Chapter 7 - Development of Policies and Procedures PDF
Document Details
Uploaded by Deleted User
Tags
Related
- International Introduction to Securities & Investment PDF (CISI, Edition 16, June 2023)
- SEBI Investor Certification Examination - Securities Market Booklet PDF
- Securities Market Booklet PDF
- SEBI Investor Certification Examination - Securities Market Booklet PDF
- SEBI Investor Certification Examination - Securities Market Booklet PDF
- SECURITIES OR FINANCIAL ASSETS PDF
Summary
This document provides an overview of the development of policies and procedures for securities firms, focusing on key principles, elements, and considerations. The document covers regulatory requirements, considerations for implementation, and various topics like corporate policies, compliance policies, and credit policies.
Full Transcript
Development of Policies and Procedures 7 CONTENT AREAS Overview of Policies and Procedures Developing and Amending Policies and Procedures Writing and Formatting Policie...
Development of Policies and Procedures 7 CONTENT AREAS Overview of Policies and Procedures Developing and Amending Policies and Procedures Writing and Formatting Policies and Procedures Disseminating Policies and Procedures Implementing Policies and Procedures LEARNING OBJECTIVES 1 | Describe the key principles used in developing policies and procedures. 2 | Explain the key elements of writing policies and procedures. 3 | Identify the major considerations when creating or reviewing policies and procedures. 4 | Discuss various methods of approving and disseminating new or changed policies and procedures. 5 | Describe the important considerations when implementing policies and procedures. © CANADIAN SECURITIES INSTITUTE CHAPTER 7 DEVELOPMENT OF POLICIES AND PROCEDURES 7 3 INTRODUCTION In the previous chapter, we explored the subject of ethics and its role in compliance with securities regulation. We discussed the fact that an effective ethics program helps create a strong corporate culture where values play a critical role. We also discussed the code of conduct at a dealer member, which is typically supplemented by a set of policies and procedures based on industry regulations. Those policies and procedures are the subject of this chapter. Whereas code of conduct is a set of guiding principles defining compliant behaviour in broad terms, a policies and procedures manual is a detailed set of rules governing every aspect of the firm’s operations. It is used to assist in training employees and to serve as a reference point for the activities of the firm. Without well-crafted policies and procedures, employees must rely on their own judgment or on their interpretation of vaguely written guidelines. Good policies and procedures that are communicated to, and understood by, all staff members helps to protect the dealer member itself and the industry as a whole from risk. This chapter focuses on the key principles underlying written policies and procedures. It also provides resources for you to consider, along with ideas for policy and procedure design, approval, and dissemination, as well as issues relating to their development and implementation. OVERVIEW OF POLICIES AND PROCEDURES 1 | Describe the key principles used in developing policies and procedures. A key component of a culture of compliance at a dealer member is a set of policies and procedures that are written clearly and communicated throughout the firm. The goal of having policies and procedures is to establish compliance and performance standards for the firm. Policies and procedures also provide a useful means for compliance staff to explain why certain rules exist – a question often asked by registrants when discussing a particular issue. The compliance department should be prepared to provide background as to what the particular rule or regulation is, why it is in place, and how it then comes to exist in the firm’s policy manual. A dealer member can choose to have policies and procedures that are stricter than a particular industry rule; however, it is necessary to understand the basis of the rule in order to help registrants understand, and ultimately agree with, the direction they receive from the compliance department. Some policies and procedures have the direct or indirect effect of protecting the interests of clients. An employee of the dealer member who fails to comply with the policies can bring adverse decisions against the firm in an action by the client. Suppose, for example, that a commodity futures trading firm has a policy of requiring updated financial information when a client meets or exceeds loss limits. If the firm fails to obtain this information, the client might legitimately bring an action to recover trading losses, with negative consequences for the firm. A regularly cited deficiency among regulators is poorly written or out-of-date policies and procedures. At some errant firms, policies exist but have not been written down in a policy manual. At other firms, policies are in place but simply are not followed. REGULATORY REQUIREMENTS FOR POLICIES AND PROCEDURES CIRO rules require that dealer members create, maintain, and apply written policies and procedures that establish a system of controls and supervision regarding securities regulation. The policies and procedures must be sufficient to provide reasonable assurance that the dealer member and its employees and Approved Persons comply with CIRO requirements and securities laws. The dealer member’s policies and procedures that specifically address its supervision system must remain up to date at all times based on current CIRO requirements and applicable laws. CIRO rules also require policies and procedures