The Investment Industry Regulatory Organization (IIROC) of Canada is the governing authority for all debt and equity markets, investments, and investment brokers, dealers and providers in Canada. It works closely with the Financial Industry Regulatory Authority (FINRA) of the U.S to “support and improve oversight of firms with global operations.”
Similar to the FINRA, the IIROC has a set of regulations which requires financial organizations and individuals operating in the country to archive, supervise, and maintain all client correspondence and documents – including all forms of communication – within a specific period. Non-compliance with these requirements can lead to heavy fines and significant legal action.
IIROC Archiving Requirements for Electronic Communications
The IIROC Rule 29.7 specifies the rules requiring firms to archive written business communications (advertisements, sales literature, and correspondence) and supervise employees. Below are the key takeaways from the rule:
- Firms must retain records relating to their business activities, financial affairs, client transactions and communication for five years from the date of creation. Additionally, all sales literature and related documents must be retained for two years from the date of creation. Archived sales literature and correspondence must be readily available for inspection by the Association at all times.
- Whether communication is related to the business of the Dealer Member and therefore captured by this requirement, depends on the content of the communication.
- The type of device used to transmit the communication or whether it is a company-issued or personal device is irrelevant.
- Dealer Members must design systems and programs with compliant record retention and retrieval functionalities for those methods of communication permitted at the firm. These communications include those that are posted n Twitter, Facebook, blogs and chat rooms, as well as content transmitted by email and SMS messages.
- Dealer members should also be able to maintain transaction-related documents entered into on behalf of each client, including but not limited to trade confirmation statements, emails and notes of oral communications with clients.
- Dealer members are allowed to use social media websites as long as these websites are adequately supervised and do not violate any regulatory or legislative requirements such as record retention.
- Dealer Members should exercise extreme caution when engaging in third-party communications, such as permitting the use of consumer messaging apps to communicate with clients. Whether or not a third-party communication will be considered to be the Dealer Member’s communication will depend on the facts and circumstances of each case.
IIROC Fines for Non-Compliance
According to IIROC website, penalties for approved employees at IIROC-regulated firms can include:
- A reprimand.
- Fines, up to a maximum of $5 million per contravention or an amount equal to three times the profit made, or loss avoided, due to the contravention.
- Imposition of conditions on current approval in one or more categories of employment.
- Suspension of current approval in one or more categories of employment for any period and upon any conditions or terms.
- Prohibition of the right to seek future approval in one or more categories of employment.
- A ban, permanent or for a specific period, on approval in any or all categories of employment.
For firms regulated by IIROC, the penalties can include:
- A reprimand
- Fines, up to a maximum of $5 million per contravention or an amount equal to three times the profit made, or loss avoided due to the contravention.
- Imposition of conditions on membership.
- Suspension for any period and upon any conditions or terms.
- Expulsion
- Any other fit remedy or penalty.
IIROC Compliance Best Practices
The recent cases of IIROC non-compliance implies that Dealer Members cannot afford to have a casual attitude toward records management, as the repercussions of non-compliance include internal and regulatory disciplinary actions, civil liability, costly penalties, damaged corporate reputation, and loss of goodwill. The imposition of fines for electronic communications recordkeeping violations can range into the millions.
To stay compliant with IIROC record retention requirements, financial companies should consider the following industry best practices:
- Link the applicable IIROC guidance with your firm’s electronic communication policies and practices. Have a detailed, reasonable mobile communication policy in place, and review all applicable guidance notices to ensure your firm’s policy reflects them.
- IIROC 29 Rule 29.7 states that Dealer Members must establish policies and procedures that allow them to comply with their supervisory obligations, and protect clients from misleading or false statements on social media. As such, make sure to provide your employees with ongoing training on how to use social media. The training should include relevant topics such as:
- Personal vs business social media
- The social media messages which need to be approved before posting.
- The messages that need to be reviewed after posting; and
- How to manage third-party social media content.
- Use an archiving solution that will help your firm to capture electronic communications, and search, supervise, and produce those records when necessary such as during an audit, examination, or e-discovery event.
TeleMessage offers the Mobile Archiver, a platform that can help financial services leaders to effectively manage data and content including enterprise SMS, emails, and web and social media content, with respect to compliance. Our archiving solution is equipped with versioning, and robust governance capabilities that ensure content across all digital channels. It is IIROC-compliant and meets global regulatory requirements.
To learn more about mobile archiving solutions, visit our website today at www.telemessage.com
