Regulators in British Columbia report that their latest round of compliance reviews has found a higher incidence of repeat deficiencies, such as “know your client” (KYC) failures and poor disclosure, along with new concerns, such as cybersecurity risks.
The British Columbia Securities Commission (BCSC) published its annual compliance report card for 2016, which details the regulator’s findings in its examinations of B.C.-based portfolio managers, investment fund managers and exempt-market dealers. The most recent round of reviews, which covered 35 firms, revealed an average of 4.29 deficiencies per review. The BCSC also reports that it saw “an increased level of repeat deficiencies,” which resulted in the regulator imposing registration conditions on firms more frequently than in previous years.
For example, the report notes that the BCSC continues to find ongoing deficiencies in relationship disclosure provided to clients. The most common issue in this area, the report says, is the requirement to provide clients with an explanation of their performance benchmarks and their options for benchmark reporting.
It also found firms sending clients account statements that “contained inappropriate boilerplate language stating that the statements may not be accurate,” the report says. “We view this disclosure as inappropriate because registered firms are responsible for ensuring that all information presented to clients is accurate.”
The BCSC continued to find problems with firms’ KYC procedures, including outdated information; no evidence of KYC updates despite significant life changes for clients; and firms relying on KYC information that was not adequate for a proper suitability assessment.
“We regard KYC as the cornerstone obligation supporting suitability assessments,” the BCSC says in its report. “Without up-to-date KYC information, a registrant cannot meet its suitability requirements when recommending or making a purchase or sale for a client.”
The regulator says it also continued to find firms making unsubstantiated advertising claims, using benchmarks that were not adequately disclosed or explained to clients and failing to evaluating their cyber-security risks.
“Cyber-security risks continue to evolve,” the BCSC report states. “Firms that do not manage these risks will become targets. We expect firms to manage this risk by, at a minimum, including meaningful policies and procedures aimed at managing their cyber-security risks. These risks include data preservation and protection, network security and client authentication.”
Looking ahead, the BCSC says that it will continue to focus on common deficiencies and will also be reviewing firms’ compliance with the CRM2 requirements. It is planning targeted compliance reviews of online advisors, newly registered advisors and firms that have a large presence in B.C. but are headquartered elsewhere.
Photo copyright: zerbor/123RF