Sometimes
being surprised
is a good thing.
Other times –
not so much…
Surprise, Mom!
Hello George,
You’ve been
selected for a
compliance audit!
Surprised maybe –
but you don’t want
to be unprepared.
• INSURANCE – Regulatory audit, Insurers auditing MGA practices =
MGAs auditing individual broker practices
• SECURITIES – Dealer/regulatory audit of advisor files – KYC, risk profiles
• REGULATORY AUDITS – e.g., FINTRAC; Client complaints
• E&O claims – document client meetings
Global partnerships
• Focus of financial regulators to protect the integrity of financial markets and ensure the
fair treatment of customers – develop globally accepted requirements for effective
supervision of each financial sector to prevent/address gaps in regulation
• Detecting money laundering & combatting financing of terrorism – FINTRAC
• Canada participates with other countries on international securities/insurance
associations. International associations audit the practices of member countries and
make recommendations to address regulatory gaps.
• FSCO’s legislative mandate – to protect the public
interest and enhance public confidence in the
sectors it regulates
• OSC - to provide protection to investors from
unfair, improper or fraudulent practices and to
foster fair and efficient capital markets and
confidence in capital markets
“All the money I took in, I put into stocks. The first day of October made
me feel like I was rich…
…I figured I could pay my debts any time, and I just let them ride…
…On that day of October 29, (1929) they told me I needed more cash to
cover up. I couldn’t get it. I was wiped out that day.”
Excerpt from George Mehales, South Carolina WPA Life Histories interview, December 1938
American Life Histories, American Memory, Library of Congress
• If it ain’t documented,
you can’t prove it!
• You are the professional
– courts and regulators
will side with your
client if you can’t
support your position
with documented
evidence.
• Fintrac – AML policies & procedures
• Privacy plan
• Do not call/do not email procedures
• Disclosure documentation
• Life insurance replacement & written analysis
Compliance with FINTRAC (Financial Transactions
and Reports Analysis Centre of Canada)
requirements:
• Compliance Regime
• Knowledge of what a suspicious transaction is,
and how to report it
• Legislation in place since July 2000 to deter &
detect movement of illegal funds into Canada’s
financial system
• Mortgage brokers, Real estate agents/developers/brokers
• Accountants
• Banks, trust companies, loan companies, money service
businesses, securities dealers, life insurance companies,
independent life insurance brokers
• Casinos
• Precious metal dealers/jewelers
• Exempt – reinsurance, property & casualty insurance
•
If you are an independent life insurance broker, you need a compliance
regime!
•
MGAs and agencies must have and maintain a compliance regime
•
Life insurance companies are responsible for the compliance regime for
their employees/career agents & that they comply with the reporting,
record keeping, client identification requirements
•
Mutual fund/securities dealers are responsible for
employees/approved persons for these transactions ONLY
•
FinTrac can audit your business (many life insurance brokers across
Canada were audited from the fall of 2011 to May 2012)
•
If your business is selected, it is mandatory to complete a Compliance
Assessment Report
•
MGAs and insurers audit whether you have a compliance regime in
place and know your obligations
•
Financial penalties
• Failure to report a suspicious transaction
• Incomplete compliance policies and procedures, failure to develop a written ongoing compliance training
program and failure to take special measures for high risk activities
• Inadequate practices of ascertaining client identity and confirming the existence of an entity other than a
corporation, failure to enter into an agreement or arrangement with an agent or mandatary for the
purposes of ascertaining identity, and incomplete record keeping
• Failure to take reasonable measures to determine whether a person is a politically exposed foreign person.
• Failure to appoint a person to be responsible for the implementation of a compliance program
• Failure to develop and apply written compliance policies and procedures that are kept up to date and, in
the case of an entity, are approved by a senior officer
• Failure to assess and document the risk referred to in subsection 9.6(2) of the Act, taking into
consideration prescribed factors
• Failure of a person or entity that has employees, agents or other persons authorized to act on their behalf
to develop and maintain a written ongoing compliance training program for those employees, agents or
persons
A FINTRAC compliance examination will assess whether a reporting entity is
meeting its obligations under the legislation. Areas of review can include:
• Is a compliance regime in place?
