MFDA and IIROC: Canada’s Communication Recordkeeping Regulations

Countries worldwide are on high alert for another banking crisis, and regulators are cracking down and becoming more stringent about financial services companies staying compliant with rules and regulations designed to protect the industry. Rising in prominence with the dominance of mobile phones are communication recordkeeping regulations, which stipulate how organizations must capture and maintain business communication records.

The financial services markets in Canada are primarily overseen by the Mutual Fund Dealers Association of Canada (MFDA) and the Investment Industry Regulatory Organization of Canada (IIROC). MFDA Canada is responsible for mutual fund dealers, and it sets and enforces regulatory standards and conducts compliance audits and investigations. The IIROC oversees all investment dealers, setting and enforcing business and financial conduct rules.

Read on for an in-depth look at the fundamental MFDA and IIROC rules regarding communication recordkeeping regulations and how financial services companies can comply without compromising their business efficiency.

MFDA and IIROC Regulations

When it comes to IIROC vs. MFDA, there is little difference in the rules and regulations. Both MFDA and IIROC require mutual fund and investment dealers to abide by the following:

• All communications must be recorded in either written or electronic format.
• The data must be stored for a fixed period (usually 5 years, but there are certain exceptions) using a secure storage method that is fully tamper-proof and is in a “write once, read many” format.
• The types of communications that have to be archived according to IIROC rules include mail, email, voice communications, social media, and other instant messaging apps, as well as any other type of digital communications.
• A supervisory system must be in place to monitor and track employee actions to ensure full MFDA and IIROC compliance.

At the same time that companies are required to capture and store communications data, they are also bound by the Access to Information Act and the Personal Information and Protection and Electronic Documents Act (PIPEDA). These Acts protect the privacy of consumers and regulate the way that companies are allowed to use the personal information they collect.

Compliance and Enforcement

Under the rules of the MFDA and IIROC, firms must take the following steps to prove their compliance with the communication and recordkeeping regulations, including:

• Timestamping all communication records.
• Documenting any changes made to originals or duplicates of communication records.
• Making any and all requested records and information available immediately (or as soon as possible) to the MFDA or IIROC enforcement team.

Compliance Challenges

While regulatory compliance is a top priority for most financial services organizations, it is not without its challenges, including:

• Multiple Communication Channels – especially – but not only – in the wake of the Covid pandemic and the increase in people working from home and communicating via mobile devices, a wide range of messaging apps are in use. With clients using the apps of their choice to communicate with financial advisors and other employees using personal devices, monitoring and tracking all communications can be tough.

• Unstructured Data – with multiple communication channels being used, from standard email to WhatsApp and other messaging apps to voice messages, companies are amassing vast amounts of data, all in different formats. It’s a huge undertaking to consolidate all of the data and put it in a usable format that will be useful to regulators.

• Regulatory Changes – laws and regulations are often updated and changed, and it is the responsibility of each firm to know exactly what is required of them. Constantly changing company policies to ensure they are in line with the most updated rules is time-consuming and requires much effort.

Enforcement Mechanisms and Penalties

Both the MFDA and IIROC can do spot-checks and audits, but they are more likely to get involved when there is suspicion of wrong-doing that must be investigated. If they find lapses in compliance, companies can face significant financial repercussions and hefty fines.

 

In addition, financial institutions that fall out of compliance are at risk for reputational damage. Suppose clients or regulators accuse them of financial impropriety and they have not followed the communication recordkeeping regulations. In that case, they may find themselves losing the hard-earned trust of clients and prospective clients.

 

Investment firms and other financial services organizations would be well-advised to ensure that they are completely up-to-speed on the latest rules and are in full compliance in order to protect themselves against litigation and fees, maximize their operational efficiency and reduce the risk of reputational damage.

Impact of Communication Recordkeeping Regulations on the Financial Industry

It’s important to remember that the main reason behind the seemingly onerous regulatory record retention requirements is the protection of both investors and the financial firms. The overall goal is to ensure the stability and fairness of the financial markets. In Canada, IIROC and MFDA are there to oversee this process, and by complying, companies are creating real benefits for the financial industry as a whole.

For example, recording and storing all communications with customers provides them with an added level of protection. There is an easily-accessible record of things like trade requests and pricing information so that there can be no unresolvable miscommunications or misunderstandings. Similarly, communication records provide transparency, making it difficult for an employee to leak sensitive information without being caught and held accountable. Knowing these safeguards are in place is often enough to prevent malicious behavior.

Best Practices for Compliance

To ensure full compliance, financial service companies in Canada must:

• Have policies and processes in place that involve capturing all relevant communication channels, including emails, voice calls, and instant messaging apps.
• Make sure that the archived communication data is easily accessible and retrievable when needed.
• Conduct regular internal audits and reviews.

Fortunately, there are technological tools and solutions that have been designed specifically to help companies keep track of and comply with all regulations. These tools include automated capturing and cloud-based storage of all communications for easy retrieval.

Full Compliance the LeapXpert Way

All Canadian financial services companies are bound by IIROC regulations and/or MFDA compliance rules. LeapXpert’s Communications Platform allows financial services firms to authorize their employees to use all of the most common messaging channels while still remaining fully compliant with everything from IIROC text archiving rules to all other communication recordkeeping regulations as set out by the IIROC and MFDA.

Contact us to learn more about how LeapXpert can help ensure full IIROC and MFDA compliance.