Annex 5.E IOSCO Methodology—Scope and Use of Principle 8
The IOSCO methodology document (IOSCO 2003a) introduces the group of principles relating to enforcement (Principles 8 through 10) with a preamble that defines the term enforcement and explains each of the core principles in this group. The methodology calls for a broad interpretation of enforcement, covering wide-ranging powers of surveillance, inspection, and investigation. It then explains each of the principles under this group. In particular, it states that Principle 8 deals with preventive measures and with the methods for obtaining information by the regulator. It then clarifies that the scope of those principles encompasses all agencies involved in enforcement and is not limited only to the primary regulator.
Key issues relating to Principle 8 are then listed, which spell out in greater detail specific powers of the regulator that would be needed—including (a) power to require regular reporting or to seek information through inspections of a market participant’s business operations and (b) types of documents and records to which access should be required. This list is followed by key questions, which are listed below.
Principle 8: The regulator should have comprehensive inspection, investigation, and surveillance powers.
1. Can the regulator inspect a regulated entity’s business operations, including its books and records, without giving prior notice?
2. Can the regulator obtain books and records and request data or information from regulated entities without judicial action, even in the absence of suspected misconduct,
a. In response to a particular inquiry?
b. On a routine basis?
3. Does the regulator have the power to supervise its authorized exchanges and regulated trading systems through surveillance?
4. Does the regulator have record-keeping and record-retention requirements for regulated entities?
5. Are regulated entities required
a. To maintain records concerning client identity?
b. To maintain records that permit tracing of funds and securities in and out of brokerage and bank accounts related to securities transactions?
c. To put in place measures to minimize potential money laundering?
6. Does the regulator have the authority to determine or have access to the identity of all customers of regulated entities?
7. Where a regulator outsources inspection or other regulatory enforcement authority to an SRO or a third party?
a. Does the regulator supervise the outsourced functions of third parties?
b. Does the regulator have full access to information maintained or obtained by the third parties?
c. Can the regulator cause changes or improvements to be made in the third parties’ processes?
d. Are the third parties subject to disclosure and confidentiality requirements that are no less stringent than those applicable to the regulator?
Benchmarking Rubric for Principle 8
• Fully Implemented—Requires affirmative responses to all applicable questions
• Broadly Implemented—Requires affirmative responses to all applicable questions, except to Question 7(c)
• Partly Implemented—Requires affirmative responses to all applicable questions, except to Questions 7(c) and 7(d) or, where the regulator must cooperate with other authorities to obtain records of regulated entities, such cooperation is not sufficiently timely
• Not Implemented—Inability to respond affirmatively to one or more of Questions 1, 2(a), 2(b), 3, 4, 5(a), 5(b), 5(c), 6, 7(a), or 7(b)
The questions stated earlier serve as a set of criteria by which implementation is graded. For example in the case of New Zealand, the securities commission had affirmative responses to all the questions except 7 c; the securities commission cannot require a registered securities exchange—which performs significant inquiry and enforcement functions—to improve its processes or conduct rules. Therefore, a grading of “broadly implemented” was assigned. In another country (an emerging market), although the regulator had comprehensive surveillance and investigative powers and had determined affirmative answers to all questions, the scope of existing regulations relating to Question 4 was assessed as requiring some further improvements. The assessors recommended the preparation of an explicit and comprehensive record-keeping standard for the regulated firms (including information on investment objectives, audit trails, etc.) to facilitate the inspection of the firm’s operations. A “broadly implemented” grading was assigned.