OSC Staff Notice 33-740
Report on the results of the 2012 targeted review of portfolio managers and exempt market dealers to assess compliance with the know-your-client, know-your-product and suitability obligations
May 30, 2013
Purpose of this Notice
Staff of the Compliance and Registrant Regulation Branch (Staff or we) of the Ontario Securities Commission (OSC) recently conducted a targeted review (Sweep) of 87 portfolio managers (PMs) and exempt market dealers (EMDs) to assess their compliance with know-your-client (KYC), know-your-product (KYP), and suitability obligations under National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations (NI 31-103). This notice provides a summary of our findings.
We strongly encourage PMs and EMDs to use this report to improve their understanding of KYC, KYP and suitability obligations under NI 31-103. We also suggest that PMs and EMDs use this report as a self-assessment tool to strengthen their compliance with Ontario securities law.
In June 2012, we commenced a Sweep of 87 PMs and EMDs in respect of which Ontario is the principal regulator to assess their compliance with KYC, KYP, and suitability obligations. The Sweep was the largest targeted review ever performed by Staff.
The KYC, KYP, and suitability obligations are among the most fundamental obligations owed by registrants to their clients, and are cornerstones of the OSC's investor protection regime. Despite the importance of these obligations, in recent years Staff has identified a number of significant suitability compliance issues on the part of registrants under OSC direct oversight.
Purposes of the Sweep
The purposes of the Sweep were to:
• review and assess PMs' and EMDs' compliance with KYC, KYP, and suitability obligations and to take appropriate regulatory action where serious breaches were identified,
• enhance Staff's knowledge regarding registrants' compliance with KYC, KYP, and suitability obligations and to determine whether there is a need for additional guidance, and
• highlight to PMs and EMDs the fundamental importance of these obligations and improve the level of compliance and investor protection.
Of the total of 87 firms, 42 were PMs and 45 were registered solely as EMDs (sole EMDs). Firms that are registered as both PMs and EMDs are included in the PM results below.
Of the 42 PMs included in the Sweep:
• 21 (50%) were small-sized firms, 17 (40%) were medium-sized firms, and 4 (10%) were large-sized firms,
• the firms collectively had 31,345 clients and $35 billion in assets under management,
• 16 firms (38%) were registered in another category of registration (such as EMD or investment fund manager) and 26 (62%) were sole PMs, and
• 606 client files were reviewed and 99 clients were contacted as part of Staff's new approach of calling clients to confirm the information provided by their registrant firm.
The 42 PM firms used a wide variety of investment strategies including:
• long Canadian and US equities,
• conservative strategies -- large cap stocks and fixed income securities,
• balanced -- investment grade bonds and equities, and
• exchange-traded funds and index funds only, etc.
Of the 45 EMDs included in the Sweep:
• 33 (73%) were small-sized firms and 12 (27%) were medium-sized firms,
• 159 different products were distributed, of which 25 were products of related issuers and 20 were real estate products, and
• 582 client files were reviewed and 111 clients were contacted.
The 45 EMDs operated in two business models:
• product distribution -- distributor of exempt products (22 EMDs), and
• capital raising -- provided advice on capital structuring to raise financing and distribute private placement (23 EMDs).
Major findings from the Sweep
The major findings from the Sweep, outlined below, detail substantive issues with registrants' compliance practices that are unacceptable in Staff's opinion. Although our findings are shown by category of registration, we recommend that PMs and EMDs review all of the major findings outlined below as some of the information presented under the other category of registration may also be relevant to them.
Major findings on reviews of EMDs
The following were the major findings from Staff's reviews of 45 EMDs:
• EMDs selling securities to one or more clients that were non-accredited investors (without another exemption being available) (18% of EMDs reviewed),
• inadequate suitability assessments due to over-concentration (i.e., investors investing a significant percentage of their portfolio in one security) (15%),
• inadequate suitability assessments due to inadequate documentation on how suitability determination made (22%),
• misuse of a client-directed trade instruction (2%),
• inappropriate disclaimer language in client documentation (4%),
• improper delegation of KYC and suitability obligation to third parties (6%),
• inadequate relationship disclosure information (45%),
• no or inadequate policies and procedures (45%), and
• inadequate processes for the collection, documentation and maintenance of KYC information (75%).
1. Selling exempt securities to non-accredited investors
We identified 26 investors (out of a total of 582 client files reviewed) at eight of the 45 EMDs reviewed (18% of EMDs reviewed) where the EMDs appeared to have sold securities to investors who did not qualify as accredited investors (and without another prospectus exemption being available). These investors purchased a total of approximately $1.7 million in securities.