• Is there reporting of all required transactions?
• Have proper client identification measures been implemented?
• Are you meeting your record keeping requirements?
• Is proper ID of third party ownership being determined, where required?
• There are 5 components to a FINTRAC
Compliance Regime
• All 5 steps must be included, although
the level of detail may vary for each step
depending on the size of your office
1. Appoint a compliance officer
2. Have a written Policies and Procedures manual
3. Assess the risk of money laundering and terrorist financing to
your business
4. Document your training program (unless you are a sole proprietor)
5. Update and re-evaluate at least every 2 years
Appoint a compliance officer, in writing.
•
Document who it is in writing.
•
CO is responsible for implementing your compliance regime and must know
and understand their responsibilities.
Develop written policies and procedures.
Your compliance policies and procedures will be less detailed than those of a
larger insurance agency or life insurance company.
*BUT*
Your policies and procedures have to be in writing and be kept up to date,
regardless of whether you are a small business, an individual or an entity.
•
CLHIA developed a guide for life insurance brokers that can meet the
requirement for a written P&P manual.
•
Links are on IFB’s website (www.ifbc.ca), the CLHIA website (www.clhia.ca),
and individual insurance company websites.
•
Caution: FINTRAC expects it to be customized to reflect your business, as
required, not just the last page signed and dated.
Assess and document the risks of money
laundering and terrorist financing in your
business, and
Take measures to mitigate potentially high
risk situations.
Document the following factors in your risk assessment:
1. The products and services you offer and how you deliver them.
2. The geographic locations where you conduct your activities and the
geographic locations of your clients.
3. Any other relevant factors related to your business.
4. Your clients and the business relationships you have with them.
A helpful resource for your risk assessment:
www.fintrac-canafe.gc.ca
Good information and suggestions to help
you assess your business risks in Guideline 4,
Appendices 1, 2, and 3.
Implement and document an ongoing
compliance training program for you
and your staff.
Training Program for Sole Proprietors:
•
If you are a sole proprietor (not a corporation) with no employees,
agents or other individuals authorized to act on your behalf, you are
not required to have a training program in place for yourself.
•
However, your policies and procedures must be in place, updated and
will have to be reviewed every two years to test their effectiveness.
Review and test your program at least
every 2 years.
•
Review and test the effectiveness of your policies and procedures,
your risk assessment and your training program.
•
Modify and update your existing policies and procedures-implement
new ones if required.
•
Sign and date the review as proof.
Read FINTRAC Guidance on Conducting a Review (Guideline 4, Section 8
“Review Every 2 Years”)
•
•
•
•
•
•
•
•
Has a compliance officer been appointed?
Are policies and procedures in place?
Are appropriate measures in place to identify, document, and mitigate
risks related to money laundering and terrorist financing?
Is a training program established?
Is there a periodic review of the compliance regime?
Are the reporting requirements being met?
Are client identification requirements being met?
Are the appropriate records being kept?
FINTRAC Guideline 4 has additional guidance on how to implement a
compliance regime.
www.fintrac-canafe.gc.ca
•
Federal Personal Information Protection and Electronic
Documents Act (PIPEDA) is the default unless a
province has “substantially similar” legislation
•
Substantially similar legislation (PIPA) exists in BC,
Albert, and Quebec
YOU are required to protect your client’s personal information.
1. Written Privacy Policy and client consent
2. Documented privacy breach procedure
3. Training – keep up to date on changes to legislation
4. Commitment to follow the 10 privacy principles
Information that can be used to identify an individual.
•
Name, gender, birth date, race, marital status, medical and
financial information, contact information (address, email,
phone number, etc.)
•
Info in paper files, electronically, video or voice recording
• Every organization has to have someone who is responsible for implementing
& maintaining the privacy plan.
• In a small organization, that person is probably You. In a larger business, you
may want to assign responsibility to one of the management team, or to a
management committee.
• Bottom line – “someone has to be accountable to your customers, so they
know where to go to ask questions, get access to their customer records, or
resolve any complaints they may have about their privacy”.
