Canadian Compliance Course (CCC): 24 Sample Questions & Simulator
CCC sample questions, practice-exam coverage, and simulator access for the CSI Canadian Compliance Course in Securities Prep on web, iOS, and Android.
CCC rewards candidates who can identify the real compliance failure, separate control ownership from business pressure, and choose the strongest escalation or remediation step across Canadian registered-firm scenarios. If you are searching for Canadian Compliance Course sample questions, a practice test, mock exam, or simulator, this is the main Securities Prep page to start on web and continue on iOS or Android with the same account.
Start a practice session for CCC below, or open the full app in a new tab. For the best experience, open the full app in a new tab and navigate with swipes/gestures or the mouse wheel—just like on your phone or tablet.
Open Full App in a New TabA small set of questions is available for free preview. Subscribers can unlock full access by signing in with the same account used on mobile.
Prefer to practice on your phone or tablet? Download the Securities Prep app:
- iOS: Canada · United States
- Android: Canada · United States
If you already subscribe in the mobile app, sign in with the same account on web to continue on desktop.
What this CCC practice page gives you
- a direct route into the live Securities Prep simulator for the Canadian Compliance Course
- 24 sample questions with detailed explanations across governance, supervision, surveillance, conflicts, complaints, and regulator interaction
- focused practice around Canadian registered-firm compliance judgment instead of pure rule memorization
- clear free-preview access before you subscribe
- the same subscription across web and mobile
CCC exam snapshot
- Provider: CSI
- Exam: Canadian Compliance Course (CCC)
- Format: 100 multiple-choice questions in 3 hours
- Attempts: 3
- Passing target: 60%
Topic coverage for CCC practice
- Role of compliance and regulators (18%): the purpose of compliance, the Canadian regulatory environment, and where compliance fits inside the firm.
- Governance and financial condition (11%): board and management oversight, corporate-governance expectations, and financial-condition awareness at a compliance level.
- Compliance regime and supervision (32%): policies, procedures, control ownership, supervisory structure, and how compliance supervision works in practice.
- Surveillance, conflicts, and complaints (29%): surveillance programs, reviews, conflicts of interest, complaint classification, escalation, and remediation.
- Regulator interaction and legal exposure (10%): dealing with regulators, regulatory reviews, investigations, and the legal consequences of weak compliance decisions.
Which CSI page should you open first?
| If your target role is… | Best page to start with | Why |
|---|---|---|
| Client-facing representative or advisor | CPH | CPH is stronger for suitability, disclosure, complaints, and day-to-day conduct with clients. |
| Canadian registered-firm compliance or control work | CCC | CCC is the best fit for governance, supervision, surveillance, conflicts, and regulator-readiness. |
| Senior firm governance or executive oversight | PDO | PDO is broader on executive, governance, and firm-level oversight responsibilities. |
| Investment-dealer chief compliance function | CCO | CCO is the stronger route when the role is specifically chief-compliance supervision inside that track. |
What CCC is really testing
- whether you can spot the control problem before chasing the symptom
- whether management, supervision, and compliance responsibilities are being assigned correctly
- whether the safest next step is escalation, containment, documentation, remediation, or regulator-ready follow-up
- whether you can distinguish a process weakness from a conduct breach or governance failure
- whether you can choose the answer that protects clients, the firm, and the integrity of the compliance program
How to use the CCC simulator efficiently
- Start with regulators, governance, conflicts, and complaints so the control vocabulary becomes automatic.
- Review every miss until you can explain who owns the issue, what should happen next, and what should be documented.
- Move into mixed sets once you can switch between governance, supervision, surveillance, and complaint scenarios without losing the compliance thread.
- Finish with timed runs so the 3-hour pace feels controlled.
Free preview vs premium
- Free preview: a smaller web set so you can validate the question style and explanation depth.
- Premium: the full CCC bank, focused drills, mixed sets, timed mocks, detailed explanations, and progress tracking across web and mobile.
Good next pages after CCC
- CPH if you need more client-facing conduct and complaint workflow
- PDO if your role is moving toward partner, director, or senior-officer oversight
- CCO if you need a more officer-specific compliance route
- CSI exam pages if you are still choosing among Canadian securities tracks
24 CCC sample questions with detailed explanations
These sample questions cover the current CCC blueprint areas: role of compliance, regulators, governance, supervision, surveillance, conflicts, complaints, and dealings with regulators. Use them to check your readiness here, then continue into the full Securities Prep question bank for broader timed coverage.
