CSA Staff Notice: 31-336 - Guidance for Portfolio Managers, Exempt Market Dealers and Other Registrants on the Know-Your-Client, Know-Your-Product and Suitability Obligations

CSA Staff Notice: 31-336 - Guidance for Portfolio Managers, Exempt Market Dealers and Other Registrants on the Know-Your-Client, Know-Your-Product and Suitability Obligations

CSA Notice





CSA Staff Notice 31-336
Guidance for Portfolio Managers, Exempt Market Dealers and Other Registrants on the Know-Your-Client, Know-Your-Product and Suitability Obligations



January 9, 2014

Purpose of this Notice

The know-your-client (KYC), know-your-product (KYP) and suitability obligations are among the most fundamental obligations owed by registrants to their clients and are cornerstones of our investor protection regime. Staff from the Canadian Securities Administrators (CSA staff or we) assess registrants' compliance with these important regulatory requirements as part of our compliance oversight reviews. For example, in 2012, staff of the Ontario Securities Commission conducted a targeted review (Sweep) of 87 portfolio managers (PMs) and exempt market dealers (EMDs) to assess their compliance with the KYC, KYP and suitability obligations. The findings of the Sweep are summarized in OSC Staff Notice 33-740 Report on the results of the 2012 targeted review of portfolio managers and exempt market dealers to assess compliance with the know-your-client, know-your-product and suitability obligations.

As a result of our compliance oversight reviews, CSA staff have concluded that additional guidance (including CSA staff's views as to practices that may be considered to be "best practices" and practices that we consider to be "unacceptable practices") in the areas of KYC, KYP, and suitability obligations is required to assist registrants, such as PMs, EMDs, and other registrants who are not members of a self-regulatory organization (SRO) in meeting their regulatory obligations.

We strongly encourage registrants to use this Notice to improve their understanding of, and compliance with, the very important KYC, KYP, and suitability obligations. We also suggest that registrants use this report as a self-assessment tool to strengthen their compliance with securities laws. Going forward, CSA staff will continue to closely monitor registrants' compliance in these areas and will take appropriate regulatory action to ensure compliance with securities laws.

Top line highlights of the Notice

KYC, KYP and suitability obligations are among the most fundamental obligations owed by registrants to their clients, and are cornerstones of our investor protection regime. The CSA has repeatedly recognised that these requirements are basic obligations of a registrant, and a course of conduct by a registrant involving a failure to comply with them is an extremely serious matter.

We expect registrants to comply not only with the letter of the securities law requirements themselves, but also with the spirit of the requirements. We expect market participants to conduct themselves in a manner that is consistent with the principles of securities regulation. This requires market participants to respect not just the letter of the law, but also the spirit of the law.

KYC, KYP and suitability obligations are extensions of each registrant's general duty to deal fairly, honestly and in good faith with its clients. In Quebec, this duty is framed as the registrant's duty to deal fairly, honestly, loyally and in good faith with its clients.

A meaningful suitability assessment is required. Assessing suitability is more than a mechanical fact-finding or "tick the box" exercise. It requires meaningful dialogue with the client to obtain a solid understanding of the client's investment needs and objectives, and to explain how a proposed investment strategy is suitable for the client in light of the client's investment needs and objectives.

Failure to adequately know your client may lead to a distribution of securities by an issuer or dealer in breach of a prospectus exemption which is a serious breach of securities law. An illegal distribution may also provide an investor with a continuing right of action for rescission or damages against the issuer or dealer for non-delivery of a prospectus.

Adequate documentation of the suitability process (including KYC) is critical to ensuring that a registrant is meeting its securities law obligations.

What's in the Notice?

In addition to providing guidance, this Notice briefly summarises the applicable securities law requirements relating to KYC, KYP, and suitability for registrants. It also sets out selected requirements and guidance for KYC, KYP, and suitability requirements for dealer members of the Investment Industry Regulatory Organization of Canada (IIROC) and the Mutual Fund Dealers Association of Canada (MFDA). Although these requirements are not applicable to registrants who are not members of an SRO, they may provide helpful guidance to registrants in their determination of how to meet their KYC, KYP, and suitability obligations under securities law.

In this Notice, we will generally refer to registrants who are under the direct oversight of the CSA as registrants. Unless the context otherwise requires, a reference to registrants includes both registered firms and their registered individuals.

The guidance provided represents our expectations of registrants. While the best practices set out in this report are intended to present acceptable methods registrants can use to meet their KYC, KYP, and suitability obligations, they are not the only acceptable methods. Registrants may use alternative methods, provided those methods adequately demonstrate that registrants have met their KYC, KYP and suitability obligations.

Outline of this Notice

The following is an outline of this Notice:

• Purpose of this Notice

• Importance of the KYC, KYP, and suitability obligations

• The KYC obligation

• What is the basic KYC obligation?

• What KYC information is required?

• When does the KYC obligation apply?

• KYC guidance

• How often should registrants update KYC information?

• Signing and dating of KYC information by clients and registrants

• What processes should registrants use to determine whether investors are Accredited Investors (AIs)?

• How should registrants collect and document KYC information?

• What is the basic KYP obligation?

• KYP guidance

• What are the key areas to consider in assessing KYP?

• Additional areas to consider when dealing with prospectus-exempt securities

• Reliance on third-party analysis and reports

• CSA Staff Notice 33-315 Suitability Obligations and Know-Your-Product

• What is the basic suitability obligation?

• Suitability guidance

• Why is the suitability analysis so important?

• How should a registrant demonstrate compliance with the suitability assessment?

• How is the client-directed trade instruction appropriately used?

Importance of the KYC, KYP, and suitability obligations

Securities laws impose a general duty on registrants to deal fairly, honestly and in good faith with clients. Part 13 of National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103) sets out the principal KYC, KYP, and suitability obligations for registrants. These obligations work together. The KYC, KYP and suitability obligations are an extension of the duty to deal fairly. In turn, the suitability obligation requires a registrant to know the client, know the product that is the subject of the proposed recommendation or client order, and to form an opinion as to whether the product is suitable in light of the client's investment needs and objectives.

Certain KYC and suitability obligations in NI 31-103 do not apply to firms that are members of a SRO and their representatives if they comply with corresponding SRO requirements. However, a failure to comply with SRO requirements by SRO dealer members may also be a breach of securities law.

