CSA Notice of Consultation: Draft Regulation to Amend Regulation 25-102 respecting Designated Benchmarks and Benchmark Administrators

CSA Notice of Consultation Draft Regulation to amend Regulation 25-102 respecting Designated Benchmarks and Benchmark Administrators Draft Changes to Policy Statement to Regulation 25-102 respecting Designated Benchmarks and Benchmark Administrators May 30, 2024 Introduction Today, the securities regulatory authorities (collectively the Authorities or we) of the Canadian Securities Administrators (the CSA) in British Columbia, Alberta, Saskatchewan, Ontario, Québec, New Brunswick, Nova Scotia, Yukon and Northwest Territories (the Participating Jurisdictions) are publishing for a 90-day comment period: • Draft Regulation to amend Regulation 25-102 respecting Designated Benchmarks and Benchmark Administrators (the Regulation), and • Draft Changes to Policy Statement to Regulation 25-102 respecting Designated Benchmarks and Benchmark Administrators (the Policy Statement). The text of the draft amendments to the Regulation (the Draft Amendments) and the draft changes to the Policy Statement (the Draft Changes) is published with this Notice and will also be available on websites of the Participating Jurisdictions, including: lautorite.qc.ca asc.ca bcsc.bc.ca nssc.novascotia.ca fcnb.ca osc.ca fcaa.gov.sk.ca yukon.ca justice.gov.nt.ca We are issuing this Notice to solicit comments on the Draft Amendments and the Draft Changes. We welcome all comments on the Draft Amendments and the Draft Changes and also invite comments on the specific questions set out in Annex C of this Notice.

-2- Background Currently, the Regulation provides a comprehensive regime for the designation and regulation of benchmarks and their administrators, and the regulation of benchmark contributors and of certain benchmark users of designated benchmarks. The Authorities that adopted the Regulation also entered into a memorandum of understanding (the MOU) 1 respecting the oversight of designated benchmarks and designated benchmark administrators, including the processing of applications for designation. The MOU outlines the manner in which the jurisdictions will cooperate and coordinate their efforts to oversee designated benchmarks and designated benchmark administrators in order to achieve consistency, efficiency and effectiveness in the overall oversight approach, as well as the efficient and effective processing of applications for designation. To date, the Ontario Securities Commission (OSC) and the Autorité des marchés financiers (AMF) have designated: • the Canadian Dollar Offered Rate (CDOR)2 as a designated critical benchmark and a designated interest rate benchmark and Refinitiv Benchmark Services (UK) Limited (RBSL) as its designated benchmark administrator for purposes of the Regulation, and • Term CORRA as a designated interest rate benchmark and CanDeal Benchmark Administration Services Inc. as its designated benchmark administrator for purposes of the Regulation. Under the MOU, the OSC and the AMF are co-lead authorities of these designated benchmarks and designated benchmark administrators. No other Authorities have designated any benchmarks or benchmark administrators at this time. Substance and Purpose The Draft Amendments will revise the requirements in the Regulation for assurance reports (the Revised Assurance Report Requirements). The Revised Assurance Report Requirements are intended to address technical issues encountered by accounting firms that were engaged to prepare assurance reports in 2022 for RBSL as the designated benchmark administrator of CDOR and the six Canadian banks that are benchmark contributors to CDOR. 1 A copy of the MOU is at https://lautorite.qc.ca/fileadmin/lautorite/reglementation/valeurs-mobilieres/0-ententes￾vm/2021mai27-MOU-CSA-benchmark-oversight-en.pdf 2 CDOR will cease to be published after June 28, 2024. It is expected that market participants will use the Canadian Overnight Repo Rate Average (CORRA) as the alternative reference rate for most instruments that currently reference CDOR. CORRA is an interest rate benchmark administered by the Bank of Canada. Term CORRA is only intended to replace CDOR for certain instruments (Term CORRA’s use will be limited through its licensing agreements to trade finance, loans and derivatives associated with loans).