Question 1
A portfolio manager is undergoing a provincial securities regulator compliance review. The regulator asks the CCO for evidence that quarterly trade-surveillance exceptions were reviewed over the past 12 months. The firm has a spreadsheet listing review dates, but there are no retained review notes, escalation records, or supervisory sign-offs, and the trading desk head says the discussions were mostly verbal. What is the single best action for the CCO?
- A. Send only the spreadsheet and avoid emphasizing the weakness.
- B. Obtain fresh supervisor attestations and use them as proof.
- C. Provide existing records, disclose the gap, and document management-approved remediation.
- D. Recreate missing review notes from memory and submit them.
Best answer: C
Explanation: Evidence quality matters because regulators assess whether a control can be demonstrated, not merely asserted. The best response is to provide the records that actually exist, clearly disclose the documentation weakness, and document remediation rather than backfilling or minimizing the gap.
In a regulatory interaction, the firm should provide accurate, supportable, and complete information. Contemporaneous records such as review notes, exception logs, and sign-offs are stronger evidence than summaries or recollections because they show what was reviewed, when it was reviewed, and whether issues were escalated. Here, the spreadsheet may have some value, but it is not enough to prove the full supervisory process on its own.
The CCO should:
- provide the records that actually exist
- explain the documentation limitation candidly
- escalate and document remediation with management oversight
Trying to recreate original records after the fact, relying mainly on new attestations, or downplaying the gap can mislead the regulator and damage the firm’s credibility. A transparent response with documented remediation is the strongest compliance approach.
Question 2
A portfolio management firm’s complaint log shows the following entry. Based on the artifact, what is the best next action for the CCO?
Artifact: Complaint log snapshot
Received: April 8, 2026 by email
Allegation: discretionary trades breached mandate; client claims about $140,000 loss and says, “I am speaking with my lawyer”
Current classification: client service concern
Notes: portfolio manager asked to call the client directly “to calm things down”; branch head noted, “hold off opening a formal file until we know if the client sues”
Record hold: none documented
A. Send a denial because the account was discretionary.
B. Wait for a statement of claim before escalating the matter.
C. Keep it informal while the portfolio manager contacts the client.
D. Open a formal complaint file and issue a record-preservation hold.
Best answer: D
Explanation: This is already a formal complaint risk situation: the client alleges mandate breach, claims a loss, and mentions a lawyer. The added regulatory and legal risk comes from delaying escalation, allowing direct unsupervised contact, and failing to preserve records. The CCO should bring the matter under the firm’s complaint process immediately.
The core issue is complaint-handling risk, not whether the client will ultimately succeed. A written allegation of trading outside the mandate, a claimed loss, and a reference to legal counsel should trigger formal complaint handling and compliance oversight. The note to “hold off” and the absence of a record-preservation step increase regulatory and legal exposure because relevant emails, texts, and notes may be lost, and direct outreach by the portfolio manager may create inconsistent or prejudicial statements.
A sound response is to:
- open the formal complaint file;
- preserve relevant records immediately; and
- move the investigation under compliance control.
Waiting for formal litigation or relying on the discretionary nature of the account weakens the firm’s position and ignores the immediate control gap.
Question 3
An exempt market dealer’s intake policy says a complaint exists when a client expresses dissatisfaction about the firm’s products, services, conduct, or handling and expects a response or corrective action. A compliance analyst reviews the following log.
Exhibit: Daily client contacts
| Contact | Message |
|---|---|
| 1 | Please send me my March statement. |
| 2 | Please reset my client portal password. |
| 3 | Your dealing representative said the private placement was low risk. I lost money and want the firm to explain how this will be fixed. |
| 4 | Please update my mailing address. |
Which contact should be classified as a complaint and moved into the firm’s complaint-handling process?
- A. The mailing address update request
- B. The client portal password reset request
- C. The private placement loss message seeking a fix
- D. The request for the March statement
Best answer: C
Explanation: The private placement message is the only contact that combines dissatisfaction with the firm’s conduct and an expectation of corrective action. That makes it a complaint at intake, even without a formal complaint form or specific wording.
A complaint in a Canadian registered firm’s compliance program is an expression of dissatisfaction by a client, or someone acting for the client, about a product, service, conduct, or the firm’s handling of the matter, where a response or resolution is expected. The private placement message meets that definition because it alleges the representative described the investment as low risk, reports harm, and asks the firm to explain how the issue will be fixed. That should be logged promptly and moved into the firm’s complaint process.
- Record the details in the complaint log.
- Escalate under the firm’s complaint procedures.
- Preserve the related communication and sales records.
Routine document requests, password resets, and address changes are service items, not complaints on these facts.
Question 4
A mutual fund dealer’s compliance manager is reviewing a branch-review note after a routine supervisory review.
