Best Practices for Head Office Supervision of Branch Offices 

This notice provides guidance for Dealer Members on maintaining an adequate branch supervisory program.

IIROC rules 29.27 and 2500 mandate that a firm’s supervisory system includes procedures for follow-up and review to ensure that supervisory personnel are properly executing their functions, including the requirement for periodic on-site reviews and supervision and record keeping.

Most firms have more than one office location, and possibly hundreds in the case of private client services.  In some hybrid business models, supervision is handled by head office and in the case of sub-branch offices, supervision is generally carried out at the responsible branch office.

These audits vary in scope depending on the size of the branch and the functions it performs.  Some firms conduct mainly business conduct audits, however, some also conduct financial and operational audits.

IIROC Review of Dealer Member Branch Office Supervision Processes  

The Business Conduct Compliance Department of IIROC initiated a review of branch supervision processes at selected Dealer Members in the period January-March 2009.

The objective of the review was to determine the effectiveness of Dealer Members’ branch supervision processes by conducting testing at head offices and a selection of branch offices.  The focus of the review was to identify and report on weaknesses or deficiencies in the branch supervision process and to identify and develop some guidelines for branch office supervision.

IIROC developed a questionnaire to facilitate the selection of a representative sample of full-service retail branches. All Dealer Members were required to respond to the questionnaire for each of their branches. IIROC selected and reviewed 10 Dealer Members’ head offices and 28 branches across Canada, and reported to the Dealer Members their specific results.

Guidelines for Branch Supervision

All Dealer Members with branch offices are required to conduct branch compliance audits.  It is the Dealer Member’s responsibility to exercise sound judgment when determining the frequency and extent of supervision of branches, sub-branches, or other business locations. 

1. Scope
   
   The audit programs must be appropriately designed to test that supervisory staff are properly reviewing the activities at their branch, to ensure that the appropriate tests are undertaken and that adequate records are maintained. 
2. Planning
   
   Branch audits require adequate planning to ensure they function effectively.  An important part of the audit occurs before the actual branch visit through a review of material available at the head office level, such as monthly trade supervision reviews, registration files, outstanding client complaints and correspondence with other departments, such as credit and marketing.  Many firms also require the completion of a pre-audit questionnaire used as a risk based tool to determine the scope and priority of the branch review.
3. Audit Program and Training
   
   Compliance audits should be standardized so that all branches are subject to the same level of review and compliance standards.  All compliance officers conducting the examinations should be properly trained. The scope of the audit program should be comprehensive and cover all aspects of the Dealer Members’ business lines and all applicable laws, rules and requirements.  The programs should be reviewed periodically and updated to include new rule changes, revisions to internal policies and procedures and new lines of business.
4. Risk Identification
   
   Specific risk factors should be identified for each branch and tested during the course of the audit.  These include, for example the review of:
   • producing versus administrative only branch managers
   • experience level of branch manager
   • experience level of sales and support staff
   • past disciplinary actions of sales staff
   • sources of branch revenue (retail, institutional, managed, corporate finance)
   • number of client accounts
   • percentage of revenue derived from low to high risk tolerance investments
   • findings from prior branch office compliance audits
   • number of client complaints
5. Audit Report and Follow-up
   
   An audit report should be provided within a reasonable time.  The report should request a written response addressing any deficiencies noted.  The Chief Compliance Officer (‘CCO’), in conjunction with management, should determine the implications of the audit reports, particularly in respect of serious or repeated deficiencies.  Under certain circumstances, surprise examinations in retail branch offices may be appropriate, especially where there is an indication of inappropriate behavior or inadequate controls. Serious issues and significant deficiencies should be included in the CCO report to the Board.
   
   Dealer Members should have a robust process for appropriate follow-up to audit concerns and findings, and are required to maintain adequate records.

Common Concerns Identified In the Branch Review

IIROC identified some common concerns about the ten Dealer Member firms’ branch audit programs. Each of these areas of concern is identified below and some best practices are presented for each.

1. Inadequate follow-up procedures
   
   Most Dealer Members examined had extensive compliance audit programs in place, but either lacked or had inadequate follow-up procedures to ensure the compliance audit findings were tracked and corrective action taken.
   
   Where a Dealer Member identifies specific areas of concern, an important part of the head office oversight process is to take reasonable steps to ensure that the branch office properly addressed the deficiencies by taking corrective action.
   
   Recommended best practices include:

• Establish and document expected timelines for audit responses and follow-up actions;
• Ensure inadequate responses are addressed;
• Conduct follow-up reviews (audits) and ensure all deficiencies were corrected within established timeframes; and
• Ensure that there is an appropriate escalation procedure within the Dealer Member for issues of concern.

2. Inadequate oversight procedures for fee-based accounts
   
   IIROC found that most Dealer Members had inadequate procedures in place to oversee both the account opening process and the suitability assessment for fee-based accounts. Often this account type was not always readily identifiable on the supervisory reports of the firm making supervision and oversight of the trading activity in the accounts difficult to identify and track.
   
   Dealer Members must ensure that they can identify all account types, including fee based accounts, to ensure the appropriateness of the type of account for the client and for the purpose of appropriate post trade monitoring.
   
