Regulators push firms to prove they truly put client interests first under the reforms
Some firms still cannot show, on paper, that their recommendations put clients first under the Client Focused Reforms — and regulators have now spelled out exactly where those firms are falling short.
According to a new Joint CSA / CIRO Staff Notice 31‑368, the Canadian Securities Administrators (CSA) and the Canadian Investment Regulatory Organization (CIRO) reviewed 105 firms in a “CFRs Phase 2 Sweep” focused on know your client (KYC), know your product (KYP) and suitability determinations.
They found that while some firms have made “meaningful progress,” others have not properly updated their processes for the December 31, 2021 CFR changes, and have had to fix deficiencies.
Below are the points that matter most for advisors and dealers.
KYC: risk profile and financial data must be sharper
Regulators say many firms still run KYC as if only “risk tolerance” matters.
Under the CFRs, firms must separately assess both risk tolerance and “risk capacity” (the ability to endure financial loss), then document an overall risk profile. As per the Notice, common gaps include:
-
Only collecting risk tolerance, not risk capacity
-
Using “low / medium / high” boxes with no definitions or clear method for translating responses into a profile
-
Failing to reconcile obvious conflicts (for example, a high‑risk profile for an older client with limited assets and high liquidity needs)
-
No evidence that clients ever confirmed the risk profile and other KYC information
For financial circumstances, regulators highlight firms that:
-
Skip questions about liquidity needs, even where clients hold illiquid or non‑redeemable products
-
Use very broad ranges for income, net worth and net financial assets, making concentration checks almost meaningless
-
Do not gather a breakdown of assets (cash, listed securities, mutual funds, exempt products, and relevant external accounts), particularly where they place clients into illiquid or sector‑specific products
-
Record combined KYC for spouses and then use that to assess suitability for each spouse’s individual accounts
Given that more than 36 months have passed since the CFR KYC update rule took effect, CSA and CIRO say all client files should now contain full CFR‑compliant KYC.
They still see files with outdated KYC, thin notes like “no changes,” and no evidence of follow‑up after significant life events such as retirement or job loss.
KYP: show your work on product due diligence
On KYP, the regulators report that some firms collect prospectuses, financial statements and third‑party research, but cannot show how anyone actually analysed those materials.
According to the Notice, recurring issues include:
-
No clear record of who reviewed a product, what they considered, or when
-
Little or no KYP assessment for securities of related or connected issuers
-
Model portfolios offered to clients without portfolio‑level KYP on objectives, strategies, composition, risks, costs and target client types
-
Over‑reliance on an affiliate’s KYP instead of performing the firm’s own assessment
Firms must also approve everything on the shelf — including model portfolios — and maintain evidence of that approval (for example, signed‑off KYP memos or serious committee minutes).
Regulators criticise “approved lists” with no visible process or rationale behind them.
Monitoring is another pressure point.
The Notice says many firms do not define what a “significant change” in a security is, monitor complex or illiquid products only once a year, or simply wait for issuers to alert them to changes.
CSA and CIRO expect firms to:
-
Define what counts as a significant change (for example, risk rating, fees, liquidity, redemptions, issuer operations and governance, credit rating)
-
Monitor at a frequency that matches the product’s risk and complexity
-
Document what changed, what the firm concluded, and what actions they took (re‑approval, suitability reviews, sale restrictions, client notifications, etc.)
Critically, this KYP obligation also covers securities transferred in from other dealers and those acquired through client directed trades.
Many firms, according to the regulators, wrongly exclude those from KYP and monitoring, especially when the positions are small.
Suitability: all five factors, and the “client first” test
The CFRs require a suitability determination before every investment action, including decisions to continue holding securities.
As per the Notice, advisors and dealers must consider five elements:
-
KYC information
-
KYP and understanding of the security
-
Impact on the account and, where applicable, the client’s overall portfolio at the firm (concentration and liquidity)
-
Potential and actual impact of costs on returns
-
A reasonable range of alternative actions available through the firm
They must then determine that the chosen action puts the client’s interest first.
Regulators report that many firms:
-
Handle KYC and basic product fit but do not consistently assess concentration and liquidity within and across accounts
-
Do not properly factor in cost when there are multiple series or products that could meet the same need
-
Have no reliable process to show that advisors considered a reasonable range of alternatives, especially when recommending higher‑fee or more complex products
Some of this work can be centralized — for example, mandate‑level suitability memos, firm‑built comparisons across product sets, or researched short‑lists.
But according to CSA and CIRO, firms still need client‑level documentation when suitability is less obvious, when internal concentration thresholds are breached, or when advisors depart from model portfolios.
Periodic suitability reassessments are another weak area.
Firms must reassess at least as often as KYC is updated, and also when there are significant KYC or KYP changes, or when the advisor responsible for the account changes.
Regulators say too many firms cannot show that a full account‑level review ever happened, beyond a line in the file.
Client directed trades are not an escape hatch.
The Notice makes clear that advisors must still run a full suitability analysis.
If the trade is unsuitable or does not put the client’s interest first, the advisor must explain why, recommend an alternative, and document the client’s instruction if they insist on proceeding — regardless of trade size or frequency.
Policies and training: align the “how” with the rules
Finally, CSA and CIRO report that some firms have policies that quote the CFR rules but never explain how staff should comply in practice given the firm’s actual products, clients and systems.
Others have not updated manuals at all since before the reforms.
The Notice expects:
-
Detailed, firm‑specific procedures for KYC (including risk profile methodology), KYP (including product approval and monitoring, and treatment of transfers‑in and client directed trades) and suitability (including how to consider costs, alternatives, and portfolio‑level concentration and liquidity)
-
Clear record‑keeping expectations so advisors know exactly what must be in the file
On training, regulators highlight firms that offer incomplete or generic courses, rely on third‑party modules that are not tailored to the firm, make training optional, or fail to track who attended and who did not.
The expectation is mandatory, documented, CFR‑specific training for all registered individuals, with some firms now using quizzes and minimum pass marks to verify understanding.