CSA staff is committed to taking appropriate regulatory action where we identify significant compliance issues in these areas and the following are examples of some recent decisions which highlight the importance of a registrant's KYC, KYP and suitability obligations:

• Recent Court decisions (including Sawh v. Ontario Securities Commission, 2013 ONSC 4018 and Ridel v. Cassin, 2013 ONSC 2279),

• Recent decisions of the Ontario Securities Commission (including Re Trapeze Asset Management Inc. (2012) 35 O.S.C.B. 4322, and Re Sawh and Trkulja 34 O.S.C.B. 1059 (Director), 35 O.S.C.B. 7431 at 164 (Commission)),

• Recent decision of the Bureau de décision et de révision (Autorité des marchés financiers c. Solutions monétaires Monarc inc. et Karina Stevens et Paul Hauck, 2012-046-001), and the withdrawal of their rights (news release of l'Autorité des marchés financiers on October 17, 2013),

• Recent decisions of, and reviews by, IIROC and the MFDA focusing on their members' compliance with KYC, KYP, and suitability obligations,

As a result of the importance of these obligations, we will continue to focus compliance reviews on issues relating to KYC, KYP, and suitability.

The KYC obligation

What is the basic KYC obligation?

NI 31-103

Section 13.2 of NI 31-103, among other things, requires registrants (including dealer members of IIROC and the MFDA) to take reasonable steps to establish the identity of a client, and to ensure that they have sufficient information to meet their suitability obligation.

Section 13.2 of the Companion Policy to NI 31-103 (CP 31-103) explains why securities law imposes a KYC obligation on registrants:

Registrants act as gatekeepers of the integrity of the capital markets. They should not, by act or omission, facilitate conduct that brings the market into disrepute. As part of their gatekeeper role, registrants are required to establish the identity of, and conduct due diligence on, their clients under the [KYC] obligation... KYC information forms the basis for determining whether trades in securities are suitable for investors. This helps protect the client, the registrant and the integrity of the capital markets. The KYC obligation requires registrants to take reasonable steps to obtain and periodically update information about their clients.

SRO rules

The KYC requirements in NI 31-103 also apply to SRO dealer members. Supplemental KYC requirements for SRO dealer members are set out in:

• IIROC Rule 1300 Supervision of Accounts (IIROC Rule 1300),

• IIROC Rules Notice Guidance Note 12-0109 Know your client and suitability -- Guidance dated March 26, 2012 (IIROC Notice 12-0109),

• Section 2.2.1 of MFDA Rules,

• MFDA Policy No. 2 Minimum Standards for Account Supervision (MFDA Policy No. 2), and

• MFDA Staff Notice 0069 Suitability (MFDA Notice 0069).

IIROC Notice 12-0109 says the following about the suitability requirements:

Dealer Members and Registered Representatives are reminded that compliance with the suitability requirements is fundamental to compliance with general business conduct standards and is essential to good business practice. The suitability requirement is also complementary to the fundamental obligation under securities legislation for all Dealer Members and their representatives to deal fairly, honestly and in good faith with clients.

What KYC information is required?

NI 31-103

To meet their suitability obligation, registrants (including dealer members of IIROC and the MFDA) must take reasonable steps to ensure that they have sufficient information about their client's:

• investment needs and objectives (including the client's time horizon for their investments),

• financial circumstances (including net worth, income, current investment holdings, and employment status), and

• risk tolerance for various types of securities and investment portfolios (taking into account the client's investment knowledge) (collectively, investment needs and objectives).

The extent of KYC information a registrant needs to determine suitability of a trade will depend on the:

• client's circumstances,

• type of security,

• client's relationship to the registrant, and

• registrant's business model.

Accredited Investors and Permitted Clients

If a registrant proposes to make a trade in reliance on the prospectus exemption for AIs in National Instrument 45-106 Prospectus and Registration Requirements (NI 45-106), the registrant must determine whether the client is an AI. For additional guidance in this area, see the Companion Policy to NI 45-106.

A person distributing or trading securities in reliance on a prospectus exemption is responsible for determining whether the exemption is available. A person may rely on factual representations by a purchaser, provided that the person has no reasonable grounds to believe the representations are false. A registrant's obligation to determine that a prospectus exemption is available is supplemented and informed by the registrant's obligation to "know" the client. Accordingly, the obligation to determine whether (and how) a client satisfies the AI definition will generally be higher on registrants than an issuer or other sellers that are not in the business of trading securities. Factual representations, such as a representation in a subscription agreement that the client is an AI, will generally not, by themselves, in CSA staff's view, be sufficient for a registrant to satisfy its KYC obligation. Similarly, if a registrant is relying on subsections 13.2(6) and 13.3(4) of NI 31-103 which allow a permitted client to waive certain KYC and suitability requirements, the registrant must collect adequate information to determine that the client is a permitted client. It is not sufficient to simply rely on the client's initialling or checking off the box in the permitted client certificate/attestation form.

SRO rules

IIROC recently amended its suitability requirements to require each Dealer Member, when making a recommendation to a client or accepting an order from a client (and also where certain other triggering events occur) to use due diligence to ensure that the suitability assessment is made considering the overall account portfolio. See IIROC Rule 1300 and MFDA Policy No. 2 (which is similar).

Although the SRO rules in some cases use additional terms, such as "time horizon" or "portfolio composition" that are not explicitly used in NI 31-103, we take the view that these factors are subsumed within the broader terms used in subsection 13.2 of NI 31-103. For example, a registrant cannot meaningfully determine a client's investment needs and objectives, financial circumstances, or risk tolerance without understanding the client's time horizon or current investment portfolio composition.

IIROC Notice 12-0109 set out a useful discussion on a registrant's assessment of a client's investment objectives versus a client's risk tolerance. The notice states:

... the client's investment objectives and risk tolerance are two separate but related factors; each factor must be assessed based on the clients' financial and personal circumstances and must be reasonable in light of those circumstances ... For example, designating an 80% high risk tolerance for an elderly client may be unreasonable if the client has a modest net worth and has opened the account to invest a substantial portion of her net worth. On the other hand, the 80% high risk tolerance may not be unreasonable if the elderly client has a substantial net worth and opens an account to invest a small fraction of her net worth.

