NIN 90/29 - Proposals for Securities Firms [NIN - Rescinded]

The Canadian Securities Administrators ("CSA") are seeking comments on a number of proposals respecting the capital, financial reporting and audit requirements to be met by firms registered to operate in the securities industry in Canada ("registrants").

Over the past several years, the Canadian securities industry has undergone significant structural changes and has faced uncertain market conditions. These circumstances have given rise to concerns as to whether the existing capital, audit and financial reporting requirements for registrants are adequate in today's industry and market environment. Client funds have become major sources of financing and trading. Also, firms are able to use client margined securities in their business to the extent necessary to finance the customer receivables arising from buying the securities on margin. Protection of these client funds and securities is paramount.

A review of the existing capital, audit and financial reporting requirements is being conducted by the Regulatory Working Group, which is composed of staff members of the Ontario, Quebec, Alberta and British Columbia Securities Commissions. To date, this review has largely concentrated on those registrants that are members of self-regulatory organizations ("SROs") and has included consideration of changes to the CSA's oversight of the self-regulatory process. A final report ("Capital Report") concerning these issues, which contained 36 recommendations for change, was tabled with the CSA at their Fall 1989 meeting (See NIN#90/05).

In order to consider the issues related to capital adequacy (8 of the 36 recommendations), a joint industry/regulatory task force ("Task Force") has been formed. The Task Force is comprised of the members of the Regulatory Working Group, senior representatives of the securities industry and staff representatives from the SROs and the Canadian Investor Protection Fund ("CIPF"). The Regulatory Working Group is consulting the Task Force in developing specific proposals in the area of capital adequacy and segregation. Prior to amending the existing capital adequacy rules, the specific proposals affecting the public interest will be published for comment.

22 of the 36 recommendations in the Capital Report deal with oversight of the self-regulatory process. The CSA is dealing directly with the SROs and CIPF on these matters and will be drafting legislative provisions to implement these changes.

The regulatory working group is now beginning its review of the capital, audit and financial reporting requirements in respect of non-SRO member registrants, many of which conduct restricted activities in the securities business (e.g. provide advice only). It is anticipated that a discussion document on these issues will be tabled with the CSA this Fall. If this review generates proposals affecting the public interest, these proposals will then be published by the Commissions for public comment once they have been endorsed by the CSA.

The attached paper presents for public comment recommendations in the Capital Report (other than those pertaining to capital adequacy and the oversight of the self-regulatory process) together with the background discussion of the reasons for change. The comments received will be taken into consideration in drafting the specific legislative provisions.

Comments should be forwarded to the CSA on or before September 30, 1990 and addressed to:

Dan Iggers
Secretary to the
Ontario Securities Commission
Suite 1800, Box 55
20 Queen Street West
Toronto, Ontario
M5H 3S8

DATED at Vancouver, British Columbia, this 30th day of August 1990.

Douglas M. Hyndman
Chairman



1. SELF-REGULATORY ORGANIZATION ("SRO") MEMBERSHIP

Recommendation

SRO membership should be required of all registrants who have access to client funds or securities and should be strongly encouraged for other categories.

By access to client funds and securities we mean situations where a registrant is permitted to use client free credit balances and margined securities in their business (e.g., to finance client receivables and firm inventory) as well as situations where registrants are required to place client funds in a trust account.

SROs can bring industry expertise and peer pressure to bear on registrants and can ensure that uniform standards are being met within each category of registration for those firms with interprovincial operations. At present, SRO membership is voluntary. The major brokers and dealers generally have joined at least one SRO, but there can be no assurance that this will continue, particularly in light of the more flexible ownership rules.

Self-regulation has been and can continue to be appropriate and effective provided that it is subject to rigorous and timely regulatory oversight. It is proposed that the Commissions rely on self-regulation to the maximum extent that is consistent with protection of the public interest. This will avoid duplicating rule making and compliance activities as well as allow the Commissions to concentrate on policy matters, oversight and issues affecting the system as a whole.

2. EXTERNAL AUDITS

Recommendation

The statutory minimum audit requirement of an annual audit conducted in accordance with generally accepted auditing standard should apply equally to both SRO and non-SRO member registrants of the same registration category.

The experience requirements should also apply equally to auditors of SRO and non-SRO member registrants. Furthermore, the requirement should be for 5 years in the securities industry.

The statutory minimum audit requirement should be an annual audit in accordance with generally accepted auditing standards. Although practice tends to reflect this standard, not all securities legislation in Canada reflects this requirement for both SRO and non-SRO member registrants.

In the securities acts of a number of provinces, there is no annual audit requirement for SRO member registrants and further, adherence to generally accepted auditing standards is not specifically required. However, all provinces specifically require non-SRO member registrants to have an annual. audit conducted in accordance with generally accepted auditing standards. It should also be noted that the SRO By-laws require annual audits of member firms and that these audits are required to be conducted in accordance with generally accepted auditing standards. This proposal will therefore bring legislation in line with current SRO practice.