Artifact: Branch-review note
- Files tested: 12
- Exceptions: 3 files showed trades entered before the required KYC update was documented.
- Prior review (6 months earlier): same issue in 2 files.
- Branch manager comment: “Discussed with advisor; will be more careful.”
- Issue log status: closed
- No remediation owner, target date, or follow-up testing recorded
What is the best supported next action for compliance?
- A. Conclude no meaningful deficiency exists because most files were compliant.
- B. Reopen the issue, assign remediation, and escalate the repeat deficiency.
- C. Wait for the next scheduled review before taking action.
- D. Leave the issue closed because the branch manager spoke to the advisor.
Best answer: B
Explanation: The artifact shows a repeat supervisory deficiency that was closed without evidence of effective remediation. Because there is no owner, deadline, or follow-up testing, compliance should reopen the item and escalate it instead of relying on a verbal discussion.
Documentation and escalation are core parts of effective compliance supervision. An exception is not adequately remediated just because a manager says it was discussed; the firm should be able to show who is responsible for fixing it, when it must be fixed, and how compliance will confirm the fix. Here, the same deficiency appeared in two reviews, yet the issue log was marked closed with only a verbal comment and no remediation owner, target date, or retesting. That supports reopening the matter, documenting a formal remediation plan, and escalating it through the firm’s compliance process because the weakness is repeat and unresolved.
- Record the deficiency clearly.
- Assign an accountable owner and deadline.
- Obtain evidence of corrective action.
- Perform follow-up testing before closure.
The closest distractor is relying on the branch manager’s comment, but verbal assurance is not auditable evidence of remediation.
Question 5
An exempt market dealer is formalizing its governance as it grows. The board asks the CCO to review the following memo excerpt.
Artifact: Governance memo excerpt
- The Risk and Compliance Committee meets “as needed.”
- The CEO decides who attends each meeting.
- The committee has no written mandate or standing agenda.
- Minutes are not kept; action items are sent by email.
- The board receives updates only when the CEO considers an issue significant.
Which next action is most appropriate?
- A. Send all compliance matters directly to the full board for decision.
- B. Leave attendance to the CEO but have the CCO chair each meeting.
- C. Keep ad hoc meetings but require quarterly summary emails to the board.
- D. Adopt a committee charter defining mandate, membership, minutes, and board reporting.
Best answer: D
Explanation: The artifact shows a committee without the basic governance documents and structure needed for effective oversight. Formal committee arrangements exist to define authority, participation, records, and escalation, so the strongest next step is to document those elements in a charter and board reporting process.
Governance documents exist to make oversight clear, repeatable, and accountable. In the memo, the committee has no written mandate, no defined membership, no standing agenda, no minutes, and no regular reporting line to the board. That means key issues may be handled inconsistently and important information may never reach directors.
A formal committee structure should clearly set out:
- the committee’s purpose and authority
- who belongs on it and how meetings are called
- what records must be kept
- when and how matters are reported or escalated to the board
That is why documenting the committee through a charter is the best-supported next action. Changing who chairs meetings or sending occasional summaries does not fix the underlying control gap, and routing every issue to the full board is not an effective governance design.
Question 6
A portfolio manager registered in Ontario and British Columbia acquired a small advising team six months ago. Since then, managed accounts have doubled, supervisors at each office still use different file-review checklists, and the CCO has found repeated missing notes for KYC updates in higher-risk client files. Senior management wants evidence that supervisory exceptions are being escalated and resolved, not just identified. What is the single best next step in designing the firm’s supervision program?
- A. Report office statistics to management without changing controls.
- B. Increase file sampling but keep office-specific review methods.
- C. Require annual adviser attestations on KYC documentation standards.
- D. Document a risk-based review program with escalation and remediation tracking.
Best answer: D
Explanation: The best response is to build a documented, risk-based supervision program. The firm has grown, office reviews are inconsistent, and repeated KYC exceptions are not being tracked through resolution, so the design must standardize reviews, assign ownership, and evidence follow-up.
Effective supervision programs are risk-based, consistent, and evidenced. In this scenario, the problem is not just adviser awareness; it is that the firm’s supervisory design no longer matches its size and risk profile after the acquisition. Different office checklists create inconsistent oversight, and repeated know-your-client (KYC) documentation gaps show that exceptions are not being managed to closure.
- Standardize core supervisory reviews across offices.
- Define enhanced review criteria for higher-risk files.
- Assign responsibility for escalation, remediation, and due dates.
- Maintain records showing exceptions, follow-up, and management reporting.
This approach gives the CCO and senior management a defensible supervision framework. More sampling, certifications, or summary reporting alone would not fix the missing consistency and closure controls.