MFDA Notice 0069 provides guidance to its dealer members on how to establish a suitability framework to ensure compliance with their obligations. The notice also provides guidance on KYC information and how to maintain accurate and complete KYC information.

When does the KYC obligation apply?

NI 31-103

A registrant must have current KYC information whenever a suitability determination is required. A registrant (other than a dealer member of IIROC or the MFDA, which is subject to the requirements set out in the next section) is required in section 13.3 of NI 31-103 to make a suitability determination before a registrant

• makes a recommendation to or accepts an instruction from a client to buy or sell a security, or

• purchases or sells a security for a client's managed account.

In addition, registrants are required in subsection 13.2(4) to make reasonable efforts to keep their clients' KYC information current. We consider information to be current if it is sufficiently up-to-date to support a suitability determination.

SRO rules

Under SRO rules, a suitability determination is generally required when:

• accepting an order from a client,

• recommending to the client the purchase, sale, exchange, or holding of a security,

• securities are received into the client's account by way of deposit or transfer,

• there is a change in the registered representative or portfolio manager responsible for the account, or

• there is a material change in the client's life circumstances or objectives that has resulted in revisions to the client's KYC information as maintained by the dealer member.

KYC guidance

1. How often should registrants update KYC information?

A registrant is required to obtain current KYC information about a client's investment needs and objectives whenever a suitability determination is required. Some registrants ask their clients to advise them when their KYC information changes. However, we expect registrants to be proactive in ensuring that KYC information is kept up-to-date. We expect PMs (and EMDs that have an ongoing relationship with their clients -- see below for further information) to update KYC information at least annually and more often if there is a material change in a client's circumstances (for example, marriage, divorce, birth of a child, loss or change in employment), or investment needs or objectives. Without adequate and timely KYC information, registrants cannot meet their suitability obligation to clients.

EMDs

An EMD may have a transactional relationship or an ongoing relationship with a client depending on the particular facts and circumstances. An example of a transactional relationship is a situation where the EMD's relationship with the client is limited to a specific private placement transaction, neither the EMD nor a related issuer of the EMD holds (directly or indirectly) client assets or securities, the EMD is not paid a trailer fee or similar ongoing compensation in relation to the client's ownership of a security, and there is no expectation on the part of the client that the EMD will continue to provide services to the client after the completion of the transaction. In contrast, if any of these factors are present, or if the EMD is also registered in another category of registration such as PM, the EMD may be viewed as having an ongoing relationship with the client. Similarly, if an EMD acts for a client in a series of transactions, we would consider that the EMD has an ongoing relationship with the client. In the case of an EMD or other registrant that is not an SRO member with an ongoing relationship with a client, we recommend that they implement policies and procedures that reflect the SRO concept of "trigger events" as a best practice.

PMs

We think that a PM's suitability obligation in the context of a managed account is a continuing obligation to ensure that the investment strategy determined by the PM remains suitable for the client. Accordingly, we think that it would be prudent business practice for a PM with discretionary trading authority over a client's account to follow the SRO criteria relating to KYC "trigger events" (set out briefly below) in order to ensure that the investment strategy determined by the PM remains suitable for the client.

SRO rules

Both IIROC Rule 2500 Minimum Standards for Retail Customer Account Supervision and MFDA Rule 2.2.4 Updating Client Information have similar requirements that their dealer members must update KYC information when there is a material change in client information, such as a change in investment objectives, financial situation or risk tolerance. In addition, MFDA Rule 2.2.4 requires dealer members to (a) send a written request at least annually to each client asking the client to notify the dealer member if there are any material changes to the client's circumstances, and (b) update the client information accordingly.

As well, IIROC Notice 12-0109 provides that account information must be updated any time there is a material change in a client's circumstances such as marriage, divorce, birth of a child, loss of or change in employment, etc. The notice states that this requirement can be met by periodically asking each client about material changes in their circumstances, asking about material changes when meeting with the client to review his/her portfolio, otherwise corresponding with the client to discuss account related matters, or by annually contacting the client to verify the accuracy of account information.

2. Signing and dating of KYC information by clients and registrants

Although NI 31-103 does not expressly require the signing and dating of KYC information by clients and registrants, we recommend that registrants implement policies and procedures to ensure that both the client and the registrant that reviewed the KYC information with the client sign and date the information. Both the client and registrant should also sign and date amendments to KYC information, whether done as addendums to the original information, or as "fresh" KYC information. Signing and dating KYC information:

• assists with demonstrating compliance with securities law requirements,

• assists with providing evidence that the client confirmed that the information provided was accurate and that the information was discussed with the registrant, and

• may protect the registrant in the event a client later claims that an investment was unsuitable.

3. What processes should registrants use to determine whether investors are AIs?

NI 45-106 requires all registrants selling securities under an exemption to ensure that adequate processes are in place to determine whether the exemption is available. If a registrant is relying on the AI exemption, the registrant must ensure that the client meets the criteria in the AI definition.

In our compliance reviews, we identified some EMDs that had sold exempt securities to non-AIs without adequate processes in place to assess whether the investors were AIs, or whether other prospectus exemptions were available. In Sawh and Trkulja (Re Sawh and Trkulja (2012), 35 O.S.C.B. 7431, at 7454, para. 183, affirmed 2013 ONSC 4018 (Div. Ct.)), the Ontario Securities Commission said:

The fact that an investor declared himself to be an accredited investor does not absolve a registrant of the responsibility to take adequate steps in the circumstances to ascertain that the investor meets the criteria to be accredited based on his or her financial circumstances.

As well, some KYC forms used by these EMDs were not designed to allow the EMD to determine whether the client met the AI definition. In addition, some of the information contained in the so-called "AI certificate" was inconsistent with the client's KYC form.

If a client does not satisfy the definition of AI or fall within another exemption, the distribution is a serious breach of securities law. It is also important to note that EMDs are limited to dealing with clients who are eligible to purchase securities under a prospectus exemption. Accordingly, if the client does not meet the requirements of the prospectus exemptions, then the EMD is acting outside of its registration category contrary to securities law.

Suggested practices for registrants that distribute securities in reliance on a prospectus exemption

Registrants should ensure that they have adequate policies and procedures in place to ensure compliance with the conditions of the exemption. Registrants should:

Develop a KYC form that has sufficient information about the client to allow the registrant to determine if the client meets the requirement of the prospectus exemptions. Thresholds used in the KYC form should be consistent with the minimum income and asset thresholds in the AI or eligible investor definition contained in NI 45-106.

