Industry


Navigating an OSC Compliance Review



Background

The Ontario Securities Commission has the authority under subsection 20(1) of the Securities Act (Ontario) (the Act) to designate in writing one or more persons to review the books, records and documents that are required to be kept by a market participant under section 19 of the Act for the purpose of determining whether Ontario securities law is being complied with.

Compliance field reviews are one of the main tools we use to ensure that registered firms are meeting their regulatory requirements. Compliance reviews are also useful for registrants who can use this experience as a learning opportunity to assist them in evaluating their compliance processes and understand where improvements can be made. This page describes the compliance field review process that is carried out by staff in the Compliance and Registrant Regulation (CRR) Branch.


Who is subject to a compliance field review?

We may perform a compliance review of any registered firm that trades or advises in securities or that acts as an investment fund manager. However, we do not usually review registered firms that are members of a self-regulatory organization (SRO), unless the firm is also registered in another category not regulated by an SRO.

The Investment Industry Regulatory Organization of Canada (IIROC) conducts compliance reviews of the dealing operations of investment dealers and futures commission merchants and the Mutual Fund Dealers Association of Canada (MFDA) conducts compliance reviews of the dealing operations of mutual fund dealers.

The OSC conducts compliance reviews of advisers, exempt market dealers, scholarship plan dealers and investment fund managers to monitor whether they are complying with Ontario securities law.


How are firms selected?

The risk based approach to compliance oversight reviews started in 2001. In 2002, 2004, 2008 and 2011, registered firms were sent a risk assessment questionnaire (RAQ) for completion. The most recent RAQ was sent in 2011 and a copy can be found here.

The RAQ is used to populate a risk assessment model and this assists us in selecting firms for review. A registered firm with a high risk rating will be subject to a compliance field review on a more frequent basis than a firm that has a lower risk rating. However, we also select firms on a random basis for compliance field reviews.


Types of compliance reviews

There are five types of compliance reviews conducted by the CRR Branch of the OSC: 

  1. Full – all of the firm’s operations are reviewed
  2. Targeted (e.g. sweeps or desk reviews) – focussed on a specific issue or issues of concern
  3. New registrant
  4. Impact – registered firms that due to their size, would cause a significant market impact if the firm were to go out of business
  5. For cause – initiated as a result of a complaint, referral from OSC Enforcement branch or other similar concern.

Notification of a compliance review

In most cases, we announce our intention to conduct a compliance review in advance of the review commencing. If your firm is selected for a compliance review, your Chief Compliance Officer (CCO) will be contacted, usually through a phone call, and informed that we intend to conduct a compliance review and notified of the date that the review will begin. Shortly thereafter, we will send a list of books and records to the CCO that the firm should have ready for us to examine on the start date. This information will assist us in gaining an understanding of your business and assessing your firm’s internal controls, compliance system, disclosure, marketing practices, and policies and procedures. For example, the list includes such items as: 

  • a copy of your organizational chart
  • copies of prospectuses or other offering documents
  • most recent financial information and working capital calculations
  • copy of your trade blotter
  • client records and files
  • copies of marketing materials
  • a copy of your policies and procedures manual
  • compliance reports provided to the board of directors, or individuals acting in a similar capacity
  • information on client complaints or litigation

The full list of books and records that are typically requested for a compliance field review can be found here and will depend on the firm’s category of registration. A targeted review will generally have a more tailored request of books and records depending on the scope of the review.

Once the CCO is notified and receives the books and records request, it would be useful to begin notifying other individuals within the firm that will be assisting during the review and begin enlisting their help in compiling the necessary documents.


How long does a compliance field review take?

A compliance review normally requires us to be on-site for approximately a two week period. The length of the review will also depend on the size of the firm, whether documents are available for us to review in a timely manner, the number of compliance deficiencies found and the overall culture of compliance at the firm. 


