Decision # 128

From: Financial Consumer Agency of Canada

Commissioner's reasons for Decision

(Financial Consumer Agency of Canada Act, subsection 23(2))

This decision concerns non-compliance with the Cost of Borrowing (Banks) Regulations and the Electronic Documents (Banks) Regulations.

Violations

In March 2016, the Deputy Commissioner of the Financial Consumer Agency of Canada (FCAC) issued a Notice of Violation to [text omitted] (the bank) pursuant to subsection 22(2) of the Financial Consumer Agency of Canada Act (the FCAC Act). The Notice of Violation states that the Deputy Commissioner has reasonable grounds to believe that the bank committed seven violations of the Cost of Borrowing Regulations (CBR) and of the Electronic Documents Regulations (EDR), since it failed to provide, obtain or disclose:

Under section 13 of the CBR, for the period from [text omitted] to [text omitted], a written disclosure statement stating the changes to certain loans secured by a mortgage or hypothec [text omitted] when amending the credit agreement;
Under section 14 of the CBR, for the period from [text omitted] to [text omitted], a disclosure statement including the information required by sections 8 and 9 of the CBR when renewing certain loans secured by a mortgage or hypothec [text omitted];
Under section 14 of the CBR, for the period from [text omitted] to [text omitted], the disclosure statement required by paragraph 8(1)(I) of the CBR when renewing loan secured by a mortgage or hypothec through [text omitted] of the bank;
Under section 5 of the EDR, since [text omitted], the consent required from credit card holders for sending them monthly electronic statements;
Under subsection 6(4) of the CBR, from [text omitted] to [text omitted], information about its variable rate loan secured by a mortgage or hypothec, in language that is clear, simple and not misleading;
Under paragraph 9(1)(b) of the CBR, from [text omitted] to [text omitted], the method for determining the exact annual interest rates of the credit agreements for a variable rate loan secured by a mortgage or hypothec;
Under subsection 6(2.1) of the CBR, from [text omitted] to [text omitted], accurate information in the information box prescribed by Schedule 2 to the CBR in the credit agreement for a variable rate loan secured by a mortgage or hypothec.

The Deputy Commissioner proposes the following penalties:

Violation #1: $75,000
Violation #2: $75,000
Violation #3: $35,000
Violation #4: $40,000
Violation #5: $50,000
Violation #6: $75,000
Violation #7: $50,000

The penalties proposed for the seven violations therefore total $400,000.

In April 2016, the bank sent written representations to the commissioner in response to the Notice of Violation issued by the Deputy Commissioner. The bank contests violations #1, #2, #3 and #4 (sic)^{Footnote 1} to #7. It alleges, among other things, that it should not be held responsible, owing to its transparency and its continuous cooperation with FCAC. Its arguments are based on the following grounds: (i) defence of officially induced error and of due diligence; (ii) defence of procedural fairness and natural justice; (iii) fundamental principle of justice against multiple convictions; and (iv) defence of denial. The bank does not contest violation #4 and has informed the Commissioner of the measures taken to ensure its remedy.

Having closely examined the case, including the representations made by the bank, I conclude that, on a balance of probabilities, the bank committed violations #1, #2, #4, #5, #6 and #7 described in the Notice of Violation. However, I conclude that it did not commit violation #3. The total for the penalties imposed is $365,000. My findings are based on the representations made by the bank regarding the nature of the intent or negligence, the damage caused by the violations and the bank’s compliance history.

I – Facts

The context in which I considered this case may be summarized as follows.

Violations #1 and #2

Between [text omitted] and [text omitted], the bank acquired mortgage portfolios from lenders governed by provincial laws and mandated their management to [text omitted].

Prior to the acquisition of the first portfolio, the bank’s compliance department performed a compliance audit pursuant to federal laws and produced a summary report of this audit in [text omitted]. This report found discrepancies between the provincial and federal regulatory requirements.

In the spring of [text omitted], the bank tasked its compliance department with examining the mortgage portfolios to assess whether they meet the applicable federal regulatory requirements. In [text omitted], the compliance department produced a report identifying the issues related to violations #1 and #2. Action plans for resolving these issues were implemented in [text omitted]. The bank advised FCAC of the compliance issues regarding the mortgage portfolios in March 2014.

