The Ontario Securities Commission spells out its efforts to enhance the initial registration process, and its stance on “robo advice” models, among other emerging issues, in its latest annual summary report to assist registrants.

The OSC published OSC Staff Notice 33-745 – 2014 OSC Annual Summary Report for Dealers, Advisers and Investment Fund Managers on Thursday, which details the work of its all-important compliance and registrant regulation (CRR) branch.

The report indicates that the commission is developing a new initiative that aims to make the initial registration process for firms closer to an actual compliance review. As a result, it says that pre-registration reviews are now incorporating compliance review procedures, including reviewing a firm’s financial condition, business plan, and its policies and procedures manual. It may also focus on a firm’s proposed operations, compliance systems, and the proficiency of its employees.

“Firms that seek registration for the first time can expect that we will request additional information and potentially an in-person meeting as part of the registration process,” the report notes; adding, “This will allow us to focus on the firm’s fitness for registration, enhancing the firm’s understanding of regulatory obligations prior to registration and establishing positive communications with the registrant.”

Among the trends in registration, the OSC also highlights an increasing interest in providing advice through online platforms. “We have recently registered a small number of [portfolio manager (PM)] firms that will operate online and expect to see others enter the market,” it says.

The report also spells out its approach to approving these kinds of services. “The online advice model that we have considered to be acceptable involves an interactive website used to collect KYC information, which will be reviewed by a registered [rep]”; noting that this differs from the “robo-advice” model that’s emerging in the U.S. “We do not think that an entirely automated decision making process would be acceptable at this stage.”

“The KYC and suitability obligations of PMs that provide their services through online platforms remain the same as for any other PM,” the OSC says in its report. “A PM’s obligations under securities law does not change as a result of the delivery method of providing the services to a client. We expect firms that are interested in implementing an online advice operating model in Ontario to submit their proposed online KYC questionnaire and related processes for a due diligence review by CRR staff. This review in no way diminishes the firm’s ongoing responsibilities under applicable securities law.”

The report also covers key policy initiatives, such as the Canadian Securities Administrators’ (CSA) efforts to consider imposing a duty to act in clients’ best interests on firms. “We continue to work with our CSA colleagues on this project,” it says. “The continued work required will depend in part on the outcome of the research we conduct this year. Once this research and analysis has been completed, we will publish the results and our decision on how we plan to move forward with the best interest duty initiative, including timing.”

Another new initiative represents a collaboration between staff of both the CSA and the Investment Industry Regulatory Organization of Canada (IIROC) to review service arrangements between portfolio managers and investment dealers to assess if new rules and/or guidance is needed in this area. These arrangements are similar to introducing broker–carrying broker arrangements between IIROC dealers, the report says, but they are not currently subject to any specific rules or guidance. And, the notice also indicates that the regulators have identified a number of issues with these arrangements, including: the agreements between the PM and the dealer; disclosure to the PM’s clients; and, in some cases, PMs relying on the dealer’s books and records, and account statement delivery to meet its own obligations, without adequate supervision.

“The CSA is working with IIROC to address these issues,” it says, including considering whether clients need to continue to receive dual account statements from both their portfolio manager and the custodian, or if one statement will suffice.

The CRR branch says that it’s also consulting with the OSC’s derivatives branch in developing rules for that market, including a rule for determining whether products should be regulated as securities, derivatives, or exempt; and a rule that will set out the registration requirements and exemption conditions for derivatives markets. The two groups are also developing an oversight program for testing compliance with new trade repository reporting requirements, which take effect on Oct. 31.

The report also touches on the impact of the so-called “Heartbleed” bug, which the CRR branch assessed earlier this year through a survey of firms. It found that two thirds of registrants transact with their clients and others online. And, it stresses that, as many firms are likely exchanging sensitive information online, “strong and tailored cyber security measures are an important element of a registrant’s controls in promoting reliability of their operations and the protection of confidential information.”

“To manage the risks of a cyber threat, registrants and regulated entities should be aware of the challenges of cybercrime and should take the appropriate protective measures necessary to safeguard themselves and their clients,” it says.

Other issues flagged in the report include non-profits issuing securities without an exemption; that tax shelters are also typically considered to be securities, which require registration; and, firms applying to register as exempt market dealers (EMDs) to operate internet portals for accredited investors.