CUSTOMER IDENTIFICATION VS.KYC LAPSES
The Know-Your-Customer (KYC) deficiencies is one of the significant compliance problems facing financial services institutions and wealth management priivate bankers.
Do you know your customer? You better, if you’re a financial institution (FI) or you face possible fines, sanctions and maybe even public ridicule if you do business with a money launderer or terrorist. More importantly, it’s a fundamental practice to protect your FI from fraud and losses due to illegal funds and transactions.
3) Ongoing Monitoring
The OSC, along with the Canadian Securities Administrators (CSA), have published numerous regulatory guidelines outlining their expectations for KYC, Know-Your-Product (KYP) and suitability obligations in recent years. The requirements in those areas for registered firms in Canada. In 2014, the CSA published a Staff Notice 31-336 to provide additional guidance to registrants in the three areas as well as instructions on how to comply with the regulatory requirements.
Repeated KYC, KYP and suitability issues
Many of the KYC-related deficiencies identified in the report are categorized as repeat deficiencies identified by the OSC during its annual reviews of registrants every year.
A common KYC deficiency cited by the OSC concerns a failure to collect sufficient client information. At the most basic level, some registrants failed to collect sufficient information from clients to establish their identity. Advisers and firms also encountered issues in classifying clients as accredited investors, due to a failure to collect information needed to conduct a suitability analysis.
The regulator also observed that some firms had trouble demonstrating that they had complied with KYC, KYP and suitability regulatory requirements. During reviews conducted by the CRR, the regulator observed that some firms failed to document business activities and client transactions; in other instances, these records were not up-to-date or were not readily accessible.
Inadequate annual compliance reports could explain why KYC, KYP and suitability deficiencies continue to go unchecked at registered firms. In its report, the OSC noted that it often could not find any evidence that an annual compliance report, detailing the firm's compliance with securities laws, was submitted to a firm's board of directors. As a result, the OSC could not determine whether the firm's senior managers had assessed their firm's compliance program, or were even aware of any deficiencies, including KYC, KYP and suitability issues.
Warnings and enforcement actions
Compliance reviews carried out by CRR staff have also resulted in enforcement action, ranging from requirements that firms provide the OSC with detailed remedial plans to suspension of registration and referral to the regulator's enforcement branch.
Between April 2014 and March 2015, CRR staff at the OSC initiated a total of 64 actions against registrants. Eight of those involved violations serious enough to refer to the OSC's enforcement branch. A majority of the misconduct named in the report involved KYC, KYP and suitability failings.
Relying on third parties to conduct KYC was among the more serious deficiencies identified by CRR staff in 2014. During a compliance review of Sloane Capital Corp and Freedman, an exempt market dealer, CRR staff found that the firm routinely failed to conduct adequate KYC. Advisers at the firm did not meet with clients to obtain KYC information prior to making trades and relied on representatives of the issuer to conduct KYC. Similarly, in another case, a portfolio manager had accepted referrals from unregistered financial planners and relied on these individuals to meet with clients to collect KYC information.
An initial guide to meeting regulatory KYC expectations of the OSC and the CSA is outlined in CSA Staff Notice 31-336. Additionally, the OSC has included a number of best-practice tips in the annual summary report outlining findings from reviews conducted by CRR staff.
Registrants are expected to become personally acquainted with clients with the aim of obtaining thorough understanding of a client's personal and financial circumstances. As such, delegating the collection of KYC information to third parties, especially unregistered individuals, is almost guaranteed to raise red flags with securities regulators during compliance reviews.
Asking clients to fill out a "tick the box" form without an understanding of their personal and financial circumstances is unlikely to be considered adequate for suitability assessments, thus supporting the need for advisers to engage clients in detailed conversation about their investment needs.
When making suitability assessments, registrants need to have adequate client information to determine whether certain investments are suited to a client's risk profile. To do so, financial advisers need to have a solid understanding of a client's life circumstances, investment goals and attitude towards financial risk, among other considerations. These factors may change over time, giving rise to the need to review and update KYC information on a regular basis.
KYC information should be updated annually, at minimum. During a KYC review, advisers are required to evaluate whether a client's life circumstances or a significant change in market conditions have affected their suitability for certain investments such as exempt securities. As a best practice, any changes should be recorded in writing and signed off by the client and the adviser.
Firms are also well advised to ask registered advisers to keep written records of information collected during a KYC consultation with a client and clear records of any updates or changes to a client's KYC file. Maintaining documentation that is easily accessible enables registrants to demonstrate to regulators that they have conducted KYC in compliance with regulatory requirements.
Accurate and up-to-date KYC records are a crucial part of any registered firm's compliance program. Advisers are increasingly expected to demonstrate that they have complied with suitability rules in selling exempt securities to accredited investors. Maintaining adequate documentation to support suitability analysis for trades enables registrants to be able to account to regulators.
In addition to managing suitability assessments, maintaining robust KYC practices also play a role in mitigating regulatory risks pertaining to anti-money laundering (AML) reporting requirements. Securities dealers in Canada are required to have a compliance program in place to provide reports to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). To satisfy regulatory requirements, firms must collect adequate KYC information to ascertain the identity of their clients and maintain accurate records of such information.
While FINTRAC has yet to pursue high profile enforcement actions against investment firms, AML regulatory scrutiny may be on the horizon. Earlier this year, the Canadian government published a highly critical assessment of AML controls at Canadian banks. The report has generated much debate and could spur regulators to pay closer attention to KYC practices and AML compliance measures at financial firms.