electronic document regulations for financial institutions finalized

Earlier this year (May 8 to be precise), the Canadian federal government published some draft regulations relat­ing to the use of elec­tronic doc­u­ments by fed­er­ally reg­u­lated fin­an­cial insti­tu­tions. You can find a rather brief summary in an earlier post, along with some colour commentary comparing the regulations against similar types of provisions in the Ontario Consumer Protection Act and Electronic Commerce Act. You can find the earlier draft regulations in that post or at the Canada Gazette website (scroll down to the bottom).

In any event, about two weeks ago (November 10 to be precise), the federal government released the finalized regulations for banks and bank holding companies, cooperative credit associations, insurance and insurance holding companies and trust and loan companies.

If you haven’t yet reviewed the legislation, you may want to look at my earlier post, which remains, I think, somewhat useful, as the revisions made between the draft and final regulations are not that significant. If you’d like to see for yourself, I’ve taken the liberty of generating redlines (in Word format) for each of them (banks – redline,  coops – redlineinsur – redline and trusts – redline) or you can read the summary below.

There’s basically two items that are common across all the regulations. The first isn’t really much of a change but rather the fixing of the date upon which they come into force, which has now been set for June 1, 2011. The second change is a minor clarification that specific information provided in a consent is only applicable if that consent is provided in writing (whether in paper or electronic form). Here’s the specific change, which looks to be common across all four regulations:

(4) TheIf the addressee’s consent is provided in writing, in paper or electronic form, it must include the name of the information system designated by the addressee for the receipt of the electronic document and a list, in paper or electronic form, of the notices, documents or other information that is covered by the consent.

Seems to make sense, given that such consent can also be provided orally, and that is addressed in the next clause:

(5) If the addressee’s consent is provided orally, the originator or the person acting for the originator must, without delay, provide the addressee in writing, in paper or electronic form, with the information referred to in subsection (2) and confirm the information referred to in subsection (4).

The federal government’s provides the following comments in the related regulatory impact analysis statement (scroll down toward the end) with respect to this change, the in-force date and some changes which had been requested but were not made:

Consultation

After pre-publication of these regulations on May 8, 2010, in the Canada Gazette, Part I, comments related to about 10 different issues were raised from financial industry associations. Only two of the four regulations were commented on, namely the Electronic Documents Regulations and the Policyholders Disclosure Regulations. In addition, the comments did not raise any substantial concerns but rather focused on ensuring that the regulations efficiently achieved the stated policy goals.

As a result, the Government has made minor modifications to the Electronic Documents Regulations to more efficiently handle situations where a customer of a financial institution provides oral consent for the electronic delivery of documents. The previous version of the Regulations appeared to require customers to give financial institutions written documentation when giving consent in call cases — notwithstanding the fact that the Regulations allow for consent to be granted orally. Section 5(4) now sets out the information that must be provided when consent is not provided orally (including the name of the information system designated by the addressee and a list of the notices, documents or other information that is covered by the consent). Section 5(5) goes on to set out the responsibilities of the originator to properly document oral consent and confirm the information received from the customer.

Some comments have not been reflected as stakeholders requested changes that were inconsistent with the policy intent of the regulations. For example, requested changes to the Policyholder Disclosure Regulations would have had the effect of unduly narrowing the scope of information provided to holders of insurance policies with governance rights attached. Other comments to remove from the definition of adjustable policies those where an insurance company can indirectly change the premium or charge for insurance would have had the effect of restricting the Government’s ability to ensure compliance with the regulations.

Implementation, enforcement and service standards

Industry representatives asked that the regulations come into force from six months to one year after final publication, indicating operational challenges (systems, procedures, training). To allow financial institutions sufficient time to prepare documentation in advance of annual general meetings, this package of regulations will come into force on June 1, 2011.

The regulations do not require any new mechanisms to ensure compliance and enforcement. The Office of the Superintendent of Financial Institutions (OSFI) already administers the governance provisions in the federal financial institutions statutes. As such, OSFI would ensure compliance with the new requirements using its existing compliance tools, including compliance agreements and administrative monetary penalties.

draft electronic document regulations for financial institutions published

Last week (May 8 to be exact) the federal government published draft regulations relating to the use of electronic documents by federally regulated financial institutions. These regulations are part of a process that began in 2005 to harmonize and modernize legislation governing banks, insurance companies, trust companies and cooperatives.

The new regulations set out the general requirements that such institutions must meet in order to use electronic documents when dealing with stakeholders. You can find links to the draft regulations and a regulatory impact analysis at the end of this post.