-3- • These technical issues related to the manner in which the Regulation defined limited assurance reports and referenced the Canadian Standards on Assurance Engagements 3000, 3001, 3530 and 3531. • While CSA staff provided guidance in 2022 on how the accounting firms could address the technical issues for purposes of preparing that year’s assurance reports, CSA staff are now proposing the Revised Assurance Report Requirements to provide greater certainty to the parties that are required to prepare these reports. • We sought to ensure that the Revised Assurance Report Requirements will also work for accounting firms that apply International Standard on Assurance Engagements 3000. In addition, the Revised Assurance Report Requirements would apply to any designated benchmark that is not a designated commodity benchmark, a designated critical benchmark or a designated interest rate benchmark (e.g., if an Authority were to designate a crypto asset benchmark that is not a commodity benchmark or a term rate benchmark that is not an interest rate benchmark). Summary of the Draft Amendments and the Draft Changes The Draft Amendments and the Draft Changes are published with this Notice. Revised Assurance Report Requirements We have proposed to amend the assurance report provisions in the Regulation that apply in respect of designated commodity benchmarks, designated critical benchmarks and designated interest rate benchmarks. • For this purpose, we have proposed to repeal or replace certain definitions in the Regulation and add new definitions to the Regulation. • Background information and more detail on the Revised Assurance Report Requirements is set out in Annex A. Furthermore, we have proposed an additional assurance report provision (new section 13.1 of the Regulation) that would apply to any designated benchmark that is not a designated commodity benchmark, a designated critical benchmark or a designated interest rate benchmark (e.g., if an Authority were to designate a crypto asset benchmark that is not a commodity benchmark or a term rate benchmark that is not an interest rate benchmark). Background information on draft section 13.1 of the Regulation is set out in Annex B. We have also proposed changes to the Policy Statement to reflect the Revised Assurance Report Requirements. Other The Draft Amendments and the Draft Changes also include certain clarifications to other language in the Regulation and Policy Statement, respectively.

-4- Anticipated Costs and Benefits of the Draft Amendments and the Draft Changes Like the existing provisions in the Regulation and Policy Statement, the Draft Amendments and the Draft Changes would only apply in respect of a benchmark that is designated by a decision of an Authority. Overall, the Authorities are of the view that the regulatory costs of the Draft Amendments and the Draft Changes are proportionate to the benefits that would be realized by impacted market participants and the broader Canadian market. Unpublished Materials In developing the Draft Amendments and the Draft Changes, we have not relied on any significant unpublished study, report or other written materials. Local Matters Where applicable, an annex to this Notice provides additional information required by the local securities legislation. Request for Comments We welcome your comments on the Draft Amendments and the Draft Changes and also invite comments on the specific questions set out in Annex C of this Notice. Please submit your comments in writing on or before August 28, 2024. Please send your comments by email. Your submissions should be provided in Microsoft Word format. We cannot keep submissions confidential because securities legislation in certain provinces requires publication of the written comments received during the comment period. All comments received will be posted on the websites of each of the Alberta Securities Commission at asc.ca, the AMF at lautorite.qc.ca and the OSC at osc.ca. Therefore, you should not include personal information directly in comments to be published. It is important that you state on whose behalf you are making the submission. Address your submission to the following CSA jurisdictions: British Columbia Securities Commission Alberta Securities Commission Financial and Consumer Affairs Authority of Saskatchewan Ontario Securities Commission Autorité des marchés financiers Financial and Consumer Services Commission (New Brunswick) Nova Scotia Securities Commission Superintendent of Securities, Yukon Superintendent of Securities, Northwest Territories Deliver your comments only to the addresses below. Your comments will be distributed to the other Participating Jurisdictions.

