include in a Report

Issues Considerations
A summary of the current staff complement in the Information should include new hires and instances
compliance department over the reporting period. of staff attrition or termination.

The results of compliance monitoring and Information should include any material compliance
surveillance activities conducted by the compliance violations, deficiencies and issues that were detected.
department over the reporting period. This material can include monitoring and surveillance
applicable to certain programs offered by the dealer
member.

© CANADIAN SECURITIES INSTITUTE
 CHAPTER 16      REPORTING REQUIREMENTS 16 5

Table 16.1 | Issues and Considerations to Include in a Report

Issues Considerations
To the extent that any changes or modifications For example, if reporting received from the dealer
have taken place to the reporting apparatus of member’s carrying broker was late on certain
the compliance department, the existing status of occasions, this should be noted.
the regular (daily and monthly) reporting received
by the compliance department as part of its
supervisory obligations.

The results of any examinations or reviews (such as Information should include any material compliance
sweeps) conducted by a regulatory authority. violations, deficiencies, and issues.
These results should include examinations or audits
by regulatory bodies such as CIRO, provincial
securities, and or the Financial Transactions and
Reports Analysis Centre of Canada (FINTRAC). They
should specifically include the nature of all findings,
including whether a violation is first time, repeat,
significant, or repeat significant.

The results of any other internal or external
examinations or reviews that have a bearing on
the compliance function.

A description of any other material compliance
violations, deficiencies, or issues otherwise
identified.

A description and analysis of any regulatory
investigations and sanctions involving the
firm and any of its current or former partners,
directors, officers, or employees.

A description and analysis of all employees
who presently have terms and conditions
imposed either by CIRO, the provincial securities
commissions, or the dealer member.

A description and analysis of any material
litigation.

A description and analysis of all client Details should include complaint-related statistics,
complaints, the status of such complaints, and such as settlement costs, potential exposure,
any settlements dealer members may wish to complaint settlements beyond a certain threshold,
consider. and trends analysis, including any trends applicable to
a particular branch or registrant.

© CANADIAN SECURITIES INSTITUTE
16 6 CHIEF COMPLIANCE OFFICERS QUALIFYING EXAMINATION      SECTION 5

Table 16.1 | Issues and Considerations to Include in a Report

Issues Considerations
A description and analysis of all regulatory If the dealer member’s supervision is being
investigations regarding such client complaints. investigated as well, the report should indicate
whether such investigations have been extended to
include the dealer member.

A description of all reporting completed by the The description should include all gatekeeper-
dealer member during the reporting period. related matters, complaint handling and internal
investigation reporting to the Complaints and
Settlement Reporting System, and suspicious
transaction reporting to FINTRAC.
It should also include all regulatory filings made or
required to be made by the dealer member, such as
strict or close supervision reporting.

An analysis of new and changed relevant regulatory The compliance department should be tracking
requirements. ongoing and proposed regulatory initiatives whose
future implementation might create resource
challenges or otherwise have an effect on the dealer
member.
Changes include both Canadian and foreign initiatives
and may not necessarily be limited to the investment
industry.
This aspect of a CCO’s report highlights the
importance of the compliance department being
involved at the senior management level to ensure
access to strategic and ongoing initiatives.

Any material compliance policies and procedures
implemented during the period.

A summary of compliance education and awareness Details should include, to the extent applicable, a
activities. discussion of continuing education requirements
and how individual registrants are managing those
obligations.

A summary of material compliance initiatives
and activities undertaken during the period not
otherwise covered.

Any recommendations for remedial actions
taken, or to be taken, in response to compliance
violations or deficiencies.

Identification of previously reported material
compliance violations, deficiencies, or issues
for which corrective actions have not been
implemented.

© CANADIAN SECURITIES INSTITUTE
 CHAPTER 16      REPORTING REQUIREMENTS 16 7

Table 16.1 | Issues and Considerations to Include in a Report

Issues Considerations
A summary or list of all new or revised policies and
procedures that have been implemented during the
reporting period.

A review and its results of all internal branch audits The report might include a reference to the dealer
and examinations carried out by the compliance member’s branch audit program and progress.
department or the dealer member’s internal audit
department.