Opening interview

On the first day of the review, we will schedule an opening interview with the CCO and other key staff of the registered firm. We use the opening interview to obtain a high-level understanding of the firm’s business and operations prior to commencing fieldwork and to collect detailed information about each of the following: 

  • corporate and compliance structure
  • nature of business
  • types of products and clients
  • financial condition
  • custody arrangements
  • conflicts of interest and referral arrangements
  • NAV errors and valuation

On-site review

A large part of the review will be spent reviewing the books and records that have been provided pursuant to our earlier request. We will also evaluate the adequacy of the registrant’s compliance structure by interviewing the CCO and key individuals in the compliance department who have been delegated responsibilities by the CCO. The tools and reports used by the compliance department to monitor the firm’s compliance with regulatory requirements will also be reviewed. The reviews are performed by teams that are made up of multiple accountants and a lawyer. Accountants perform the actual field review and legal staff are available as required on the file. 

Registered firms must maintain adequate books and records in accordance with Part 11 of National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103). 

To help the review run more smoothly, we recommend you do the following: 

  • have all books and records ready for us to review, organized with clearly marked labels or tabs that coincide with our records request
  • appoint a single point person, usually the CCO, to act as the liaison and answer our questions, or direct us to the right individuals within the organization
  • be prepared to set aside time to answer questions or provide additional documents that may be requested on an ad-hoc basis
  • have an open dialogue with us to clarify any of our requests or provide information that adds context to any of the documents provided

We use compliance review programs to assess compliance with securities laws and internal controls in each functional area of your business. The programs are never static and are continually updated as legislative or other requirements change. If you are registered in more than one category of registration, we may focus on only one of your registration categories or on your activities in other categories of registration as well. The compliance review programs for the various registration categories are described below:


Compliance review program for portfolio managers

We typically examine the following aspects of a portfolio manager’s operations:

  • financial condition and custody
  • contracts
  • portfolio management, including know your client and suitability
  • trading and brokerage
  • conflicts of interest
  • valuation
  • marketing
  • compliance and supervision structure

Compliance review program for investment fund managers

We typically examine the following aspects of an investment fund manager’s operations:

  • independent review committee
  • service providers
  • transfer agent
  • fund accounting
  • trust accounting
  • offering documents
  • controls over trading practices
  • financial condition and custody
  • sales practices
  • marketing
  • conflicts of interest
  • referral arrangements
  • compliance and supervision structure

Compliance review program for exempt market dealers

We typically examine the following aspects of an exempt market dealer’s operations:

  • financial condition and custody
  • know your client and suitability
  • disclosure
  • client accounts
  • marketing
  • referral arrangements
  • compliance and supervision structure

Compliance review program for scholarship plan dealers

We typically examine the following aspects of a scholarship plan dealer’s operations:

  • financial condition and custody
  • opening of new accounts, know your client and suitability
  • client accounts
  • sales practices and marketing
  • contractual agreements and business arrangements
  • compliance and supervision

Exit interview

At the conclusion of our review, we will schedule an exit interview to discuss our findings. The exit interview may be conducted in person or by phone. Most of the deficiencies will have already been discussed with you as they arose in the course of our review, but the exit interview will give you an additional opportunity to clarify information or provide comments and ask questions.


Compliance field review report

This report outlines the deficiencies noted during the review and classifies the deficiencies as either “significant” or “non-significant”. The report will cite the specific legislation that your firm is not in compliance with. Your firm will have 30 days from the date of the report to respond to us in writing on your action to resolve the “significant” deficiencies. All other deficiencies must also be addressed in a timely manner, although we do not require you to respond in writing for these deficiencies. We may, at a later time, follow up with your firm to ensure that all “non-significant” deficiencies have been adequately resolved.


What next?

If a deficiency report is issued and you respond appropriately to all of the deficiencies within the prescribed time period, a closing letter will be sent to you indicating that our review has been completed.

However, where a registered firm’s deficiencies are particularly concerning, we may take further regulatory action, including:

  • tracking and monitoring the firm or individual
  • conducting a follow-up review
  • imposing terms and conditions on registration
  • suspension of the firm
  • referring the matter to the OSC Enforcement Branch.

An example of deficiencies that may warrant further regulatory action is where an inadequate compliance system has been noted or where a registrant has inadequate working capital.


Where can I get more information on compliance matters?

The OSC website provides useful information for registrants, including a section on Registrant Outreach. The Registrant Outreach program also offers a subscription service whereby registrants can join the Registrant Outreach Community and receive updates on new information or educational seminars.  

Learn more about the Registrant Outreach program and upcoming educational seminars