Financial and Operations ComplianceCurrent Issues

FOAS Annual ConferenceKelowna, BCSeptember 9, 2017

FINOPs Current IssuesAgenda

• Cybersecurity initiatives

• CRM2 implementation

• Service Arrangements with Portfolio Managers (PM)

• Agency Security Borrowing and Lending Arrangements

2

FINOPs Current IssuesCybersecurity Initiatives

• Self-assessments

• Cybersecurity report cards

• Follow-up visits on moderate-to-high risk dealer members

• Include cybersecurity in FINOPs risk assessment model

• Table-top exercise planned to help small dealers improve threat and incident response management

• Ad hoc alerts (i.e. WannaCry, Golden Eye, PetyaRansomeware viruses)

3

FINOPs Current IssuesNational Institute of Standards and Technology Framework

4

Cyber Threat Intelligence 

Security Event monitoring

Authentication

Identity Lifecycle Management

Forensics

Secure Software Development 

Lifecycle

Network Security

System / Device Security

Brand Protection

Cyber Attack Readiness Testing

User Behavior  Analytics

Patch & Vulnerability Management 

Malware Protection

Business Continuity Management

Physical Security

Application Security

Security Analytics

Information Protection

Incident Management

Identity & Access 

Management

Application Protection

Infrastructure Protection

Threat Management

Cybersecurity Management

Governance Prevent Detect Respond/Recover

Roles and Rights Management

Training  & Awareness

Risk Management & Compliance

HR Security

Cyber Insurance

Third Party Risk Management

Policies & Standards 

Domains

Information Classification

Data Privacy

Data Loss Prevention

Encryption

Information Lifecycle  

ManagementNetwork & System 

Analytics

Security Incident  Response

FINOPs Current IssuesCybersecurity Recommendations

5

FINOPs Current IssuesCRM2 Implementation

• Effective July 15, 2016

• New reporting

• Internal working group FAQs

• Exemptions

• Rollout issues

• March 6, 2017 broadcast email

6

FINOPs Current IssuesCRM2 Implementation

• Survey results…

o What 12-month reporting period was selected?

o Were reports sent within 10 days after client account statements?

o How did you ensure accuracy?

o Were control accounts used?

o What issues were encountered in the implementation, preparation and issuance of these reports?

7

FINOPs Current IssuesCRM2 Implementation

• Current examination approach

• Review reports for proper disclosure

• Review exemptions granted for compliance

• Common deficiencies

8

FINOPs Current IssuesService Arrangements with PMs

• CSA Staff Notice 31-347 recommendations

• CIPF FAQs

• IIAC best practices service agreement

• IIROC action plan

9

FINOPs Current IssuesService Arrangements with PMs - Recommendations

10

Portfolio Investment Management Agreement

CSA Portfolio Manager

(PM)

IIROC Dealer Member

(DM)

Service Provider

Trade Execution / Clearing+

Statement of Customer Holding

Trade orders

Month-end customer account statements (with CIPF coverage)

Trade activity reporting

PM / DM Services Agreement – Provide roles and

responsibilities

Customer statement reporting and written disclosure of arrangement

PM holding any securities must issue statement

Individual customer account documentation

- KYC Name and address- PM account trading authority

Clients

PM must maintain own system of customer records to comply NI31-103 customer statements.

• PM should reconcile own trade order records to DM trade activity reports.

• PM should reconcile customer custody holdings as reported by DM to own records.

FINOPs Current IssuesService Arrangements with PMs - CIPF FAQs

1. “The PM that manages and provides advice on my investments is not a CIPF member, but the investment dealer holding my investments is a CIPF member. Does CIPF coverage apply if my PM becomes insolvent?” Answer is NO

2. “Can a CIPF member, who enters into an agreement with a PM to provide custodial services to the PM and its clients, provide the PM’s contact information on its account statements?”

Answer is YES

11

FINOPs Current IssuesService Arrangements with PMs –Agreement

12

• Status of IIAC best practices agreement

• Roles and responsibilities must be clearly defined

FINOPs Current IssuesService Arrangements with PMs – Action Plan

13

• Ensure service agreement is in place

• Ensure appropriate CIPF disclosure is on client statement

• Obtain confirmation from Dealer Member that PM has its own books and records

• CRM2 exemption for custodial accounts is not automatic; Dealer Member must apply for exemption

FINOPs Current IssuesAgency Securities Borrowing and Lending

Traditional Agent Equivalent to Principal Arrangement

14

AGENT(e.g. BONY, State Street, Blackrock)

DEALER MEMBER(Borrower)

Collateral sent to AgentBorrowed securities sent to Dealer Member

Lenders provide securities to Agent

LENDER(pension fund)

LENDER(pension fund)

LENDER(pension fund)

FINOPs Current IssuesAgency Securities Borrowing and Lending

Main reason for industry shift to collateral management arrangements is operational efficiency

15

AGENT

Dealer Member(Borrower)

Collateral Held at Custodian(also send Collateral Mark Instructions)

Borrowed securities sent to Dealer Member

Custodian(e.g. JP Morgan)

Collateral Mark Instructions

Request to borrow securities

AGENT

AGENT

Lenders provide securities to Agent

LENDER(pension fund)

LENDER(pension fund)

LENDER(pension fund)

FINOPs Current Issues

16

Thank you, that ends our presentation.

Questions