Keeping up with IIROC Reforms

Canadian firms have an evolving regulatory landscape to respond to in 2020 and beyond.
Author photo
by Chris May on May 1, 2020


While Regulation Best Interest (Reg BI) garners much attention in the US market, Canadian firms also need to be modifying their approach to customer interactions. As highlighted in their December 2019 Compliance Report, IIROC is sharpening its attention on client-focused reforms (CFRs) with new rule changes and review focus over the next few years.

We have compiled some areas of attention for Canadian firms to help prepare for this new posture.

1. Continue to prioritize focus on Client Focused Behaviours

For over a half decade, Canadian regulatory have been increasing the focus on communication and practices with retail customers – in general, part of the shift towards more Client Focus Reforms.

2. Monitor Progress of Reg BI reforms in the US

Canadian firms should be mindful of the evolution of the Reg BI efforts in the US market as they reflect a continued trend in global retail wealth markets towards aggressive customer protections around agency behaviours and advice. A clear move towards a) full disclosure of conflicts of interest; b) explicit shift in behaviour to acting in the best interest of the client – both at the time of recommendation and after; and c) efforts to eliminate, at the institutional level, explicit and implicit sources of conflict. This would include compensation programs and sales management practices. Additionally, firms should demonstrate extra vigilance around customer communications. While not all communications constitute a recommendation, almost all communications constitute additional information that should influence and inform Best Interest context.

3. Don’t think it is ‘job done’ on better communication and reporting

IIROC has remined firms that beginning in 2020, it will be taking a more specific focus on examining “the timeliness and accuracy of reporting obligations”. Firms would be advised to approach their customer communication and reporting capabilities as an area for constant investment. Increased transparency and reduced obfuscation combined with a determined effort to eliminate industry jargon in favour of customer friendly plain English must remain priorities. Further, these efforts don’t stop at official notifications and statements, but must include ALL points and media of interaction, including human interactions.

4. Look for new and innovative approaches

IIROC acknowledges that the CFR is a significant change in business practices for the industry. Firms should look for innovative approaches to respond to the CFR. IIROC has signaled a willingness to reward innovators within this new regulatory framework. Elsa Rensella, the IIROC’s Senior Vice-President, Enforcement and Registration, stated in a recent report “IIROC must continue to ensure its compliance activities support industry innovation and accommodate the evolving business models of the firms we regulate so that Canadians can continue to access the financial products and services they want and need.”

Innovation can be approached from a number of vectors. Creativity in how business processes are defined and supported, identification of tools to reduce friction in advice reaching customers, as well as investments in leveraging innovative technologies to reduce compliance load will go a long way in aligning to CFR objectives efficiently and effectively.

5. Re-double effort to increase digital capabilities and expectations for Advisors

Customers are leading in their digital engagement expectations and behaviours and firms are struggling to catch up. The posture of many firms remains ‘this is WHAT we support’ versus ‘how can we support THAT’. Any barrier to an advisor engaging with a customer or the customer disclosing relevant information creates both a poor customer experience and potentially limits the advisor in gaining access to information that would be relevant to providing advice in the customer’s best interest. With more digital documentation and recordkeeping and increased digital communication channels, each client’s unique goals and expectations can be communicated more clearly and made more accessible to management. Digital supports better analysis for risk management and talent coaching and development, resulting in better client relationships over the long term.

6. Expand product due diligence efforts

Firms should evaluate their product due diligence programs to ensure that all products are fully vetted from a regulatory, risk, and business perspective. Firms should also recognize that the exclusion of a quality product is potentially just as problematic as inclusion of products that don’t meet due diligence standards. A bias to PROACTIVELY building a shelf of strong products with good breadth should guide firms, rather than simply creating barriers to products that don’t meet standards. Due diligence should include sufficient ongoing monitoring of strength of the shelf as well as the individual products on it. Additionally, firms would be advised to balance their reliance on third-party product consulting firms with their own teams, to strengthen their product management and due diligence programs. Internal efforts to ensure front-line staff have adequate education and training to augment knowledge of products will help ensure appropriate client recommendations. Care should be taken to rapidly perform due diligence on any products transferred into the firm from another registrant.

7. Enhance Cybersecurity Measures

Implementing a superior cybersecurity system should be a top-level priority for all firms in 2020. The report details efforts made by IIROC to “support cybersecurity resiliency” by touching on how they have “implemented rules to require mandatory reporting to the IIROC by firms about certain cybersecurity incidents”. In addition, this will be the first year that IIROC has “incorporated cybersecurity risk into its compliance risk model,” making it subject to much more regulatory scrutiny than in the past. Firms can mitigate risk and create resilience by categorizing data more effectively, monitoring data at a granular level, and conducting routine impact assessments to identify vulnerabilities. And because humans are almost always the weak link in all cybersecurity programs, firms should double down on education and support for enhancing the cybersecurity readiness of their staff. To make for smoother cybersecurity audits, make sure there is strong traceability between the regulations and the corresponding policies and controls that exist within your organization.