   Recommended best practices include establishing supervisory reports with appropriate filters to identify the account type and investment suitability.
3. Lack of Evidence of Supervision
   
   Many Dealer Members did not record or maintain adequate evidence of daily and monthly supervisory reviews at either the branch or head office levels.  These deficient records included supervisory testing records, records of inquiries made, responses received and records of action taken.  In some cases, supervisors (e.g. branch managers) conducted only random reviews, and cited either oversight, time constraints or a lack of understanding of their regulatory supervisory obligations.
   
   IIROC also observed that some reviews were not conducted within the required time period.  In addition, there was often a lack of evidence of supervision during absences of the designated supervisors. In some cases, Dealer Members were unable to produce written delegation of supervisor’s duties.
   
   Supervisors and their delegates must be knowledgeable of their responsibilities and they must properly execute their supervisory duties.  Further, there must be documented evidence of supervisory reviews and approvals by the responsible individual(s) at head office and or the branch.  The supervisor delegating the task must ensure that these tasks are being performed adequately and that exceptions are brought to his/her attention.
   
   Recommended best practices include:
    
   • Delegation of a qualified person to conduct supervisory reviews in the absence of the designated supervisor or branch manager;
   • Documentation of the delegation process including the scope of the duties to be performed; and
   • Developing a system for testing the adequacy of the delegated review including any escalated exceptions.
4. Inadequate control over the issuance of customized portfolio summaries
   
   Certain Dealer Members were found to have inadequate oversight or a lack of control over the issuance of customized portfolio summaries to clients.  This is of concern as a lack of control could lead to incorrect or misleading reports and lack of or incorrect use of disclaimers sent to clients of the firm. 
   
   Dealer Members are required to have written policies, procedures and internal controls to ensure that any customized portfolio summaries or portfolio reports provided to clients are accurate and complete.  Appropriate supervision must also be implemented.
   
   Recommended best practices include:
    
   • Hard coding templates for portfolio summaries which include applicable disclaimers rather than having advisors developing their own personalized summaries;
   • Placing restrictions on the initial set-up of the portfolio summaries, limiting the fields that can be customized by the sales person without prior approval or oversight of the firm;
   • Conducting education and training sessions for all employees and/or agents as to the policies and procedures of the firm as to limitations and disclaimers in the creation and issuance of customer portfolio summaries; and
   • Verifying that the external data reported on the portfolio summaries originates from reliable sources.
5. Improper reassignment of accounts of terminated registrants
   
   Some Dealer Members were found to have improperly assigned house account codes to accounts of recently departed sales persons.  These accounts should have been reassigned to another registrant on a timely basis.  Untimely assignment of these accounts can lead to inadequate supervision of customer activity and could also jeopardize the firm-client relationship.
   
   In some situations where the Dealer Member reassigned accounts after a registrant left the firm, there were no identifiable controls in place to ensure the new registrant verified the information on the New Client Application Form (‘NCAF’) or that there was a signed acknowledgement by the new registrant and the branch manager that the NCAF had been reviewed. 
   
   It is a regulatory requirement that the Dealer Member ensures that the new registrant evidences they have confirmed with the client that information on the NCAF is current and accurate.  The Dealer Member must have in place specific policies and procedures, along with controls over the reassignment of terminated registrants’ accounts.
   
   Recommended best practices include:
    
   • Assigning a designated person responsible for the oversight and reassignment of customer accounts; and
   • Documenting procedures for actions required by the new qualified registrant, prompt transfer of accounts, follow-up processes to ensure reassignment of all customer accounts, and enhanced supervision or restrictions on trading for those accounts which could not be readily transferred or where the client could not be contacted.
6. Poor control of client address changes
   
   During the review IIROC found cases where the firm’s internal controls or procedures regarding address changes were not followed.  In some cases there was no record of residential addresses, no record of the actions taken on any errors, omissions or where there were unauthorized changes to the client’s address.
   
   Recommended best practices include:
    
   • Accepting only written address changes authorized by the client(s) in writing or in another acceptable form that can be validated;
   • Having changes entered by an employee independent of the sales function;
   • Conducting independent verification that the address is valid (i.e. not advisor’s or other employee’s home address);
   • Verifying that the advisor is registered in the applicable provincial jurisdiction of the client’s home address; and
   • Not permitting P.O Boxes without a full residential address of the client on file.
7. Inadequate control and review of advertising and sales literature
   
   Most Dealer Members examined had an approval process for both advertising and sales literature that was controlled by head office.  IIROC noted deficiencies such as incorrect disclosures and misleading information contained in material distributed to clients.  In some instances where the responsibility remained within the branch, many branches did not consistently maintain evidence of their approval by a designated person.
   
   Dealer Members are required to establish robust processes to ensure that qualified persons properly review advertising and sales literature and maintain appropriate records of the approval process.
   
   Recommended best practices include:

• Developing policies and procedures that clearly delineate who is responsible for the approval process either at the branch, head office or both;
• Developing procedures that provide sufficient guidance to adequately assess and approve materials;
• Providing training tools provided to applicable staff (including supervisors) which  include all related regulatory requirements and what type of evidence of approval that must be maintained; and
• Maintaining a clear audit trail of the approval process.