Question 7
A portfolio manager’s compliance team completes all scheduled quarterly trade-allocation reviews. Dashboard reporting shows 100% completion for the last 12 months, but the same allocation exception has appeared on one desk in three consecutive quarters. Each issue was marked closed after the supervisor was reminded of the policy, and the files contain no assigned remediation owner, deadline, or follow-up test. What is the best interpretation of the review program?
- A. It suggests policy wording is the main problem, not the review program.
- B. It is active but ineffective; recurring issues show weak remediation and no validation.
- C. It mainly needs more frequent testing, not stronger follow-up.
- D. It is effective because reviews are completed and issues are logged.
Best answer: B
Explanation: The key issue is effectiveness, not activity. A review program that repeatedly finds the same problem, closes it with a reminder, and does not verify remediation is not demonstrating reduced risk.
Completion rates and issue logs are input measures; by themselves, they do not show that a compliance review program is working. Here, the same allocation exception recurs for three quarters, yet the matter is closed with only a policy reminder and no owner, deadline, or follow-up testing. That points to superficial closure rather than effective remediation.
- identify the root cause
- assign accountable ownership and timing
- escalate repeat findings as needed
- retest to confirm the control change worked
The key takeaway is that an active review program must show outcomes, not just completed reviews.
Question 8
A retail client emails an exempt market dealer stating that a dealing representative described a private placement as “guaranteed” and suitable for the client’s conservative objectives, and asks for the investment to be reversed. The sales manager wants to call the representative before treating the message as a complaint. What is the best next step?
- A. Reverse the investment first and document the matter afterward.
- B. Log and classify the email as a complaint under the firm’s complaint process.
- C. Obtain the representative’s explanation before deciding whether to open a complaint file.
- D. Wait for the client to quantify the loss before starting complaint handling.
Best answer: B
Explanation: The email is a clear expression of dissatisfaction about the firm’s conduct and includes a request for redress, so it should be treated immediately as a complaint. The right initial response is to bring it into the firm’s controlled complaint-handling process before informal fact-finding or remediation.
For complaint classification and intake, the key decision is whether the communication should enter the firm’s formal complaint process. Here, the client alleges misleading and unsuitable advice and asks that the transaction be reversed. That is enough to treat the email as a complaint right away. Compliance should ensure the matter is logged, classified, and routed under the firm’s complaint procedures so the review is documented, records are preserved, and the client receives the firm’s standard response process.
- Capture the complaint promptly.
- Preserve relevant records and communications.
- Route it to the designated complaint handler or compliance.
- Investigate only after intake controls are in place.
The main error in the other choices is delaying or bypassing intake controls.
Question 9
A Canadian exempt market dealer is redesigning its supervision program after a provincial securities regulator asked for evidence of risk-based reviews. The firm’s last internal report showed that two dealing representatives produced 60% of exempt-product sales and most suitability exceptions. The proposal includes pre-use approval of marketing materials, central complaint logging, and quarterly file testing of KYC, suitability, and disclosure. However, those two representatives would be excluded from file testing because the CEO already reviews their monthly sales totals. What is the most important weakness in the proposal?
- A. It uses quarterly file testing instead of monthly testing.
- B. It requires pre-use approval of marketing materials.
- C. It excludes the highest-risk representatives from substantive file testing.
- D. It centralizes complaint logging at head office.
Best answer: C
Explanation: The key weakness is the carve-out for the two representatives with the greatest sales concentration and most suitability exceptions. A risk-based supervision program should direct more testing to higher-risk individuals, and monthly sales totals do not replace file-level review of KYC, suitability, and disclosure.
A supervision program should allocate its strongest controls to the areas of highest client-protection risk. Here, the two dealing representatives account for most exempt-product sales and most suitability exceptions, so they are the clearest candidates for enhanced review. Excluding them from file testing undermines the entire risk-based design.
The CEO’s monthly sales review is not an adequate substitute for supervisory testing because sales totals do not show whether:
- KYC information was complete and current
- suitability was properly assessed
- required disclosure was delivered and documented
A sound program would keep these representatives in the testing population and likely weight sampling toward them. The decisive flaw is the exclusion of the highest-risk individuals, not the existence of quarterly reviews or centralized records.
Question 10
An exempt market dealer’s CCO identifies repeated KYC and suitability exceptions in its highest-producing sales team. The CEO says the current capital raise is too important to interrupt and asks branch management to ‘deal with it quietly’ so there is no formal record before quarter-end. Which senior management response would best demonstrate a strong compliance tone?
- A. Let the raise continue and give verbal coaching after quarter-end.
- B. Handle the issue informally to avoid written findings on producers.