-5- Me Philippe Lebel Corporate Secretary and Executive Director, Legal Affairs Autorité des marchés financiers Place de la Cité, tour PwC 2640, boulevard Laurier, bureau 400 Québec (Québec) G1V 5C1 consultation-en-cours@lautorite.qc.ca The Secretary Ontario Securities Commission 20 Queen Street West, 22nd Floor Toronto, Ontario M5H 3S8 comment@osc.gov.on.ca Contents of Annexes: This Notice includes the following Annexes: Annex A: Background information on Revised Assurance Report Requirements Annex B: Background information on draft section 13.1 of the Regulation Annex C: Specific questions of the Authorities relating to the Draft Amendments Questions Please refer your questions to any of the following: Serge Boisvert Roland Geiling Senior Policy Coordinator Derivatives Product Analyst Autorité des marchés financiers Autorité des marchés financiers 514 395-0337 poste 4358 514 395-0337 poste 4323 serge.boisvert@lautorite.qc.ca roland.geiling@lautorite.qc.ca Michael Bennett Melissa Taylor Senior Legal Counsel, Corporate Finance Senior Legal Counsel, Corporate Finance Ontario Securities Commission Ontario Securities Commission 416 593-8079 416 596-4295 mbennett@osc.gov.on.ca mtaylor@osc.gov.on.ca Darren Sutherland Senior Accountant, Corporate Finance Ontario Securities Commission 416 593-8234 dsutherland@osc.gov.on.ca

-6- Harvey Steblyk Janice Cherniak Senior Legal Counsel, Market Regulation Senior Legal Counsel, Market Regulation Alberta Securities Commission Alberta Securities Commission 403 297-2468 403 585-6271 harvey.steblyk@asc.ca janice.cherniak@asc.ca Michael Brady Faisal Kirmani Deputy Director, Capital Markets Regulation Senior Analyst, Derivatives British Columbia Securities Commission British Columbia Securities Commission 604 899-6561 604 899-6846 mbrady@bcsc.bc.ca fkirmani@bcsc.bc.ca

-7- ANNEX A BACKGROUND INFORMATION ON REVISED ASSURANCE REPORT REQUIREMENTS The Revised Assurance Report Requirements are intended to address certain technical issues related to the assurance reports that the Regulation currently requires that were encountered by accounting firms when preparing assurance reports in 2022 for RBSL as the designated benchmark administrator of CDOR and the six Canadian banks that are benchmark contributors to CDOR. Issue #1 – Nature of the assurance report The first issue related to determining which Canadian Standard(s) on Assurance Engagements (namely CSAE 3000, 3001, 3530 and 3531) should be applied, given the language in the Regulation. This issue was raised by accounting firms when they were preparing assurance reports for benchmark contributors to CDOR contemplated by the Regulation. • At the relevant time, each accounting firm was preparing an assurance report contemplated by clause (a) of the existing definition of “limited assurance report” in the Regulation. • The accounting firms wanted to apply Canadian assurance standards in order to conduct an engagement on internal controls over compliance with the Regulation requirements (i.e., a CSAE 3000 engagement), consistent with the practice that has evolved in the EU using ISAE 3000, but there were two reasons they could not do so: • first, the Regulation did not permit the use of CSAE 3000 on a stand-alone basis (in particular, clause (a) of the definition of “limited assurance report” in the Regulation contemplated a report being prepared in accordance with CSAE 3000 and CSAE 3530), and • second, even if the Regulation did permit the use of CSAE 3000 on a standalone basis, the Regulation contemplates assurance reports on compliance with specified requirements, which is in the scope of CSAE 3530 (CSAE 3530 scopes out reports on internal controls over compliance). • Furthermore, the accounting firms raised questions on whether the desired assurance report was intended to: • be an “assurance report on effectiveness of controls over compliance” rather than an “assurance report on compliance with specified regulations”, and • require testing of controls “over a period” rather than at a “point in time”. • At the relevant time, CSA staff advised the accounting firms that we would accept a limited assurance report that was only prepared in accordance with CSAE 3000, notwithstanding the definition of a limited assurance report in the Regulation. However, we are now addressing these issues in the Draft Amendments.