Tailor or develop a separate KYC form for clients that are corporations, partnerships, trusts or other entities, and not individuals, to support reliance on the exemption. For example, if the registrant is relying on paragraph (t) of the AI definition in NI 45-106 [an entity that is owned by persons who are AIs], the registrant must collect and document adequate information about the owners of the entity to support reliance on the exemption.

Understand the different categories of investor that make up the definition of AI or eligible investor and the conditions contained in these categories. Registrants should pay specific attention to the differences between the definitions of "assets" and "financial assets" (which exclude an investor's personal residence or other real estate) and the requirement that financial assets be net of any related liabilities.

Obtain a breakdown of financial assets and net assets of the client to ensure that the information collected accurately reflects the client's financial circumstances and to assist the registrant in assessing the availability of the prospectus exemptions and the suitability of any investment made.

Make further inquiries about the client's financial circumstances in situations where there is a reasonable doubt about the accuracy of information given by the client or the validity of the client's claim to be an AI or eligible investor. Document the inquiries in the client's file.

Establish policies and procedures and provide training to dealing and advising representatives to ensure they fully understand the prospectus exemptions and that exempt securities may only be distributed to investors who meet the requirement of the prospectus exemptions.

--------------------

Unacceptable practices

Registrants should not:

Rely solely on the investor's representation in an AI certificate, Resident Exemption Form or Eligible Investor Questionnaire without obtaining KYC information from clients to independently assess reliance on the exemption. Also, it is not appropriate to rely on inferences based on the registrant's knowledge of a client (example, job title, type of car, or location of residence) to assess whether a client is able to rely on an exemption.

Assume that another person (whether another registrant that has previously dealt with a client or another individual within a registrant firm that is dealing with a client) has complied with the KYC obligation or the obligation to determine that the client is eligible to purchase securities on a prospectus-exempt basis. Each registrant dealing with a client has an obligation to comply with these obligations or to confirm that the registrant firm has properly conducted and documented this determination.

Process prospectus-exempt trades without complete and adequate KYC information to support reliance on the exemption.

--------------------

4. How should registrants collect and document KYC information?

In our compliance reviews, we continue to identify issues related to inadequate collection and documentation of KYC information. Registrants did not ensure that KYC forms were fully completed for all clients. As well, many registrants did not have a process in place to update KYC forms.

In order to meet the KYC and suitability obligations, registrants must take reasonable steps to ensure they have sufficient current information regarding a client's investment needs and objectives. Collecting and documenting KYC information is more than just a fact-finding or "tick the box" exercise. Registrants should make all necessary enquiries to obtain a solid understanding of a client's investment needs and objectives. They should engage in a meaningful dialogue with their clients and explain to them why the KYC information is required.

The MFDA and IIROC have issued similar KYC guidance to their member firms. For more details please refer to:

• IIROC Notice 12-0109,

• IIROC Notice 12-0108 Client Relationship Model -- Guidance, and

• MFDA Staff Notice 0069.

Suggested practices for collecting and documenting KYC information

Registrants should:

Engage in meaningful KYC discussions with clients and consider the use of a questionnaire to facilitate the collection and documentation of KYC information. If possible, meet with clients face to face and ask detailed questions to assist in their understanding of the clients' investment needs and objectives. If it is not possible to meet with a client face to face, a registrant should carefully document the additional steps taken to demonstrate compliance with KYC and suitability obligations.

Collect and document sufficient minimum KYC information including name, age, investment objectives, annual income, net financial assets, net assets, liquidity needs, time horizon, risk tolerance, and portfolio composition. This should include registrant representatives' notes of discussions with clients. Registrants should also obtain a breakdown of financial assets (deposits and type of securities such as mutual funds, listed stocks, exempt securities etc.) and net worth (types of assets and liabilities).

Collect relevant information from each client so as to establish their identity. Maintain a record of the identification document (for example, passport or driver's licence number and place of issue).

Develop an "investor-friendly" KYC form by ensuring all terms used in the KYC form such as investment objectives, investment knowledge, and risk are clearly explained in plain language.

Consider a client's willingness to accept risk and ability to accept risk when assessing a client's risk tolerance. A client may be willing to accept risk; however, this does not necessarily mean that a client has the ability to financially withstand a downturn in the market or other partial or total loss of their investment. Alternatively, a client may have the financial means to absorb losses, but may not be willing to do so.

Review the completed KYC form with the client for accuracy to ensure that the information collected reflects the client's investment needs and objectives. The KYC form should also be signed, dated and reviewed by the registrant and the client should receive a signed copy of the KYC form for their records.

Update KYC information at least annually (for PMs, and for EMDs that have an ongoing relationship with their clients), if there is a significant change in a client's life circumstances, or a significant change in market conditions. Any changes in KYC information (or a confirmation that there are no changes) should be signed, dated and reviewed by the registrant and the client should receive a signed copy of the revised KYC form for their records.

PMs should develop a tailored investment policy statement (IPS) for each managed account. The IPS should document the client's investment needs and objectives and set out a planned asset allocation. PMs should provide a signed (and dated) copy of the IPS to each client at the time the IPS is first signed and when it is updated.

Establish policies and procedures for collecting, documenting and reviewing sufficient KYC information for each client.

Provide adequate training to their staff to ensure they fully understand the importance of collecting, reviewing and maintaining adequate and up-to-date KYC information.

--------------------

Unacceptable practices

Registrants should not:

Collect KYC information solely by asking clients to tick a box that best describes their investment objectives or risk tolerance. This mechanical "tick box" approach is not sufficient to fulfill a registrant's suitability obligation.

Rely only on a KYC form or other document to know the client. This "form based" approach is not sufficient to fulfill a registrant's suitability obligation.

Process a trade (other than a liquidating transaction upon a client's request) if there is any missing or conflicting KYC information that may affect their ability to assess the availability of the prospectus exemption or the suitability of the investment.