Here’s the Coles Notes summary:

  • electronic documents related to securities transfers are excluded;
  • electronic documents must be in clear and simple language that is not misleading
  • a requirement to provide a document may be satisfied by making the document available through a generally accessible electronic source (such as a website) and giving notice (whether paper or electronic) to the person to whom the document must be provided, unless there’s a requirement under the legislation to deliver to a specific place, in which case the website mechanism won’t work;
  • consent to receive electronic documents can be obtained from addressees in writing (paper or electronic) or orally, but, unless it’s just a one time consent, they must be notified in writing (paper or electronic) regarding:
    • when their consent  is effective,
    • that they can revoke their consent,
    • that they are responsible for updating the address to which electronic documents are delivered, and
    • that the sender will only retain electronic documents for a specified period, following which it becomes the responsibility of the recipient to retain a copy
  • the notification or consent above, if in electronic form, must be provided in a form that can be retained by the recipient for future reference
  • consent must include address designated for receipt and a list of notices covered by the consent and, if consent is provided orally, the sender must confirm such information, as well as that in the original notice, in writing (paper or electronic)
  • consent can be revoked in writing (paper or electronic) or orally
  • revocation must be confirmed in writing and when it takes effect and, if provided in electronic form, must be accessible and capable of being retained for future reference
  • an electronic document is considered provided to someone when it:
    • leaves an information system in the control of the sender, or
    • when it is posted or made available through the secure website of the sender (no reference to a notice needing to be sent to them)
  • an electronic document is considered received by someone when it:
    • enters the information system designated by them
    • it is posted or made available through the secure website of the sender, or
    • the recipient receives the notice mentioned in the third bullet above (i.e. when posting to a website, the notice alerting the recipient that it’s available)
  • electronic signatures must consist of letters, characters, numbers or symbols in digital form incorporated, attached or associated with an electronic document

Not quite clear to me why the provision on sending doesn’t refer to the alert notice being sent. Nor is it clear to me what the reference to “secure” websites means. But apart from those nits, one of the good things about these new regulations is that they expressly provide for a mechanism that permits the delivery of electronic documents by posting to a website, combined with the delivery of a notice (which can of course be much shorter) that the electronic documents are available. In contrast, other acts, such as the Ontario Consumer Protection Act and its associated regulations do not expressly permit such a mechanism when it comes to delivery of “internet agreements” – for example, s. 33(3) of the regulations indicate that an internet agreement is considered delivered by:

1. Transmitting it in a manner that ensures that the consumer is able to retain, print and access it for future reference, such as sending it by e-mail to an e-mail address that the consumer has given the supplier for providing information related to the agreement.

2. Transmitting it by fax to the fax number that the consumer has given the supplier for providing information related to the agreement.

3. Mailing or delivering it to an address that the consumer has given the supplier for providing information related to the agreement.

4. Providing it to the consumer in any other manner that allows the supplier to prove that the consumer has received it.

Similarly, the equivalence rules in the Ontario Electronic Commerce Act specifically exclude the posting of information to a website as satisfying a legal requirement to provide information or a document in writing:

10. (1) For the purposes of sections 6, 7 and 8, electronic information or an electronic document is not provided to a person if it is merely made available for access by the person, for example on a website.

Same

(2) For greater certainty, the following are examples of actions that constitute providing electronic information or an electronic document to a person, if section 6, 7 or 8 is otherwise complied with:

1. Sending the electronic information or electronic document to the person by electronic mail.

2. Displaying it to the person in the course of a transaction that is being conducted electronically.

Though in both cases there is some room either to argue that a web-based posting could satisfy the requirements of either act (e.g. posting to a website plus sending a notice of availability would not be “merely” making the information available on a website), it’s certainly not as expressly permitted as in the new draft regulations.

Of course, the regulations should be read in connection with the corresponding provisions (Bank Act – scroll down to Part XVIII, Insurance Companies Act – scroll down to Part XX, Trust and Loan Companies Act – scroll down to Part XIV.1, Cooperative Credit Associations Act – scroll down to Part XVII.1) in each act relating to the use of electronic documents.

Links to draft regulations: Regulatory Impact Analysis; Bank Regulations; Insurance Company Regulations; Trust and Loan Companies Regulations; Cooperative Credit Associations Regulations

XBRL Is Cool

Just a very short one during my “lunch”. Ever heard of XBRL? Its short for Extended Business Reporting Language – basically a kind of sort of extension of XML or, perhaps more precisely, a subset of SGML. I like to follow developments on it because I think the potential ways in which XBRL will impact a variety of industries (primarily the financial sector) is huge.