The internal investigation by the bank’s compliance department shows that the clients who amend or renew their mortgage do not receive a disclosure of the borrowing costs as provided under sections 13 and 14 of the CBR. The compliance problem was resolved permanently in [text omitted]. In total, [text omitted] clients were potentially affected by this disclosure problem.

Violation #3

The bank’s [text omitted] offers loans secured by mortgage/hypothec [text omitted]. Between [text omitted] and [text omitted], the bank failed to update its operational computer system and add the information required by components 1 and 2 of Commissioner’s Guidance CG-9, Mortgage prepayment penalty disclosure (Guidance CG-9), published in August 2012. Guidance CG-9 clarifies the components that must be included in a disclosure for a mortgage prepayment penalty under section 14 and paragraph 8(1)(I) of the CBR. The compliance report from the bank confirms that because of this omission, the renewal notices sent by the bank to these clients did not contain the information required by elements 1 and 2 of Guidance CG-9.

The bank was informed of the problem in [text omitted] and reported it to FCAC in May 2014. The problem was finally resolved in the fall of [text omitted] and affected [text omitted] clients.

Violation #4

The EDR came into force in June 2011. At that time, the bank was in a business relationship with [text omitted] allowing clients who hold credit cards from the bank to receive monthly electronic statements through [text omitted]’s digital mailbox. This business relationship continued until [text omitted], when the bank migrated its [text omitted] clients.

In July 2014, the bank reported its compliance problems regarding the disclosure of the electronic documents to FCAC. Between [text omitted] and [text omitted], the consent obtained from clients for obtaining an online credit card statement service did not comply with the requirements of the EDR.

The information provided to FCAC by the bank showed that at the time the EDR came into effect, the bank had implemented measures to obtain consent in compliance with the regulatory requirements. However, the measures were not implemented by [text omitted]. The bank itself did not implement controls to ensure that the consents obtained by [text omitted were in compliance with the regulatory requirements. In July 2014, the bank informed FCAC that [text omitted] clients were affected by the problem.

The problem was partially resolved during the migration of the bank’s clients in [text omitted]. At that time, the bank obtained the clients’ consent to receive electronic statements [text omitted]. However, [text omitted] % of clients in its portfolio of clients subscribing to electronic statements (more than [text omitted] clients) are still in a situation of non-compliance. Furthermore, the bank abandoned its efforts to obtain consent in accordance with the EDR requirements.

Violations #5 to #7

The bank has been offering variable interest loans secured by a mortgage/hypothec since [text omitted]. In July 2014, the bank informed FCAC of a disclosure problem regarding the calculation of the annual interest rate for variable rate mortgages/hypothecs. At the time, the credit agreements given to the borrowers showed that the interest is charged [text omitted], while in reality, it is charged on the basis of [text omitted]. The bank estimates that between [text omitted] and [text omitted] clients received non-compliant credit agreements.

The credit agreements were amended between the end of the month of [text omitted] and the beginning of [text omitted]. Although the problem has been resolved for new loan situations, the documentation given to clients before the credit agreements were corrected has not been resolved.

II – Applicable legislation

Cost of Borrowing Regulations

Manner

Section 6 of the CBR provides that a bank that grants credit must, in writing, provide the borrower with a disclosure statement that provides certain information, including,

for a credit agreement in respect of a loan, a line of credit or a credit card or an application for credit card, the information set out in schedules 1 to 5 to the CBR, in an information box at the beginning of the document.

Subsection 6(4) of the CBR also provides that the bank must provide the information required under the CBR in language, and present it in a manner, that is clear, simple and not misleading.

Disclosure – Content

Fixed interest loans for a fixed amount

A bank that enters into a credit agreement for a loan for a fixed interest rate for a fixed amount must provide the borrower with an initial disclosure statement that includes the information included in subsection 8(1), paragraphs (a) to (q), of the CBR.

If a borrower misses a payment or a default charge is imposed for a missed scheduled instalment payment such that the outstanding balance of a loan increases with the result that each subsequently scheduled instalment payment does not cover the interest accrued during the period for which it was scheduled, the bank must, at most 30 days after the missed payment or the imposition of the default charge, provide the borrower with a subsequent disclosure that describes the situation and its consequences

Variable interest loans for a fixed amount

A bank that enters into a credit agreement for a loan with a variable interest rate must provide an initial disclosure that includes the information required by section 8 of the CBR in addition to the information from subsection 9(1), paragraphs (a) to (f), of the CBR.

