The financial services sector has been in a state of change in Canada with respect to regulatory scrutiny.
With a number of recent initiatives and activities coming from the Financial Consumer Agency of Canada (FCAC), we believe enforcement activity is poised to increase, including in both issuing more Notices of Violations as well as naming those institutions that do receive such notices. As a result, we recommend that financial institutions pay greater attention to their communications with the FCAC.
The FCAC’s Supervision Framework Guide states that its enforcement team investigates potential breaches of market conduct obligations and, depending on the severity of the breach, may, following the investigation, issue a Notice of Breach level 1, 2 or 3. However, not all Notices of Breach result in a Notice of Violation. Where FCAC determines that a breach is low in terms of severity, it may choose to address outstanding issues with tools such as actions plans or compliance reports.
Historically, few breaches have resulted in a Notice of Violation. To give some perspective, although FCAC does not reveal the number of breaches it investigates, its annual reports do disclose how many breaches have resulted in Notices of Decision.1 In 2017-18, four Notices of Decision were published addressing nine violations, and in 2016-17, three Notices of Decision were published.
However, as we describe below, recent regulatory changes suggest a shift in FCAC’s enforcement activity.
1. New FCAC definition of a reportable compliance issue
In April 2019, the FCAC adopted a new definition of a reportable compliance issue. Under the previous definition, financial institutions were required to report to the FCAC a material or systemic compliance deficiency that would normally have been reported to the institution’s compliance division. The interpretation of “material or systemic” was left to each institution.
Now, institutions must report to the FCAC breaches of a market conduct obligation that would normally be reported to the institution’s compliance division if the breach meets, at a minimum, one of the following:
once detected by the institution, the breach took longer or will take longer than 120 calendar days to fix and remediate;
the breach affected or affects more than 250 consumers; or
the breach was or is ongoing for more than 1 year before the institution detected it.
It is expected that this more onerous reporting requirement will result in an increase in FCAC reporting as breaches not previously considered “material or systemic” may now meet the above reporting threshold.
2. FCAC’s growth in supervision and enforcement resources
FCAC’s 2019-20 Business Plan notes that in order to effectively implement and operationalize its supervision initiatives including the implementations of the Government’s new financial consumer protection framework, the FCAC will continue “to build its capacity to discharge its oversight and enforcement responsibilities”.
As result, the FCAC’s supervision and enforcement team is expected to grow 130% over a three-year period from 27 persons in 2017-18 to 60 in 2020-2021.2
It is logical to assume that additional resources will lead to an increase in supervisory activities, and as a result, to more enforcement.
3. A new regulatory framework
The Budget Implementation Act, No. 2 2018, which received royal assent from Parliament in December 2018, introduced a new federal financial consumer protection legislative framework.
The framework expanded FCAC’s oversight of banks’ internal business processes and procedures including ensuring that a bank’s product and service offerings are appropriate for, and take into consideration, the customer’s needs and circumstances. The FCAC will also have the right to ensure that remuneration paid to bank staff, including benefits, do not impede any policies and procedures implemented to ensure the “appropriateness” of offered products or services.
The framework also now allows the Commissioner to direct banks to refund any charges incorrectly collected from consumers, and to impose interest as part of the refund. The Commissioner will also be permitted to direct banks to comply with a provision, or a compliance agreement, and to “perform any act that in the opinion of the Commissioner is necessary to do so”.
FCAC’s expanded scope of oversight combined with additional powers and tools, will, without a doubt, lead to an increase in FCAC supervisory oversight.
4. FCAC’s steady increase in administrative penalty amounts
As the graph below demonstrates, the administrative monetary penalties amounts associated with FCAC Notices of Violation have gradually increased over the past 10 years. It is likely that the industry will now see a considerable jump in the quantum of administrative monetary penalties imposed, as recent amendments to the Financial Consumer Agency Act of Canada (Act) will increase the maximum penalty amount from $50,000 to $1,000,000 for individuals and from $500,000 to $10,000,000 for financial institutions.
*This data includes FCAC decisions where banks were held in breach of a Bank Act consumer provision other than in breach of section 459.2 of the Bank Act for failure to comply with the branch closure requirements. In instances where a single penalty was imposed for multiple breaches, data points reflect the mean penalty per breach.
5. New leadership under the FCAC
Also significant to FCAC’s approach to enforcement, is the arrival of a new Commissioner, Judith Robertson, in August 2019. Ms. Robertson’s extensive experience in the financial sector and her experience as a Commissioner for the Ontario Securities Commission may influence the agency’s enforcement approach. In particular, we are mindful that publishing a respondent’s name is common practice in securities regulatory enforcement proceedings. Though “naming” is not yet mandatory under the Act, particularly given the Commissioner’s securities industry background, it is possible that she may decide to exercise the discretion that currently exists in the Act to publicly disclose the names of institutions subject to a Notice of Violation even before the coming into force of the new mandatory naming provisions.
6. Backlog in FCAC communications
We also believe that there is a significant amount of FCAC investigations and communications which were on hold pending the appointment of the new Commissioner and the finalization of an internal categorization tool for violations at the FCAC. In the last few weeks, we have been retained by clients who have received proposed notices of breaches and we expect more are likely to be received later this year.
1 A Notice of Decision is the manner in which the Commissioner’s decision on a Notice of Breach is communicated.