Delegate the KYC or suitability obligation to an unregistered individual (for example, an administrative assistant or a referrer) to collect KYC information, complete the KYC form for the client, or explain products to a client. Although a registrant may rely on an unregistered individual to assist in incidental administrative tasks related to the collection of KYC information, the registrant has the obligation to "know" the client and the client's investment needs and objectives. If an unregistered individual or firm purports to collect KYC information or explain products to clients, these activities may be considered to be registerable dealing or advising activities (since these activities may themselves constitute acts in furtherance of a trade).

Use outdated KYC information or an outdated KYC form to assess the suitability of a client's investment.

Use a KYC form or other document that contains disclaimer language which purports to limit liability for all losses, including losses resulting from a breach of the registrant's obligations under securities law.

--------------------

What is the basic KYP obligation?

NI 31-103

As explained in section 3.4 of CP 31-103 [Proficiency -- initial and ongoing], registered individuals must understand the structure, features, and risks of each product they recommend as part of their initial and ongoing proficiency obligations. Section 3.4 of NI 31-103 sets out that an individual "must not perform an activity that requires registration unless the individual has the education, training and experience... including understanding the structure, features and risks of each security the individual recommends". These requirements are applicable to all registrants, including SRO members. This proficiency requirement (also referred to as know-your-product or KYP) is in addition to the suitability obligation in section 13.3 and applies even when there is an exemption from the suitability obligation (such as, for example, the exemption for permitted clients).

The KYP obligation is also a necessary element of the KYC and suitability determination. Section 13.3 of NI 31-103 requires registrants to take reasonable steps to ensure that a proposed trade is suitable for a client before making a recommendation or accepting instructions from a client. To meet this obligation, registrants should have an in-depth knowledge of all securities that they buy and sell for, or recommend to, their clients.

Although the KYP obligation is triggered when a registrant "recommends" a product to a client, a registrant may expressly or implicitly recommend a product through conduct such as placing a product on the registrant's "shelf" and making it available to a client, by advertising or promoting the product, or by distributing marketing material about the product to a client.

SRO rules

IIROC Notice 12-0109 sets out similar requirements for their dealer members. In addition, IIROC Guidance Note 09-0087 Best practices for product due diligence revised on March 25, 2009 sets out IIROC's expectations regarding procedures and criteria that dealer members should consider when assessing and introducing products that they approve or recommend for sale. Lastly, IIROC recently published Guidance Note 13-0039 Recommendations and best practices for distribution of non-arm's length investment products which provides guidance on distributions of non-arm's length investment products.

MFDA Staff Notice MSN-0048 Know Your Product dated October 31, 2005 (MSN-0048) clarifies the obligations of MFDA dealer members and approved persons with respect to the approval and sale of investment products by dealer members. The notice requires dealer members to perform a reasonable level of due diligence on products prior to their approval for sale by Approved Persons.

In addition, as part of the KYP obligation, CSA staff expects a registrant to assess the suitability of leveraged trades or leveraging strategies for those clients that borrow funds to trade in securities. The MFDA recently amended their KYC rule and Policy No. 2 (see MFDA Rule 2.2.1 and Policy No. 2) to clarify the obligation of their dealer members to assess the suitability of orders involving the use of borrowed funds. The rule clarifies that dealer members must assess suitability of leveraging strategies in light of the client's investment knowledge, risk tolerance, and investment objectives. The MFDA also published a leveraging supervision guide which provides further guidance to its dealer members on how to maintain appropriate documentation of leverage recommendations and supervision, and addressing unsuitable leveraging.

KYP guidance

1. What are the key areas to consider in assessing KYP?

Registrants must conduct their own product due diligence and be able to explain to their clients the security's risks, key features, and initial and ongoing costs and fees. As part of their product due diligence, registrants should review and assess the information contained within the offering memorandum (OM) or other documentation provided by the issuer. If the information is not sufficient to allow the registrant to conduct a meaningful KYP assessment of the issuer and the product, the registrant will need to conduct further due diligence on the issuer and the product or refrain from dealing with that product. Registrants must be able to evidence their own product due diligence.

A registrant should only place a product on its approved product list after they have concluded that the product has a reasonable prospect of meeting its investment objectives and that the product has a reasonable prospect of being a suitable investment for some clients. The product assessment requires a critical analysis of the features inherent in the product, and how those features affect the investment's potential risk and reward. Registrants should assess what factors may affect the success of the product, and should proceed only on the basis of some reasoned assessment of the product's actual potential.

Having the registered firm's approval for representatives to sell a product does not mean that the product will be suitable for all clients. Individual registrants should understand the structure, features, risks, fees and costs of each product they recommend to their clients to determine the suitability of each transaction.

CSA staff take the view that the KYP obligation is triggered not only by the particular attributes of a security, viewed in isolation, but also by the proposed quantum of the investment amount or the proposed trading strategy involving the security.

For example, an investment in a high-risk security may be suitable for a client where the proposed investment would represent a small portion of the client's investment portfolio. However, an investment in the same security may not be suitable for the client where the proposed investment would represent a substantial portion of the client's portfolio or where the proposed investment strategy involves leverage. If registrants choose to categorize products using broad categories such as "low risk", "medium risk" and "high risk", registrants should ensure that the categorizations are reasonable, and consistent with industry standards and client expectations. Registrants should carefully explain the meaning of these terms to the client in plain language terms and should document this process.

As well, registrants that choose to categorize investment objectives or trading strategies using terms such as "balanced" should ensure that these categorizations are reasonable, and consistent with industry standards and client expectations. Registrants should also carefully explain the meaning of these terms to the client in plain language terms and document this process.

2. Additional areas to consider when dealing with prospectus-exempt securities

The sale of prospectus-exempt securities poses a special KYP challenge for registrants. In Sawh and Trkulja, the Ontario Securities Commission reviewed the KYP obligation described in MSN-0048 and NI 31-103, and found that the registrants had failed to properly discharge their KYP obligation in the context of the sale of securities sold pursuant to prospectus exemptions. The Ontario Securities Commission was critical of the registrants' simple reliance on representations made in the offering memorandum and other documents provided to them by the issuer. The Ontario Securities Commission went on to add:

In our view, the Applicants' due diligence process was particularly inadequate in light of the fact that [the securities in question] were sold pursuant to exemptions under applicable securities legislation. Limited partnership units sold under an exemption from securities law do not benefit from the same transparency and liquidity characteristics or regulatory oversight as other products. For example, securities sold under an exemption will not be liquid investments. Offering memoranda are not prospectuses and are not subject to regulatory review. Given the absence of such safeguards, we find that the Applicants failed to conduct an adequate review of the Exempt Products.

