ProtectionofPersonalData
DataProtection:CAIConsultsonConsentsRequirements
On May 16, the Québec Commission d’accès à l’information (CAI) released its Proposed Guidelines (in French only) on the collection of consent for personal data.
REQUIREMENTS
The Proposed Guidelines were released in anticipation of the coming into force of certain new requirements under the province's Act Respecting the Protection of Personal Information in the Private Sector on September 22, 2023 (read our previous update here)
The Proposed Guidelines set out CAI’s expectations for obtaining valid and meaningful consent, more specifically it elaborates on the criteria to obtain such consent as provided under article 14 of the province's Act Respecting the Protection of Personal Information in the Private Sector
Data Privacy Officers, other privacy professionals as well as the public are invited to submit their comments by 25 June 2023.
CAI intends to release a summary document of the comments received as well as its response to the latter in September. The finalized version of the Guidelines is scheduled for publication in October 2023.
RegulatoryFilings
CSAReleasedRulesforSEDAR+
Published on March 23 by the Canadian Securities Administrators (CSA), National Instrument 13-103 System for Electronic Data Analysis and Retrieval + (SEDAR+) (NI 13-103) and Companion Policy 13-103 System for Electronic Data Analysis and Retrieval + (SEDAR+) (CP 13103) sets out the requirements for the filing of document through SEDAR+.
AMENDMENTS
NI 13-103 amends certain existing instruments and policies notably pertaining to some of following:
Transmission of documents through SEDAR+
Transmission of documents outside of SEDAR+
Filing of a profile by transmitting through SEDAR+ ( for a person or company transmitting a document through SEDAR+ for the first time)
Payment of the prescribed fees for filing a document
Temporary hardship exemption (in case of technical difficulties preventing a person or company from transmitting a document through SEDAR+ within the time required or permitted under securities legislation, delivery of the document should be done no later than 2 business days after the date on or by which the person or company was required or permitted to file or deliver the document)
CP 13-103 provides guidance on certain provisions of NI 13-103, including guidance on a number of systemrelated matters, determining jurisdiction for the payment of system fees, and the public accessibility of documents in SEDAR+
As a consequence of these changes, the CSA repealed National Instrument 13-101 System for Electronic Document Analysis and Retrieval
As part of the data transition to SEDAR+, the system will not be available for filing during the “cutover period” beginning June 9 and ending the earlier of the date on which SEDAR+ becomes available for filing and June 16, persons or companies.
During the “cutover period”, a person or company is exempt from the requirement to “file the document with, or deliver the document to, the securities regulatory authority or regulator under securities regulation”. However, the person or company must file or deliver the document through SEDAR+ no later than 2 business days after the cutover end date More details on the CSA, OSC and AMF websites
As previously mentioned in our previous update, SEDAR + will go live on June 13, 2023.
LIBORTransition
ASC&OSCGuidanceonUSDLIBORTransition
Released on May 4 by the Alberta Securities Commission (ASC) and Ontario Securities Commission (OSC), the Multilateral CSA Staff Notice 96-304 Derivatives Data Reporting Guidance for USD LIBOR Transition, effective on the date of publication, provides guidance to market participants regarding the reporting of over-the-counter (OTC) derivatives data that reference certain interest rate benchmarks.
PROPOSED GUIDANCE
USD LIBOR will cease to be published on June 30, 2023. OTC derivatives that reference certain tenors of U S dollar London interbank offered rate (USD LIBOR) will have to transition under fallback provisions to appropriate alternative reference rates by July 3, 2023
The Alternative Reference Rates Committee (ARRC) has identified the Secured Overnight Financing Rate (SOFR) as the replacement rate for the USD LIBOR
The USD LIBOR transition is a life-cycle event subject to the derivatives data reporting requirements under Multilateral Instrument 96-101 Trade Repositories and Derivatives Data Reporting and Ontario Securities Commission Rule 91-507 Trade Repositories and Derivatives Data Reporting.
The Staff of both the ASC and OSC is of the opinion that no enforcement action shall be taken against reporting counterparties for late reporting in respect of the USD LIBOR transition provided that the data is reported within five business days of when the life-cycle event occurs.
Cryptoassets
IOSCOPolicyRecommendationsforCryptoActivities
The Consultation Report, issued on May 23 by the International Organization of Securities Commissions (IOSCO), lays out 18 Policy Recommendations to ensure greater consistency in the regulatory frameworks applicable to cryptoassets activities, more specifically carried out by cryptoasset service providers (CASPs) The Consultation Report serves as a guide to relevant authorities that seek to establish a compliant cryptoassets market.
