LogoRegulatory Alerts
2026-04-28

CSA Oversight Review Report of the Canadian Investor Protection Fund

The Canadian Securities Administrators issued an annual risk-based oversight review of the Canadian Investor Protection Fund covering corporate governance and financial functions. Regulators identified a low-priority finding that CIPF lacks complete written procedures for changes to its Assessment Policies, resulting in two instances of non-compliance with the 60-day notification requirement. CIPF has acknowledged the finding and committed to developing specific procedures to ensure future compliance with Board review and notification mandates.

Canadian Securities Administrators logo

Canada

Canadian Securities Administrators

Click to view thumbnail

Oversight Review Report of the Canadian Investor Protection Fund Issued: April 28, 2026

Table of Contents I. Executive Summary................................................................................................... 1 II. Introduction................................................................................................................ 2 A. Background.......................................................................................................... 2 B. Objectives ............................................................................................................ 2 III. Risk Assessment and Oversight Review.................................................................... 3 A. Corporate Governance ......................................................................................... 3 B. Financial............................................................................................................... 4 IV. Finding ....................................................................................................................... 5 Incomplete written procedures surrounding changes to CIPF’s Assessment Policies... 5 APPENDIX A..................................................................................................................... 7

  1. Methodology........................................................................................................ 7
  2. Report Format ...................................................................................................... 7
  3. Scope.................................................................................................................... 7
  4. Priority of Findings.............................................................................................. 8 APPENDIX B................................................................................................................... 10 Applicable Regulatory Requirements .......................................................................... 10

  • 1 - I. Executive Summary The Regulators1 of the Canadian Investor Protection Fund (CIPF) have jointly completed an annual risk-based oversight review (the Review) in accordance with their mandates under the securities legislation of their respective jurisdictions. The Review targeted specific processes within the following functional areas2 : • Corporate Governance, and • Financial Other than the finding noted below, staff of the Regulators (Staff) did not identify concerns within the scope of the Review with CIPF meeting the relevant terms and conditions of the Regulators’ Approval Orders (the Approval Orders) for the functional areas reviewed. Staff make no other comments or conclusions on CIPF’s operations or activities that are outside the scope of the Review3 . As a result of the Review, Staff have identified one low priority finding4 relating to incomplete internal written procedures surrounding CIPF’s Assessment Policies5 . Staff require CIPF to resolve the finding by taking specific and timely corrective action in accordance with the priority assigned to it. The finding is set out in Part IV Finding of the report. 1 See part II Introduction, section A. Background of the report for the regulators that approve/accept CIPF as a compensation/contingency fund. 2 See Appendix A, section 3 for a detailed description of the scope of the Review. 3 See CSA Staff’s 2025 Annual Activities Report on the Oversight of the Canadian Investment Regulatory Organization and the Canadian Investor Protection Fund for more details on CSA staff’s oversight activities. 4 See Appendix A, section 4 for the criteria used to prioritize findings. 5 See part III Risk Assessment and Oversight Review, section A, Corporate Governance for the definition of Assessment Policies.

  • 2 - II. Introduction A. Background CIPF is the investor protection fund for members of the Canadian Investment Regulatory Organization (CIRO). CIPF provides protection within prescribed limits to eligible customers of CIRO member firms suffering losses, if property held by a member firm is unavailable as a result of the insolvency of the member firm. CIPF is funded by assessments levied on CIRO investment dealers and mutual fund dealers6 . CIPF is approved/accepted7 as a compensation/contingency fund by the Alberta Securities Commission; the Autorité des marchés financiers; the British Columbia Securities Commission; the Manitoba Securities Commission; the Financial and Consumer Services Commission of New Brunswick; the Office of the Superintendent of Securities, Digital Government and Service Newfoundland and Labrador; the Office of the Superintendent of Securities, Northwest Territories; the Nova Scotia Securities Commission; the Office of the Superintendent of Securities, Nunavut; the Ontario Securities Commission; the Prince Edward Island Office of the Superintendent of Securities; the Financial and Consumer Affairs Authority of Saskatchewan; and the Office of the Yukon Superintendent of Securities (collectively, the Regulators). CIPF’s head office is in Toronto, Ontario. This report details the objectives and the key areas that formed the basis of the Review conducted by Staff. The period covered by the Review (the Review Period), methodology used, report format, and scope are set out in Appendix A. A description of the applicable regulatory requirements are set out in Appendix B. B. Objectives The objectives of the Review were to evaluate: (i) whether selected processes were effective, efficient, applied consistently and fairly; and (ii) as it pertains to the scope of the Review, whether CIPF complied with specific terms and conditions of the Approval Orders. 6 With the exception of mutual fund dealers operating in Québec in respect of accounts located in Québec, 7 In Québec, CIPF is an accepted contingency fund.