- C. Order documented remediation, a focused review, and prompt governance escalation.
- D. Wait for complaints before starting a formal suitability review.
Best answer: C
Explanation: Strong tone from management is shown when leaders visibly support compliance, require written remediation, and ensure appropriate oversight. Here, recurring KYC and suitability exceptions in a revenue-critical team call for documented, risk-based action rather than informal handling or delay.
Tone from management is measured less by slogans than by what leaders do when compliance findings threaten revenue. In a Canadian registered firm, recurring KYC and suitability exceptions in a top-producing team require visible support for the compliance function: document the issue, conduct risk-based follow-up, consider restrictions or enhanced supervision where needed, and escalate to the UDP, board, or equivalent oversight body. Those steps show that management accepts challenge, preserves evidence, and puts client protection ahead of sales pressure. Asking staff to handle issues quietly, postponing action until quarter-end, or avoiding written records are classic weak-tone behaviours because they undermine supervision, accountability, and credible remediation. The key takeaway is that management sets culture through documented decisions, resourcing, and escalation.
Question 11
A portfolio manager’s monthly surveillance report has flagged the same advising representative three times for trades outside client mandate ranges. Under the current process, a supervisor can clear an alert by email without documenting file review, escalation, or remediation. While preparing for a provincial securities regulator review, the CCO sees there is no record showing what was investigated or fixed. What is the best next step?
- A. Finish the regulator response first and redesign the supervisory process after the review
- B. Update the policy manual immediately and let supervisors handle the current alerts case by case
- C. Ask the advising representative for written explanations and attach them to the existing alerts
- D. Open formal exception cases for the flagged trades and require documented review, escalation, remediation, and evidence retention before closure
Best answer: D
Explanation: The weakness is the supervision design, not just the wording of the policy. The best next step is to turn repeated alerts into a documented exception-management process with evidence, escalation, and remediation so the firm can protect clients and show regulators how issues were handled.
Effective supervision design turns alerts into documented supervisory decisions. Here, repeated trades outside mandate ranges create a potential client-protection issue, but the current process allows alerts to be cleared without showing what was reviewed, whether the matter was escalated, or what corrective action followed. The best next step is to open formal exception cases and require a consistent workflow before any alert is closed.
- Review the affected client files and trade rationale.
- Escalate repeated or higher-risk exceptions using preset criteria.
- Track remediation and supervisory follow-up to completion.
- Retain evidence that can be produced during a regulatory review.
A representative’s explanation may be useful, but it cannot replace independent supervisory review and documented closure.
Question 12
The CCO of an exempt market dealer learns that the firm’s CEO has instructed dealing representatives to start recommending units of a private issuer owned by the CEO’s spouse. The firm has not yet assessed the conflict, and its policies require any material conflict involving a senior executive to be escalated to an unconflicted governance authority, with the conflicted person removed from the review. What is the best next step?
- A. Escalate to the board chair or designated independent committee, document the issue, and pause recommendations pending review.
- B. Transfer monitoring to another executive and let the CEO remain involved in the assessment.
- C. Obtain client disclosure from the CEO and continue recommendations during review.
- D. Review several client files first and raise the issue at the next quarterly meeting.
Best answer: A
Explanation: Because the conflict involves the CEO, the normal management chain is compromised. The CCO should escalate immediately to the firm’s unconflicted governance authority, document the issue, and stop the affected recommendations until an independent review determines the proper response.
When a material conflict involves senior personnel, the key principle is independent escalation. The implicated executive should not control the review, the disclosure, or the decision about whether the activity can continue. Here, the CEO is connected to a spouse-owned issuer and has already influenced recommendations, so the CCO should bypass ordinary line management and escalate to the unconflicted governance body identified in the firm’s policies. At the same time, the firm should create a clear record and apply an interim safeguard by pausing the recommendations until the conflict is assessed. That preserves independence, reduces client harm, and supports a defensible compliance process. Immediate disclosure may later form part of the response, but it does not replace independent escalation and temporary containment.
Question 13
A compliance manager at an exempt market dealer reviews the firm’s internal early-warning dashboard. The firm’s protocol says compliance must escalate when financial stress may impair books and records or other regulatory obligations.
Exhibit: Early-warning dashboard (CAD)
| Indicator | Jan | Feb | Mar |
|---|---|---|---|
| Excess working capital | $340,000 | $210,000 | $95,000 |
| 90+ day receivables as % of current assets | 3% | 9% | 18% |
| Key control vendors past due >30 days | 0 | 1 | 2 |
Which follow-up is most appropriate?
- A. Increase suitability testing because the trend points to sales-conduct risk.
