david c.n. ma

electronic document regulations for financial institutions finalized

Earlier this year (May 8 to be precise), the Canadian federal government published some draft regulations relat­ing to the use of elec­tronic doc­u­ments by fed­er­ally reg­u­lated fin­an­cial insti­tu­tions. You can find a rather brief summary in an earlier post, along with some colour commentary comparing the regulations against similar types of provisions in the Ontario Consumer Protection Act and Electronic Commerce Act. You can find the earlier draft regulations in that post or at the Canada Gazette website (scroll down to the bottom).

In any event, about two weeks ago (November 10 to be precise), the federal government released the finalized regulations for banks and bank holding companies, cooperative credit associations, insurance and insurance holding companies and trust and loan companies.

If you haven’t yet reviewed the legislation, you may want to look at my earlier post, which remains, I think, somewhat useful, as the revisions made between the draft and final regulations are not that significant. If you’d like to see for yourself, I’ve taken the liberty of generating redlines (in Word format) for each of them (banks – redline,  coops – redlineinsur – redline and trusts – redline) or you can read the summary below.

There’s basically two items that are common across all the regulations. The first isn’t really much of a change but rather the fixing of the date upon which they come into force, which has now been set for June 1, 2011. The second change is a minor clarification that specific information provided in a consent is only applicable if that consent is provided in writing (whether in paper or electronic form). Here’s the specific change, which looks to be common across all four regulations:

(4) TheIf the addressee’s consent is provided in writing, in paper or electronic form, it must include the name of the information system designated by the addressee for the receipt of the electronic document and a list, in paper or electronic form, of the notices, documents or other information that is covered by the consent.

Seems to make sense, given that such consent can also be provided orally, and that is addressed in the next clause:

(5) If the addressee’s consent is provided orally, the originator or the person acting for the originator must, without delay, provide the addressee in writing, in paper or electronic form, with the information referred to in subsection (2) and confirm the information referred to in subsection (4).

The federal government’s provides the following comments in the related regulatory impact analysis statement (scroll down toward the end) with respect to this change, the in-force date and some changes which had been requested but were not made:

Consultation

After pre-publication of these regulations on May 8, 2010, in the Canada Gazette, Part I, comments related to about 10 different issues were raised from financial industry associations. Only two of the four regulations were commented on, namely the Electronic Documents Regulations and the Policyholders Disclosure Regulations. In addition, the comments did not raise any substantial concerns but rather focused on ensuring that the regulations efficiently achieved the stated policy goals.

As a result, the Government has made minor modifications to the Electronic Documents Regulations to more efficiently handle situations where a customer of a financial institution provides oral consent for the electronic delivery of documents. The previous version of the Regulations appeared to require customers to give financial institutions written documentation when giving consent in call cases — notwithstanding the fact that the Regulations allow for consent to be granted orally. Section 5(4) now sets out the information that must be provided when consent is not provided orally (including the name of the information system designated by the addressee and a list of the notices, documents or other information that is covered by the consent). Section 5(5) goes on to set out the responsibilities of the originator to properly document oral consent and confirm the information received from the customer.

Some comments have not been reflected as stakeholders requested changes that were inconsistent with the policy intent of the regulations. For example, requested changes to the Policyholder Disclosure Regulations would have had the effect of unduly narrowing the scope of information provided to holders of insurance policies with governance rights attached. Other comments to remove from the definition of adjustable policies those where an insurance company can indirectly change the premium or charge for insurance would have had the effect of restricting the Government’s ability to ensure compliance with the regulations.

Implementation, enforcement and service standards

Industry representatives asked that the regulations come into force from six months to one year after final publication, indicating operational challenges (systems, procedures, training). To allow financial institutions sufficient time to prepare documentation in advance of annual general meetings, this package of regulations will come into force on June 1, 2011.

The regulations do not require any new mechanisms to ensure compliance and enforcement. The Office of the Superintendent of Financial Institutions (OSFI) already administers the governance provisions in the federal financial institutions statutes. As such, OSFI would ensure compliance with the new requirements using its existing compliance tools, including compliance agreements and administrative monetary penalties.