What you need to know about the Investment Industry Regulatory Organization of Canada

IIROC - setting and enforcing financial rules for investment dealers in Canada

IIROC was established as a non-profit corporation on June 1, 2008 through the consolidation of the Investment Dealers Association of Canada and Market Regulation Services Inc.

IIROC is charged with the setting and enforcement of financial rules for all investment dealers in Canada, which includes both investment firms and individuals. The enforcement staff at IIROC is responsible for identifying, investigating and prosecuting any potential regulatory violations. Discipline violations can include fines, suspensions, and permanent bans or termination for both individuals and firms.

IIROC oversight responsibilities

IIROC is responsible for oversight of approximately 174 firms and more than 32,000 registered individuals. IIROC is also responsible for oversight of debt and equity markets, to ensure trading activities fall within all pertinent trading rules.

IIROC Record Keeping Rules and Regulations

There are a number of different rules related to record keeping that fall under the purview of the IIROC.

IIROC rule 3220

Rule 3220 details the records that Dealer Members and Registered Representatives must retain. These records include information related to client accounts as well as client account applications. Dealer Members must maintain a record of persons with trading authorization over client accounts and must ensure that these records allow for the identification of anyone with trading authorization for multiple clients or client accounts.

IIROC rule 3803

IIROC rule 3803 requires Dealer Members to retain copies of all records for a minimum of seven years in both a durable and accessible format. However, it does allow for some flexibility to the seven-year rule if securities’ laws related to a specific type of record allow for it.

IIROC rule 3804

IIROC rule 3804 builds on Rule 3220 in that it further outlines the current records that must be retained. The Rule details the types of records that must be retained related to Dealer Members business activities as well as compliance with securities’ laws and IIROC rules. It also requires Members to make available any records to IIROC upon request.

IIROC rule 3908

Rule 3908 details records that must be retained by Dealer Members with respect to supervisors, including supervisory responsibilities and any review and approval done by a supervisor. The records must be retained for a minimum of seven years, with some flexibility for exceptions per Rule 3803.

IIROC rule 29.7

Within Rule 29.7, 29.7(5) specified firm requirements to archive written business communications (e.g., advertisements, sales literature and social media) and supervised employees. This Rule was repealed as of December 31, 2021. Instead, Dealer Member Rules have been consolidated and replaced with the IIROC Rules noted above.

IIROC rule 29.7

In addition, the Universal Market Integrity Rules (“UMIR”) set out requirements applicable to IIROC Dealer Members, Access Persons, and Marketplaces for securities-related trading activities. UMIR Rule 10.12 details the retention of records with instructions that include what a Dealer Member must retain and the retention period (at least seven years, with the first two years being readily accessible).

What challenges do financial firms face with regard to IIROC record keeping?

Challenges that Canadian institutions under the IIROC authority are similar to those of U.S. institutions financial institutions under the oversight of the SEC, FINRA, and CFTC. These include:

IIROC record keeping challenge 1:
Identifying which records need to be retained 

Building an inventory of records requires understanding which products/services the institution operates within, and based on this, which rules and records are within scope. Firms require an in-depth review of their record systems to ensure compliance with IIROC record keeping requirements.

IIROC record keeping challenge 2:
Keeping up with new rules

In addition, new recordkeeping rules require institutions to review new rule requirements to assess whether improvements in technology are required to meet minimum standards for record keeping and reporting. In some cases, technological improvements may create integration as well as be costly in terms of resource and budget.

IIROC record keeping challenge 3:
Growing data volumes

Another challenge related to recordkeeping includes volume of data and complexity of technologies. The shear amount of data institutions must capture and retain creates a serious challenge as far as what is to be collected and how to retain it. 

IIROC record keeping challenge 4:
Capturing and storing communications data like WhatsApp and iMessage

The complexity of technology such as outside messenger services like WhatsApp and social media sites such as Instagram creates a number of challenges as far as tracking and retaining these communications. As more and more interactions, both internally and externally, are being conducted on mobile or non-work devices, tracking and keeping those records has become increasingly difficult. 

IIROC Record Keeping Enforcement Actions

While there have not been any major enforcement actions levied by IIROC specifically related to record keeping violations, the potential penalties for any such violation may include, but are not limited to:

  • A reprimand

  • Fines, up to a maximum of $5 million per violation

  • Restrictions or expulsion from IIROC membership

SteelEye Record Keeping

SteelEye provides an efficient and reliable response to firm's IIROC record keeping needs. The platform brings together structured and unstructured data from a wealth of sources and stores it in an immutable format, WORM compliant format. 