In assessing products sold on a prospectus-exempt basis, registrants should also consider additional risks associated with:

• Liquidity risk, reflecting the fact that any resale of such securities may be subject to resale restrictions or indefinite hold periods and the fact that there will generally be no market for such resale,

• Valuation risk, reflecting the fact that the securities may be more difficult to value due to the lack of prospectus and continuous disclosure about the issuer, and

• Conflict of interest risk, reflecting the fact that the securities may be issued by a related party.

A failure to properly categorize a product may result in significant legal and regulatory risk to a registrant. See Re Trapeze Asset Management Inc. (2012) 35 O.S.C.B. 4322.

3. Reliance on third-party analysis and reports

We have recently identified a number of situations where issuers and registrants have distributed securities on the basis of marketing materials that include so-called "independent" analyses or reports prepared by unregistered third parties.

We have also seen cases where a registrant may choose to rely on a report prepared by a third-party as part of its own due diligence process; however, this does not relieve the registrant of its obligation to "know-the-product" and to conduct its own KYP and suitability analysis. Registrants should be particularly careful when relying on disclosure prepared by an issuer or a so-called "independent" report prepared by a third-party and commissioned by the issuer.

Where a registrant distributes a security on the basis of a third-party report that purports to "rate" a security, compare a security with other securities of other issuers, or describes an exempt market security as "investment grade", the registrant should perform its own product assessment to ensure that the report is fair, balanced and not misleading.

4. CSA Staff Notice 33-315 Suitability Obligation and Know-Your-Product

CSA Staff Notice 33-315 Suitability Obligations and Know-Your-Product dated September 2, 2009 reminds registrants of their duty under securities law to satisfy their suitability obligations, including the requirement to fully understand the products recommended to clients. In particular, the notice contains guidance on a firm's product review process, including procedures for identifying, reviewing and approving (or rejecting) new products, and for monitoring existing products for significant changes to those products.

--------------------

Suggested practices to satisfy the KYP obligation

Registrants should:

Have an in-depth understanding of each of the items listed below before recommending a product to clients:

- general features and structure -- including return, use of leverage, conflicts of interest, time horizon, overall complexity of the product.

- risks -- including the possibility that clients may lose some or all of the principal invested, liquidity risk, redemption risk, risks from underlying derivatives or structured product, conflicts of interest risk.

- costs -- including fees paid to registrants or other parties (commissions, sales charges, trailer fees, management fees, incentive fees, referral fees, embedded fees, executive compensation)

- parties involved -- including issuer's financial position and history, qualifications, reputation and track record of the parties involved in key aspects of the product, and

- legal and regulatory framework -- including frequency, completeness and accuracy of the issuer's disclosure.

Establish policies and procedures for reviewing and approving new products and existing products whose structure or features have significantly changed. The extent of the product review process will vary depending on the structure and features of the product. For example, complex investment products (including those that are novel, not transparent in structure, involve leverage, options, other derivatives, or have limited disclosure) may require a more extensive review than more straightforward products.

Carefully review offering documents or other documentation prepared by the issuer or other third parties and ask questions where appropriate. Products that are sold under a prospectus exemption may require a more extensive review because of the limited disclosure available about them. As part of their product due diligence, registrants should review and assess the information contained within the offering documents or other documentation prepared by the issuer or other third parties. If the information contained within does not contain sufficient information to allow the registrant to conduct a meaningful KYP assessment of the issuer and the product, the registrant will need to conduct further due diligence on the issuer and the product or refrain from dealing with that product.

Consider competitive products that may be less risky or less costly to clients. If competitive products are less risky or less costly, registrants should maintain adequate documentation to demonstrate the suitability of the product recommended.

Perform a conflict of interest assessment, particularly if a registrant is planning to distribute a product of a related issuer or connected issuer, where often the same individuals form the management of both the registrant and the issuer. Assess and determine whether the conflicts of interest can be adequately managed through disclosure or control. If not, a registrant should not distribute the product.

Assess suitability of leveraging strategies in light of the client's investment knowledge, risk tolerance, and investment objectives.

Provide training sessions to ensure that dealing representatives and advising representatives fully understand and are able to explain clearly the product features and risks to clients.

--------------------

Unacceptable practices

Registrants should not:

Fail to fully understand the structure and features of the products and recommend a product solely based on:

• information from issuers or other third parties, including related parties, about the product's suitability, risk profile or expected return,

• similarities with other products, or

• recommendations made by other market participants to their clients or by unregistered persons providing general advice.

Rely solely on a product being on the firm's "approved product list" rather than conducting a product analysis or understanding a product themselves.

--------------------

What is the basic suitability obligation?

NI 31-103

Section 13.3 of NI 31-103 requires a registrant to take reasonable steps to ensure that, before it makes a recommendation to, or accepts an instruction from, a client to buy or sell a security, or makes a purchase or sale of a security for a client's managed account, the purchase or sale is suitable for the client.

As explained in CP 31-103, suitability obligations cannot be:

• delegated to a third party,

• satisfied simply by disclosing the risks of the trade, or

• waived (except by investors that are "permitted clients" as defined in NI 31-103).

Some EMDs may have a relationship with the issuer (or other sellers of the securities). In some cases, these EMDs failed to recognize that the persons purchasing securities from these issuers or sellers were the EMD's clients and that the EMDs have obligations, including suitability obligations, to these purchasers. CSA staff reminds EMDs that it is a breach of their obligations, including their fair dealing obligations to prefer an issuer, seller or their own interests over an investor's interests.

Similarly, even if a registrant has determined that a prospectus exemption is available to the client this does not necessarily mean that the investment will be suitable for the client. The obligation to determine that a prospectus exemption is available is entirely separate and distinct from the obligation to determine that a proposed recommendation or client order is suitable for the client. A proposed trade or recommendation may be wholly unsuitable for a client in light of the client's time horizon, risk tolerance, existing portfolio composition, or other factors within the client's investment needs and objectives, notwithstanding the fact that the client is eligible to make the investment on a prospectus-exempt basis.