(2) If the variable interest rate for the loan is determined by adding or subtracting a fixed percentage rate of interest to or from a public index that is a variable rate, pursuant to subsection 9(2), the bank must, at least once every 12 months, provide the borrower with a subsequent disclosure statement that contains the following information:

(a) the annual interest rate at the beginning and end of the period covered by the disclosure;

(b) the outstanding balance at the beginning and end of the period covered by the disclosure; and

(c) the amount of each instalment payment due under a payment schedule and the time when each payment is due, based on the annual interest rate that applies at the end of the period covered by the disclosure.

(3) In the case where the variable interest rate for the loan is determined by a method other than by adding or subtracting a fixed percentage rate of interest to or from a public index that is a variable rate, the bank must, at most 30 days after increasing the annual interest rate by more than 1% above the most recently disclosed rate, provide the borrower with a subsequent disclosure statement that contains the new annual interest rate and the date on which it takes effect, and the amount of each instalment payment and the time when each payment is due.

Amendments to credit agreements

Section 13 stipulates that, if a credit agreement is amended, the bank must, not later than 30 days after the day on which the amendment is made, disclose in writing to the borrower any resulting changes to the information that was required to be disclosed in the initial disclosure statement.

If a credit agreement for a fixed amount has a schedule for instalment payments and the schedule is amended, the bank must, not later than 30 days after the day on which the amendment is made, disclose in writing to the borrowers the amended payment schedule and any increase in the total amount to be paid or in the cost of borrowing as a result of that amendment.

Renewals of mortgages or hypothecs

Section 14 stipulates that if a loan secured by a mortgage or hypothec is to be renewed on a specified date, the bank must, at least 21 days before the date, provide the borrower with a subsequent disclosure that contains the information required by section 8 and 9 of the CBR.

The subsequent disclosure referred to in subsection 14(1) must specify that

(a) no change that increases the cost of borrowing will be made to the credit agreement between the transmission of the subsequent disclosure statement and the renewal of the credit agreement; and

(b) the borrower’s rights under the credit agreement continue, and the renewal does not take effect, until the day that is the later of the date specified for its renewal and 21 days after the borrower receives the statement.

Finally, a bank that does not intend to renew a credit agreement for a loan secured by a mortgage or hypothec after its term ends shall, at least 21 days before the end of the term, notify the borrower of that intention.

Electronic Documents (Banks and Bank Holding Companies) Regulations (SOR/2010-239)

Consent to provision of an electronic document

5 (1) For the purpose of paragraph 995(1)(c) of the Act, the addressee may consent in writing, in paper or electronic form, or orally.

(2) Before an addressee consents in writing, the originator or the person acting for the originator must notify the addressee in writing, in paper or electronic form,

(a) that the addressee may revoke their consent at any time;

(b) that the addressee is responsible for informing the originator of any changes the addressee makes to the designated information system including any changes made to the contact information related to the designated information system;

(c) that any electronic documents will be retained for the period specified in the notice and made available to the addressee and that the addressee is responsible for retaining a copy of the document; and

(d) of when the consent takes effect.

(3) If the notification referred to in subsection (2) or the consent referred to in subsection (4) is provided in an electronic document, the electronic document must be accessible to the addressee and capable of being retained by them so as to be usable for subsequent reference.

(4) If the addressee’s consent is provided in writing, in paper or electronic form, it must include the name of the information system designated by the addressee for the receipt of the electronic document and a list, in paper or electronic form, of the notices, documents or other information that is covered by the consent.

(5) If the addressee’s consent is provided orally, the originator or the person acting for the originator shall, without delay, provide the addressee in writing, in paper or electronic form, with the information referred to in subsection (2) and confirm the information referred to in subsection (4).

(6) If the addressee is providing consent for the provision of an electronic document on a one-time basis, subsection (2) does not apply.

Bank Act

Duty to manage

157 (1) Subject to this Act, the directors of a bank shall manage or supervise the management of the business and affairs of the bank.