IIROC Trade and Communications Surveillance

IIROC has several rules related to trade and communications surveillance, both IIROC and UMIR. The rules primarily relate to market manipulation, that must be prevented as well as supervision rules to demonstrate firms are adhering to market manipulation rules.

UMIR Rule 2.2

Under UMIR Rule 2.2, Manipulative and Deceptive Activities, a Participant cannot engage in the use of manipulative or deceptive methods in connection with any order or trade. In addition, a Participant may not create a misleading appearance of trading activity, artificial ask or bid price. Part’s 1 and 2 of the Rule lays out key definitions of manipulative and deceptive as well as misleading trading activity and artificial pricing.

UMIR Rule 7.1

Under UMIR 7.1, Trading Supervision Obligations, a firm must supervise its employees to ensure that trading in securities adhere to all appropriate trading rules and marketplace rules. These would include supervision of any potential market manipulation rules.

IIROC Rule 7109

Under IIROC Rule 7109, Manipulative and Deceptive Practices in the Debt Markets, Dealer Members may not participate in any activities that are manipulative or deceptive, specifically within the debt markets. Part (2) of the Rule lays out what constitutes manipulative or deceptive.

What challenges do financial firms face with regard to IIROC market manipulation and surveillance rules?

There are many challenges firm’s face in relation to trade and communications surveillance and market manipulation rules. Below sets out a few examples. However as many firms operate in different manners, additional challenges may present themselves, which will also need to be accounted for.

IIROC Trade Surveillance Challenge 1: Broad definition of market manipulation

One of the biggest challenges the industry faces concerning trade and communication surveillance is the broad nature of the rules themselves. The rules are written with no prescribed way in which surveillance should be conducted, allowing the IIROC a significant amount of room to determine what they deem as violations of market manipulation rules and take enforcement action.

IIROC Trade Surveillance Challenge 2: Use of new communications channels

More widespread use of new communications channels such as third-party apps like WhatsApp or iMessage, prompted by the Covid pandemic and increases in remote working, makes surveillance even more challenging for compliance teams. This is because communications on new channels either need to be captured or made prohibited through a corporate policy. But when a platform is banned, firms need to be able to identify intent among employees to, for example, start talking on this unmonitored channel to ensure policies are being adhered to. This can be done through lexicon searches for phrases like “let’s talk on WhatsApp”. However, a lot of surveillance technology is not up to date with modern ways of communicating.

IIROC Trade Surveillance Challenge 3: Determining actual wrongdoing

A firm’s ability to distinguish between clear signals of wrongdoing and simply ‘noise’ within the trading environment makes it even more challenging for firms to comply with IIROC market manipulation rules. Many trade surveillance systems find it difficult to distinguish between false results (or "false positives") and instances that actually warrant an investigation. Additionally, there needs to be evidence of intent, which further complicates matters for firms.

IIROC Trade Surveillance Challenge 4: Disparate systems

Surveillance doesn't have to be done holistically. In fact, many firms today still use different systems for different types of data or even asset classes. For example, many financial firms carry out their communications and trade surveillance separately, through different platforms. However, trades don’t happen in isolation and this data is deeply interconnected. Disparate data not only impacts the time it takes for firms to respond to potential instances of misconduct or market manipulation but it also prevents them from getting a holistic view of their trading operations. 

SteelEye Integrated Trade and Communications Surveillance

Integrated surveillance solution that delivers simple, effective and efficient supervisory controls. The platform brings together multidimensional data on a single, flexible platform with rich reporting, automated workflows and analytics that identify suspicious activity, quickly.

Learn more

SteelEye Communications Surveillance


Learn more about global financial services regulations


Latest News

Global Regulators Intensify Scrutiny of Market Manipulation Failures

| 10 May 2024

SteelEye’s Women in RegTech: Sonia Chowdhury

| 09 May 2024

Navigating Off-Channel Communications

| 29 Apr 2024

Investment in compliance at record low despite regulatory burden higher than ever - survey finds

| 18 Apr 2024

Preparing for a Regulatory Examination

| 11 Apr 2024

Kyte Broking Improves Client Engagement With WhatsApp & Telegram Communications

| 10 Apr 2024