A statement as to compliance with all regulatory
capital/financial compliance requirements.

The contents of a compliance department’s report to the board of directors, as well as the information that
is submitted to the UDP, does not have a content limit. A minimum is required, both in terms of content and
frequency, but in theory the CCO should provide full transparency to both the board and the UDP. In this way, a
clear picture is created of the state of affairs regarding dealer member compliance. Full transparency also helps
achieve a tone of accountability at the dealer member. It also ensures that the CCO has regularly escalated all
issues to both senior management and the board of directors. It should be recognized that a report to the board is
not a static document or a fill-in-the-blank exercise. It will necessarily change over time to reflect different content
based on natural changes and evolution of the business lines of the dealer member. Certain reporting (e.g., the
subject of complaints or legal matters) remains constant. However, CCOs should treat the exercise of reporting
to the board as a robust and dynamic process of aggregating data to ensure that they are meeting their reporting
obligations under CIRO rules.
In addition, CCOs should have regular and recurring meetings established with the UDP, and their report to the
board should be a standing agenda item at those meetings where they are scheduled to attend.
As part of this formal reporting process, CCOs should be prepared to provide their conclusions and opinions to the
board and the UDP regarding the state of compliance at the dealer member.
CCOs must also report on the effectiveness of the compliance department, and should be forthcoming and candid
about their own areas of specific responsibility. Conclusions as to effectiveness should include concerns regarding
the required proper resourcing to ensure that the dealer member is able to meet its compliance obligations.
Table 16.2 shows a sample structure for reporting to the board of directors.

Table 16.2 | Sample Chief Compliance Officer’s Report to the Board of Directors

1. Background and introduction
Organizational chart of the compliance department (including reporting lines)
Scope of the report – a brief description of scope and an overview of the in-force compliance monitoring
and supervision program, including references to registered compliance department staff (i.e., supervisors),
coverage areas (i.e., options, managed accounts, commodities, retail, and investment banking), and the roles
of the CCO and UDP
Staffing and human resources (personnel changes)

© CANADIAN SECURITIES INSTITUTE
16 8 CHIEF COMPLIANCE OFFICERS QUALIFYING EXAMINATION      SECTION 5

Table 16.2 | Sample Chief Compliance Officer’s Report to the Board of Directors

2. Registration (brief description of registration program)
New registrations (including enhanced due diligence or fit and proper review)
Registrants on enhanced (close or strict) supervision
Regulatory reporting/filing
Filings to the Complaints and Settlement Reporting System (regulatory investigations/client complaints)
Suspicious transaction reporting
Other gatekeeper reports
Disciplinary matters (internal and external)
Continuing education cycle update

3. Supervision (brief description along with conclusions for each in terms of statistics, number of queries,
delays in supervisory reports and effectiveness of control environment); business conduct supervision (trades,
marketing, financial planning, and outside activity)
Daily supervision
Monthly supervision
Quarterly supervision
Branch supervision
Branch audit program
Anti-money laundering

4. Complaint handling, litigation, and other external regulatory reviews (brief description along with
statistics, settlements, exposure, references to any material matters, and references to disposition by
regulators, e.g., a referral to enforcement and warning letters)
Complaints
Internal investigations
External client litigation
Ombudsman for Banking Services and Investments
CIRO investigations
Provincial securities commissions investigations

5. Financial compliance (brief description and reference to any concerns regarding risk adjusted capital, margin,
and other financial details)

6. Regulators and regulatory updates (brief description of each audit as well as conclusions and findings; in
particular, any significant findings or repeat findings)
Regulatory audits (audits by CIRO, provincial securities commissions, or FINTRAC)
Regulatory sweeps and questionnaires
Regulatory developments (e.g., reference to draft or proposed guidance issued by regulators)

© CANADIAN SECURITIES INSTITUTE
 CHAPTER 16      REPORTING REQUIREMENTS 16 9

Table 16.2 | Sample Chief Compliance Officer’s Report to the Board of Directors

7. Policies and procedures
New policies and procedures
Updating process (i.e., frequency)

8. Compliance department training (and branch field training)
New training sessions and content
Annual compliance attestation process (if applicable)