Source: Privacy Commissioner of Canada’s website: www.priv.gc.ca
•
•
•
•
•
•
•
•
Commitment to protecting your client’s personal information
You will only use it for the purpose stated
You will only retain the information for as long as needed
You have obtained the client’s consent
You will take steps to safeguard their information including destroying it
Client can access their information to verify it
Client is informed about complaint mechanisms
Notice that consent cannot be withdrawn in certain circumstances – legal, regulatory
• Include permission to share information with 3rd parties
– MGAs, other professionals, etc.
• Any 3rd party must also adhere to privacy principles – if
you are a MGA, you need a privacy plan
• Tip: Add consent to contact client by telephone and
email to cover off CASL/Do Not Call
• Ensure your client’s records are secure whether in files in the office, on your computer,
phone– including installing virus/malware software
• Encrypt your electronic files especially if client information is on laptop or other
portable device
• Stronger passwords: Take a sentence, mix in a few upper case letters and a number –
for example, “There is no place like home,” would become “tiNOplh62.”
• Shred/destroy records in a secure manner when no longer required
• Purchase privacy breach insurance – IFB E&O has cheap add on $50/year
• April: 900 social insurance numbers were stolen from
the Canada Revenue Agency’s website by a hacker
exploiting the Heartbleed bug
• September: 56 million Home Depot customers in
Canada and the U.S. were affected by a data
breach from malicious software designed to steal
credit card information.
Don’t wait until it happens! Know what to do and train other employees
who deal with client files:
1. Contain the breach
2. Assess the extent of the breach and risk to clients
3. Inform the client if there’s potential for harm
4. Document what steps you took and who you notified (if needed)
Office of the Privacy Commissioner of Canada: www.priv.gc.ca
• Securing Personal Information: A Self-Assessment Tool for Organizations
• Build a Privacy Plan for your business
• Key Steps for Organizations in Responding to Privacy Breaches
IFB (for members): updated template Privacy Policy/Client Consent form
• Do Not Call Registry: in place since 2008 – Update: phone numbers
are now permanently registered until removed by individual
• Independent life insurance brokers are “telemarketers” – requires
registering on CRTC website and paying monthly/yearly
subscription to access list of numbers registered on DNC List
• Exemptions: calls to existing clients, business to business calls,
service calls, calls made up to 18 months after end of business
relationship, 6 months if referral
• Free webinar available for IFB members (1 hour CE)
• Consent required after July 1st, 2014 for new clients – must be implied or express –
Express is better
• 3 year transition – allows you to send emails until July 1,2017 to existing clients – after
that you will need express consent
• Anyone can withdraw consent at any time – you have to respect that unless there’s a
legal/contractual obligation that prevents them from withdrawing consent
• CASL does not just apply to spam!
• Applies to ANY electronic message with a commercial intent.
• Includes sales or promotional information you email to
prospective clients.
• Business to consumers and business to business
• Compliance with CASL is rooted in consent.
• Consent can be implied or express but after July 1st
CEMs cannot be sent without the consent of the
recipient.
3 year transition period to help businesses adjust:
• Implied consent under the transition rule allows you to send CEMs
until July 1, 2017 to existing customers, unless they ask you not to.
• And you were already communicating with them electronically prior
to July 1, 2014.
• Existing business relationship - you can send a CEM
to the recipient up to 2 years from the date of your
last business transaction. Then it expires.
• Referrals - Someone approaches you for information
about your services. You have up to 6 months to
contact them. Then consent expires.
• Proof of consent lies with you – get consent in writing
• If oral – keep recording or follow up with email to get proof
• Express consent may be valid under CASL if client had signed Privacy
Consent form before July 1st – check the wording
• Better – ask clients to sign a revised Privacy Consent or additional
consent spelling out they consent to you contacting them by phone,
electronic mail
• Express consent is not time-limited. Permission
remains in place unless the recipient withdraws it.
• Requires recipient to opt-in, not opt-out, to
qualify. Person must provide explicit verbal or
written permission to you to contact them.