-8- More detail Typically, with respect to controls, public accountants tend to refer to the “design and implementation” and “operating effectiveness” of controls. • To provide assurance over design and implementation (D&I), a public accountant would typically review the control description (design), conduct inquiries, and then perform a walk-through of the control to ensure it’s been implemented as designed (implementation). • Operating effectiveness is then assessed through a sample of tests to ensure the control is operating as designed over a period. The “limited assurance reports” that OSC and AMF staff received in 2022 for RBSL and for the benchmark contributors to CDOR only covered assurance over D&I, not operating effectiveness. For example, the assurance reports for the benchmark contributors provided limited assurance that management’s description of the controls implemented by the benchmark contributors is appropriate, and that the design of the controls is suitable to achieve the control objectives as set out in the various requirements in the CDOR methodology and the Regulation. Furthermore, the limited assurance reports were only at a point in time. From a policy perspective and to further regulatory oversight, it would be preferable for securities regulators to receive “reasonable assurance reports” that also provide assurance on operating effectiveness of controls and involve testing of controls over a period. How the Draft Amendments address this issue The Draft Amendments provide that the desired nature of an assurance report is to be an “assurance report on effectiveness of controls” rather than an “assurance report on compliance”. In particular, the Draft Amendments include a definition of “reasonable assurance report on controls” (which uses the definition of “Handbook”3 in Regulation 14-101 respecting Definitions). If such a report was prepared in accordance with the Handbook, it would currently be prepared in accordance with CSAE 3000. As result, we have proposed to delete the definition of CSAE 3000 in the Regulation. In like manner, we have proposed to delete the definition of “ISAE 3000” in the Regulation and replace it with a reference to “International Standards on Assurance Engagements”4 in the definition of “reasonable assurance report on controls”. 3 The Handbook provides for a number of Canadian Standards on Assurance Engagements (CSAEs, a plural term). • Currently, the applicable CSAE (a singular term) for a “reasonable assurance report on controls” would be CSAE 3000. • However, we have proposed to use the term “Handbook” in the Regulation to provide flexibility for the future (so that the Regulation will not have to be amended if the Auditing and Assurance Standards Board changes the applicable subject-specific standard or standards that would apply to a reasonable assurance report on controls). 4 We note that the document entitled “International Framework for Assurance Standards” refers to International Standards on Assurance Engagements (ISAEs, a plural term). See: https://www.ifac.org/_flysystem/azure￾private/publications/files/B002%202013%20IAASB%20Handbook%20Framework.pdf • The International Auditing and Assurance Standards Board has published a number of ISAEs. For example, see https://www.icaew.com/technical/audit-and-assurance/assurance/standards-and-guidance

-9- Furthermore, we note the following: • Since our goal is to get assurance on the effectiveness of controls, we have proposed to remove the option of providing a “limited assurance report”. In a limited assurance engagement, the practitioner obtains only enough evidence to express a negative form of opinion over the subject matter and conclude that “nothing has come to their attention” that would lead them to believe there is an error or misstatement (in this case, that a control is not properly designed or properly implemented). The limited assurance reports provided under existing provisions in the Regulation are point in time assessments. • In order to assess the effectiveness of a control, the practitioner needs to perform testing to be able to determine that the control is designed, implemented and operating as it should over an appropriate period of time, in order to provide a sufficient basis to express a positive form of opinion over the subject matter and conclude that the controls are designed and operating effectively. This would be outside the scope of the limited assurance report. • The Draft Amendments reflect that a “reasonable assurance report” on operating effectiveness of controls is over a period5 . • Furthermore, we have proposed to remove references to CSAE 3001 since CSAE 3001 engagements are for direct engagements where an entity is not making an assertion regarding whether the entity’s performance conformed with suitable criteria. Since the Regulation requires that a designated benchmark administrator or benchmark contributor make an external assertion and obtain an assurance report to be delivered to securities regulators, it does not appear that CSAE 3001 would ever be applicable. • We have also proposed to delete references to CSAE 3530 and CSAE 3531, since those documents contemplate “assurance reports on compliance”, rather than an “assurance report on effectiveness of controls”. • Currently, the applicable ISAE (a singular term) for a “reasonable assurance report on controls” would be ISAE 3000. • However, we propose to use the plural term “International Standards on Assurance Engagements” in the Regulation to provide flexibility for the future (so that the Regulation will not have to be amended if the International Auditing and Assurance Standards Board changes the applicable subject-specific standard or standards that would apply to a reasonable assurance report on controls). 5 The draft definition of “reasonable assurance report on controls” refers to “applicable period”. The “applicable period” is set out in the following draft revised provisions of the Regulation, as applicable: subsections 13.1(4), 32(4), 33(3), 36(4), 37(3), 38(4) and 40.13(4). Certain of the revised sections provide that, for the first assurance report for a designated benchmark, the applicable period is 3 months, as set out in the following draft revised provisions of the Regulation, as applicable: paragraphs 13.1(4)(a), 32(4)(a), 36(4)(a), 38(4)(a) and 40.13(4)(a). • The purpose of this abbreviated period of 3 months is to recognize that a designated benchmark administrator may need time to prepare and implement the policies, procedures and controls required by the Regulation in the first 12 months after they are designated and to “work out the bugs”. • We have proposed to only require an assurance report after the designated benchmark administrator has “worked out the bugs” – i.e., for the last 3 months of the 12 months in question. For an assurance report required every 24 months, the public accountant is only required to “go back” 12 months, as set out in the following draft revised provisions of the Regulation, as applicable: paragraphs 13.1(4)(b), 36(4)(b) and 38(4)(b).