9. Ongoing and future compliance initiatives
Description of any special matters (e.g., involvement in transactions, Canada’s Anti-Spam Law, cyber-
security, and similar matters)
Description of any special ongoing projects (e.g., review of business units to assess compliance, outside
activities, conflicts of interest analysis, Client Relationship Model, and other special projects)

10. Effectiveness of control environment
Operational considerations and deficiencies
Evaluation of existing reporting and effectiveness
Conclusions

ULTIMATE DESIGNATED PERSON
The CCO has specific reporting obligations to the UDP relating to ongoing issues as they arise that create immediate
compliance risk for the dealer member.
In addition to these reporting requirements, the CCO should be in regular contact with the UDP. The CCO have
access to the UDP (and the board of directors) whenever necessary or advisable. Typically, the CCO and the UDP
have a regularly scheduled meeting time for the communication of all compliance-related issues to the UDP. The
frequency of these meetings largely depends on the state of compliance at the dealer member. Regardless of
frequency, all such discussions (which may relate only to specific issues) should be clearly documented, as well as
the manner in which resolution of the issue will be achieved.

FREQUENCY OF REPORTING
The annual CCO’s report represents the minimum level of acceptable reporting to the board, as necessary. In
addition, the Universal Market Integrity Rules require the compliance department to report the results of its
monitoring to management and, as appropriate, to the board of directors.
The CCO should discuss with the board of directors, management, and the UDP the possibility of monthly or
quarterly reporting, rather than annual. The content and form of this extra reporting should be similar or identical to
that of the annual report. A best industry practice is for the CCO to report to the board on a quarterly basis.
This more frequent reporting helps establish the importance of the compliance function at the dealer member
beyond the minimum requirements. Given its position of liability, the board of directors is likely to desire this added
transparency.
The CCO should also be included in regular operational meetings between other business unit leaders. Certain
compliance initiatives are likely to affect other areas of the dealer member (such as the information technology
department). By engaging with the unit leaders, the CCO helps to ensure that they take steps to implement such
initiatives accordingly.

© CANADIAN SECURITIES INSTITUTE
16 10 CHIEF COMPLIANCE OFFICERS QUALIFYING EXAMINATION      SECTION 5

OTHER REPORTING OBLIGATIONS

3 | Identify the other reporting obligations a chief compliance officer should be aware of.

In addition to specific obligations of the CCO to report on matters and escalate them, the dealer member and its
registrants have other reporting and disclosure obligations. They vary from the dealer member’s requirements to
report client complaints to the individual registrants’ obligation to report changes in their registration to the dealer
member. A list of all reporting obligations should be included in the dealer member’s policy and procedures manual.
The dealer member should be particularly aware of the time requirements for reporting the events and issues
discussed in previous chapters. The following are examples of items that must be reported:

Changes to information contained in a registrant’s uniform application
Any disciplinary action against the dealer member or individual registrant
All customer complaints in writing, other than service complaints
Securities-related civil claims filed against the dealer member or any current or former registrant
The commencement of an internal investigation by the dealer member
Cybersecurity incidents

Client complaints or legal matters are often received at the branch level or outside of head office directly by
individual registrants. The dealer member and the CCO should make sure that the dealer member’s policy and
procedures contemplate appropriate complaint handling and other mechanisms to ensure that, when such matters
are received, they are automatically escalated to the compliance department. The dealer member will thus be able
to meet its reporting obligations under CIRO rules, as well as its obligations to handle client complaints and other
matters in a time-sensitive manner. The dealer member should remind individual registrants of these obligations on
a timely basis, such as through monthly communication.
All pending legal actions must be reported to head office, although a specific level of seniority is not specified.
This action ensures that employees and business locations report such matters to the firm and do not handle them
independently. A dealer member’s procedures must ensure that senior management is aware of complaints of
serious misconduct and all legal actions. If the complaints are significant, the dealer member should review internal
procedures and practices, and submit any recommended changes to management.
To meet these reporting obligations, the CCO should act to ensure that an effective mechanism exists for reporting
complaints and legal actions to senior management and to the board. Because of the risks associated with
complaints and legal actions (including reputational, financial, and regulatory exposure), prompt and accurate
reporting is necessary so that appropriate actions can be taken. The isolated or combined circumstances that lead
to complaints and legal action may indicate misconduct or a deficiency in the control environment. The nature and
potential exposure of each issue determines to which level it should be communicated.
The responsibility to report complaints and legal actions may fall outside the compliance department in some cases.
If so, the CCO should implement policies requiring employees to report all relevant details. The CCO’s policies
should also ensure that each complaint and legal action is assessed for any compliance implications.