Where we identified a case of apparent non-compliance with the accredited investor exemption (AI exemption) in National Instrument 45-106 Prospectus and Registration Exemptions (NI 45-106), we took steps to determine the extent of the apparent non-compliance and the causes of such non-compliance. In those cases where it was confirmed that clients were not accredited investors (non-AIs) (either through confirmation by the registrant or through calling the clients), registrants were required to explain what steps they intended to take to address the non-compliance.
In most cases, the EMD advised that they would contact the clients, advise the clients that they had determined that the relevant trades had been made in breach of securities law requirements, and that the EMDs proposed to redeem the investments and refund the proceeds to investors.
Where we were satisfied that the non-compliance with the AI exemption did not represent intentional non-compliance, the EMD had taken appropriate steps to redeem the investments or otherwise resolve the matter, and the EMD had revised the KYC collection process to ensure compliance on a going-forward basis, we did not recommend further regulatory action.
However, in the review of one EMD, we found significant issues that were pervasive in nature (including selling securities to non-AIs) and we have recommended further regulatory action.
2. Inadequate suitability assessment
Another area of concern identified by Staff related to inadequate suitability assessments by EMDs in relation to investment products sold to clients.
In most cases (22%), these concerns primarily related to poor documentation practices (i.e., the EMD was unable to initially demonstrate how it determined the investment product was suitable for the client). However, the EMD was subsequently able to provide Staff with information that supported the suitability assessment.
However, in 15% of the EMDs reviewed, Staff identified cases where EMDs appeared to have sold unsuitable investments to some clients (including investments that were unsuitable due to concentration risk). These cases primarily involved mortgage investment corporations (MICs) or mortgage investment entities (MIEs).
In these cases, we noted the following:
• Some clients invested a large portion (over 30%) of their net financial assets in a single exempt product. This raises concerns as to whether the investments were suitable for them due to concentration.
• Some EMDs appear to be encouraging non-AIs to invest a high proportion of their investable assets in a single product solely to allow the EMD to distribute the product to the investor in reliance on the $150,000 minimum amount prospectus exemption (the minimum amount exemption) in NI 45-106.
• One EMD who distributed products of a related issuer extensively relied on the use of a client-directed trade instruction in situations where the trades were considered unsuitable for their clients.
We have identified these concerns as significant deficiencies with the EMDs in question and are considering further regulatory action with respect to these EMDs. We are also considering whether concentration "limits" for individual investments in a client account should be imposed, particularly when investments are purchased under the $150,000 minimum amount exemption. As indicated in CSA Staff Consultation Note 45-401 Review of Minimum Amount and Accredited Investor Exemptions, staff of the Canadian Securities Administrators (CSA) are reviewing, among other exemptions, the minimum amount exemption and may propose amendments to, or the repeal of, this exemption. The outcomes of this review will inform staff's recommendations on the minimum amount exemption. In the meantime, we will raise comments with EMDs that use the minimum amount exemption in circumstances where the investment made represents more than 10% of the client's net financial assets to confirm that the EMDs are in compliance with their suitability obligations.
3. Misuse of a client-directed trade instruction
We are concerned that certain EMDs may be inappropriately relying on subsection 13.3(2) of NI 31-103 in an attempt to avoid the suitability determination obligation.
Subsection 13.3(2) states that
If a client instructs a registrant to buy, sell or hold a security and in the registrant's reasonable opinion following the instruction would not be suitable for the client, the registrant must inform the client of the registrant's opinion, and must not buy or sell the security unless the client instructs the registrant to proceed nonetheless.
We identified that one EMD who distributed products of a related issuer that extensively relied on the use of a purported "client-directed trade instruction" in situations where there were strong grounds for concluding that the trades were unsuitable for their clients. Most of these clients signed KYC forms that indicated that they were non-AIs and that they were relying on the minimum purchase exemption (the $150,000 minimum amount exemption) to purchase the securities. In many cases, the KYC form had the client-directed trade instruction "buried" at the end of the KYC form.
In our view, this practice is not acceptable, nor is it consistent with the requirement of subsection 13.3(2) of NI 31-103 or the obligation to deal honestly, fairly and good faith in OSC Rule 31-505 Conditions of Registration (OSC Rule 31-505). The client-directed trade instruction is not meant to be an alternative to assessing client suitability in circumstances where the clients have no other available exemptions, or where the trades likely would not be suitable for them.
We require firms to demonstrate with appropriate supporting documentation that
(a) it has analyzed whether the particular investment is suitable for the particular investor in light of the investor's investment needs, objectives, risk profile, time horizon, and other relevant criteria (collectively, investment needs and objectives), and formed an opinion based on this analysis;
(b) it has informed the investor of its opinion that the proposed trade would not be suitable for the investor in light of the investor's particular investment needs and objectives; and
(c) the investor, after having received the firm's opinion that the proposed trade would not be suitable for the investor in light of the investor's investment needs and objectives, has nonetheless instructed the firm in writing to proceed with the trade.
