Canada: New Internal Control Requirements for Public Companies

Last Updated: September 12 2008
Article by Trevor R. Scott

Originally published August 2008

The Canadian securities regulators are adopting additional requirements for internal control over financial reporting, which will expand the current CEO and CFO certificates and require additional disclosure in MD&A. Accompanying these new requirements is extensive guidance on how disclosure and internal controls should be designed and evaluated. The new requirements are to come into force on December 15, 2008 and will apply to December 31, 2008 financial statements.

Background

The current rules (Multilateral Instrument 52 –109 Certification of Disclosure in Issuers' Annual and Interim Filings) require a public company's chief executive officer and chief financial officer, or persons performing similar functions, (CEOs and CFOs) to personally certify that:

  • the company's filings do not contain any misrepresentations (for annual and interim filings);

  • the financial statements and other financial information in filings is fairly presented (for annual and interim filings);

  • they have designed, or caused to be designed under their supervision, disclosure controls and procedures and internal control over financial reporting (for annual and interim filings);

  • they have evaluated, or caused to be evaluated under their supervision, the effectiveness of disclosure controls and procedures, and disclosed their conclusions in MD&A (for annual filings only); and

  • any change that has, or is likely to, materially affect the company's internal control has been disclosed in MD&A (for annual and interim filings).

The current rules are to be replaced by the new rules (National Instrument 52–109 Certification of Disclosure in Issuers' Annual and Interim Filings). The Canadian securities regulations are also to adopt new guidance (Companion Policy to National Instrument 52–109) on how the new rules are to be interpreted and applied, including how disclosure and internal controls should be designed and evaluated.

The CEOs and CFOs of companies whose securities are not listed on the Toronto Stock Exchange or another major U.S. exchange have been exempted from the requirements under the current rules to certify that they have designed and evaluated disclosure controls and procedures and designed internal control over financial reporting. Under the new rules, these companies will continue to be exempt from those requirements as well as the new certification and MD&A disclosure requirements. See "Venture and Debt-Only Companies" below.

Under the new rules, public companies will continue to not be required to obtain an external audit opinion for internal control over financial reporting, as is required for U.S. public companies.

New CEO and CFO Certification Requirements

Under the new rules, CEOs and CFOs will, in addition to the existing requirements, be required to make up to five additional certifications:

1. CEOs and CFOs must certify that they have evaluated internal control

CEOs and CFOs will be required to certify that they have evaluated, or caused to be evaluated under their supervision, the effectiveness of the public company's internal control over financial reporting at the financial year end, and disclosed in its annual MD&A their conclusions from this evaluation. This requirement only applies to annual certificates.

The new rules do not prescribe how CEOs and CFOs should evaluate internal controls. However, the new guidance provides considerable detail on how this requirement should be interpreted and applied. See "New Guidance on the Evaluation of Disclosure and Internal Controls" below.

2. Where a material weakness in internal control has been identified, CEOs and CFOs must certify that this has been disclosed in MD&A

If a public company determines that it has a "material weakness" in its internal control over financial reporting at the end of the period covered by its annual or interim filings, it is required to disclose in its MD&A for that period:

  • a description of the material weakness;

  • the impact of the material weakness on its financial reporting and internal control; and

  • its current plans, if any, or any action undertaken, for remediating the material weakness.

A "material weakness" means a deficiency, or a combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the public company's annual or interim financial statements will not be prevented or detected on a timely basis. The new guidance provides that if the certifying officers identify a component of internal control that does not operate as intended, they should consider whether there is a compensating control that addresses the same financial reporting risk. If there is no compensating control, the public company would have a deficiency relating to the operation of internal control. A public company may have one or more mitigating procedures that reduce the financial reporting risks that the deficient internal control component failed to address and may disclose those procedures in its MD&A, but such disclosure should not imply that the mitigating procedures eliminate the existence of a material weakness. A public company is not required to remediate a material weakness that it identifies.

If a material weakness relating to either the design or operation of the internal control over financial reporting is identified, CEOs and CFOs will be required to certify that the required disclosure has been made in MD&A. This requirement will apply to both annual and interim certificates in the case of a material weakness in design, but only to the annual certificate in the case of a material weakness in operation.

