Securities regulators know technology is changing the industry. That knowledge is clear in the work regulators have done in recent years, and in particular during the Covid-19 lockdown, to help the industry adapt.
The fintech-related work done during the pandemic lockdown was “really an acceleration of the work we’re doing in support of transformation,” says Irene Winel, senior vice-president, member regulation and strategy, with the Investment Industry Regulatory Organization of Canada (IIROC).
For example, IIROC released guidance on e-signatures in March 2019 stating that if a firm allows e-signatures for account openings, it must allow e-signatures for account transfer requests too.
The importance of using e-signatures grew throughout the pandemic.
IIROC issued exemption relief for client signatures as well as for other issues, such as suspending late filing fees. As of Aug. 31, IIROC received 165 applications for exemption relief from 66 dealer firms. Of those applications, 17 were from firms requesting alternative measures to “wet” signatures, of which the self-regulatory organization (SRO) approved 15.
In June, the Mutual Fund Dealers Association of Canada (MFDA) updated its guidance on e-signatures, reminding firms of the pitfalls inherent in such technology. The MFDA’s guidance prompts firms to consider fraud risks and to institute controls to protect the confidentiality and security of electronic documents, says Karen McGuinness, senior vice-president, member regulation, compliance, with the MFDA.
“We do encourage people to use [e-signatures],” says McGuinness. “We just think you have to use [them] responsibly, and we wanted to give some guidance on areas that [member firms] should remember when they’re implementing e-signature technology.”
The SROs also have enhanced cybersecurity support for member firms in recent years.
IIROC provides access to experts and third-party consultants, has conducted table-top test scenarios and released notices on trends in cybersecurity and about systems for managing digital platforms, such as cloud services.
“[The focus on cybersecurity began] before the pandemic, but it has increased and there’s more to come,” Winel says. (IIROC published two webcasts on cybersecurity at the end of October.)
At the MFDA, cybersecurity also is top of mind. Early in the pandemic, the SRO had cybersecurity consultants talk about the risks of remote-work arrangements for both dealers and individuals.
“We did that pretty quickly because we do understand not all of our members have the resources to do this kind of thing,” McGuinness says.
MFDA members also must participate in cybersecurity reviews. If a small or mid-sized firm cannot afford to conduct the review on its own, the MFDA pays for a consultant to test that dealer’s cybersecurity. As of late October, that consultant had performed 30 reviews.
In 2019, IIROC announced it would use the Nasdaq SMARTS surveillance technology to help its market surveillance team monitor trading activity on Canada’s debt and equities markets in real time.
Such technology became critical during pandemic lockdowns, when markets were volatile and regulatory staff were setting up home offices, says Victoria Pinnington, senior vice-president, market regulation, with IIROC.
Pinnington notes that the move to remote work was “seamless” and “very secure,” with the market surveillance team able to communicate in real time. In mid-March 2020, at the peak of volatility, the surveillance team processed 1.4 billion trading messages a day — 3.5 times more than were processed in March 2019, when the daily rate was about 400 million messages.
Both SROs anticipate more firms will raise questions about adopting technology.
At the MFDA, McGuinness anticipates growing interest in using automation to meet regulatory requirements and to aid in portfolio management, for example.
Pinnington says IIROC will continue to work with provincial regulators on cryptosecurities. IIROC has working groups on the matter and, in March 2019, IIROC published a joint notice with the Canadian Securities Administrators (CSA) to create a regulatory framework for cryptosecurities. Pinnington anticipates the framework will be published by early 2021.
The CSA is focused on emerging digital trends, as evidenced by its CSA Regulatory Sandbox initiative. The sandbox launched in 2017 with a mandate to let financial services businesses test innovative products and services while still keeping investor protection measures in place.
The CSA website lists 11 decisions or terms and conditions for registration or exemption relief, 10 of which involve cryptoasset firms.
Lise Estelle Brault, chair of the CSA Regulatory Sandbox committee and a senior director at the Autorité des marchés financiers, says the decisions posted on the CSA’s website don’t do justice to the work done by the sandbox.
“Unfortunately, the several hundred calls and meetings that are held across the country with people and firms that are arriving to us through [the website] are not showing anywhere,” Brault says, noting that “the greatest outcome of the sandbox” has been to make the CSA “accessible.”
This engagement did not stop during the disruptions caused by the pandemic. For example, when Toronto-based Wealthsimple Digital Assets Inc. — a cryptoasset trading platform — requested access to the sandbox over the summer, regulators “were responsive and flexible,” says Lori Stein, a partner with Toronto-based Osler Hoskin and Harcourt LLP, who was involved in Wealthsimple’s application.
While predicting where the sandbox may go from here is difficult, Brault anticipates artificial intelligence services will begin appearing in the sandbox.
“[My] crystal ball may not be very accurate,” Brault says, “but with the growth of artificial intelligence, I’m curious to see whether this is going to change significantly the way financial products are distributed.”