- B. Treat it as a finance issue and leave monitoring to the CFO.
- C. Wait one more month because excess working capital is still positive.
- D. Escalate now to the CCO and UDP and assess control impact.
Best answer: D
Explanation: The dashboard shows a worsening pattern, not an isolated datapoint. Falling excess working capital, rising aged receivables, and more overdue key control vendors support prompt escalation because financial stress may impair required regulatory functions.
Financial-condition awareness in compliance is about more than whether the firm is still above zero on a single metric. Compliance should escalate when a pattern of weakening liquidity and collections could affect the firm’s ability to maintain books and records, pay essential service providers, or meet other regulatory obligations. Here, all three indicators deteriorate over three months: excess working capital drops sharply, older receivables rise materially, and more key control vendors are overdue. That combination suggests growing operational strain, not a temporary variance. The appropriate response is to document the concern, escalate it to senior compliance and the UDP, and assess whether any control functions or filings are at risk. Waiting for an actual failure would be too late for effective compliance oversight.
Question 14
A portfolio manager incorporated under the CBCA has agreed in principle to sell 20% of its voting shares to a strategic investor, who will also join the board. The CEO asks the CCO to close the deal this week so the firm can announce it internally. The minute book shows no board resolution, no approval required under the unanimous shareholder agreement, and no director appointment resolution. What is the best next step?
- A. Coordinate the required corporate approvals and update the minute book before closing.
- B. Announce the new director immediately and complete the records later.
- C. Close the transaction now and ratify the approvals at the next board meeting.
- D. File any ownership-change notice first, then seek the corporate approvals.
Best answer: A
Explanation: The immediate issue is corporate authority. Before a registered firm implements a share transaction and board change, the approvals required by the corporate statute and governing documents should be obtained and documented properly.
This scenario turns on basic corporate-legislation discipline. A registered firm cannot rely on management urgency to bypass the approvals required under its corporate statute, articles, by-laws, or unanimous shareholder agreement. Where a share sale and director change are proposed, the proper next step is to obtain the necessary board and shareholder approvals, prepare the required resolutions, and update the minute book before the transaction is closed or the new director is held out as appointed.
In practice, the CCO should ensure that:
- the firm identifies which approvals are legally required;
- the approvals are passed in the proper order;
- the resolutions and records are completed accurately; and
- only then are downstream operational or regulatory steps taken.
The closest distractors reverse that order by treating closing, filing, or announcement as more important than valid corporate authorization.
Question 15
A Canadian portfolio manager requires business-line managers to remediate control exceptions and provide evidence of closure to compliance. The CCO reviews the log below.
Exhibit: Quarterly monitoring summary
| Control area | Q1 exceptions | Q2 exceptions | Status |
|---|---|---|---|
| Marketing approvals | 6 | 7 | Open; no evidence of retraining |
| Complaint logging | 1 | 3 | Open; procedure owner changed |
| Personal trading pre-clearance | 2 | 0 | Closed |
| KYC refresh documentation | 3 | 1 | Closed |
Which follow-up best supports an effective compliance regime?
- A. Escalate the recurring open issues, require root-cause analysis, and obtain documented remediation evidence.
- B. Wait for Q3 results before changing any controls.
- C. Shift testing to personal trading because it had Q1 exceptions.
- D. Close the open items after verbal manager attestations.
Best answer: A
Explanation: The exhibit shows two control areas with recurring or worsening exceptions that remain open. In an effective compliance regime, compliance should escalate unresolved patterns, require root-cause analysis, and track documented remediation to completion.
The key issue is not simply that exceptions occurred; it is that important issues remained open across quarters without evidence that remediation was completed. A sound compliance regime includes monitoring, clear responsibility, documented follow-up, and escalation when first-line fixes are not working.
- Marketing approvals worsened from 6 to 7 and still lacks evidence of retraining.
- Complaint logging increased from 1 to 3, and the owner changed, which raises accountability risk.
- Personal trading and KYC documentation improved and were closed.
The best follow-up is to escalate the recurring open issues to senior management, require a root-cause review, assign deadlines, and collect proof that corrective action was implemented. Waiting longer or relying on assurances would weaken the firm’s control framework.
Question 16
A portfolio manager is registered in Ontario, Alberta, and British Columbia, with Ontario as its principal regulator. The firm is revising its complaint-handling procedure after an internal review. An operations manager suggests drafting only to Ontario requirements because the principal regulator coordinates reviews. What is the CCO’s best next step?
- A. Wait for the principal regulator to confirm the applicable rules.
- B. Identify binding rules in each jurisdiction, then use guidance to draft one procedure.
- C. Draft to Ontario rules only because it is the principal regulator.