-10- • We recognize that the Draft Amendments provide greater specificity on these matters than that set out in the EU and UK benchmark regulations. • We also recognize that a relatively significant additional amount of work is required to prepare a “reasonable assurance report on controls” when compared to a limited assurance report. However, we don’t consider this additional amount of work to be unduly onerous for the parties involved. Furthermore, we note that the Revised Assurance Report Requirements would only apply in respect of a benchmark designated by a decision of an Authority. Issue #2 - Time when assurance report must be provided by public accountant While existing provisions in the Regulation specify when a designated benchmark administrator or a benchmark contributor must engage an accounting firm to prepare an assurance report required by the Regulation6 , the Regulation does not specify when the accounting firm must provide the assurance report. At the relevant time, CSA staff advised the parties subject to the assurance report requirements in the Regulation that the report should be prepared within 90 days of the end of the applicable period. However, we are now addressing this issue in the Draft Amendments. How the Draft Amendments address this issue The Draft Amendments specify the deadline when the assurance report must be provided by a public accountant (i.e., within 90 days of the end of the applicable period).7 6 The times when a designated benchmark administrator or a benchmark contributor must engage an accounting firm to prepare an assurance report required by the Regulation are set out in the following draft revised provisions of the Regulation, as applicable: subsections 13.1(2), 32(2), 36(2), 38(2) and 40.13(2). Different timing applies for a report under draft revised subsections 33(2) and 37(2). We propose to add guidance in the Policy Statement that the reference to “12 months” in subsections 32(2) and 40.13(2) of the Regulation refers to any period of 12 consecutive months and does not need to correspond to a calendar year or a financial year of a designated benchmark administrator. 7 The 90-day requirement for the public accountant to provide the report to the designated benchmark administrator or benchmark contributor is set out in the following revised provisions of the Regulation, as applicable: subsections 13.1(3), 32(3), 33(2), 36(3), 37(2), 38(3) and 40.13(4). The Draft Amendments also require that the assurance report be delivered to the applicable regulator or securities regulatory authority (each, an applicable regulator) by “day 100”, as set out in the following revised provisions of the Regulation, as applicable: subsections 13.1(5), 32(5), 33(4), 36(5), 37(4), 38(5) and 40.13(5). These provisions give the designated benchmark administrator or benchmark contributor 10 days to deliver the report to the applicable regulator after the time it was required to be provided by the public accountant to the designated benchmark administrator or benchmark contributor under the applicable provisions. If the public accountant provides the report to the designated benchmark administrator or benchmark contributor in less than 90 days from the end of the 12 months referred to in subsection (2), the “100 day” deadline still applies for the designated benchmark administrator or benchmark contributor to deliver a copy of the report to the applicable regulator. The intention is to provide the designated benchmark administrator or benchmark contributor with a “fixed deadline” to deliver the report to the applicable regulator.

