The Ontario Securities Commission (OSC) published OSC Staff Notice 33-746 (Notice) on September 21, 2015.
The Notice focuses on registered firms and individuals directly overseen by the OSC describing the initiatives within the Compliance and Registrant Regulation Branch (CRR), notices published, rule amendments and regulatory action taken as a result of registrant misconduct. The OSC encourages firms to review the Notice in its entirely and to use it as a self-assessment tool to increase awareness and enhance their compliance with Ontario securities law.
The Notice, in large part, sets out the compliance issues identified by CRR, some of which are repeated deficiencies, and includes guidance to address these deficiencies. The Notice highlights the significant compliance deficiencies specific to higher risk exempt market dealers (EMDs), some of which are summarized below.
Inadequate Know Your Client (KYC), Know Your Product (KYP) & Suitability Assessment
EMDs are not collecting sufficient information about their clients in order to (i) establish the identity of their clients, (ii) ensure the registrant has sufficient information to meet its suitability obligation, and (iii) assess reliance on a prospectus exemption. EMDs were also unable to demonstrate compliance with the KYP requirement.
The regulatory framework for KYC, KYP and suitability is set out in section 3.4 and Part 13, Division 1 of NI 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103). A registrant is required to obtain adequate and current KYC information from its clients, in advance of making a recommendation to buy or sell a security, in order to assess suitability of an investment. Dealing representatives should have discussions with their clients to better understand their needs, objectives, and willingness and ability to accept certain risks of investing. Registrants should have KYC forms that are easy to read and understand. The forms completed by clients should be reviewed to ensure they are accurate and complete.
EMDs and their dealing representatives must be knowledgeable about the products being recommended and able to explain the key features, risks, initial and ongoing costs and fees associated with a proposed investment as well as understanding the requirements of prospectus exemptions relating to the products being recommended to clients. An EMD should be conducting its own due diligence for products it wishes to offer to its clients instead of relying on information obtained from unregistered third parties.
Inadequate Internal Controls and Supervision
EMDs were found to be “renting” their registration by sponsoring dealing representatives that were not acting on behalf of the EMD but rather an issuer affiliated with the dealing representative. These dealing representatives were selling only products of their affiliated issuers rather than the products being offered by their sponsoring firm.
Dealing representatives of EMDs were found to have inadequate training and supervision resulting in inadequate KYC information collected from clients, unsuitable trades including investments being sold under a prospectus exemption for which clients were not qualified, and the firm being unaware of the marketing and outside business activities by its dealing representatives.
EMDs are required to have a compliance system in place to ensure their dealing representatives are acting on behalf of the firm and in compliance with securities laws.
Inadequate Relationship disclosure information
EMDs did not provide adequate relationship disclosure information (RDI) to clients, including the nature and type of account they were opening, the firm’s services and products, the risks and costs involved, and the EMD’s obligation to assess suitability of investments prior to recommending an investment.
Subsection 14.2(2) of NI 31-103 sets out the details of the information a firm must provide to its clients. RDI should contain fulsome, meaningful and up-to-date information in order that clients understand the services and products offered by the registrant, the level of risk associated with the products and services offered by the firm, the costs associated with operating their account and any conflicts of interest that may exist between the registrant and the client. As set out in subsection 14.2(2)(k) of NI 31-103, the RDI must contain “a statement that the firm has an obligation to assess whether a purchase or sale of a security is suitable for a client prior to executing the transaction or at any other time”.