Specific duties

(2) The directors of a bank shall:

[…]

(e) establish procedures to provide disclosure of information to customers of the bank that is required to be disclosed by this Act and for dealing with complaints as required by subsection 455(1);

(f) designate a committee of the board of directors to monitor the procedures referred to in paragraph (e) and satisfy itself that they are being adhered to by the bank;

[…]

Disclosing borrowing costs

Subsection 450(1) provides that a bank shall not make a loan to a natural person unless the cost of borrowing, as calculated and expressed in accordance with section 451, and other prescribed information have been disclosed by the bank to the borrower.

Additional disclosure

452 (1) Where a bank makes a loan in respect of which the disclosure requirements of section 450 are applicable and the loan is required to be repaid either on a fixed future date or by instalments, the bank shall disclose to the borrower, in accordance with the regulations, the information set out in paragraphs (a) to (e).

Consent and other requirements

995 (1) Despite anything in this Part, a requirement under this Act or the regulations to provide a notice, document or other information is not satisfied by providing an electronic document unless

(a) the addressee consents and designates an information system for the receipt of the electronic document;

(b) the electronic document is, unless otherwise prescribed, provided to the designated information system; and

(c) the prescribed requirements are complied with.

III – Bank’s representations

The bank contests the factual foundations supporting violation #3. It does not dispute that the contraventions resulting in violations #1, #2, and #5 to #7 were committed. However, the bank alleges that it should not be held responsible for these five (5) violations. In its written representations, the bank raises four (4) grounds of defence and one procedural irregularity. The grounds of defence and the procedural grounds raised by the bank are as follows.

1. Defence of officially induced error and of due diligence

The bank has been holding [text omitted] calls with FCAC since [text omitted]. These calls are in addition to ad-hoc communications between the bank and FCAC. The bank points out that the violations appearing in the Notice of Violation, and the related action plans, were the subject of numerous communications between the bank and FCAC. The bank notes that during these communications, FCAC remained silent and did not offer any comment on the actions taken. The bank alleges that the silence implies FCAC’s agreement that the steps taken were appropriate, or at least acceptable. The bank states that to hold it responsible in such circumstances would not be consistent with “the basic fairness of the penal, administrative and quasi-judicial process”.

2. Defence of procedural fairness and natural justice

The bank alleges that FCAC did not act with transparency since it waited between 10 and 14 months after the disclosure of the violations to inform the bank of its concerns regarding compliance issues. The bank submits that FCAC suddenly changed its attitude toward the bank and that the attitude change “was not consistent with the principles of transparency and procedural fairness normally required of regulators, particularly regarding financial issues”.

3. Fundamental principle of justice against multiple convictions

The bank states that violations #5, #6 and #7 arise out of the same facts and that, consequently, that finding the bank responsible for the three violations infringes the Canadian penal law rule against multiple convictions for a single violation.

4. Defence by denial

The bank maintains that the analysis supporting violation #3 is based on the wrong disclosure document and that a disclosure document complying with the requirements of section 14 of the CBR was given to the clients before the renewal of their mortgage.

IV – Analysis

Violations #1 and #2

The bank does not deny violating sections 13 and 14 of the CBR. However, it raises two (2) defences and one procedural irregularity.

1. Due diligence defence

The due diligence defence is provided for in subsection 28(1) of the FCAC Act. This defence will be established if the bank shows, on a balance of probabilities, that it (i) reasonably believed in a mistaken set of facts that, if true, would have rendered its act or omission innocent; or (ii) took all reasonable steps to avoid the particular event. However, this defence is not available if the defendant relies solely on a mistake of law to explain the commission of an offence, unless the mistake was induced by a person in authority and the offence is not a strict liability offence.

The bank’s defence cannot not apply in this case. The transparency regarding the action plans, the interim measures and the time limit proposed to correct the alleged violations are not relevant for the analysis of the due diligence defence. Indeed, these efforts were implemented after the bank identified compliance issues with the mortgage portfolios managed by [text omitted] in [text omitted]. Furthermore, the bank reported those issues to FCAC in March 2014 as compliance deficiencies. This is sufficient to make the defence unavailable.

2. Defence of officially induced error

The defence of officially induced error is available when the defendant shows that the commission of the offence was induced by the opinion of an official responsible for the administration or enforcement of a specific law.

This defence finds its basis in the common law. Consequently, it can be raised in accordance with subsection 28(2) of the FCAC Act, which states:

Common law principles
(2) Every rule and principle of the common law that renders any circumstance a justification or excuse in relation to a charge for an offence in relation to a consumer provision applies in respect of a violation to the extent that it is not inconsistent with this Act.