To give you an idea, here’s a (rather old) excerpt from a speech that the CIO of the SEC gave at the last XBRL International Conference last May:

I think the agency can be proud of its use of electronic filing and information distribution. But we can aim higher. Today, the vast majority of EDGAR documents are filed in ASCII text, and another large fraction in HTML. That’s fine for reading about a company’s strategy and general issues, but if you want to do financial analysis or compare accounting policies between companies, you then have to do a lot of printing, searching, data entry, text parsing, and other mechanical work. Or, you can go to a third-party data provider, who can provide you with a database of financial information — but the data provider will have made a number of assumptions to simplify and standardize the financial information, and it may no longer be consistent with how the company intended to present its financials. And you won’t get any of the valuable information from the footnotes.

Since you’re at this conference, I know you can all envision the attractive alternative posed by XBRL and interactive data, so I won’t belabor the point. The potential benefits are persuasive enough — greater transparency of financial information, reduced costs for investors and analysts, potentially even deeper coverage of midcap companies by analysts, and ultimately more efficient markets.

Let me paint what I think is an interesting scenario. Wall Street types have been talking for a couple of years about algorithmic trading — basically, using computers to process real-time streams of market data and making fast, automated trading decisions. Today, that market data is mostly about stock prices and volumes, since that’s what’s available in real time. But at some point in the not-distant future, I envision a hedge fund starting to algorithmically trade with XBRL-based balance sheet and P&L data in real-time as it’s disclosed by companies. At that point, we will all know that interactive data has won the day.

Imagine that. And that’s just the tip of the iceberg. The number of tools that one can create to digest, compile, report and analyze numbers is limited only by one’s imagination. I can also imagine the potential impact that this could have on data vendors who charge quite a bit to provide archived financial information – often in rather archaic forms.

Surprisingly, I’ve not heard of many companies or startups that are working on new products (particularly on the software front) either to help in generating XBRL, translating information into XBRL, or crunching XBRL reports (though admittedly, I haven’t been following it that closely).

Anyway, if you’re in this space, and you haven’t yet looked into XBRL, you should certainly consider doing so.

Wikiality

Interesting post on the Wellington Financial Blog about “Wikiality” – the practice of taking stuff in Wikipedia as the truth, or, to quote: ““a reality where, if enough people agree with a notion, it becomes the truth.”

JN notes that Wikipedia has been cited by the courts, and this is reason for concern. A snippet:

The practice poses two problems:

  1. The references may be inaccurate; and
  2. Even if accurate, the references are subject to change at any point in the future, making it difficult for any future decisions to refer back to the original or understand the context in which it was made.

Given recent reports of Microsoft offering to pay individuals to make changes to certain Wikipedia articles in which they have a vested interest, the credibility of the site as a definitive reference source again comes into question.

A few of my colleagues at the firm also expressed bemusement when a recent case in Ontario (don’t have the citation, sorry) also cited Wikipedia.

I am quite a big fan of Wikipedia. It is, I think a rather useful and handy tool to refer to from time to time. Do I take it as the gospel? No. Would I use it if I were trying to concoct an antidote for a poison that was about to kill me? Probably not. Would I cite it in a legal research paper? Possibly. In fact, quite likely.

Although Wikipedia is by no means without its weaknesses, it also has its strengths. Sure, there is a possibility of inaccuracy. But then again, isn’t something less likely to have inaccuracies if it is reviewed (and edited) by more eyes (and more minds)? Isn’t it more likely that if there is a dispute about what is and isn’t correct, it will come to light, just like the Microsoft incident?

And what source, can it be said, is free of inaccuracies? Certainly not The New York Times. Although the Gray Lady is quick to point out that it was “deceived” by an errant reporter, it is less quick to reflect on the fact that it published fabricated stories. That of course is the clearest example, but history is rife with examples of inaccurate or misleading stories in the press. Less clear, of course, is media bias. And one only needs to refer to Manufacturing Consent. I don’t necessarily agree with all that book has to offer, but it certainly provides some food for thought.

What about scientific publications? Hmmm. Well. Again, truth is quite often relative. The clearest examples, are, of course, outright fabrication. Nonetheless, Dr. Hwang Woo-suk’s paper on producting the first cloned stem cell line was considered the truth for several years, until he was discredited. And more generally speaking, is it not true that, in the world of science, what is considered to be the truth is what most scientists believe to be true? Is that not the system of peer review? A great read on this topic is The Structure of Scientific Revolutions (as an aside, its also the book that introduced the phrase “paradigm shift” into popular parlance). I won’t bore you with details, but suffice it to say that, at the end of the day, science, at least in concept, may not be that far from wikiality.

My point isn’t necessarily to skewer existing sources of “truth” but rather to point out that such sources aren’t necessarily more reliable or accurate, or less fallible, than something like Wikipedia.

And as for things changing? Make a copy.