governing specific processes, such as retail account supervision and trading. © CANADIAN SECURITIES INSTITUTE 7 4 CHIEF COMPLIANCE OFFICERS QUALIFYING EXAMINATION SECTION 3 DIVE DEEPER IDPC Rule section 3945, Daily and monthly trade supervision, states the following: A dealer member with retail client accounts must have policies and procedures in place that specifically address daily and monthly supervision of trading activity in those accounts. These policies and procedures must outline actions to deal with problems or issues identified by the review. For complete requirements, visit www.ciro.ca CIRO does not dictate the specific content of policies and procedures, nor does it review or approve policies, procedures, or amendments prior to their implementation. However, CIRO may perform post-implementation reviews, such as a business conduct or financial compliance reviews, which tend to focus more on policies than on procedural details. During such reviews, if CIRO finds that there are serious gaps in a firm’s policies and procedures, it can require that they be rectified. The same requirement applies for firms registered with other regulators, such as the provincial securities commissions. CIRO provides guidance as to what areas a dealer member’s policies should cover and how those policies relate to the relevant regulatory requirements. Under CIRO guidelines (and generally speaking), if a firm does not engage in a particular regulated activity, its policy manual should include a statement to that effect. For example, the statement No options trading is permitted in a firm’s policy manual makes it clear that no additional policies are required to address options trading. Including such a statement is a prudent practice for the sake of warning employees that certain conduct is prohibited. It is also important for the firm to specify which lines of business it engages in and which areas are not a part of its operations. DISTINGUISHING POLICY FROM PROCEDURE The terms policy and procedure have distinct meanings. Generally, a policy describes a rule designed to address a particular risk and is likely based on a regulatory rule or pronouncement. A procedure is a written set of instructions that describes the action or actions required to implement the policy. In other words, a dealer member’s policies are a set of rules, and its procedures explain how to comply with those rules. EXAMPLE Policy Short sales require the pre-approval of the securities lending department. Procedure Registered representatives proposing to make a short sale must complete Pre-approval Form 41-16. Completed forms must be faxed or emailed to the securities lending department at telephone number 555-xxxx or email address [email protected]. Procedures should exist for all major processes conducted at a dealer member. They need not be static or restrictive, but they should establish consistent standards and maintain quality control. They have tangential benefits as a resource to new employees and in analyzing what went wrong when a problem arises. Furthermore, procedures should evolve over time to reflect any change in operations or in the rules behind the procedures. To avoid significant delays, is critical that investment advisors and their assistants clearly understand what is required of them. For example, when opening accounts, they must know what forms to complete and how to complete them, and they must know what information they need to provide. Employees who omit information without explanation may impede the account opening process. Policies are usually determined by the dealer member’s senior management, whereas procedures are generally prepared at the departmental level and circulated to a wider audience for approval. It is a common failing for a firm © CANADIAN SECURITIES INSTITUTE CHAPTER 7 DEVELOPMENT OF POLICIES AND PROCEDURES 7 5 to have policies without corresponding departmental procedures (i.e., the firm has a policy, but it is not in writing or has not been properly communicated). This lapse is commonly found in business conduct examinations. EXAMPLE Your securities firm has a policy requiring that copies of written client complaints be forwarded to the compliance department. However, during a business conduct examination, you discover that the firm has not developed written procedures that govern how the compliance department must process these complaints. DID YOU KNOW? Every dealer member must have procedures in place to ensure that the following requirements are met: Each employee and Approved Person of the dealer member must understand his or her responsibilities under the written policies and procedures. Written policies and procedures of the dealer member must be amended, as appropriate, within a reasonable time after changes in applicable laws, rules, regulations, or policies, and such changes must be communicated to all relevant personnel. DEVELOPING AND AMENDING POLICIES AND PROCEDURES 2 | Explain the key elements of writing policies and procedures. The process for developing, approving, implementing, amending, and updating policies and procedures is itself a matter of policy and procedure. The process should address the following issues: Why is the policy or procedure necessary? Who will be affected by it? What are the staffing requirements for implementation? What information technology requirements are necessary for implementation or for monitoring performance? What training needs apply? What are the expense or revenue implications? What are the risks of inaction? Have all alternatives been considered? The answers to these questions help to determine who should create policies and their procedures, when they should be created, who must