Audit appointments are generally in the name of audit firms. it is not very meaningful to apply an experience test to the firm per se. The experience requirement should apply to the individual responsible for ensuring completion of the field audit. The proposed recommendations would be implemented prospectively to changes in audit appointments. In this way, incumbent individuals would be able to retain their appointments.

3. ADEQUATE INTERNAL CONTROLS

Recommendations

A requirement should be imposed that registrants establish and maintain an effective system of internal controls. This requirement should be stated in general terms and should apply to both SRO and non-SRO member registrants.

The present statutory requirements set out certain minimum requirements concerning maintenance of books and records. Other than the SRO requirements for member firms to report on their compliance with the segregation requirements as part of the annual regulatory financial filing and the requirements for the external auditor of a SRO member registrant to perform a general review of internal controls as part of the annual audit procedures, there are no clearly defined requirements in the securities legislation or SRO by-laws and rules of most CSA jurisdictions that registrants maintain an adequate system of internal control and other procedures to safeguard assets, ensure that transactions are properly authorized and executed, and ensure that the accounting information is reliable and timely. Without adequate internal controls, it is impossible to achieve important objectives such as segregation or safekeeping of client securities and meeting the minimum free capital requirements.

It does not seem feasible or desirable to specify in detail the components of a minimum system of internal controls. Flexibility is required to accommodate the varying circumstances and different businesses of the registrants. Smaller registrants would have difficulty in implementing a full-blown control system. For example, they may not be able to achieve a proper division of duties (e.g., a person handling securities should not also be responsible for maintaining the related accounting records). Furthermore, the control system must adapt to the constant changes in the industry's operating environment.

Several commissions have recently established the Audit Advisory Committee, which is comprised of individuals from securities dealers, public accounting firms and the auditing standard setting body, with considerable experience in the areas of capital, audit and financial reporting. It is anticipated that the Committee will be able to make a significant contribution in assisting regulators in implementing practical, effective requirements in these areas.

The approach being recommended at the present time is intentionally general. This will allow for additional requirements to be put in place as standards develop, which requirements will enable greater accountability for such a critical aspect of a firm's infrastructure.

4. MANAGEMENT REPORTING ON INTERNAL CONTROLS

Recommendation

Registrants should be required to confirm periodically to the Commissions, e.g., through an annual Management Report, that an adequate internal control system is in place and functioning properly.

The responsibility for registrants' financial reporting and internal controls rests with management. Management's opinion on internal controls is important because the internal control system provides the basis for the preparation of financial reporting and, more generally, the overall system of accountability. Regulators have a legitimate interest in whether management has effectively discharged its responsibilities in this area. This can be best communicated through some form of ongoing reporting to regulatory authorities.

The Management Report will heighten management's awareness of its responsibility for internal controls and financial reporting and will alert securities administrators to any deficiencies in controls. This could eventually lead to external auditor involvement with the Management Report, similar to that required under National Policy Statement No. 39, Sections 11 and 12.

Support for the concept of management reporting on its responsibilities for adequate internal control systems is contained in the Report of the National Commission on Fraudulent Financial Reporting (Treadway Report), the Report of the Commission to Study the Public's Expectation of Audits (Macdonald Commission Report) and the SEC's most recent release on reporting of management's responsibilities. These initiatives call for greater explanation and disclosure of management's responsibilities, which will in turn improve accountability.

Given the importance of adequate internal control systems in the securities industry, the securities regulators are strongly encouraging the development of professional standards that will permit the external auditor to perform a meaningful evaluation of internal control systems. However, given that the necessary professional standards are not currently in place, reporting requirements for reportable conditions are being recommended as an interim measure, as discussed below.

5. REPORTABLE CONDITIONS

Recommendations

There should be a statutory duty on the external auditors of all registrants to apprise the SRO (if the registrant is an SRO member) and the Commissions of reportable conditions noted in the course of their work.

Reportable conditions are significant deficiencies in the design or operation of the internal control structure that could adversely affect the registrant's ability to record, process, summarize and report financial data. Such deficiencies may involve the control environment, the accounting system or control procedures.

For SRO member registrants, close cooperation and full communication between the SRO examiners and external auditors is important because the experience and knowledge of each could benefit the other.

Reporting under this requirement may create civil liability for the party making the report to regulatory authorities. Some statutes provide qualified privilege for reporting with respect to certain financial matters (e.g. Canada Business Corporations Act s.172).

s. 172: Qualified privilege (defamation). - Any oral or written statement or report made under this Act by the auditor or former auditor of a corporation has qualified privilege.