POLICY RECOMMANDATIONS
Taking a principles-based approach, IOSCO‘s recommendations seek to propose solutions to addressed key issues and risks related to the cryptoasset markets, notably:
Common standard of regulatory outcomes: Regulators should use existing frameworks or new Frameworks to regulate and oversee crypto-asset trading, other crypto-asset services, and the issuing, marketing and selling of crypto-assets (including as investments), in a manner consistent with IOSCO standards to achieve consistency in the regulatory outcomes
Organizational governance: A CASP to have effective governance and organisational arrangements, commensurate to its activities, including systems, policies and procedures that would, amongst other things, address conflicts of interest, including those arising from different activities conducted, and services provided by a CASP or its affiliated entities
Disclosure of role, capacity and trading conflicts: These disclosures should be made, in plain, concise, non- technical language, as relevant to the CASP’s clients, prospective clients, the general public, and regulators in all jurisdictions where the CASP operates, and into which it provides services.
Order handling: A CASP acting as an agent, should handle all client orders fairly and equitably by having systems, policies and procedures to provide for fair and expeditious execution of client orders, and restrictions on front running client orders.
Trade disclosures: A CASP that operates a market or acts as an intermediary (directly or indirectly on behalf of a client) should provide pre- and post-trade disclosures in a form and manner that are the same as those that are required in traditional financial markets
Admission to trading: A CASP should establish, maintain and appropriately disclose to the public its standards including systems, policies and procedures for listing / admitting crypto assets to trading on its market, as well as those for removing crypto-assets from trading
Management of primary markets conflicts: A CASP should manage and mitigate conflicts of interest surrounding the issuance, trading and listing of crypto-assets.
Fraud and market abuse: Regulators should bring enforcement actions against offences involving fraud and market abuse in crypto-asset markets.
Market surveillance: Regulators should have market surveillance requirements applying to each CASP, so that market abuse risks are effectively mitigated.
Management of material non-public information: CASP to put in place systems, policies and procedures around the management of material non-public information
Enhanced regulatory cooperation: This includes having available cooperation arrangements and/or other mechanisms to engage with regulators and relevant authorities in other jurisdictions
Overarching custody recommendation: By applying the IOSCO Recommendations Regarding the Protection of Client Assets.
Segregation and handling of clients monies and assets: A CASP should place client assets in trust, or segregate them from the CASP’s proprietary assets.
Disclosure of custody and safekeeping arrangements: To be made by a CASP in clear, concise and nontechnical language.
Client asset reconciliation and independent assurance: A CASP should have systems, policies, and procedures to conduct regular and frequent reconciliations of client assets subject to appropriate independent assurance
Securing client money and assets: A CASP should adopt appropriate systems, policies and procedures to mitigate the risk of loss, theft or inaccessibility
Management and disclosure of operational and technological risks: A CASP should comply with requirements pertaining to operational and technology risk and resilience in accordance with IOSCO’s Recommendations and Standards.
Retail client appropriateness and disclosure: A CASP should operate in a manner consistent with IOSCO’s Standards regarding interactions and dealings with retail clients. Implement adequate systems, policies and procedures.
Responses are to be provided to cryptoassetsconsultation@iosco.org by 31 July 2023.
IndustryNews
ChatGPT:CAI,ABOIPC&OIPCBCJoinsOPCInvestigation
The four privacy offices of Canada, Québec, British Columbia and Alberta are collaborating on a joint investigation of OpenAI’s ChatGPT, as announced on May 25 Given that artificial intelligence has significant privacy impacts, the announcement stated that the authorities will investigate whether OpenAI:
Obtained valid and meaningful consent for the collection, use and disclosure of the personal information
Respected obligations for openness and transparency, access, accuracy, and accountability
Collected, used and/or disclosed personal information for purposes that a reasonable person would consider appropriate, reasonable or legitimate in the circumstances, and whether the collection is limited to information that is necessary for these purposes
The OPC first launched an investigation into OpenAI in April in response to a complaint regarding the collection, use and disclosure of personal information without consent (see our previous update here).
CBDCs:BISExploresCasesforOfflineUse
On May 11, the Bank for International Settlements (BIS) published a Handbook on how central bank digital currencies (CBDCs) could work for offline payments, defined as a “transfer of value between devices that does not require connection to any ledger system”.
The handbook provides practical guidance to inform central banks on design and implementation plans, covering diverse topics including:
Payment solutions - from architecture and devices, to user onboarding and provisioning Principles - risk management, privacy, inclusion and resilience by design
General considerations are raised on:
Analysis, architecture and design
Technology
Security
Operations and support
Policy and processes
Procurement
User experience and payment acceptance
Investments
Risk management
The Handbook emphasizes that there is no one-size fits all approach, and the suitability of a solution and its implementation will depend on local country requirements.
Bill-C27:OPCExpectsMorefromNewPrivacyAct
On May 11, the Office of the Privacy Commissioner (OPC) announced it has submitted its written submission on Bill C-27, the government’s proposed new private sector privacy law, the Consumer Privacy Protection Act (CPPA).