SRO rules

IIROC's suitability requirement is set out in IIROC Rule 1300.1, which requires dealer members to use due diligence to ensure that recommendations to clients regarding the purchase, sale, exchange, or holding or any security is suitable for the client based on factors including investment objectives, time horizon, risk tolerance and the account's current investment portfolio composition and risk level. IIROC Notice 12-0109 expands the suitability obligation and requires dealer members to ensure that the order type, trading strategy and method of financing the trade recommended are also suitable for the client.

Suitability guidance

1. Why is the suitability analysis so important?

As set out in this Notice, KYC, KYP, and suitability obligations are among the most fundamental obligations owed by registrants to their clients. These obligations are also cornerstones of our investor protection regime. Thus it is critical for registrants to fully comply with these obligations -- not only the securities law requirements themselves, but also with the spirit of the requirements. CSA staff will take appropriate regulatory action to ensure compliance.

We expect registrants to perform a meaningful suitability assessment and to appropriately document that assessment. The suitability assessment should be more than a mechanical fact-finding or "tick the box" exercise. It requires a meaningful dialogue with the client to obtain a solid understanding of the client's investment needs and objectives, and to explain how a proposed investment is suitable for the client in light of the clients' investment needs and objectives.

Suggested practices to satisfy the suitability obligation

Registrants should:

Consider all relevant KYC information (including, investment objectives, time horizon and risk tolerance) when assessing the suitability of an investment. For example, a client may have a high risk tolerance but also have a short term time horizon and therefore a high risk investment with redemption restrictions may not be suitable for that client.

Review each trade independently to ensure it is suitable. A registrant should not process a trade unless it is reviewed and approved. In addition, PMs should have an adequate process in place to monitor clients' portfolio holdings in accordance with their investment mandate.

Develop a system or process to identify and reject trades that are inconsistent with a client's investment needs and objectives. The firm should also monitor trends or patterns (for example, number of rejected trades by the Chief Compliance Officer for a particular dealing representative) that may indicate potential areas for training or revisions to processes to ensure compliance.

Provide adequate training to registered individuals to ensure they fully understand the suitability obligation and the firm's process for assessing suitability of investments.

--------------------

Unacceptable practices

Registrants should not:

Assume that all products that are set out on the firm's approved product list are suitable for every client.

Rely on out-of-date KYC or KYP information.

--------------------

2. How should a registrant demonstrate compliance with the suitability assessment?

In our compliance reviews, we found a number of instances where it was not clear that the registrant had conducted an appropriate KYC, KYP, or suitability determination due to inadequate, incomplete, or (in some cases) completely missing documentation. These instances constitute a breach of securities law requirements as sections 11.1 and 11.5 of NI 31-103 require registrants to establish, maintain and apply policies and procedures that establish a system of internal controls and supervision, and to maintain books and records that demonstrate the extent of the registrant's compliance with applicable securities law requirements. As well, a failure to document the KYC, KYP, and suitability process also significantly raises the risk of adverse legal and regulatory consequences to the registrant in the event a client's investment ultimately proves to be unsuitable. Therefore, it is critical that registrants establish policies and procedures and maintain adequate documentation to support their suitability analysis.

EMDs and PMs are specifically reminded to take extra care in complying with their KYC, KYP, and suitability obligations when dealing with clients who are seniors, on a fixed income, or who otherwise may be in a position of vulnerability. A loss from a registrant's failure to comply with these obligations may have particularly devastating consequences for these clients. CSA staff will take regulatory action, including enforcement action, in circumstances where registrants do not appropriately address the special needs of these clients.

SROs

Both IIROC and the MFDA have provided suitability guidance to their member firms on how to comply with their suitability assessment requirements including when to perform a suitability assessment and how to deal with unsuitable investments. For details, please refer to IIROC Notice 12-0109, IIROC Notice 12-0108 Client Relationship Model -- Guidance and MFDA Notice 69.

Suggested practices to demonstrate compliance with the suitability obligation

Registrants should:

Establish policies and procedures for assessing suitability of an investment (including the criteria used to assess suitability and when to perform a suitability assessment) and ensure that it is consistently applied across the firm. Some examples of criteria include risk tolerance, investment objectives, time horizon, concentration risk, and conflicts of interest. There should also be adequate controls and oversight in place to identify and respond to any conflicts of interest with any investment recommendation.

Maintain adequate documentation of the suitability analysis for each trade. A registrant should be able to demonstrate how each proposed trade was assessed for suitability.

Establish a process to periodically review a sample of client files to ensure that the suitability process is consistently applied throughout the firm. Results of the suitability review should be documented and independently reviewed by someone senior in the firm (like the CCO). Areas of non-compliance should be discussed with staff in a timely manner and highlighted in training sessions. If the review identifies significant compliance issues, they should be escalated to the UDP to ensure that corrective action is taken in a timely manner to resolve the issues.

3. How is the client-directed trade instruction appropriately used?

Section 13.3(2) of NI 31-103 provides that, if a client instructs a registrant to buy, sell or hold a security and in the registrant's reasonable opinion following the instruction would not be suitable for the client, the registrant should inform the client of the registrant's opinion and should not buy or sell the security unless the client instructs the registrant to proceed nonetheless (client-directed trade instruction).

The client-directed trade instruction is not meant to be an alternative to assessing client suitability in circumstances where clients have no other available exemptions, or where the trades likely would not be suitable for them. A registrant cannot actively promote a security (and thereby recommend the security) and then rely on boiler plate language to claim that the trade was a client-directed trade and is not recommended by the registrant.

During compliance reviews, we noticed that some registrants recommended that clients purchase securities of a single exempt market issuer (that in many cases was a related or connected issuer to the registrant) in an amount that accounted for a large portion (in some cases over 30%) of their net financial assets. Although there may be circumstances for a registrant to proceed with a client-directed trade, we identified that some EMDs may be inappropriately using the client-directed trade instruction in an attempt to circumvent the suitability obligation.

For example, we identified one EMD who distributed products of a related issuer that relied extensively on the use of a purported "client-directed trade instruction" in situations where there were strong grounds for concluding that the trades were unsuitable for their clients. Most of the clients signed KYC forms that indicated that they were non-AIs and that they were relying on the $150,000 minimum purchase exemption to purchase the securities. In many cases, the KYC form had the client-directed trade instruction "buried" at the end of the KYC form, and when asked by staff of the Ontario Securities Commission, the clients did not recall being asked to sign the instruction or any discussion over suitability with the EMD. As well, we have concerns about whether clients were fully aware of the impact of concentration risk in their portfolios which resulted from these client-directed trades.