  • 3 - III. Risk Assessment and Oversight Review A. Corporate Governance The Regulators have imposed specific obligations on CIPF, including requirements for: • CIPF to institute and publish one or more fair, transparent, and reasonable methodologies which set out the manner in which CIPF establishes and calculates assessments for each category of CIRO member, which are investment dealers and mutual fund dealers (Assessment Policies). The Regulators require the public disclosure of CIPF’s Assessment Policies for transparency and so that the Regulators, CIRO members and the public understand how CIPF is funded through CIRO member contributions; and • CIPF’s Board to conduct an annual review of the adequacy of the assessment amounts and assessment methodologies, and to approve any changes to assessment targets and assessment methodologies (Board Review Requirements).8 As part of the annual risk assessment process, Corporate Governance was determined to be an area with a moderate adjusted risk score. In so determining, Staff identified the following area to be the focus of the Review: • CIPF’s compliance with the Approval Orders specifically in relation to the Board Review Requirements. To ensure that CIPF has the applicable controls in place, Staff reviewed: • CIPF’s policies and procedures to ensure compliance with the Board Review Requirements, • evidence of CIPF’s Board’s annual review of the assessment targets and assessment methodologies, and • evidence of CIPF’s Board’s approval of changes to the assessment targets and assessment methodologies. Based on the work performed, Staff are satisfied that CIPF has adequate applicable policies and procedures in place in the identified area, with the exception of the low priority finding detailed in Part IV Finding of the report. 8 See Appendix B Corporate Governance for more details of the applicable regulatory requirements.

  • 4 - B. Financial The Regulators have imposed specific obligations on CIPF, including requirements for: • CIPF to provide the Regulators with at least 60 days’ prior written notice before implementing any change to the Assessment Policies (Notification Requirement) to allow sufficient time for the necessary Regulator review of the changes. 9 As part of the annual risk assessment process, CIPF’s Financial function was determined to be an area with a moderate adjusted risk score. In so determining, Staff identified the following area to be the focus of the Review: • CIPF’s compliance with the Approval Orders specifically in relation to the Notification Requirement. To ensure that CIPF has the applicable controls in place, Staff reviewed: • CIPF’s policies and procedures to ensure compliance with the Notification Requirement, • CIPF’s procedures and processes that detail the assessment methodologies and calculations, and • changes to the Assessment Policies and relevant procedures and processes during the Review Period. Based on the work performed, Staff are satisfied that CIPF has adequate applicable policies and procedures in place in the identified area, with the exception of the low priority finding detailed in Part IV Finding of the report. 9 See Appendix B Financial for more details of the applicable regulatory requirements.

  • 5 - IV. Finding Incomplete written procedures surrounding changes to CIPF’s Assessment Policies While CIPF has written processes and procedures that detail the assessment methodologies and calculations, CIPF does not have a written procedure to ensure compliance with the Board Review Requirements or the Notification Requirement. The written procedure should: • ensure that the adoption of any processes and procedures that effectively change the Assessment Policies is also subject to the Board Review Requirements and the Notification Requirement, and • clearly define the type of changes to the Assessment Policies and associated processes and procedures that are subject to the Board Review Requirements and the Notification Requirement. The lack of a complete written procedure resulted in two instances where CIPF did not meet the Notification Requirement to provide 60 days’ prior written notice to the Regulators before implementing changes to processes and procedures that effectively changed CIPF’s Assessment Policies. Staff acknowledge that, in accordance with the Board Review Requirements, CIPF’s Board approved these two changes to the processes and procedures referred to above, and that the changes, when identified by the Regulators, were ultimately determined to not materially change CIPF’s Assessment Policies. During the Review, the Regulators also identified that CIPF included a contingency amount as part of the regular assessment calculation for Mutual Fund Dealers to address, among other things, potential changes in CIRO’s membership and discrepancies in members’ reporting. While CIPF staff were able to explain how the annual contingency amount was determined and tracked, including evidence that the contingency amount was approved by CIPF’s Board, CIPF’s written procedures were incomplete as they did not include: • details of the methodology used to calculate the contingency amount, • a description of the approval mechanism for the contingency amount, and • a requirement to retain documentation to support the annual contingency amount. Why this is Important Without adequate written procedures, CIPF may fail to meet the Board Review Requirements and the Notification Requirement. If the Regulators are not provided with sufficient notice of changes to CIPF’s Assessment Policies, they may be unable to adequately perform regulatory oversight of CIPF. Without adequate written procedures, there is a risk of no transparency and consistency in how the contingency amount is calculated, and CIPF may fail to meet the Board Review Requirements. The Regulators may also be unable to adequately perform regulatory oversight of CIPF.

  • 6 - Priority Low Requirement Please describe how CIPF will resolve the finding. CIPF’s Response We acknowledge the finding. CIPF maintains procedures intended to ensure compliance with Board Review Requirements and Notification Requirement. To enhance our compliance framework, we will develop and adopt a procedure governing changes to the Assessment Policies and to other processes or procedures that effectively change the Assessment Policies. The procedure will include the types of changes that are subject to the Board Review Requirements and Notification Requirement. In addition, we will enhance the Mutual Fund Dealer Fund assessment calculation procedure to more clearly articulate how we determine the annual contingency calculation and address the other points raised. Staff Comments and Follow-up Staff acknowledge CIPF’s response and have no further comments.