The Supreme Court noted that, for regulatory offences, the defence of officially induced error is available only in cases where the party who raises the defence shows that each of the following elements was present:

(i) an error of law or of mixed law and fact was made;

(ii) the person who committed the act considered the legal consequences of his or her actions;

(iii) the advice obtained came from an appropriate official;

(iv) the legal advice was erroneous;

(v) the person relied on the advice obtained in committing the prohibited act;

(vi) relying on the advice was reasonable.^{Footnote 2}

The bank pleads that all the alleged violations were discussed on numerous occasions and that the lack of FCAC feedback regarding the steps taken to correct these violations only reinforced its conclusion that the steps taken were appropriate, or at least acceptable.

In support of its argument, the bank brings [ ] to my attention.

The bank’s defence cannot apply in this case. The bank’s compliance department identified the compliance problems with the mortgage portfolios managed by [text omitted] in [text omitted] and reported them to FCAC in March 2014 as compliance deficiencies. Consequently, FCAC’s silence regarding the acceptability of the steps undertaken by the bank to correct the compliance issues could not have caused the violations, since these had already been committed by the bank. I also believe that a reasonable person in the same circumstances could not have believed that they were acting in accordance with the law in compliance with the provisions that apply to this case.

3. Procedural fairness, duty to act fairly and natural justice

The bank states that FCAC breached the principles of transparency and procedural fairness required of regulators. Such a defence does not excuse the lack of compliance, but could attract additional procedural rights.

Canadian case law sets guidelines from which the fundamental elements constituting the duty to act fairly can be drawn. According to the courts, “the values underlying the duty of procedural fairness relate to the principle that the individual or individuals affected should have the opportunity to present their case fully and fairly, and have decisions affecting their rights, interests, or privileges made using a fair, impartial and open process, appropriate to the statutory, institutional, and social context of the decision”.^{Footnote 3}

Between March and May 2014, the bank disclosed [text omitted] compliance issues regarding its computer systems’ operation and its information disclosure documents for its clients. In May 2015, following an investigation by FCAC’s Supervision and Promotion Branch, the bank was informed of FCAC’s compliance concerns. In September 2015, FCAC advised the bank that a compliance report was being written. A preliminary version of this report was sent to the bank in February 2016. In March 2016, the bank submitted its comments on the preliminary report to FCAC. Following the reception of the bank’s comments, the case was brought before the Deputy Commissioner. In March 2016, after examining the case, including the bank’s written representations, the Deputy Commissioner issued a Notice of Violation to the bank, pursuant to subsection 22(2) of the FCAC Act. As mentioned in the notice, the bank had 30 days to make written representations to the Commissioner regarding the violations or the penalties proposed by the Deputy Commissioner. The bank submitted its representations to the Commissioner in April 2016.

The bank raises a breach of the principles of transparency and procedural fairness. However, the timeline for the events shows that FCAC followed the process described in the Compliance Framework published on its website.^{Footnote 4} This process offers procedural protections over and above those provided for in the FCAC Act. I would point out that the bank had an opportunity to make representations on two occasions: (i) before the Deputy Commissioner issued the Notice of Violation; and (ii) in response to the violations and penalties proposed by the Deputy Commissioner.

The bank also alleges that after it was informed of FCAC’s concerns regarding compliance issues, FCAC suddenly changed its attitude about the bank. I examined the file, including the bank’s written representations, and I conclude that the bank was at no time misled regarding FCAC’s concerns about the disclosed compliance issues. Furthermore, there is no evidence that would allow me to conclude that the conduct of, or the information provided by, FCAC officials would lead the bank to believe that FCAC would adopt a different process for the bank.

For the reasons given above, I find that FCAC fulfilled its duty to act fairly.

Conclusion

Having examined the case, and particularly the bank’s written representations, I cannot accept the defences and procedural arguments proposed by the bank. I therefore find, on a balance of probabilities, that the bank committed violations #1 and #2.

Violation #3

In its representations, the bank established that it provided the disclosure required by the CBR. I accept this fact and consequently find that it did not commit violation #3. However, I note my concern regarding the fact that the bank did not clarify earlier, during the investigation, that the documentation supporting the Deputy Commissioner’s analysis was incorrect.

