IIROC was established as a non-profit corporation on June 1, 2008 through the consolidation of the Investment Dealers Association of Canada and Market Regulation Services Inc.
IIROC is charged with the setting and enforcement of financial rules for all investment dealers in Canada, which includes both investment firms and individuals. The enforcement staff at IIROC is responsible for identifying, investigating and prosecuting any potential regulatory violations. Discipline violations can include fines, suspensions, and permanent bans or termination for both individuals and firms.
There are a number of different rules related to record keeping that fall under the purview of the IIROC.
Rule 3220 details the records that Dealer Members and Registered Representatives must retain. These records include information related to client accounts as well as client account applications. Dealer Members must maintain a record of persons with trading authorization over client accounts and must ensure that these records allow for the identification of anyone with trading authorization for multiple clients or client accounts.
IIROC rule 3803 requires Dealer Members to retain copies of all records for a minimum of seven years in both a durable and accessible format. However, it does allow for some flexibility to the seven-year rule if securities’ laws related to a specific type of record allow for it.
IIROC rule 3804 builds on Rule 3220 in that it further outlines the current records that must be retained. The Rule details the types of records that must be retained related to Dealer Members business activities as well as compliance with securities’ laws and IIROC rules. It also requires Members to make available any records to IIROC upon request.
Rule 3908 details records that must be retained by Dealer Members with respect to supervisors, including supervisory responsibilities and any review and approval done by a supervisor. The records must be retained for a minimum of seven years, with some flexibility for exceptions per Rule 3803.
Within Rule 29.7, 29.7(5) specified firm requirements to archive written business communications (e.g., advertisements, sales literature and social media) and supervised employees. This Rule was repealed as of December 31, 2021. Instead, Dealer Member Rules have been consolidated and replaced with the IIROC Rules noted above.
In addition, the Universal Market Integrity Rules (“UMIR”) set out requirements applicable to IIROC Dealer Members, Access Persons, and Marketplaces for securities-related trading activities. UMIR Rule 10.12 details the retention of records with instructions that include what a Dealer Member must retain and the retention period (at least seven years, with the first two years being readily accessible).
Challenges that Canadian institutions under the IIROC authority are similar to those of U.S. institutions financial institutions under the oversight of the SEC, FINRA, and CFTC. These include:
Building an inventory of records requires understanding which products/services the institution operates within, and based on this, which rules and records are within scope. Firms require an in-depth review of their record systems to ensure compliance with IIROC record keeping requirements.
In addition, new recordkeeping rules require institutions to review new rule requirements to assess whether improvements in technology are required to meet minimum standards for record keeping and reporting. In some cases, technological improvements may create integration as well as be costly in terms of resource and budget.
Another challenge related to recordkeeping includes volume of data and complexity of technologies. The shear amount of data institutions must capture and retain creates a serious challenge as far as what is to be collected and how to retain it.
The complexity of technology such as outside messenger services like WhatsApp and social media sites such as Instagram creates a number of challenges as far as tracking and retaining these communications. As more and more interactions, both internally and externally, are being conducted on mobile or non-work devices, tracking and keeping those records has become increasingly difficult.
SteelEye provides an efficient and reliable response to firm's IIROC record keeping needs. The platform brings together structured and unstructured data from a wealth of sources and stores it in an immutable format, WORM compliant format.
IIROC has several rules related to trade and communications surveillance, both IIROC and UMIR. The rules primarily relate to market manipulation, that must be prevented as well as supervision rules to demonstrate firms are adhering to market manipulation rules.
Under UMIR Rule 2.2, Manipulative and Deceptive Activities, a Participant cannot engage in the use of manipulative or deceptive methods in connection with any order or trade. In addition, a Participant may not create a misleading appearance of trading activity, artificial ask or bid price. Part’s 1 and 2 of the Rule lays out key definitions of manipulative and deceptive as well as misleading trading activity and artificial pricing.
Under UMIR 7.1, Trading Supervision Obligations, a firm must supervise its employees to ensure that trading in securities adhere to all appropriate trading rules and marketplace rules. These would include supervision of any potential market manipulation rules.
Under IIROC Rule 7109, Manipulative and Deceptive Practices in the Debt Markets, Dealer Members may not participate in any activities that are manipulative or deceptive, specifically within the debt markets. Part (2) of the Rule lays out what constitutes manipulative or deceptive.
There are many challenges firm’s face in relation to trade and communications surveillance and market manipulation rules. Below sets out a few examples. However as many firms operate in different manners, additional challenges may present themselves, which will also need to be accounted for.
One of the biggest challenges the industry faces concerning trade and communication surveillance is the broad nature of the rules themselves. The rules are written with no prescribed way in which surveillance should be conducted, allowing the IIROC a significant amount of room to determine what they deem as violations of market manipulation rules and take enforcement action.
More widespread use of new communications channels such as third-party apps like WhatsApp or iMessage, prompted by the Covid pandemic and increases in remote working, makes surveillance even more challenging for compliance teams. This is because communications on new channels either need to be captured or made prohibited through a corporate policy. But when a platform is banned, firms need to be able to identify intent among employees to, for example, start talking on this unmonitored channel to ensure policies are being adhered to. This can be done through lexicon searches for phrases like “let’s talk on WhatsApp”. However, a lot of surveillance technology is not up to date with modern ways of communicating.
A firm’s ability to distinguish between clear signals of wrongdoing and simply ‘noise’ within the trading environment makes it even more challenging for firms to comply with IIROC market manipulation rules. Many trade surveillance systems find it difficult to distinguish between false results (or "false positives") and instances that actually warrant an investigation. Additionally, there needs to be evidence of intent, which further complicates matters for firms.
Surveillance doesn't have to be done holistically. In fact, many firms today still use different systems for different types of data or even asset classes. For example, many financial firms carry out their communications and trade surveillance separately, through different platforms. However, trades don’t happen in isolation and this data is deeply interconnected. Disparate data not only impacts the time it takes for firms to respond to potential instances of misconduct or market manipulation but it also prevents them from getting a holistic view of their trading operations.
Integrated surveillance solution that delivers simple, effective and efficient supervisory controls. The platform brings together multidimensional data on a single, flexible platform with rich reporting, automated workflows and analytics that identify suspicious activity, quickly.