A registrant cannot actively promote a security (and thereby recommend the security) and then rely on boiler plate language to say this was a client-directed trade and is not recommended by the registrant. This is not acceptable and Staff will consider further regulatory action in these circumstances.
Staff also has concerns about the use of the minimum purchase exemption in these circumstances since many of the clients purchasing the securities had a significant concentration of their net financial assets (e.g., over 30%) invested in the related issuer. During Staff's calls with some of these clients, we confirmed that they were not aware they had initiated a client-directed trade, nor was there any discussion of the suitability of investments in the related issuer of the EMD.
4. Inappropriate disclaimer language in client documentation
We also found a number of situations where EMDs had purported to limit their liability for breaches of suitability or other obligations through the inclusion of limitation of liability language in the KYC form or other client documentation. One EMD had included the following disclaimer in its KYC form:
I agree that [the EMD]'s liability will be limited to the fees earned in the event [the EMD] is found through a legal proceeding to be liable for losses on investments or products purchased through it.
We are of the view that, although there may be circumstances where a limitation of liability provision may be reasonable (e.g., in a commercial agreement between two sophisticated parties), this type of blanket disclaimer language which purports to limit liability for all losses, including losses resulting from a breach by the registrant of the registrant's obligations under Ontario securities law, is not appropriate.
Where we found cases of inappropriate disclaimer language in KYC forms or other client documentation, we directed the registrant to:
• remove the disclaimer language from the KYC form or other client documentation for new clients, and
• send a letter to all existing clients (who had previously been provided with a KYC form containing this language) to advise them that this disclaimer language had been removed and that the registrant would not seek to rely on this limitation of liability.
5. Improper delegation of KYC and suitability obligation to another third party
Approximately 6% of the EMDs reviewed (three EMDs) did not meet with some of their clients to collect KYC information and explain the product features or risks to their clients, or they delegated their KYC and suitability obligations to a third party. In some cases, we confirmed these practices through calling investors. Some investors advised that they had never met with a dealing representative or anyone else at the registrant. In one case, the EMD had a referral arrangement with an unregistered entity whose role should have been limited to referring clients to the EMD. However, in practice, the unregistered entity was meeting with clients, collecting KYC information, and explaining the product features to clients.
Staff's view is that these practices are contrary to securities law as registrants may not delegate their KYC and suitability obligations to other parties. We are taking regulatory action on the unregistered entity that was conducting registerable activities without appropriate registration.
6. Inadequate relationship disclosure information
Almost 45% of the EMDs reviewed did not provide adequate relationship disclosure information to their clients because they did not disclose to their clients that they had a suitability obligation to them under subsection 14.2 of NI 31-103. Although they did not provide adequate disclosure to their clients about their suitability obligations, the EMDs reviewed were generally aware of their suitability obligations to their clients.
7. No or inadequate policies and procedures
Almost 45% of the EMDs reviewed either had no written policies and procedures on KYC, KYP, or suitability practices, or their policies and procedures were inadequate. For example, there were no procedures for reviewing and approving investments before making recommendations to clients (including a list of criteria to accept or reject an investment), etc. The EMDs reviewed generally had processes in place to collect KYC information, review products (KYP), and assess suitability; however, these procedures were not documented in their policies and procedures manuals. EMDs should develop, maintain up-to-date and enforce policies and procedures to ensure compliance with securities law.
8. Inadequate process for collection, documentation and maintenance of KYC information
Over 75% of the EMDs reviewed were deficient in collecting, documenting or maintaining adequate KYC information.
Most EMDs used a standard KYC form to collect and document KYC information. As well, most EMDs did not have an adequate process in place to collect, document and maintain KYC information. For example, EMDs did not ensure that all clients completed KYC forms or that all information on the KYC forms was completed. We saw KYC forms missing information on investment objectives, net worth, and net assets, etc. In some cases, even if the KYC forms were completed, the KYC forms were inadequate because they did not contain required information such as risk tolerance or liquidity needs. Staff's view is that, in order to comply with subsection 13.2(4) of NI 31-103, which requires a registrant to take reasonable steps to keep KYC information current, KYC information should be updated at least annually and more often if the client has a significant life event such as a marriage, divorce, birth of a child, loss of or change in employment, etc. We also believe that KYC forms should be signed and dated by clients (and by the registrant that reviewed the KYC information with the client). As well, the KYC information collected by some EMDs was not specific enough to demonstrate compliance with the AI exemption or to assess suitability of investments. For example, the highest "bands" for net worth on the KYC form were "greater than $1 million" or "annual income greater than $150,000". There was also no evidence of review of KYC forms in approximately 20% of the EMDs reviewed.