Violation #4

The bank does not contest having committed violation #4. I therefore find, on a balance of probabilities, that it violated section 5 of the EDR.

Violations #5 to #7

The bank does not deny violating sections 13 and 14 of the CBR. However, it raises three (3) grounds of defence and one procedural irregularity.

1. Due diligence defence

The bank raises the due diligence defence. This defence cannot be accepted for the same reasons as those that apply to violations #1 and #2. Indeed, the facts presented by the bank in support of its argument pertain to the measure taken after committing the violations. They are thus not relevant for the purposes of due diligence defence.

2. Defence of officially induced error

The bank raises the defence of due diligence and of officially induced error. This defence cannot be accepted for the same reasons as those that apply to violations #1 and #2. FCAC’s silence regarding the measures implemented by the bank to correct the alleged violations cannot create a reasonable belief that it did not consider this to be an offence.

3. Rule against multiple convictions arising out of the same facts

The bank pleads that it cannot be subject to three violations arising out of a single factual situation. In support of its defence, it raises the principle recognized by the Supreme Court in the Kienapple v. The Queen,^{Footnote 5} which prohibits multiple convictions arising out of the same facts

Although the Supreme Court had recognized the general principle against multiple convictions for the same delict, the Court does however recognize that Parliament can constitute two separate offences out of the same matter and that it can allow multiple convictions on condition that it clearly declares its intention to do so.^{Footnote 6} Therefore, this defence is not applicable if a contrary intention appears in Parliament’s legislation.

Does the Kienapple principle apply in this case, and can it prevent the Commissioner from issuing multiple violations arising out of the same compliance issue?

First, I note that this is not a penal context. The FCAC Act stipulates that the decision to proceed with an act or omission as a violation precludes proceeding as a penal offence. The violations provided for in the FCAC Act are for ensuring compliance. The FCAC Act provides that one of the objects of FCAC is to “supervise financial institutions [. . .] to determine whether the institution or body is in compliance with the consumer provisions applicable to them”.^{Footnote 7} When a bank’s actions toward a client breaches multiple regulatory requirements, it is important that the Commissioner be able to take effective measures to ensure compliance. If the banks could break multiple regulatory dispositions knowing that they can only be responsible for one violation, the effectiveness of the legislative scheme for protecting banking consumers would be greatly reduced.

This being said, I am of the opinion that Parliament has authorized the imposition of multiple violations arising out of the same compliance issue. Indeed, subsection 22(1) of the FCAC Act provides as follows:

22 (1) Every contravention or non-compliance that is designated under paragraphs 19(1)(a) to (a.2) constitutes a violation and the person that commits the violation is liable to a penalty determined in accordance with sections 19 and 20. [Emphasis added.]

This language is again seen in paragraph 2(a) of the Financial Consumer Agency of Canada Designated Violations Regulations, which provides as follows:

(2) The following are designated as violations that may be proceeded with under sections 20 to 31 of the Act:

(a) the contravention of any consumer provision;

(b) the non-compliance with any compliance agreement entered into under an Act listed in Schedule 1 to the Act.

I am satisfied that the Commissioner could conclude that any violation of the consumer dispositions constitutes a distinct violation.

Although I am persuaded by the above arguments, even if I were not, the next step in the analysis is to determine whether the bank met the necessary elements to rely on the rule against multiple convictions. First, the bank must demonstrate that the offences arise from the same transaction. This is what is known as the factual nexus between the charges. Once the factual nexus between the charges is established, we must ask whether there is an adequate relationship between the offences themselves. In other words, is there a legal nexus between the charges justifying the rule against multiple convictions? A single act by the accused can result in distinct offences that are unrelated to each other.

In this case, although violations #5, #6 and #7 arise out of the same erroneous statement of the method for calculating annual interest, this transaction resulted in distinct violations of subsections 6(2.1), 6(4) and paragraph 9(1)(b) of the CBR. These violations are not related to each other. Consequently, I conclude that the necessary elements of the defence have not been met.

4. Procedural fairness, duty to act fairly and natural justice

The bank also pleads a lack of procedural fairness and a breach of the principles of natural justice. For the reasons given above regarding violations #1 and #2, I cannot accept this defence.