1. IDENTIFYING INFORMATION – who you are, contact information
2. UNSUBSCRIBE FEATURE- allow opting out at any time
3. CONSENT- express or implied
• Look at who you email and why
• Get express consent – good time to contact clients and prospects
to remind them of your value
• Make sure your emails, texts contain the prescribed “identifying
information” and an unsubscribe feature
• Update your privacy consents
• Government of Canada Fight Spam website: http://fightspam.gc.ca
• CRTC: www.crtc.gc.ca – Q&A section covering common questions
• IFB website – Member Compliance Tools section
• IFB Broker Tip sheet at IFB booth
“The more you explain it, the more I don’t understand it”
- Mark Twain
Point of Sale Disclosure: Fund Facts - an easy-to-read document that
highlights key information about the fund, such as a description of
the fund, its performance, risks and costs.
Currently produced for mutual funds & segregated funds. Will be
expanded to ETFs.
• BIG focus of securities and insurance regulators –
do clients understand who they are dealing with,
for what services and the cost of those services?
• Companies you represent
• Compensation – how compensated, additional compensation – bonuses, travel
• Conflicts of interest - Reasonable person test:
1. Would your advice or product offered have been different if the situation or
incentive giving rise to the potential conflict of interest did not exist?
2. Would it appear to a reasonable, informed third party looking at all the facts
that you acted in the best interest of your client?
• Consumer’s right to ask for additional information
• Client complaint mechanisms
• Some provinces have specific legal requirements
• Ontario: since 2004, disclosure must be in writing – FSCO
study – 90% advisors disclose conflicts of interest but only
50% do so in writing!
• BC, Manitoba, Alberta & Quebec all have legal
requirements – check the provincial regulator websites if
you’re licensed in other provinces
• CRM1: disclosure of relationship of client and advisor/firm, conflicts of interest
and enhanced (more) suitability reviews
• CRM2: enhanced account statements, book cost, market value
• Attempts to address imbalance of information – recognizing that financial
products can be complex and hard for the ‘average’ investor to understand
• Conflicts of interest – disclose any conflict or potential conflict of interest that arises
between the interests of the Dealer or Approved Person and the interests of the client
(e.g. OBAs)
• Relationship disclosure – written disclosure about the nature of the relationship
between the Dealer firm and the client on account opening
• Referral arrangements – written disclosure of referral arrangements must be made to
the client before the party receiving the referral either opens an account for the client
or provides services to the client
• Transaction fees and charges – prior to the acceptance of any order in respect of a
transaction in a client account, inform the client of the nature of compensation
• Most common reason for claims being denied by insurers is
non-disclosure to client – make sure you have a record proving
the disclosure happened
• Cancellation of old policy before purchase of new policy
confirmed – could result in client left without insurance and
advisor responsible
• Life Insurance Replacement Declaration (LIRD) standardized form –
11 questions
Plus:
• Written explanation of reasons for replacement to be provided to
client: i) how the existing policy doesn’t address client needs ii) why
the replacement policy is better and, iii) any risks associated with
replacing the insurance (e.g. suicide provision restarted)
• Guidance on preparing the written explanation – jointly prepared by
CLHIA, CAILBA, IFB and Advocis –– covers individual and group
• Quebec introduced a slightly different replacement form “Notice of
Replacement of Insurance of Persons Contract” – must be used for any
replacement after October 21, 2014
• Ontario/NFLD: LIRD & written explanation to client, new insurer –
existing insurer gets LIRD only
• BC, Alberta, Sask, NS, NB, PEI: LIRD & written explanation to client
• Manitoba: LIRD & written explanation to client, new insurer LIRD only
• Note: Insurance companies may require you to provide the LIRD or both
documents with the application for replacement
• FSCO new computer system – “the required tools to effectively regulate in an
increasingly challenging financial services marketplace”
• FSCO - Focus on product suitability and advice – next phase of survey
• LLQP national harmonized program – roll out January 1st, 2016
• CCIR - segregated funds review & assess potential for regulatory arbitrage
• CRM2 – fee disclosure/performance on statements for mutual funds and
securities investors – July 2015/16
• CSA/OSC research on whether embedded fees/commissions influence advice
• CSA/OSC response to “Best Interest” (aka fiduciary duty) for mutual fund advice
• CE for MFDA advisors – consultation expected early 2015
• Ontario Ministry of Finance: review merits of more tailored regulation of
financial planners