The Investment Industry Regulatory Organization of Canada
(IIROC) recently released its annual compliance report. The purpose of the
report was to assist IIROC's dealer members in "focusing
their supervision and risk management efforts", and to
identify key areas that IIROC will be focusing on in the coming
year. It was interesting to note that most of the compliance
deficiencies noted were not industry-specific. Rather, the
regulator identified risk management issues and failings that can
be, and are, found across industries and in organizations of
varying degrees of size and sophistication. The annual compliance
report follows on the heels of IIROC's release of its Revised
Sanction Guidelines and related Policy Statements, which Lawrence
Ritchie, Lia Bruschetta and Henry Ngan wrote about in a recent
Some of the key risk management issues identified in the report
Written Internal Control Policies – policies were found
to inaccurately or insufficiently describe the policies and
procedures in effect. Written procedures were copied nearly
verbatim from the minimum requirements set out in IIROC's
rules, with little or no information about the firm's
particular processes, including tracking performance and
supervision. IIROC also noted that firms' policies governing
other areas such as outsourcing, outside business activities and
conflicts of interest were poorly articulated and/or lacked
Internal Controls in Practice – examiners observed
non-performance of minimum required procedures. The report suggests
that robust internal controls begin with having a strong governance
Accounting and Reporting Errors – there were errors in
compiling monthly financial reports or weekly estimates, as
Books and Records – some firms were found not to be
meeting the minimum requirements relating to books and records set
out in the IIROC Rules. Firms that are attempting to achieve
operational efficiency through computer systems, often provided by
an affiliate, faced the greatest compliance issues.
Operational Issues – examiners observed a range of
operational issues including non-employees having signing authority
over bank accounts and failure to provide notice or request for
required approvals. The report suggests that operational
deficiencies often result from a lack of awareness of a particular
rule or a lack of appreciation for the regulatory impact of a
change in business activities. Firms should thus establish
processes that ensure operational issues are regularly discussed by
management and a cross-section of firm staff.
The report will obviously be of particular interest to IIROC
members, particularly since it signals areas on which IIROC will be
focussing. The report should also be a timely reminder of the
importance of effective risk management in any organization. It
emphasises basic measures such as having meaningful policies in
place to address key risk areas, having clearly articulated
procedures to ensure compliance with those policies, and a clear
understanding of where accountability lies for ensuring compliance
with those procedures and policies. The fact that IIROC felt the
need to emphasise basic risk management practices to its members,
which are generally sophisticated, highly regulated companies,
serves as a reminder that effective risk management is an ongoing
process, requiring regular attention and commitment at all levels
of an organization.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Under the Income Tax Act, the Employment Insurance Act, and the Excise Tax Act, a director of a corporation is jointly and severally liable for a corporation's failure to deduct and remit source deductions or GST.
Under the Income Tax Act, the Employment Insurance Act, the Canada Pension Plan Act and the Excise Tax Act, a director of a corporation is jointly and severally liable for a corporation's failure to deduct and remit source deductions.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).