SYSTEMIC AND TREND ANALYSIS
Whether overall metrics and trend analysis should be incorporated into a dealer member’s reporting depends on the
size of the organization: the larger the firm, the more important they are. In larger firms, senior management and
the board of directors may not be informed of specific issues and situations that are not material in nature.

© CANADIAN SECURITIES INSTITUTE
 CHAPTER 16      REPORTING REQUIREMENTS 16 11

Part of the CCO’s mandate is to establish and manage surveillance and monitoring processes, and to assess how
effective the processes are. Each individual result may not be significant, but the different results may indicate
systemic issues or risk areas when viewed as a group.

EXAMPLE
A compliance review of one business location should identify its issues and overall level of compliance specific
to that business location. The results of 10 business location reviews, on the other hand, may identify structural
issues that contribute to compliance weaknesses in all branches.

Aggregation and trend analysis can facilitate performance monitoring by measuring whether the number of client
complaints is increasing, staying the same, or decreasing. More refined and elaborate trend measurements can also
be developed. Although the factors leading to the various results should be considered to help determine the cause,
measurement can identify potential risk areas. Measurement can also provide quantified indicators of how effective
the dealer member is in its overall compliance.
Chief compliance officers must monitor regulatory developments and assess the impact of new and revised
regulations. Policies and procedures may need to be modified in response to regulatory changes. Operational and
system changes may also be necessary. Regulatory changes may further affect the dealer member’s existing or
planned business.
The CCO should act to ensure that management and the board are aware of pending regulatory changes with
plenty of lead time, and that any implications have been identified and are being addressed. Regulatory initiatives
often provide guidance on current regulatory expectations, even if specific regulations have not yet been enacted.
Notice of a regulatory proposal also gives management the opportunity to assess, comment on, and otherwise
participate in the rule formation process.
The volume and uncertainty of regulatory change poses a challenge for any reporting process. The number and
complexity of regulatory proposals have increased significantly, and this trend is expected to continue. Regulatory
proposals often change significantly as they evolve into actual regulations, and the timing of enactment is typically
uncertain. For these reasons, good judgment should be applied when reporting regulatory proposals.

© CANADIAN SECURITIES INSTITUTE
16 12 CHIEF COMPLIANCE OFFICERS QUALIFYING EXAMINATION      SECTION 5

SUMMARY
In this final chapter of the Chief Compliance Officers Qualifying Exam course, we discussed the reporting obligations
of both the dealer member in general and the CCO specifically. We discussed that a key responsibility of the CCO
is to ensure effective and prompt reporting of compliance-related matters, and proper escalation of problems and
issues. We discussed what CIRO considers to be the minimum reporting obligations.
We also discussed that the CCO must provide an annual report to the board of directors that assesses compliance
by the dealer member and its staff with CIRO rules and securities legislation in general. A key point to remember is
that, in addition to their reporting requirements, CCOs should have access to the UDP and the board of directors
whenever they consider it necessary, and all such discussions should be clearly documented.
Regarding the frequency of reporting, we discussed a best industry practice, which is for the CCO to report to the
board on a quarterly basis. Frequent reporting helps establish the importance of the compliance function at the firm
beyond the minimum requirements.
We also touched briefly on other duties, including the requirement to report client complaints and the obligations
upon individual registrants to report changes in their registration to the dealer member.
In discussing trend analysis, we explained that the decision to incorporate such metrics into a firm’s reporting
depends on the size of the organization: the larger firm, the more important they are.
And finally, we discussed a very important requirement of the CCO, which is to monitor regulatory developments
and assess the impact of new and revised regulations on the firm’s policies and procedures.

© CANADIAN SECURITIES INSTITUTE