While acknowledging that the proposed new CPPA is an “improvement” of the privacy regulatory framework, the OPC is of the view that more can be done to protect the privacy of Canadians and submitted 15 recommendations for consideration, namely:
Recognize privacy as a fundamental right.
Protect children’s privacy and the best interests of the child.
Limit organizations’ collection, use and disclosure of personal information to specific and explicit purposes that take into account the relevant context
Expand the list of violations qualifying for financial penalties to include, at a minimum, appropriate purposes violations
Provide a right to disposal of personal information even when a retention policy is in place
Create a culture of privacy by requiring organizations to build privacy into the design of products and services and to conduct privacy impact assessments for high-risk initiatives
Strengthen the framework for de-identified and anonymized information
Require organizations to explain, on request, all predictions, recommendations, decisions and profiling made using automated decision systems.
Limit the government’s ability to make exceptions to the law by way of regulations.
Provide that the exception for disclosure of personal information without consent for research purposes only applies to scholarly research.
Allow individuals to use authorized representatives to help advance their privacy rights.
Provide greater flexibility in the use of voluntary compliance agreements to help resolve matters without the need for more adversarial processes.
Make the complaints process more expeditious and economical by streamlining the review of the Commissioner’s decisions
Amend timelines to ensure that the privacy protection regime is accessible and effective
Expand the Commissioner’s ability to collaborate with domestic organizations in order to ensure greater coordination and efficiencies in dealing with matters raising privacy issues
The written submissions were published on May 10 by the House of Commons Standing Committee on Industry and Technology
UpcomingRegulatoryDeadlinestoWatch
Date
13/06/2023
16/06/2023
19/06/2023
25/06/2023
30/06/2023
30/06/2023
Issues to Watch
Canadian Securities Administrators (CSA) SEDAR+ go-live date. All issuer filings, cease trade orders and disciplined list entries will be filed in SEDAR+
OSFI consultation period ends on international recommendations related to, and risks posed by, fiat-referenced cryptoasset arrangements and activities
Bank of Canada consultation period on a digital dollar ends
Deadline to submit comments for Québec’s Commission d’accès à l’information (CAI) on its Proposed Guidelines in relation to new requirements under the province's Act Respecting the Protection of Personal Information in the Private Sector
USD LIBOR ceases to be published OTC derivatives that reference certain tenors of U S dollar London interbank offered rate (USD LIBOR) will have to transition under fallback provisions to appropriate alternative reference rates by July 3, 2023
By this date, UK FCA - regulated firms, including asset managers, must make their first public climate-related disclosures as per PS21/24.
ProductCorner
SOFR:Quèsaco?
The Secured Overnight Financing Rate (SOFR) is a broad measure of the cost of borrowing cash overnight collateralized by Treasury securities. SOFR is the overnight interest rate for US dollar-denominated loans and derivatives; it represents the amount of interest that a bank will have to repay to the lender the following day.
While the London Inter-Bank Offer Rate (LIBOR) is based on estimates provided by banks, SOFR is based on actual transactional data in the American treasuries market
Various papers have been published to facilitate the transition from the USD LIBOR including A User’s Guide to SOFR published by the Alternative Reference Rates Committee (ARRC), which explains how SOFR must be used in cash products
Term SOFR rates have also been developed as additional tools in the LIBOR transition. These rates are different from overnight SOFR and the SOFR averages published by the Federal Reserve Bank of New York. The ARRC published Summary and Update of its Term SOFR Scope of Use Recommendations that provides detailed summary and examples of the ARRC’s existing recommendations.
This transition away from LIBOR, regulated by the UK's Financial Conduct Authority, has been considered essential to a more sound and resilient financial system.
About us
We help you understand the rules that govern your activities, services and products, enabling you to meet your ongoing regulatory obligations and navigate the ever-evolving, complex regulatory landscape.
Our team is composed of professionals with extensive experience serving the investment management, capital markets and asset servicing industries.
Complex landscape & widening gaps
Increasing regulatory requirements and the pace of change are making it harder for you to keep up with the pressures of compliance and managing cost-effective operations.
Current challenges
Investor demand for enhanced transparency and disclosure, data privacy, investor and consumer protection requirements, and AML/KYC concerns are some of the many challenges affecting the industry.
We provide practical and tailored solutions
Review and analysis of regulatory texts
Reporting
Response preparation
Compliance program development
Contact us
Déborah Koualé, Founder & Director
deborah kouale@ameiscorp com
Change management
Regulatory intelligence and training
Ongoing compliance support
Registrations
Carolyn Le Quéré, Director carolyn lequere@ameiscorp comAmeis Regulatory Services focuses on providing regulatory and compliance support for fintech companies