3. CEOs and CFOs must certify that they have reported certain fraud to the auditors and either the board or audit committee

Under existing laws (National Instrument 51-102 Continuous Disclosure Obligations), the board of directors must approve a public company's annual MD&A, including the required disclosure concerning disclosure and internal controls, before it is filed. To provide reasonable support for the board of directors' approval of a company's MD&A disclosure concerning internal control over financial reporting, including any material weaknesses, the board of directors should understand the basis upon which the certifying officers concluded that any particular deficiency or combination of deficiencies did or did not constitute a material weakness. Similarly, current laws (National Instrument 52-110 Audit Committees) also require the audit committee to review a public company's financial disclosure and to establish procedures for dealing with complaints and concerns about accounting or auditing matters.

CEOs and CFOs will be required to certify that they have disclosed, based upon their most recent evaluation of internal control over financial reporting, to the company's auditor, and either the board of directors or audit committee, any fraud involving management or employees who have a significant role in those internal controls. This requirement only applies to annual certificates.

4. CEOs and CFOs must certify which control framework was used to design internal control

A public company will be required to use a control framework to design its internal control over financial reporting. Although the new rules do not mandate a specific control framework, the new guidance provides that the Risk Management and Governance: Guidelines on Control, published by The Canadian Institute of Chartered Accountants, is suitable. Other suitable frameworks are the Internal Control – Integrated Framework, published by The Committee of Sponsoring Organizations of the Treadway Commission (COSO), and the Guidance on Internal Control, published by The Institute of Chartered Accountants in England and Wales. Smaller public companies can also refer to Internal Control over Financial Reporting – Guidance for Smaller Public Companies, published by COSO, which provides guidance on the implementation of COSO's control framework.

CEOs and CFOs will be required to certify which control framework was used by the public company to design its internal control over financial reporting. This requirement will apply to both annual and interim certificates.

5. Where a proportionately consolidated or variable interest entity, or a recently acquired business, is excluded from disclosure or internal controls, CEOs and CFOs must certify that this has been disclosed in MD&A

The new rules permit a public company to limit its design of disclosure controls and procedures and internal controls over financial reporting to exclude:

  • proportionately consolidated entities or variable interest entities where there is not sufficient access to these entities to design and evaluate controls, policies and procedures carried out by that entity; and

  • businesses acquired not more than 365 days before the end of the applicable interim or annual financial period.

If a public company limits the design of its disclosure or internal controls in such a manner, its MD&A must disclose that limitation and contain summary financial information about the proportionately consolidated entity, variable interest entity or business acquired.

Also, in the case of such a limitation, the CEO and CFO will be required to certify that the required disclosure has been made in MD&A. This requirement will apply to both annual and interim certificates.

New Guidance on the Design of Disclosure and Internal Controls

The new rules do not prescribe how disclosure or internal controls should be designed, but the new guidance does provide the following:

Top down, risk-based approach – The Canadian securities regulators believe that a "top-down, risk-based approach" is an efficient and cost effective approach to design disclosure and internal controls. In the case of disclosure controls, the certifying officers identify the risks that could, individually or in combination with others, reasonably result in a material misstatement in annual filings, interim filings or other reports. In the case of internal control, the certifying officers identify those risks that could, individually or in combination with others, reasonably result in a material misstatement of the financial statements (financial reporting risks). When identifying risks, certifying officers should explicitly consider the vulnerability of the company to fraudulent activity. Certifying officers then design specific controls, policies and procedures that, in combination with the public company's control environment, appropriately address the risks identified.

Control environment – The Canadian securities regulators are of the view that an effective control environment contributes to the reliability of all other controls, processes and procedures by creating an atmosphere where errors or fraud are either less likely to occur, or if they occur, more likely to be detected, and also supports the flow of information within the public company, promoting compliance with its disclosure policies.

A key element of a public company's control environment is the attitude towards controls demonstrated by the board of directors, audit committee and senior management (the "tone at the top"). In addition to an appropriate tone at the top, certifying officers should consider the following elements of the control environment:

  • organizational structure – a structure which relies on established and documented lines of authority and responsibility may be appropriate for some companies, whereas a structure which allows employees to communicate informally with each other at all levels may be more appropriate for others;

  • management's philosophy and operating style – a philosophy and style that emphasizes managing risks with appropriate diligence and demonstrates receptiveness to negative as well as positive information will foster a stronger control environment;

  • integrity, ethics, and competence of personnel – controls, policies and procedures are more likely to be effective if they are carried out by ethical, competent and adequately supervised employees;

  • external influences that affect operations and risk management practices – these could include global business practices, regulatory supervision, insurance coverage and legislative requirements; and

  • human resources policies and procedures – hiring, training, supervision, compensation, termination and evaluation practices can affect the quality of a public company's workforce and its employees' attitudes towards controls.