approve them, how they will be implemented, and how often updates are to take place. It is always important to note that a policy and procedures manual is not a static document; it is constantly evolving as a function of the environment in which the securities industry exists. The chief compliance officer must be familiar with, and typically approves, all policies that address securities regulatory requirements within the scope of compliance. Certain types of regulation-related policies or procedures may be left entirely to others. For example, financial and operational controls fall under the authority of the chief financial officer. However, policies and procedures can originate from any department and may have regulatory aspects that are not apparent to all. It is useful, therefore, for the CCO to be familiar with developments in other departments. © CANADIAN SECURITIES INSTITUTE 7 6 CHIEF COMPLIANCE OFFICERS QUALIFYING EXAMINATION SECTION 3 EXAMPLE Dealer members have a regulatory obligation regarding document retention, which also applies to electronic mail. The CCO must take steps to ensure that the head of information technology is familiar with such requirements to ensure proper email archiving in particular and document retention generally. Policies and procedures should have an owner within the firm. Usually the owner is the manager of the business or a specific functional area. Policies and procedures are often prepared by the staff of the departments that are affected. Along with the owner, these staff members are primarily responsible for the maintenance and application of policies. The CCO and the compliance department may provide advice and guidance during the development process, but they are not necessarily the primary responsible positions. Other areas of the dealer member often have a direct interest in the application of policies. It is necessary to identify these areas to ensure that the policy is appropriately drafted and implemented. Draft policies should be circulated to the management teams that will be affected by them. Procedures might be circulated to the people who will primarily use them to solicit feedback and ensure their acceptance. A post-implementation review with the same group can help identify areas for improvement. This type of review with the user group is particularly valuable when procedures are amended. Managers and staff must be trained and informed about all established guidelines for the development of policies and procedures. Proper training will prevent problems such as employees choosing to establish their own ad hoc policies to make their jobs easier. EXAMPLE Leon, a head office employee at a securities firm, feels constantly overworked and under pressure to perform. In an effort to limit his workload, Leon advises his supervisor that documents received after 2:00 p.m. cannot be processed on that day. The supervisor complains to senior management about this new restriction. After some discussion, senior management decides that a training program is needed to educate employees about the firm’s development and approval process for policies and procedures. WRITING AND FORMATTING POLICIES AND PROCEDURES 3 | Identify the major considerations when creating or reviewing policies and procedures. Depending on a dealer member’s business, its policy manual may include sections on the following topics, among others: Corporate policies, which include the firm’s mission statement and code of conduct and might include policies regarding ethical business practices and privacy Compliance policies for registrants, which might include policies aimed specifically at certain categories of registrants and their respective obligations, as well as policies regarding anti-money laundering and other gatekeeper responsibilities Compliance policies for supervisors, which might include the supervisory responsibilities for other business locations Credit and margin policies Client accounts policies, which might include policies regarding account opening and approval, as well as changes to information Operations policies, which might include various head office functions such as credit, stock borrowing and lending, securities receipts and deliveries, and account transfers Sales policies, including retail and institutional © CANADIAN SECURITIES INSTITUTE CHAPTER 7 DEVELOPMENT OF POLICIES AND PROCEDURES 7 7 Trading and order execution policies, including policies regarding equity, debt market, and derivatives Investment banking and syndication policies, which might include a firm’s firewall guidelines Research policies Human resources policies, which might include specific sections addressing registrants, business locations, and head office staff, as well as the firm’s policies regarding anti-discrimination, harassment, and appropriate email and Internet use Policies for other support services, which might include subsections relating to banking, payroll, information systems, and facilities management Procedures should generally accompany policies. Although departmental procedures do not need to be circulated as broadly as policy manuals, they are extremely important at a departmental level. WRITING GUIDELINES The following guidelines are designed to facilitate well-written policy and procedure manuals: Write policies for specific readers, but acknowledge that a wider audience may have access to the material. For example, if a policy directed at clerical staff includes abbreviations that may be unfamiliar to some employees, spell out the full term the first time it is used. Write in the present tense using plain language and active verbs. Be concise and precise. Do not use information that can quickly become outdated, such