-11- ANNEX B BACKGROUND INFORMATION ON DRAFT SECTION 13.1 OF THE REGULATION Background The assurance report provisions in the existing version of the Regulation only apply to designated commodity benchmarks, designated critical benchmarks and designated interest rate benchmarks. The Draft Amendments include a new assurance report provision (draft section 13.1 of the Regulation) that would apply to any other benchmark that is designated by a decision of an Authority (e.g., a crypto asset benchmark that is not a commodity benchmark or a term rate benchmark that is not an interest rate benchmark). 8 In particular, given highly publicized risks regarding the crypto asset market and crypto asset trading platforms, the Draft Amendments contemplate that if an Authority were to designate a crypto asset benchmark as a “designated benchmark”, it should be subject to an assurance report requirement to help mitigate those risks. Crypto asset benchmarks The existing Regulation has an assurance report provision that would apply to a designated commodity benchmark. While some crypto assets may be characterized as commodities, other crypto assets may be more appropriately categorized not as commodities (e.g., certain crypto assets may be securities9 so would not be commodities in certain jurisdictions). Consequently, not every crypto asset benchmark would be appropriately categorized as a commodity benchmark. A crypto asset benchmark may also not be appropriately categorized as a “designated interest rate benchmark” or “designated critical benchmark”. 8 Draft section 13.1 of the Regulation, like the other Revised Assurance Report Requirements, will require a “reasonable assurance report on controls”. For more detail, see Annex A. 9 CSA staff are of the view that value-referenced crypto assets may constitute securities and/or derivatives and that fiat-backed crypto assets generally meet the definition of “security” and/or would meet the definition of “derivative” in applicable legislation in several jurisdictions. See CSA Staff Notice 21-332 Crypto Asset Trading Platforms: Pre￾Registration Undertakings - Changes to Enhance Canadian Investor Protection at https://lautorite.qc.ca/fileadmin/lautorite/reglementation/valeurs-mobilieres/0-avis-acvm-staff/2023/2023fev22-21- 332-avis-acvm-en.pdf

-12- ANNEX C SPECIFIC QUESTIONS OF THE AUTHORITIES RELATING TO THE DRAFT AMENDMENTS Revised Assurance Report Requirements

1. The Draft Amendments provide that a reasonable assurance report on controls must consider whether controls operated effectively over “the applicable period”. For the first reasonable assurance report on controls to be provided for a designated critical benchmark or a designated interest rate benchmark, the applicable period is specified to be a 3-month “look back” period. Is the proposed 3-month “look back” period an appropriate period for the first reasonable assurance report on controls to be so provided?
2. Draft subsections 33(2) and 37(2) of the Regulation provide that a benchmark contributor must ensure that a reasonable assurance report on controls is provided by a public accountant to the benchmark contributor within 90 days of a request of the oversight committee. Is the proposed 90-day period a sufficient period of time? Should it be a shorter period? 10 New assurance report provision
3. By way of background, • the assurance report provisions in the existing version of the Regulation only apply to designated commodity benchmarks, designated critical benchmarks and designated interest rate benchmarks, and • the Draft Amendments include a new assurance report provision (draft section 13.1 of the Regulation) that would apply to any other benchmark that is designated by a decision of an Authority (e.g., a crypto asset benchmark that is not a commodity benchmark or a term rate benchmark that is not an interest rate benchmark). In this context, do you: (a) agree that draft section 13.1 of the Regulation is appropriate, or (b) have alternative proposals for a different type of assurance report that may be more appropriate for a crypto asset benchmark but still provide a sufficient level of assurance for a public accountant to conclude on the operating effectiveness of controls?
4. What issues would an accounting firm encounter in providing an assurance report on a crypto asset benchmark that it would not otherwise face when providing an assurance report on a commodity benchmark or an interest rate benchmark? 10 It has been suggested that a shorter period may be appropriate in certain situations where the oversight committee makes a request for a reasonable assurance report on controls following the emergence of a problem or material issue that the oversight committee has identified or become aware of.