Controls, policies and procedures to include in design – Disclosure controls and procedures should generally include the following components: written communication to the company's employees and directors of its disclosure obligations, including the purpose of disclosure and disclosure controls and procedures and deadlines for specific filings and other disclosure; assignment of roles, responsibilities and authorizations relating to disclosure; guidance on how authorized individuals should assess and document the materiality of information or events for disclosure purposes; and a policy on how the company will receive, document, evaluate and respond to complaints or concerns received from internal or external sources regarding financial reporting or other disclosure issues. A public company might choose to include these components in a formal disclosure policy. The Canadian securities regulators encourage (National Policy 51- 201 Disclosure Standards) public companies to establish a written disclosure policy.

Internal control over financial reporting should generally include the following components: controls of initiating, authorizing, recording and processing transactions relating to significant accounts and disclosures; controls for initiating, authorizing, recording and processing non-routine transactions and journal entries, including those requiring judgments and estimates; procedures for selecting and applying appropriate accounting policies that are in accordance with GAAP; controls to prevent and detect fraud; controls on which other controls are dependent, such as information technology general controls; and controls over the period-end financial reporting process, including controls over entering transaction totals in the general ledger, over initiating, authorizing, recording and processing journal entries in the general ledger and over recording recurring and non-recurring adjustments to the financial statements (e.g., consolidating adjustments and reclassifications).

Identifying significant accounts and disclosures and their relevant assertions – A top-down, risk-based approach to designing internal control involves identifying significant accounts and disclosures and the relevant assertions that affect each significant account and disclosure. A minimum threshold expressed as a percentage or a dollar amount could provide a reasonable starting point for evaluating the significance of an account or disclosure. However, certifying officers should use their judgment, taking into account the following factors when determining whether an account or disclosure is significant: the size, nature and composition of the account or disclosure; the risk of overstatement or understatement of the account or disclosure; the susceptibility to misstatement due to errors or fraud; the volume of activity, complexity and homogeneity of the individual transactions processed through the account or reflected in the disclosure; the accounting and reporting complexities associated with the account or disclosure; the likelihood (or possibility) of significant contingent liabilities in the account of disclosure; the existence of related party transactions; and the impact of the account on existing debt covenants.

The certifying officers then identify those assertions for each significant account and disclosure that presents a risk that could reasonably result in a material misstatement in that significant account or disclosure, including the following:

  • existence or occurrence - whether assets or liabilities exist and whether transactions and events that have been recorded have occurred and pertain to the company;

  • completeness - whether all assets, liabilities and transactions that should have been recorded have been recorded;

  • valuation or allocation - whether assets, liabilities, equity, revenues and expenses have been included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded;

  • rights and obligations - whether assets are legally owned by the company and liabilities are the obligations of the company; and

  • presentation and disclosure - whether particular components of the financial statements are appropriately presented and described and disclosures are clearly expressed.

The certifying officers do not need to design all possible components of internal control over financial reporting to address each relevant assertion, but should identify and design an appropriate combination of controls, policies and procedures to address all relevant assertions.

Corporate governance for internal control - The board of directors of a public company is encouraged to consider adopting a written mandate to explicitly acknowledge responsibility for the stewardship of the public company, including responsibility for internal control and management information systems.

Maintaining design – Following their initial development and implementation of disclosure and internal controls, and prior to certifying their design each quarter, certifying officers should consider: whether the company faces any new risks and whether each design continues to provide a sufficient basis for the representations about reasonable assurance required in their certificates; the scope and quality of ongoing monitoring of disclosure and internal controls, including the extent, nature and frequency of reporting the results from the ongoing monitoring of disclosure and internal controls to the appropriate levels of management; the work of the company's internal audit function; communication, if any, with the company's external auditors; and the incidence of weaknesses in disclosure controls and procedures or material weaknesses in internal control over financial reporting that have been identified at any time during the financial year.

Documenting design – The certifying officers should generally maintain documentary evidence sufficient to provide reasonable support for their certification of design of disclosure and internal controls. The extent of documentation for each interim and annual certificate will vary depending on the certifying officers' assessment of risk, as well as the size and complexity of the company's disclosure and internal controls. The documentation might take many forms (e.g., paper documents, electronic, or other media) and could be presented in a number of different ways (e.g., policy manuals, process models, flowcharts, job descriptions, documents, internal memoranda, forms, etc.).

Certifying officers should use their judgment, acting reasonably, to determine the extent and form of documentation, but the new guidance suggests certain minimum documentation. In the case of the design of disclosure controls and procedures, certifying officers should generally document the processes and procedures that ensure information is brought to the attention of management, including the certifying officers, in a timely manner to enable them to determine if disclosure is required, as well as, the items described in "Controls, policies and procedures to include in design" above.