as the names of persons in certain positions; use titles relating to positions, rather than named individuals. Adopt a consistent format and consider obtaining outside expertise to ensure that the writing is grammatically correct and that the font is easily readable. Use numbering system for ease of reference and for tracking historical changes to policies and procedures. When a policy or procedure is eliminated, do not reuse its reference number. EXAMPLE A policy statement such as “All incoming mail should be reviewed for compliance purposes” is concise but vague. For this statement to be useful, precise details are required. The example below, on the other hand, is both concise and precise: Policy All incoming mail, including personal mail addressed to employees, shall be opened and reviewed by qualified business location staff reporting to the supervisor. Employees are strongly discouraged from receiving personal mail at the firm’s address. Procedure Incoming business location correspondence, including faxes and correspondence marked personal or confidential, shall be brought to a secure location upon delivery to the business location. The business location administrator or a qualified designated supervisor, shall open and review such correspondence and direct the contents as follows: Cheques, post-dated cheques, negotiable instruments, securities certificates, completed forms, and other sensitive materials shall be delivered to the cage for deposit or similar appropriate action. Client complaints shall be directed to the business location supervisor or designate. © CANADIAN SECURITIES INSTITUTE 7 8 CHIEF COMPLIANCE OFFICERS QUALIFYING EXAMINATION SECTION 3 DISSEMINATING POLICIES AND PROCEDURES 4 | Discuss various methods of approving and disseminating new or changed policies and procedures. Accessibility and utility must be considered when policies and procedures are disseminated. Policies and procedures that govern employee behaviour should be kept up to date and made readily accessible. Relevant information should be easy to locate. Some dealer members circulate bulletins throughout the year describing policy or procedure changes without making corresponding changes to their manuals. Policy and procedure manuals are increasingly available online, where revisions can easily be made whenever a policy or procedure changes. For this reason, online manuals are usually reasonably up to date. Another advantage of a manual in electronic format is that it can be made well-indexed and searchable, so that employees can easily find references to specific policies and procedures. Most employees need to access to only those policies and procedures that directly affect them. They may be reluctant to consult a comprehensive print manual that is mostly irrelevant to their specific needs. Dealer members must provide sales and supervisory personnel with sales practices policies and procedures relevant to their functions. Dealer members must also obtain and record acknowledgement that these personnel have read and understood the policies and procedures relevant to their respective roles and responsibilities. It may be appropriate for a dealer member to request such an acknowledgement at any of the following times: When first employed At annual intervals In the context of internal discipline When a major policy or procedure is revised Records of acknowledgement should be maintained for the purpose of internal sales compliance and audits. Once obtained, these acknowledgements may be kept in business locations or specific departments. Checking of acknowledgements may be done during internal sales compliance or internal audits, for example. REVIEWING, REVISING, AND ARCHIVING POLICIES AND PROCEDURES Policies and procedures should be reviewed regularly according to established guidelines. For example, a comprehensive review of all policy and procedure manuals at a particular firm might be undertaken every three to five years. Current best practices suggest that policy and procedure manuals should be updated annually, in particular if changes have occurred during the previous calendar year. In these circumstances, a firm may issue numerous compliance bulletins during the year that reflect ongoing changes to the regulatory landscape. Such bulletins are standalone policies that must eventually be integrated into the main policy manual. The logical time for such inclusion is during the firm’s annual policy and procedure updating process. This process should allow major revisions from bulletins to be included, along with necessary minor corrections and edits. Manuals should refer to all previous revision dates, even if no changes are made. The particular “issue” date of a manual is of critical importance, in particular if a firm or a registrant is ever subject to a regulatory investigation. CIRO, or another regulator, may request a copy of the firm’s policy and procedure manual that was in force at the time that an infraction, or alleged infraction, occurred. By being able to readily point to the correct version, the CCO demonstrates the firm’s commitment to ensuring that an up-to-date policy manual is available and provides evidence of the firm’s updating process. Policy and procedure manuals often include a “table of concordance” or “table of changes”, indicating which aspects of the manual have changed from the previous version. © CANADIAN SECURITIES INSTITUTE CHAPTER 7 DEVELOPMENT OF POLICIES AND PROCEDURES 7 9 Review and revision may also be prompted by particular events, including the following occurrences: Changes to the business, including the introduction of new products or services Regulatory initiatives Significant regulatory decisions made by