Conclusion

For the reasons given above, I find on a balance of probabilities that the bank committed violations #5, #6 and #7.

Degree of intent or negligence

The violations reveal several concerning facts regarding the bank’s compliance practices, particularly the significant flaws in the controls for verifying compliance and for detecting potential disclosure issues. Furthermore, the decisions made by the bank regarding the management of the compliance issues demonstrate that the bank did not consider these issues as regulatory priorities.

Regarding the [text omitted] file (violations #1 and #2), the bank demonstrated negligence on three levels. First, the documentation provided by the bank demonstrates that the bank’s compliance department was informed of the compliance issues before acquiring the mortgage portfolios managed by [text omitted], in [text omitted]. At the time, the bank knew that there was a discrepancy to take into account between the provincial and federal requirements regarding disclosures to the clients. Despite this, more than two years passed before the bank’s compliance department was given a mandate to assess and ensure the compliance of these new loan portfolios with federal acts and regulations. Second, once the bank’s compliance department took charge of the file, an additional period of 12 months was required to solve the compliance issues. Therefore, despite the fact that significant compliance issues were identified before the acquisition of the loan portfolios, nearly four years passed before the bank solved the compliance issues. Finally, I note that between [text omitted] and [text omitted], the bank did not implement an interim solution.

Regarding the [text omitted] file (violation #4), the documentation provided shows that by the time the EDR came into effect, in 2011, the bank had taken measures to implement a consent mechanism in compliance with the regulatory requirements. However, its service provider, [text omitted], did not respect the bank’s instructions or implement the revised consent mechanism. The bank was negligent since, although it communicated its policies to its service provider, it forgot to implement the controls and the review and monitoring mechanisms for ensuring that the provider complies with the EDR’s requirements. Indeed, the consent problem was detected by the bank in [text omitted], during a client migration project. I acknowledge that the bank implemented measures to obtain consent in compliance with the EDR once the problem was detected. However, I note that due to significant flaws regarding controls and review and monitoring mechanisms, the bank was in a situation of non-compliance for a period of nearly four (4) years. Finally, I also note that despite the efforts made to obtain the necessary consents, nearly [text omitted] % of the clients affected have still not consented to receive the electronic statements.

Regarding the variable rate loan file (violations #5 to #7), the bank did not implement the controls or audit mechanisms to ensure compliance with the regulatory requirements. Because of its negligence, the bank did not comply with the regulatory requirements for a period of nearly [text omitted]. Furthermore, once the problem was detected, 20 months elapsed before the problem was corrected. During this period, the bank did not implement any interim measures to mitigate the problem.

However, I acknowledge that the bank itself disclosed seven (7) violations, although only six (6) were upheld. It also demonstrated transparency and was cooperative throughout the process. The bank’s representations also report several recent operational changes that demonstrate a willingness to improve its culture and its compliance practices. However, I must observe that all the measures taken were reactive in nature, which demonstrates a failure in compliance controls.

The bank insists in its representations that since [text omitted], it has undergone major changes that resulted in the adoption of a [text omitted] approach. This wide-ranging initiative was accompanied by significant investments in technology, processes and regulatory compliance. I acknowledge the bank’s willingness to improve its service delivery but find that the efforts deployed were insufficient.

[ ]

Harm

Violations #1 and #2 potentially affected [text omitted] clients. Violation #4 itself affected [text omitted] clients, and the problem still affects nearly [text omitted] % of them. Between [text omitted] and [text omitted] clients are affected by violations #5 to #7.

The compliance issues that resulted in violations #1, #2 and #4 to #7 have not caused direct financial harm to the consumers. However, violations #1, #2 and #5 to #7 could have had indirect negative financial consequences by misleading consumers regarding their financial products or by preventing them from rigorously examining the information provided.

History of the wrongdoer over the five years preceding the violation

The FCAC found [text omitted] violation in [text omitted]. This violation resulted in a penalty of $[text omitted].

V – Penalty

As mentioned above, I find that the bank committed violations #1, #2 and #4 to #7. I am satisfied with the Deputy Commissioner’s analysis regarding the criteria and the penalty amounts.

Conclusion

I find that, on a balance of probabilities, the bank committed violations #1, #2, #4, #5, #6 and #7 described in the Notice of Violation. Consequently, pursuant to subsection 23(2) of the FCAC Act, I impose the following penalties: