Investment Industry Regulatory Organization of Canada – s. 144 of the Act and s. 78(1) of the CFA

Order

Headnote

Variation and restatement of recognition order of a self-regulatory organization to clarify and update reporting requirements.

Statutes Cited

Commodity Futures Act, R.S.O. 1990, c. C.20, as am., s. 78(1).

Securities Act, R.S.O. 1990, c. S.5, as am., s. 144.

IN THE MATTER OF THE SECURITIES ACT, R.S.O 1990, CHAPTER S.5, AS AMENDED (the "Act") AND IN THE MATTER OF THE COMMODITY FUTURES ACT, R.S.O. 1990, CHAPTER C.20, AS AMENDED (the "CFA") AND IN THE MATTER OF INVESTMENT INDUSTRY REGULATORY ORGANIZATION OF CANADA ("IIROC")

VARIATION AND RESTATEMENT OF RECOGNITION ORDER (Section 144 of the Act and Subsection 78(1) of the CFA)

WHEREAS the Commission issued an order dated May 16, 2008, as amended on May 28, 2010, recognizing IIROC as a self-regulatory organization pursuant to section 21.1 of the Act and subsection 16(1) of the CFA ("Previous Order");

AND WHEREAS the Commission has determined that it is not prejudicial to the public interest to issue an order that varies and restates the Previous Order to amend Appendix A and Schedule 2 to clarify and update IIROC's reporting requirements;

IT IS ORDERED pursuant to section 144 of the Act and subsection 78(1) of the CFA that the Previous Order be varied and restated as follows:

 

IN THE MATTER OF THE SECURITIES ACT, R.S.O. 1990, CHAPTER S.5, AS AMENDED (the ACT) AND IN THE MATTER OF THE COMMODITY FUTURES ACT, R.S.O. 1990, CHAPTER C.20, AS AMENDED (the "CFA") AND IN THE MATTER OF INVESTMENT INDUSTRY REGULATORY ORGANIZATION OF CANADA (IIROC)

RECOGNITION ORDER (Subsection 21.1(1) of the Act and Subsection 16(1) of the CFA)

The Investment Dealers Association of Canada (the IDA) had been recognized by the Alberta Securities Commission, British Columbia Securities Commission, Manitoba Securities Commission, Nova Scotia Securities Commission, Ontario Securities Commission, Saskatchewan Financial Services Commission, the Financial Services Regulation Division, Department of Government Services, Consumer & Commercial Affairs Branch (Newfoundland and Labrador) and the Autorité des marchés financiers (Québec), and had applied to the New Brunswick Securities Commission for recognition (together with the Securities Office, Consumer, Corporate and Insurance Services Division, Office of the Attorney General (Prince Edward Island), (the Recognizing Regulators) as a self-regulatory organization or self-regulatory body pursuant to applicable legislation.

Market Regulation Services Inc. (RS) had been recognized by the Autorité des marchés financiers (Québec) and the Alberta Securities Commission, British Columbia Securities Commission, Manitoba Securities Commission and Ontario Securities Commission as a self-regulatory organization or self-regulatory body pursuant to applicable securities legislation.

The IDA and RS agreed to combine their operations into IIROC.

IIROC will, among other things:

a. regulate investment dealers, including alternative trading systems (ATSs) and futures commission merchants (Dealer Members);

b. if retained by an ATS pursuant to National Instrument 23-101 Trading Rules, regulate the ATS as a Marketplace Member (defined below) and the subscribers of the ATS;

c. establish, administer and monitor its rules, policies and other similar instruments (Rules);

d. enforce compliance with its Rules by Dealer Members and others subject to its jurisdiction;

e. provide services to exchanges and quotation and trade reporting systems (QTRSs) (together with ATSs, Marketplace Members) that choose to retain it as a regulation services provider, as that term is defined under National Instrument 21-101 Marketplace Operation;

f. if retained by an exchange or QTRS, administer, monitor and/or enforce rules pursuant to a regulation services agreement between IIROC and that exchange or QTRS (RSA);

g. conduct certain functions delegated to it by Recognizing Regulators, including registration functions; and

h. perform investigation and enforcement functions on behalf of the IDA and RS for as long as each of the IDA and RS continues to be recognized by the Commission as a self-regulatory organization or a self-regulatory body.

On April 30, 2008, the Board of IIROC adopted the rules and policies of RS and the regulatory By-laws, Regulations, Forms and Policies of the IDA that were in force and effect at that time, subject to incidental conforming changes made to ensure consistency, and the Hearing Committees and Hearing Panels Rule as the Rules.

On April 30, 2008, the Board of IIROC adopted the market integrity notices issued by RS and all regulatory notices, bulletins, directives and guidance provided by the IDA that were in effect at that time.

IIROC applied to the Ontario Securities Commission (Commission) and the other Recognizing Regulators for recognition as a self-regulatory organization pursuant to subsection 21.1(1) of the Act and subsection 16(1) of the CFA.

The Commission issued an order dated May 16, 2008 and effective on June 1, 2008, recognizing IIROC as a self-regulatory organization pursuant to subsection 21.1(1) of the Act and subsection 16(1) of the CFA.

IIROC applied on May 14, 2010, to amend Appendix A of the order dated May 16, 2008, to: (i) extend the time for IIROC to develop an integrated fee model and submit it for approval with the Commission and (ii) extend the time IIROC must provide written quarterly reports on the status of the development of the fee model.

The Commission issued an order dated May 16, 2008, as amended on May 28, 2010, amending Appendix A pursuant to section 144 of the Act and subsection 16(1) of the CFA (Previous Order).

The Executive Director applied on February 6, 2018, to amend Appendix A and Schedule 2 of the Previous Order to clarify and update IIROC's reporting requirements.

The Commission is satisfied that continuing to recognize IIROC as a self-regulatory organization, subject to the terms and conditions set out in Appendix A, is not prejudicial to the public interest.

The Commission hereby continues to recognize IIROC as a self-regulatory organization pursuant to section 21.1 of the Act and subsection 16(1) of the CFA on the terms and conditions set out in Appendix A and the applicable provisions of the Memorandum of Understanding between the Recognizing Regulators, as amended from time to time (MOU).

Dated May 16, 2008, as amended on May 28, 2010 and March 9, 2018.

"Tim Moseley"
"D. Grant Vingoe"
Commissioner
Commissioner
Ontario Securities Commission
Ontario Securities Commission

 

APPENDIX A

TERMS AND CONDITIONS

1. Recognition Criteria

IIROC must continue to meet the criteria attached at Schedule 1.

2. Approval of Changes

a. Prior Commission approval is required for any changes to the following:

(i) the corporate governance structure of IIROC, as reflected in IIROC's By-law No. 1 (By-law No. 1);

(ii) letters patent of IIROC, and any supplementary letters patent; and

(iii) the assignment, transfer, delegation or sub-contracting of the performance of all or a substantial part of its regulatory functions or responsibilities as a self-regulatory organization.

b. Prior Commission approval is required for material changes to the following:

(i) the fee model;

(ii) the functions IIROC performs;

(iii) IIROC's organizational structure;

(iv) the activities, responsibilities, and authority of the District Councils; and

(v) the Regulation Services Agreement between IIROC and any Marketplace Member.

3. Status

a. IIROC must operate on a not-for-profit basis.

b. IIROC must comply with any terms and conditions the Commission may impose in the public interest concerning any transaction that would result in IIROC:

(i) ceasing to perform its services;

(ii) discontinuing, suspending or winding-up all or a significant portion of its operations;

(iii) disposing of all or substantially all of its assets; or

(iv) terminating its agreement with an information technology service provider providing critical technology systems.

4. Rules and Rule-Making

IIROC must comply with the process for filing and obtaining Commission approval for by-laws, Rules and any amendments to by-laws or Rules as outlined in Appendix A of the MOU, as amended from time to time.

5. Governance

a. IIROC must:

(i) ensure that at least 50% of its board of directors (Board), other than the President of IIROC, are independent directors as defined in By-law No. 1;

(ii) ensure that one of the directors represents an exchange or ATS that is not affiliated with a marketplace

(A) that retains IIROC, and

(B) has at least a 40% Market Share as defined in By-law No. 1 (Market Share); and

(iii) review the corporate governance structure, including the composition of the Board, at the request of the Commission,

to ensure that there is a proper balance between, and effective representation of, the public interest and the interests of marketplaces, dealers and other entities desiring access to the services provided by IIROC.

6. Due Process

Subject to applicable law and the Rules and by-laws of IIROC, before rendering a decision that affects the rights of a person or company in relation to membership, registration or enforcement matters, IIROC must provide that person or company an opportunity to be heard.

7. Performance of Regulatory Functions

a. IIROC must set Rules governing its members and others subject to its jurisdiction.

b. IIROC must administer and monitor compliance with the Rules and securities laws by members and others subject to its jurisdiction and enforce compliance with the Rules by Dealer Members, including ATSs, and others subject to its jurisdiction.

c. If retained by an exchange or QTRS, IIROC must administer, monitor and/or enforce rules pursuant to an RSA.

d. IIROC must, subject to applicable legislation, collect, use and disclose personal information only to the extent reasonably necessary to carry out its regulatory activities and mandate.

e. IIROC must ensure that it is accessible for contact by the public for purposes relating to the performance of its functions as a self-regulatory organization.

f. IIROC must publish concurrently in English and French each document issued to the public or generally to any class of members.

g. IIROC must adopt policies and procedures designed to ensure that confidential information about its operations or those of any Dealer Member, Marketplace Member or marketplace participant is maintained in confidence and not shared inappropriately with other persons, and must use all reasonable efforts to comply with these policies and procedures.

h. IIROC must, at least annually, self-assess IIROC's performance of its regulatory responsibilities, and report thereon to its Board, together with any recommendations for improvements.

8. Use of Fines and Settlements

All fines collected by IIROC and all payments made under settlement agreements entered into with IIROC may be used only as follows:

a. as approved by the Corporate Governance Committee,

(i) for the development of systems or other non-recurring capital expenditures that are necessary to address emerging regulatory issues resulting from changing market conditions and are directly related to protecting investors and the integrity of the capital markets;

(ii) for the education of securities market participants and members of the public about or research into investing, financial matters or the operation or regulation of securities markets;

(iii) to contribute to a non-profit, tax-exempt organization, the purposes of which include protection of investors, or those described in paragraph (a)(ii); or

b. for reasonable costs associated with the administration of IIROC's hearing panels.

9. Disciplinary Matters

a. Subject to paragraph (b), IIROC must

(i) promptly notify the public and the news media of:

(A) the specifics relating to each disciplinary or settlement hearing once the hearing date is set, and

(B) the terms of each settlement and the disposition of each disciplinary action once the terms or disposition is determined; and

(ii) ensure that disciplinary and settlement hearings are open to the public and the news media.

b. Despite paragraph (a), IIROC may, on its own initiative or on request, order a closed-door hearing or prohibit the publication or release of information or documents if it determines that it is required for the protection of confidential matters. IIROC must establish written criteria for making a determination of confidentiality.

10. Capacity and Integrity of Systems

a. IIROC must

(i) ensure that each of IIROC's critical systems, including its technology systems, has

(A) appropriate internal controls to ensure integrity and security of information; and

(B) has reasonable and sufficient capacity, and backup to enable IIROC to properly carry on its business; and

(ii) have controls to manage the risks associated with its operations, including an annual review of its contingency and business continuity plans.

b. IIROC must on a reasonably frequent basis, and in any event, at least annually:

(i) make reasonable current and future capacity estimates for its critical systems;

(ii) conduct capacity stress tests to determine the ability of its critical systems to perform its regulation functions in an accurate, timely and efficient manner;

(iii) review and keep current the development and testing methodology of those systems; and

(iv) review the vulnerability of those systems to internal and external threats including physical hazards and natural disasters.

c. IIROC must cause to be performed an independent review, in accordance with established audit procedures and standards, of its controls for ensuring that it is in compliance with paragraph (b) above, and conduct a review by its Board of the report containing the recommendations and conclusions of the independent review. This term and condition will not apply if:

(i) the information technology provider retained by IIROC is required, either by law or otherwise, to conduct an annual independent review; and

(ii) IIROC's Board obtains and reviews annually a copy of the independent review report of its information technology provider to ensure that it has controls in place to address the matters outlined in paragraph (b) above.

d. IIROC must, periodically or at the request of the Commission, benchmark surveillance systems and services provided by its information technology providers against comparable systems and services available from other third party technology providers.

11. Ongoing Reporting Requirements

a. IIROC must comply with reporting requirements set out in Schedule 2 of this Recognition Order, as amended from time to time by the Commission or its staff.

b. IIROC must provide the Commission with other reports, documents and information as the Commission or its staff may request.

 

SCHEDULE 1

CRITERIA FOR RECOGNITION

1. Governance

a. The governance structure and arrangements must ensure:

(i) effective oversight of the entity;

(ii) fair, meaningful and diverse representation on the governing body (Board) and any committees of the Board, including a reasonable proportion of independent directors;

(iii) a proper balance among the interests of the different persons or companies subject to regulation by IIROC; and

(iv) each director or officer is a fit and proper person.

2. Public Interest

IIROC must regulate to serve the public interest in protecting investors and market integrity. It must articulate and ensure it meets a clear public interest mandate for its regulatory functions.

3. Conflicts of interest

IIROC must effectively identify and manage conflicts of interest.

4. Fees

a. All fees imposed by IIROC must be equitably allocated. Fees must not have the effect of creating unreasonable barriers to access.

b. The process for setting fees must be fair and transparent.

c. IIROC must operate on a cost-recovery basis.

5. Access

a. IIROC must have reasonable written criteria that permit all persons or companies that satisfy the criteria to access IIROC's regulatory services.

b. The access criteria and the process for obtaining access should be fair and transparent.

6. Financial Viability

IIROC must have sufficient financial resources for the proper performance of its functions and to meet its responsibilities.

7. Capacity to Perform Regulatory Functions

a. IIROC must maintain its capacity to effectively and efficiently perform its regulatory functions, which include governing the conduct of persons or companies subject to its regulation and monitoring and enforcing applicable requirements.

b. IIROC must maintain in each jurisdiction where it has an office

(i) sufficient financial, technological, human and other resources; and

(ii) appropriate organizational structures and adequate technological systems

to efficiently, effectively and in a timely manner perform its regulatory functions and responsibilities.

8. Capacity and Integrity of Systems

IIROC must maintain controls to ensure capacity, integrity requirements and security of its technology systems.

9. Rules

a. IIROC must establish and maintain Rules that:

(i) are necessary or appropriate to govern and regulate all aspects of its functions and responsibilities as a self-regulatory entity;

(ii) are designed to:

(A) ensure compliance with securities laws,

(B) prevent fraudulent and manipulative acts and practices,

(C) promote just and equitable principles of trade and the duty to act fairly, honestly and in good faith,

(D) foster cooperation and coordination with entities engaged in regulating, clearing, settling, processing information with respect to, and facilitating transactions in, securities,

(E) foster fair, equitable and ethical business standards and practices,

(F) promote the protection of investors, and

(G) provide for appropriate discipline of those whose conduct it regulates;

(iii) do not impose any burden or constraint on competition or innovation that is not necessary or appropriate in furtherance of IIROC's regulatory objectives;

(iv) do not impose costs or restrictions on the activities of market participants that are disproportionate to the goals of the regulatory objectives sought to be realized; and

(v) are not contrary to the public interest.

10. Disciplinary Matters

The process for discipline must be fair and transparent.

11. Information Sharing and Regulatory Cooperation

To assist other regulatory authorities in regulatory matters, IIROC must share information and cooperate with:

a. the Commission and any other securities regulatory authority, whether domestic or foreign;

b. exchanges;

c. self-regulatory organizations;

d. clearing agencies;

e. financial intelligence or law enforcement agencies or authorities; and

f. investor protection or compensation funds, whether domestic or foreign.

This assistance includes the collection and sharing of information and other forms of assistance for the purpose of market surveillance, investigations, enforcement litigation, investor protection and compensation and for any other regulatory purpose and is subject to applicable laws related to information sharing and protection of personal information.

12. Other Criteria -- Québec

Constituting documents, by-laws and operating rules of IIROC should allow that the power to make decisions relating to the supervision of its activities in Québec will be exercised mainly by persons residing in Québec.

 

SCHEDULE 2

REPORTING REQUIREMENTS

1. Prior Notification

a. IIROC will provide the Commission with at least twelve months' written notice prior to completing any transaction that would result in IIROC:

(i) ceasing to perform its services;

(ii) discontinuing, suspending or winding-up all or a significant portion of its operations; or

(iii) disposing of all or substantially all of its assets.

b. IIROC will provide the Commission with at least three months' written notice prior to:

(i) terminating its agreement with an information technology service provider providing critical technology systems; or

(ii) any intended material change to its agreement with an information technology service provider regarding its critical technology systems.

2. Immediate Notification

IIROC will immediately notify the Commission of the following events:

a. the admission of a new member, including the member's name, and any terms and conditions that are imposed on the member;

b. members whose rights and privileges or membership will be suspended or terminated, including:

(i) the member's name;

(ii) the reasons for the proposed suspension or termination; and

(iii) a description of the steps being taken to ensure that the member's clients are being dealt with appropriately;

c. receipt of a member's intention to resign.

The notice required by this section may be provided by IIROC issuing a public notice containing the information, provided that such public notice will be issued immediately after the decision is made for admission, suspension or termination of membership and immediately after receipt of a notice of intention to resign, as the case may be.

3. Prompt Notification

IIROC will provide the Commission with prompt notice of the following events and situations, and in each case describe the circumstances that gave rise to the reportable event or situation, and IIROC's proposed response to ensure resolution, and, if appropriate, provide timely updates:

a. situations that would reasonably be expected to raise concerns about IIROC's financial viability, including but not limited to, an inability to meet its expected expenses for the next quarter or the next year;

b. notification from any of the Recognizing Regulators that IIROC is not in compliance with one or more of the terms and conditions of recognition of IIROC in any jurisdiction or with the reporting requirements set out in the MOU;

c. any material violations of securities legislation of which IIROC becomes aware in the ordinary course operation of its business;

d. any material failures in the controls described in terms and conditions 10(a)(i) and (ii) of Appendix A to this Recognition Order;

e. any failure, malfunction, delay or security breach, including material cyber security breaches, of IIROC's critical systems or technology systems that support IIROC's critical systems;

f. any breach of security safeguards involving information under IIROC's control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to investors, issuers, registrants, other market participants, IIROC, the Canadian Investor Protection Fund (CIPF), or the capital markets;

g. any material change to the information set out in the application letter dated December 21, 2007;

h. actual or apparent misconduct or non-compliance by members, Approved Persons, marketplace participants, or others, where investors, clients, creditors, members, CIPF, or IIROC may reasonably be expected to suffer serious damage as a consequence thereof, including but not limited to:

(i) where fraud appears to be present; or

(ii) where serious deficiencies in supervision or internal controls exist;

i. situations that would reasonably be expected to raise concerns about a member's continued viability, including but not limited to, capital deficiency, early warning, and any condition which, in the opinion of IIROC, could give rise to payments being made out of CIPF, including any condition which, alone or together with other conditions, could, if appropriate corrective action is not taken, reasonably be expected to:

(i) inhibit the member from promptly completing securities transactions, promptly segregating clients' securities as required or promptly discharging its responsibilities to clients, other members, or creditors;

(ii) result in material financial loss to the member or its clients; or

(iii) result in material misstatement of the member's financial statements;

j. any action taken by IIROC with respect to a member in financial difficulty;

k. any terms and conditions imposed, varied or removed by IIROC relating to a member;

l. any enforcement agreement and undertaking entered into, varied or rescinded at IIROC's request relating to a member.

4. Quarterly Reporting

IIROC will file on a quarterly basis with the Commission a report pertaining to IIROC's regulatory operations promptly after the report is reviewed or approved by IIROC's Board, board committees, or senior management, as the case may be, containing at a minimum the following information and documents:

a. a summary of ongoing initiatives, policy changes, and emerging or key issues that arose in the previous quarter for each of IIROC's regulatory operations;

b. a summary of all compliance examinations in progress or completed during the previous quarter, and all compliance examinations scheduled to be commenced in the upcoming quarter by IIROC office and department, including information on repeat or significant deficiencies;

c. a summary of any terms and conditions imposed, varied or removed relating to Approved Persons during the previous quarter;

d. a summary of all discretionary exemptions granted to individuals, members, and marketplace participants during the previous quarter;

e. summary statistics for the previous quarter regarding all client complaints, and complaints received from other sources including, but not limited to, any other securities regulatory authority;

f. summary statistics by IIROC office for the previous quarter regarding the caseload for each of case assessment, trading review and analysis, market surveillance, investigations and prosecutions, separated between Member and Marketplace Regulation cases including the length of time the files have been open;

g. a summary of enforcement files that were referred to any of the Recognizing Regulators during the previous quarter; and

h. IIROC's regulatory staff complement, by function, and details of any material changes or reductions in regulatory staffing, by function, during the previous quarter.

5. Annual Reporting

IIROC will file on an annual basis with the Commission a report pertaining to IIROC's regulatory operations promptly after the report is reviewed or approved by IIROC's Board, board committees, or senior management, as the case may be, containing at a minimum the following documents:

a. the self-assessment referred to in term and condition 7(h) of Appendix A to this Recognition Order. The self-assessment must contain information as specified by Commission staff from time to time and include the following information:

(i) an assessment of how IIROC is meeting its regulatory mandate, including an assessment against the recognition criteria in Schedule 1 to the Recognition Order and the terms and conditions in Appendix A to the Recognition Order;

(ii) an assessment against its strategic plan;

(iii) a description of trends seen as a result of compliance reviews, investigations and prosecutions conducted, and complaints received, including IIROC's plan to deal with any issues;

(iv) whether IIROC is meeting its benchmarks, and reasons for any benchmarks not being met;

(v) a description and update on significant projects undertaken by IIROC; and

(vi) a description of issues raised by any of the Recognizing Regulators, external auditors or internal audit, which are being tracked by IIROC's senior management, together with a summary of the progress made on their resolution; and

b. certification by IIROC's Chief Executive Officer and General Counsel that IIROC is in compliance with the terms and conditions applicable to it in Appendix A to this Recognition Order.

6. Financial Reporting

a. IIROC will file with the Commission unaudited quarterly financial statements with notes within 60 days after the end of each financial quarter.

b. IIROC will file with the Commission audited annual financial statements accompanied by the report of an independent auditor within 90 days after the end of each fiscal year.

7. Other Reporting

a. IIROC will provide the Commission on a timely basis with the following information and documents upon publication or completion of review and approval by IIROC's Board, board committees, or senior management, as the case may be:

(i) the results of any corporate governance review referred to in term and condition 5(a)(iii) of Appendix A to this Recognition Order;

(ii) material changes to the code of business ethics and conduct and the written policy about managing potential conflicts of interests of members of IIROC's Board;

(iii) changes in the members of IIROC's Board;

(iv) the financial budget for the current year, together with the underlying assumptions, that have been approved by IIROC's Board;

(v) the independent review report referred to in term and condition 10(c) of Appendix A to this Recognition Order;

(vi) the results of benchmarking of surveillance systems and services referred to in term and condition 10(d) of Appendix A to this Recognition Order, together with a summary of the process undertaken and conclusions reached;

(vii) enterprise risk management reports, and any material changes to enterprise risk management methodology;

(viii) the internal audit charter, annual internal audit plan, and internal audit reports;

(ix) the annual report for the current year;

(x) the compliance examination plan for the current year;

(xi) material changes to the compliance or enforcement processes or scope of work, including risk assessment models for:

(A) Financial and Operations Compliance;

(B) Business Conduct Compliance; and

(C) Trading Conduct Compliance.

b. IIROC will provide the Commission with reasonable prior notice of any document that it intends to publish or issue to the public or to any class of members which, in the opinion of IIROC, could have a significant impact on:

(i) its members and others subject to its jurisdiction; or

(ii) the capital markets generally.

c. IIROC will, upon request, provide the Commission with the following information and documents as soon as practicable:

(i) information concerning closed investigations or prosecutions which did not lead to disciplinary or settlement proceedings including the final investigation report and recommendation memorandum; and

(ii) information concerning enforcement matters that resulted in disciplinary or settlement proceedings including the final penalty memorandum.