  • 7 - APPENDIX A

  1. Methodology The Regulators have adopted a risk-based methodology to determine the scope of the Review. On a cycle basis, the Regulators: • Identify the key inherent risks10 of each functional area or key process based on: o reviews of internal CIPF documentation (including risk management reports and frameworks), o information received from CIPF in the ordinary course of oversight activities (e.g., periodic filings and discussions with Staff), o the extent and prioritization of findings from the prior oversight review, and o the impact of significant events in or changes to markets and participants to a particular area. • Evaluate known controls for each functional area, • Consider relevant situational/external factors and the impact of enterprise-wide risks on CIPF as a whole or on multiple departments, • Assign an initial overall risk score for each functional area, • Identify and assess the effectiveness of other mitigating controls that may be in place in specific functional areas, • Assign an adjusted overall risk score for each area, and • Use the adjusted risk scores to determine the scope of the Review. Once the scope of the Review is determined, Staff conduct the Review which involves reviewing specific documents pertaining to the Review Period and interviewing appropriate CIPF staff in order to: • Confirm that mitigating controls were in place for the key inherent risks identified, and • Assess the adequacy and efficacy of those mitigating controls.
  2. Report Format In keeping with a risk-based approach, this report focuses on two functional areas and key processes that were deemed warranted to be part of the Review.
  3. Scope Staff utilized the risk assessment process to identify Corporate Governance and Financial as moderate risk areas of focus for the Review. The Review Period for the two functional areas selected was January 1, 2023 to May 31,

10 Inherent risk is the assessed level of the unrealized potential risk, taking into account the likelihood of and impact if the risk was realized prior to the application of any mitigating controls.

  • 8 - Also, through the risk assessment process, Staff determined that the following moderate and low risk areas would not be examined during the Review:11 Moderate • Risk Management • Information Technology • Strategic and Environmental • Outsourcing and Third-Party Risk Management Low • Customer Protection
  1. Priority of Findings Staff prioritize findings into High, Medium and Low, based on the following criteria: High Staff identify an issue that, if unresolved, will result in CIPF not meeting its mandate, or one or more of the terms and conditions of the Approval Orders, or other applicable regulatory requirements. CIPF must immediately put in place an action plan (with any supporting documentation) and timelines for addressing the findings that are acceptable to Staff. If necessary, compensating controls should be implemented before the finding is resolved. CIPF must report regularly to Staff on its progress. Medium Staff identify an issue that, if unresolved, has the potential to result in an inconsistency with CIPF’s mandate, or with one or more of the terms and conditions of the Approval Orders, or with other applicable regulatory requirements. CIPF must put in place an action plan (with any supporting documentation) and timelines for addressing the findings that are acceptable to Staff. If necessary, compensating controls should be implemented before the finding is resolved. CIPF must report regularly to Staff on its progress. Low Staff identify an issue requiring improvement in CIPF’s processes or controls and raise the issue for resolution by CIPF’s management. Repeat Finding A finding that was previously identified by Staff and not resolved by CIPF is categorized as a repeat finding in the report and may require that the level of priority be raised from the initial level noted in the previous report. 11 These areas continue to be subject to oversight by the Regulators through ongoing mandatory reporting by CIPF as required by the Approval Orders, as well as regularly scheduled and ad hoc meetings between the Regulators and CIPF staff.

  • 9 - Expectation/ Observations Minor deviations, inconsistencies, or non-conformities, from CSA expectations or industry best practices, relating to the application of a process that is otherwise well-implemented. Expectations/Observations do not significantly impact the overall quality of the entity’s risk management process. CSA staff will communicate their expectations/observations to the entity.

  • 10 - APPENDIX B Applicable Regulatory Requirements Corporate Governance • Term and Condition (T&C) 6(a) of the Approval Orders requires CIPF to institute and publish one or more fair, transparent, and reasonable methodologies of establishing assessments for contribution to each category of SRO Members, which are investment dealers and mutual fund dealers. • T&C 6(e) of the Approval Orders requires that CIPF’s Board must determine the appropriate level of Coverage Assets12 for each of the Investment Dealer Fund and the Mutual Fund Dealer Fund (the Funds). The Board will conduct an annual review of the adequacy of the Coverage Assets, assessment amounts and assessment methodologies; and will ensure that the level of Coverage Assets of each of the Funds remains adequate to cover potential claims of customers of the relevant category of CIRO’s members. • Under the Board’s Mandate, CIPF’s Board must annually review assessment targets and assessment methodologies for each of the Funds and approve any changes thereto as necessary. Financial • Section 1(c)(ii) of Schedule B Reporting Requirements to the Approval Orders requires CIPF to provide 60 days’ prior written notice to the Regulators before implementing any change to its Assessment Policies. 12 “Coverage Assets" means those funds or liquid assets available to CIPF for the protection of customers of the CIRO’s members.

Share