In the case of the design of internal control over financial reporting, the certifying officers should generally document: the company's ongoing risk-assessment process and those risks which need to be addressed in order to conclude that the certifying officers have designed internal controls; how significant transactions, and significant classes of transactions, are initiated, authorized, recorded and processed; the flow of transactions to identify when and how material misstatements or omissions could occur due to error of fraud; a description of the controls over relevant assertions related to all significant accounts and disclosures in the financial statements; a description of the controls designed to prevent or detect fraud, including who performs the controls and, if applicable, how duties are segregated; a description of the controls over period-end financial reporting processes; a description of the controls over safeguarding of assets; and the certifying officers' conclusions on whether a material weakness relating to the design of internal control exists at the end of the period.

New Guidance on the Evaluation of Disclosure and Internal Controls

The new rules do not prescribe how certifying officers should evaluate disclosure or internal controls to determine if they are operating as intended, however, the new guidance does provide the following:

Scope of evaluation – The Canadian securities regulators are of the view that certifying officers can use a top-down, risk-based approach to evaluate disclosure controls and procedures or internal control over financial reporting in order to limit the evaluation to those controls and procedures that are necessary to address the risks that might reasonably result in a material misstatement. The scope of the internal control over financial reporting evaluation must be sufficient to identify any material weaknesses.

Use of external auditor – If a public company chooses to engage its external auditor to assist the certifying officers in the disclosure and internal controls evaluations, the certifying officers should be actively involved in determining the procedures to be performed, the findings to be communicated and the manner of communication. The certifying officers should not rely on internal control over financial reporting-related procedures performed and findings reported by the company's external auditor solely as part of the financial statement audit. However, if the external auditor is separately engaged to perform specified internal control over financial reporting-related procedures, the certifying officers might use the results of those procedures as part of their evaluation even if the auditor uses those results as part of the financial statement audit.

Evaluation tools – Certifying officers can use a variety of tools to perform their disclosure and internal controls evaluations. These tools include:

  • certifying officers' daily interaction with the control systems – this daily interaction could provide an adequate basis for the certifying officers' evaluation of disclosure or internal controls if the operation of controls, policies and procedures is centralized and involves a limited number of personnel. Reasonable support of such daily interaction would include memoranda, e-mails and instructions or directions from the certifying officers to other employees;

  • walkthroughs – tracing a transaction from origination, through the company's information systems, to the company's financial reports, can assist certifying officers to confirm that: they understand the components of internal controls, including those components relating to the prevention or detection of fraud; they understand how transactions are processed; they have identified all points in the process at which misstatements related to each relevant financial statement assertion could occur; and the components of internal controls have been implemented.

  • interviews of individuals who are involved with the relevant controls;

  • observation of procedures and processes, including adherence to corporate policies;"

  • reperformance - the independent execution of certain components of the disclosure or internal controls that were performed previously, including inspecting records whether internal (e.g. a purchase order prepared by the company's purchasing department) or external (e.g. a sales invoice prepared by a vendor), in paper form, electronic form or other media. An example of reperformance is inspecting whether the quantity and price information in a sales invoice agree with the quantity and price information in a purchase order, and confirming that an employee previously performed this procedure; and

  • review of documentation that provides evidence that controls, policies or procedures have been performed.

Certifying officers should use a combination of tools for the disclosure and internal controls evaluations. Although inquiry and observation alone might provide an adequate basis for an evaluation of an individual control with a lower risk, they will not provide an adequate basis for the evaluation as a whole.

The nature, timing and extent of evaluation procedures necessary for certifying officers to obtain reasonable support for the effective operation of a component of disclosure or internal controls depends on the level of risk the component of disclosure or internal controls is designed to address. The level of risk for a component of disclosure or internal controls could change each year to reflect management's experience with a control's operation during the year and in prior evaluations.

Self-assessments – A walk-through or reperformance of a control, or another procedure to analyze the operation of controls, performed by an individual who might or might not be involved in operating the control could be done by personnel who operate the control or members of management who are not responsible for operating the control. The evidence of operating effectiveness from self-assessment activities depends on the personnel involved and how the activities are conducted. When one certifying officer has performed a self-assessment, it is appropriate for the other certifying officer to perform direct testing of the control to enable that officer to have a basis to sign his or her certificate.