We verified the accuracy of KYC information through our calls to investors. In approximately 7% of the client calls, the information provided by the client was not consistent with the KYC information maintained by the EMD. For example, some investors told us that their net financial assets were less than $1 million or that their net financial assets incorrectly included their principal residence, but the KYC forms indicated that their net financial assets were over $1 million. In most cases, the EMD advised that they would contact the clients, advise the clients that they had determined that the relevant trades had been made in breach of securities law requirements, and that the EMDs proposed to redeem the investments and refund the proceeds to investors.
Major findings on reviews of PMs
The following were the major findings from Staff's reviews of 42 PMs:
• inadequate suitability assessments (5%),
• inadequate relationship disclosure information (45%),
• inadequate processes for the collection, documentation and maintenance of KYC information (70% of PMs reviewed), and
• inadequate policies and procedures (35%).
The Sweep results indicated that most PMs were generally complying with their obligations, but additional work is required to increase the adequacy of suitability assessments.
1. Inadequate suitability assessments
Approximately 5% of the PMs reviewed were deficient in this area. As a result, investments made by some PMs for their discretionary account clients may be unsuitable. In one case, the PM sold securities of its related start-up business to its managed account clients in order to fund the operations of the start-up. The start-up business has no revenue or current assets, and has been paying a management fee to the PM which has not been disclosed to investors. We have taken further regulatory action in this case.
2. Inadequate relationship disclosure information
Over 45% of the PMs reviewed did not provide adequate relationship disclosure information to their clients because they did not disclose to their clients that they have a suitability obligation under subsection 14.2 of NI 31-103. Although they did not provide adequate disclosure to their clients about their suitability obligations, the PMs reviewed were generally aware of their suitability obligations to their clients.
3. Inadequate process on collection, documentation and maintenance of KYC information
Over 70% of the PMs reviewed were deficient in this area. Many PMs are using a standard KYC form or questionnaire to collect and document KYC information. However, most PMs did not have an adequate process in place to collect, document and maintain KYC information. For example, they did not ensure that all their clients completed the KYC form or all information on the KYC form was completed. On the KYC forms reviewed, we saw missing information regarding investment objectives, risk tolerance, investment knowledge, etc.
As well, approximately 50% of PMs did not have a process in place to update KYC information at least annually. However, based on discussions with these PMs, they appeared to be knowledgeable about their clients and had periodic meetings with them to discuss their portfolios. Staff's view is that KYC information should be updated at least annually and more often if the client has a significant life event such as a marriage, divorce, birth of a child, loss of or change in employment, etc. We also believe that KYC forms should be signed and dated by clients (and by the registrant that reviewed the KYC information with the client).
4. Inadequate policies and procedures
Approximately 35% of the PM reviewed had inadequate written policies and procedures on KYC, KYP, or suitability obligations. For example, there were inadequate procedures relating to suitability of investments and trades for clients. Nor were there guidelines on using risky investment strategies such as short-selling, margining and use of derivatives, etc.
Outcomes of the Sweep
About 62% of the registrants reviewed were issued deficiency reports where more than 30% of the identified deficiencies were characterised as significant deficiencies. Significant deficiencies require the registrant to inform Staff how they will remediate the finding and provide a timetable for completion. We will continue to closely monitor the responses from these registrants and, in appropriate cases, may conduct follow-up reviews.
In two cases, one EMD and one PM, we identified a large number of significant deficiencies which raise significant investor protection concerns. We have taken further regulatory action in both cases.
In addition, three registrants (two EMDs and one PM) discontinued their operations after our review. Although they have ceased operations, we are still requiring the firms to provide us with written responses to our deficiency reports to ensure that all significant deficiencies are addressed to our satisfaction.
Overall, we believe the Sweep was effective in enhancing compliance as registrants took corrective action to rectify the deficiencies and to improve their overall compliance systems.
The following chart shows the various outcomes of the Sweep:
In our view, the Sweep represented an important step in improving PMs' and EMDs' compliance with KYC, KYP and suitability obligations and we will continue our ongoing emphasis on these fundamental registrant obligations. Where we identify significant compliance issues in these areas, we will take appropriate regulatory action. As well, we intend to pay particular attention to PMs and EMDs selling exempt securities to non-accredited investors, relying on purported "client-directed trade instructions", or selling investments under the $150,000 minimum amount exemption when the investment represents more than 10% of the client's net financial assets.
We plan on issuing guidance to registrants over the next several months. The guidance will include "best practices" in the areas of KYC, KYP, and suitability and will also highlight examples of "unacceptable practices" to assist registrants in complying with existing requirements in these areas. The industry report will, to the extent possible, incorporate recent guidance in the areas of KYC, KYP, and suitability published by the Mutual Fund Dealers Association of Canada and Investment Industry Regulatory Organization of Canada. In the meantime, registrants should use this report as a self-assessment tool to assess their KYC, KYP and suitability practices to determine if changes are required.
If you have any questions regarding the contents of this Notice, please refer them to any of the following: