The Role of the Chief Compliance Officer
In accordance with section 11.3 of National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations, every registrant must appoint a chief compliance officer (CCO) to perform the responsibilities set out in section 5.2 of NI 31-103. The primary responsibility of a registrant's CCO is to ensure compliance with securities regulations by the firm and its employees.
Proficiency Requirements for CCOs
A registrant's CCO must meet the proficiency requirements set out in Part 3 of NI 31-103:
- Section 3.6 specifies the requirements for the CCO of a mutual fund dealer.
- Section 3.8 specifies the requirements for the CCO of a scholarship plan dealer.
- Section 3.10 specifies the requirements for the CCO of an exempt market dealer.
- Section 3.13 specifies the requirements for the CCO of a portfolio manager.
- Section 3.14 specifies the requirements for the CCO of a investment fund manager.
A CCO's Objectives
The CCO has an objective of promoting compliance at firms and setting industry standards. Compliance means establishing effective supervision and control of the firm’s activities to ensure it complies with applicable laws and regulations.
The CCO must ensure the firm's supervision and overall compliance program is adequate to achieve this result. The compliance program needs to be carefully designed as to identify situations in which legal or other violations of securities legislation are prevented. The CCO cannot reasonably design and oversee a compliance program without also accounting for and prudently managing the risks of the firm's business.
Effective Compliance Programs
An effective compliance program needs careful design. To do this, consider the following questions:
- Does the CCO have the appropriate authority and support from the board?
- Is there a clear scope of duties set out for the CCO?
- Has the CCO set out permissible conduct for the firm's staff?
- Are compliance procedures easy to understand?
- Is the CCO implementing and enforcing established compliance procedures?
- Is the CCO continually educating personnel regarding compliance procedures?
When the British Columbia Securities Commission examines a firm's compliance program, we test whether the CCO made reasonable efforts to ensure that the firm and its staff demonstrate compliance by adopting prudent supervisory systems, internal controls and manage the risks associated with its business in accordance with prudent business practices. For the CCO to perform his or her duties, the firm's owners and senior managers must provide the CCO with the support necessary for the CCO to perform compliance duties.
We also test how the CCO handles violations of the firm's policies and procedures. Did the CCO initiate an investigation or take action to ascertain the nature and extent of the compliance violation? We expect the CCO to document any violation and its outcome.
We expect that if the CCO is not already a member of senior management, the CCO will meet regularly with the firm's senior management. To ensure the firm's senior management properly address compliance issues, a CCO may lead a compliance committee to ensure that the firm's senior managers discuss and resolve compliance issues.
The CCO must cover or oversee the basic components of supervision. These include:
- Review and approval of new client accounts, ensure that the know-your-client (KYC) information is complete and that the recommendations are suitable for the client's investment circumstances and/or meet the client's investment objectives, for example, as set out in an investment policy statement
- daily trade review for errors, proper settlement, unusual trading activity and compliance with clients' investment mandates
- staff training programs to keep employees aware of changes to the firm's operations and changes to securities legislation
- monitoring the firm's marketing activities, such as electronic and print advertising and monitoring the sales practices of the firm's representatives
- personal trading policies, to prevent front running and conflicts of interests and ensure that the clients come ahead of any staff trades
- client disclosures for compliance with section 14.2 of NI 31-103
- reviewing, responding, and investigating client complaints within a reasonable period
For large firms, it is prudent to establish regular, formal reporting from branch managers or specific business groups to the CCO, which would highlight any significant issues encountered in these areas. In areas such as trading, exception reports may be the more efficient way to monitor the activity, for example, for failed or unsettled trades.
Other higher-level roles for the CCO to consider include an annual review or self-assessment of the existing compliance programs, including:
- reviewing and updating the policies and procedures manual (PPM). Ideally, the PPM should be a living document that is updated as needed instead of merely being reviewed annually.
- educating and training personnel about compliance procedures
- reminding appropriate personnel of key procedures and controls
- reviewing and updating, for compliance and effectiveness, of all contracts and forms, such as the KYC forms for clients
- ensuring point-of-sale and other disclosures, such as for conflicts of interest and leverage, are updated and provided to all clients
- ensuring adequate suitability monitoring of security holdings in client accounts (both for KYC and know-your-product)
- outlining permissible conduct for employees, such as what trading activities are not acceptable, or that certain gifts from clients cannot be accepted
- monitoring the firm's minimum working capital requirements
- monitoring risk management practices
- testing and updating the firm's disaster recovery and business continuity plan
Finally, when the CCO discovers violations of the firm's policies and procedures, the CCO must respond promptly to the violation and conduct, when necessary, a thorough investigation of the activities to determine the scope of the wrongdoing. In some cases, this may result in placing limitations on employees and increasing supervision. Certain findings may also result in the CCO contacting the BCSC and other authorities.
These are only a few of the basic duties and responsibilities expected of a CCO. We hope that these guidelines will help your firm and CCO to establish an effective system of internal controls.