- D. Use CSA guidance first and check binding instruments after rollout.
Best answer: B
Explanation: In Canada, a firm’s obligations come from binding rule sources in each jurisdiction where it is registered, not just from its principal regulator. The principal regulator helps coordinate oversight, but the CCO should first identify all applicable binding requirements and then use guidance to support drafting.
The key concept is the difference between regulatory coordination and legal rule sources in Canada’s securities framework. A principal regulator and the CSA help streamline oversight, but a registered firm’s actual obligations come from binding sources such as provincial securities legislation, adopted national instruments, local rules or orders, and any terms and conditions on registration. Guidance, including staff notices, can clarify expectations, but it does not replace the binding instruments.
In this scenario, the CCO should first:
- inventory the binding requirements in Ontario, Alberta, and British Columbia
- note any local variations or firm-specific conditions
- then draft one complaint procedure that meets those requirements consistently
The closest trap is treating CSA guidance as if it were the primary source of enforceable obligations.
Question 17
A registered portfolio manager’s written allocation policy states that when an oversubscribed new issue is allocated across discretionary accounts in the same model, the firm must use fair, documented client-based criteria; account size and fee level are not permitted criteria. Compliance reviews the following summary.
Exhibit: Q1 allocation monitoring
| Metric | Result |
|---|---|
| Oversubscribed issues reviewed | 11 |
| Smaller accounts (under $250,000) receiving less than model target | 73% |
| Larger accounts (over $1 million) receiving less than model target | 18% |
| Issues with a documented client-based reason for deviation | 1 of 11 |
What is the most appropriate compliance response?
- A. Escalate a targeted allocation review and require remediation if larger accounts were favoured without documented client-based reasons.
- B. Continue quarterly monitoring and wait for complaints before escalating the pattern.
- C. Reframe the matter as a suitability review, because fair dealing is satisfied if each trade fits the client profile.
- D. Update client disclosure, since allocation differences are acceptable if they are disclosed.
Best answer: A
Explanation: The exhibit shows that smaller accounts were much more likely to receive less than their model target, even though the policy prohibits using account size or fee level as an allocation factor. With only 1 documented client-based reason in 11 issues, this is a potential fair-dealing problem that requires escalation and targeted follow-up.
Fair dealing requires a registered firm to deal fairly, honestly and in good faith with clients. Here, the control being tested is the firm’s allocation process for oversubscribed issues. The summary shows a persistent disparity by account size, and the firm’s policy explicitly says account size and fee level are not valid allocation criteria. Because only 1 of 11 issues had a documented client-based reason for a deviation, compliance should not treat this as ordinary manager discretion.
- Review the allocation files for each oversubscribed issue.
- Confirm whether any legitimate client-based factors supported the deviations.
- Escalate to the CCO or designated supervisor and require remediation if preferential treatment occurred.
The key takeaway is that disclosure or individual trade suitability does not cure an unfair allocation pattern.
Question 18
A mutual fund dealer’s CCO reviews the tracker below. The three branches have similar client volume and product mix.
Exhibit: Quarterly branch oversight tracker
| Branch | Trade review cadence | Evidence retained | Exceptions >30 days |
|---|---|---|---|
| Toronto | Monthly | Yes | 2 |
| Calgary | Quarterly | Partial | 9 |
| Halifax | Ad hoc | No | 8 |
Which follow-up is the best improvement to the firm’s supervision program?
- A. Let each branch set its own review process and certify quarterly.
- B. Set firmwide minimum review standards, evidence rules, and escalation timelines.
- C. Increase sample sizes only at branches with older exceptions.
- D. Replace branch reviews with annual supervisory training.
Best answer: B
Explanation: The tracker shows inconsistent branch supervision across similar operations: review cadence varies, evidence is uneven, and aged exceptions are higher where oversight is weaker. The best improvement is a firmwide minimum supervisory standard with clear documentation and escalation requirements.
The exhibit points to an inconsistency in how supervision is being carried out across branches with similar risk profiles. Toronto shows regular reviews, retained evidence, and few aged exceptions, while Calgary and Halifax show weaker cadence, poorer records, and more unresolved issues. That pattern supports improving the supervisory framework itself, not just adding a narrow remedial step.
- Set baseline review requirements for comparable branches.
- Require consistent records showing reviews were completed.
- Escalate unresolved exceptions after defined aging points.
More sampling or more training may help, but neither fixes inconsistent standards or evidence of supervision.
Question 19
At an exempt market dealer, a daily trade blotter review shows that one dealing representative sold the same illiquid private issuer this week to three retired clients whose KYC records show low risk tolerance and short time horizons. Each file was updated on the trade date, but there are no notes supporting the KYC changes, and the representative has more meetings this afternoon for the same product. What is the best next supervisory step?