Documenting evaluations – The certifying officers should generally maintain documentary evidence sufficient to provide reasonable support for their certification of disclosure and internal controls evaluations. The extent of documentation used to support the certifying officers' evaluations of disclosure and internal controls for each annual certificate will vary depending on the size and complexity of the company's disclosure and internal controls. To provide reasonable support for a disclosure and internal controls evaluation the certifying officers should generally document: a description of the process the certifying officers used to evaluate disclosure and internal controls; how the certifying officers determined the extent of testing of the components of disclosure and internal controls; a description of, and results from applying, the evaluation tools discussed in "Evaluation tools" above or other evaluation tools; and the certifying officers' conclusions about the operating effectiveness of disclosure and internal controls, as applicable, and whether a material weakness relating to the operation of internal controls existed as at the end of the period.

New Guidance on the Use of a Service Organization or Specialist for Internal Control

Where a public company outsources a significant process to a service organization, such as payroll or other bookkeeping services, the certifying officers might identify the need for controls, policies and procedures relating to the outsourced process. Certifying officers should consider whether: the service organization can provide a service auditor's report on the design and operation of controls placed in operation and tests of the operating effectiveness of controls at the service organization; the certifying officers have access to the controls in place at the service organization to evaluate the design and effectiveness of such controls; or the company has controls that might eliminate the need for the certifying officers to evaluate the design and effectiveness of the service organization's controls relating to the outsourced process. If a service auditor's report is available, the certifying officers should evaluate whether the report provides them sufficient evidence to assess the design and effectiveness of controls relating to the outsourced process, including considering the following factors: the time period covered by the tests of controls and its relation to the as-of date of the certifying officers' assessment of the internal control; the scope of the examination and applications covered and the controls tested; and the results of the tests of controls and the service auditor's opinion on the operating effectiveness of controls. Where a service auditor's report is not available, the certifying officers do not have access to controls in place at the service organization and the certifying officers have not identified any compensating controls performed by the public company, a material weakness may exist.

Where a public company arranges for a specialist to provide certain specialized expertise such as actuarial services, taxation services or valuation services, certifying officers should ensure the public company has controls, policies or procedures in place relating to the source data and the reasonableness of the assumptions used to support the specialist's findings. The certifying officers should also consider whether the specialist has the necessary competence, expertise and integrity.

Venture and Debt-Only Companies

Under the new rules, the CEO and CFO certificates for a venture public company (i.e. a public company not listed on the Toronto Stock Exchange or a major U.S. exchange) will be abbreviated and will not refer to disclosure controls and procedures or internal control over financial reporting. Venture public companies will also not be required to include the related disclosure in their MD&A. The CEO and CFO certificates for a venture public company will include a note to readers explaining how the certificate differs from that of a non-venture public company.

U.S. Reporting Companies

As under the current rules, public companies that comply with U.S. laws regarding certification and internal controls are exempt from providing the certification and MD&A disclosure required in Canada, as long as they file their U.S. certifications and related documents with the applicable Canadian securities regulators.

About Trevor Scott

Trevor Scott is a solicitor at Farris and provides strategic and legal advice in diverse business areas. He has extensive experience in debt and equity financings for public and private companies, representing both issuers and investment banks. He also regularly advises on business acquisitions, divestments and take-over bids, including compliance issues with the Competition Act and assisting foreign investors with Investment Canada Act matters. Trevor also advises on corporate governance matters.

If you wish to discuss any aspect of this commentary, please contact Trevor Scott or any member of Farris' Securities Practice Group.

© 2008 Farris, Vaughan, Wills & Murphy LLP

This summary is necessarily of a general nature and should not be construed as the giving of legal advice. You are urged to seek legal advice on areas of specific interest or concern.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Registration
Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:
  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.
  • Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.
    If you do not want us to provide your name and email address you may opt out by clicking here
    If you do not wish to receive any future announcements of products and services offered by Mondaq you may opt out by clicking here

    Terms & Conditions and Privacy Statement

    Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

    Use of www.mondaq.com

    You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

    Disclaimer

    Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

    The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

    Registration

    Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

    • To allow you to personalize the Mondaq websites you are visiting.
    • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
    • To produce demographic feedback for our information providers who provide information free for your use.

    Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

    Information Collection and Use

    We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

    We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

    Mondaq News Alerts

    In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

    Cookies

    A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

    Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

    Log Files

    We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

    Links

    This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

    Surveys & Contests

    From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

    Mail-A-Friend

    If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

    Emails

    From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

    *** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .

    Security

    This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

    Correcting/Updating Personal Information

    If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

    Notification of Changes

    If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

    How to contact Mondaq

    You can contact us with comments or queries at enquiries@mondaq.com.

    If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.

    By clicking Register you state you have read and agree to our Terms and Conditions