legislation or a self-regulatory organization Any audit that identifies policy or procedure deficiencies All prior versions of policies and procedures should be archived to assist in resolving disputes, responding to litigation undertakings and regulatory inquiries, and developing revisions. A dealer member should determine who is responsible for archiving and what process is most appropriate. IMPLEMENTING POLICIES AND PROCEDURES 5 | Describe the important considerations when implementing policies and procedures. A firm’s policy development guidelines should include a strategy for implementation. New policies or procedures usually take time to implement. For significant changes, a written plan should be developed that identifies responsibilities and major inter-dependencies, and sets out appropriate steps to be taken. Some policies can be more effectively launched over time or in successive geographic regions. For example, a policy change to eliminate a product or service might begin with discontinuing new sales, followed by a grace period to facilitate a staged exit over time. Similarly, a new procedure requiring systems support might be field-tested in a few regions to ensure that the systems work effectively, before being rolled out across the firm. Education and training are also essential components of effective implementation. With some policies and procedures, such as those relating to anti-money laundering, firewalls, and privacy, education and training are mandated by regulation. The compliance department is usually involved in training related to compliance-related policies. At many firms, compliance training is combined with other departmental training. EXAMPLE A securities firm requires all new employees to participate in a joint training session with human resources staff and compliance staff. During these sessions, the new employees learn about human resources policies and procedures. They also receive training and education on business ethics, privacy, gatekeeper responsibilities, and anti-money laundering requirements. Any new policy or procedure that might have a significant impact on the dealer member should be approved by executive management, and in some cases, by the board, prior to implementation. This requirement includes policies dictated by regulatory change. Management must be able to address any resource implications or adverse responses to policy or procedure changes. An endorsement from senior management is often important to the personnel affected. Similarly, when an announcement of an important new policy comes from the board of directors or the chief executive officer, it emphasizes the importance of compliance to all personnel. Some policy or procedure changes may affect outside parties and their policies and procedures. Dealer members that provide carrying services should consider the impact of such an effect and notify their introducing brokers as soon as possible. They should also assist them with any implementation problems that may arise. This need may be particularly relevant with respect to policies that the carrying broker has ultimate responsibility over. For example, a rule change regarding the taxation of registered products, such as registered retirement savings plans and tax-free savings accounts, can affect the carrying broker’s policies and procedures. In turn, such a change can also affect the introducing broker. © CANADIAN SECURITIES INSTITUTE 7 10 CHIEF COMPLIANCE OFFICERS QUALIFYING EXAMINATION SECTION 3 RESOURCES Useful resources in the context of preparing or revising policy and procedure manuals include the CIRO website, industry peers, and in-house legal counsel. In addition, many external legal firms communicate through newsletters and other means regulatory and legislative proposals or changes, as well as relevant judicial decisions. Other resources include industry conferences, CIRO emails, experienced firm employees, CIRO’s Conduct, Compliance and Legal Advisory Section, and the Investment Industry Association of Canada. © CANADIAN SECURITIES INSTITUTE CHAPTER 7 DEVELOPMENT OF POLICIES AND PROCEDURES 7 11 SUMMARY In this chapter, we focused on the key principles underlying written policies and procedures, along with the concepts behind policy and procedure design, approval and dissemination, and issues relating to their development and implementation. We discussed the difference between a policy and a procedure: a policy is a rule (usually based on a regulation); a procedure is a set of instructions explaining how to carry out the rule. We also discussed that the processes for developing, approving, implementing, amending, and updating policies and procedures are themselves a matter of policy and procedure. By now, you should understand the significant areas covered by a dealer member’s policies and procedures, and describe some best practices for creating a robust, usable manual. Above all, remember that policies and procedures that govern employee behaviour should be readily accessible, and that employees should easily be able to locate the specific information they need. The manual should also be reviewed and updated regularly, according to established guidelines. Finally, we touched on resources available to dealer members to help them prepare and revise their manuals and stay up to date with proposed regulatory changes. We briefly mentioned the need to assess information technology requirements necessary to monitor employee performance. In the next chapter, we will fully explore this core function of a compliance department and explain why it is necessary to facilitate ongoing compliance with dealer member policies and regulatory requirements. © CANADIAN SECURITIES INSTITUTE