In our view, this practice is not acceptable, nor is it consistent with the client-directed trade instruction, or the obligation to deal honestly, fairly and good faith in securities laws. In future reviews, we will consider further regulatory action in these circumstances.

Suitability and concentration of investments

Registrants should recognize that diversification is an important factor to consider when assessing suitability of investments. The lack of diversification may expose the clients to significant investment risks. For example, in selling securities of mortgage investment corporations, real estate investment trusts, or similar real estate linked products, the EMD should consider and discuss with the client whether the client's portfolio may be subject to undue concentration risk through over-concentration in:

• Securities of a single issuer, or group of related issuers, as compared to a broadly based portfolio of issuers,

• Securities of illiquid exempt market securities as compared to publicly traded securities, and

• Securities of an issuer, or group of related issuers, that provides exposure to a single industry or asset class (for example, real estate) as compared with a broadly based portfolio of issuers that provide exposure to diversified industries or asset classes.

Most CSA staff will consider investments (either individually or taken together with prior investments) in securities of a single issuer or group of related issuers that represent more than 10% of the investor's net financial assets as potentially raising suitability concerns due to concentration.

With respect to real estate-linked products, we expect that registrants (as part of meeting their KYC obligation) will discuss the potential risks associated with the product and the issuer, including risks that may arise from a downturn in the real estate market or other adverse changes in market conditions. For example, if the performance of a product is sensitive to a change in the residential or commercial market values or to the ability of the sub-prime borrower to meet their mortgage repayment obligations, the registrant should ensure that the client is aware of the potential impact on the performance of the product if market values were to fall.

Suggested Practices for client-directed trades

Registrants should:

Analyze whether the investment is suitable for an investor in light of the investor's investment needs, objectives, time horizon and/or concentration and form an opinion based on this analysis.

Inform the investor of their opinion that the proposed trade would not be suitable for the investor in light of the investor's investment needs, objectives, time horizon and/or concentration and provide the client with a written explanation of the basis for the registrant's opinion.

Maintain adequate documentation of the suitability analysis which demonstrates the documentation reviewed and the suitability analysis completed.

Maintain the investor's written instructions to proceed with the trade (assuming that the client still directs the registrant to purchase the investment).

Develop a separate disclosure document for the client-directed trade instruction and explain to the client how the client-trade instruction is used.

Assess the suitability of the client-directed trade considering the client's entire portfolio holdings within the same account for PMs accepting a client-directed trade.

Establish policies and procedures for ensuring that the client-directed trade instruction is appropriately used.

Provide adequate training to registered individuals to ensure they understand when a client-directed trade instruction can be used.

--------------------

Suggested practices relating to concentration of investments in client portfolios

Registrants should:

Consider and document reasonable concentration thresholds to ensure that a client's total investment in a particular stock (e.g. securities in a single issuer or related group of issuers), sector or industry does not exceed thresholds which would result in the investment being unsuitable. Registrants should consider a number of factors when determining the thresholds, for example the type of security, market conditions, and redemption restrictions. Generally, the higher the concentration in a particular investment in a stock sector or industry, the more steps the registrant should take (and appropriately document) to demonstrate that the investment was suitable for the client.

Establish written procedures to monitor and manage concentration risks in a client's portfolio. These procedures should be consistently applied to all client accounts.

Explain the concentration risk to the client and how it affects the overall account position if the proposed investment recommendation could result in a concentrated position. If the registrant determines that an investment is unsuitable for a client in light of the concentration risk and the client's investment needs and objectives, the registrant is required to inform the client that the proposed trade is unsuitable. If the client still wishes to invest in the security, see How is the client-directed trade instruction appropriately used?

--------------------

--------------------

Unacceptable practices

Use of client-directed trade instruction

Registrants should not:

Promote a security actively (and thereby recommend the security) and then rely on boiler plate language to claim that the trade was a client-directed trade and was not recommended by the registrant.

Determine that an exempt security is suitable for an investor solely because the investor qualifies for the prospectus exemption.

"Hide" or "bury" the client-directed trade instruction in the KYC form or other client documentation.

Suitability and concentration of investments

Registrants should not:

Fail to consider diversification as an important factor in their suitability determination.

Fail to have adequate procedures in place to monitor the concentration level of a client's investments or evaluate whether the portfolios are appropriately diversified in light of client's KYC information.

--------------------

Questions

If you have questions regarding this Notice, please refer them to any of the following:

Carlin Fung
Senior Accountant
Ontario Securities Commission
416-593-8226
 
Paul Hayward
Senior Legal Counsel
Ontario Securities Commission
416-593-3657
 
Allison Guy
Regulator Analyst
Alberta Securities Commission
403-297-3302
 
Eric Jacob
Director, Inspection Services
Autorité des marchés financiers
514-395-0337, ext. 4741
 
Janice Leung
Manager, Adviser/IFM Compliance
British Columbia Securities Commission
604-899-6752
 
Paula White
Manager Compliance and Oversight
The Manitoba Securities Commission
204- 945-5195
 
Craig Whalen
Manager of Licensing, Registration and Compliance
Office of the Superintendent of Securities
Government of Newfoundland and Labrador
709-729-5661
 
Mark McElman
Compliance Officer/Inspecteur
Financial and Consumer Services Commission (NB)
506-658-3116
 
Chris Pottie
Manager Compliance
Policy and Market Regulation Branch
Nova Scotia Securities Commission
902-424-5393
 
Steven D. Dowling
General Counsel
Office of the Superintendent of Securities, P.E.I.
902-368-4551
 
Liz Kutarna
Deputy Director, Capital Markets, Securities Division
Financial and Consumer Affairs Authority of Saskatchewan
306-787-5871
 
Rhonda Horte
Deputy Superintendent
Office of the Yukon Superintendent of Securities
867-667-5466
 
Donn MacDougall
Deputy Superintendent, Legal & Enforcement
Office of the Superintendent of Securities
Government of the Northwest Territories
867-920-8984
 
Louis Arki
Director, Legal Registries
Department of Justice
Government of Nunavut
867-975-6587