- A. Impose an interim hold on further sales and start an immediate supervisory review.
- B. Offer compensation to the three clients before reviewing the files.
- C. Ask the representative to complete the missing file notes first.
- D. Wait for the weekly suitability report before intervening.
Best answer: A
Explanation: The best supervisory response is to contain the apparent client-protection risk immediately, not wait for routine processes. Because the representative may continue selling the same illiquid product and the KYC changes are unsupported, an interim hold with an immediate supervisory review is the strongest next step.
The core concept is prompt, risk-based supervision when facts suggest possible unsuitable sales or unsupported KYC changes. Here, the red flags are immediate and concrete: low-risk retired clients bought an illiquid private issuer, the KYC records changed on the trade dates, the files lack supporting notes, and more client meetings are already scheduled. The best next step is to stop further similar sales on an interim basis and begin an immediate supervisory review. That protects additional clients, preserves the integrity of the review, and lets the firm determine which accounts are affected, whether client harm occurred, and what remediation is required. Waiting for normal reporting, letting the representative backfill notes first, or moving straight to compensation either delays protection or skips necessary fact-finding. The key takeaway is to contain potential harm first, then investigate and remediate based on evidence.
Question 20
A mutual fund dealer’s CCO reviews the monthly oversight summary below. The firm is a CIRO member, and clients have CIPF protection only if member insolvency causes a shortfall in client property. Which interpretation is best supported?
Exhibit:
| Item | Observation |
|---|---|
| Excess working capital | Above minimum, but declining for 3 months |
| Branch complaints | 6 complaints about unsuitable leverage recommendations |
| Client inquiries | 4 ask whether CIPF covers investment losses |
| Insolvency or client property shortfall | None identified |
- A. The complaint cluster is a conduct issue; CIPF matters only if insolvency causes a client property shortfall.
- B. There is no regulatory issue unless capital falls below minimum or property is missing.
- C. The complaints should go to CIPF because unsuitable losses trigger compensation protection.
- D. Declining capital means CIPF should review branch supervision before any conduct response.
Best answer: A
Explanation: The exhibit points to a conduct problem: repeated complaints about unsuitable leverage recommendations. It also says there is no insolvency or client property shortfall, so CIPF is not the body that addresses this issue or ordinary investment losses.
The key distinction is between conduct oversight and compensation protection. A conduct regulator and the firm’s compliance function deal with client-facing misconduct such as suitability, supervision, complaint handling, and sales practices. A compensation-protection body such as CIPF is not a misconduct forum and does not cover normal market losses; it becomes relevant when a member firm’s insolvency leaves a shortfall in client property.
Here, the strongest signal is the concentration of unsuitable leverage complaints at one branch. The declining capital trend may warrant monitoring, but the exhibit expressly says capital is still above minimum and no insolvency or client property shortfall exists. That makes the supported interpretation a conduct issue requiring compliance attention, not a CIPF matter.
The main takeaway is not to confuse investor protection against insolvency with regulation of sales conduct.
Question 21
Harbour Crest is registered only as an investment fund manager for its own pooled fund. Management wants sales staff to contact accredited investors, recommend units of that fund, and accept subscriptions using prospectus exemptions. The staff will not manage client accounts on a discretionary basis and will not sell prospectus-qualified mutual funds. What is the best compliance interpretation?
- A. Add scholarship plan dealer registration before launching the product.
- B. Add exempt market dealer registration before selling the fund units.
- C. Add mutual fund dealer registration before selling the units.
- D. Add portfolio manager registration before contacting the investors.
Best answer: B
Explanation: The planned activity is distributing securities to accredited investors under prospectus exemptions, which is an exempt market dealer function. Investment fund manager registration covers managing the fund itself, not dealing the fund’s units to investors.
At a high level, Canadian firm categories depend on the activity being carried on. An investment fund manager manages the business, operations, and administration of an investment fund. When firm staff solicit investors, recommend the fund, and accept subscriptions under prospectus exemptions, that is dealer activity in the exempt market dealer context.
Portfolio manager registration applies to discretionary portfolio management or managed advice for client accounts. Mutual fund dealer registration applies to dealing in prospectus-qualified mutual funds. Scholarship plan dealer registration is specific to scholarship plan products. Here, the decisive facts are the accredited-investor sales effort and use of prospectus exemptions, so the firm should not rely on its investment fund manager registration alone.
Question 22
A Canadian portfolio manager completed a follow-up compliance review of KYC documentation after giving all advisers refresher training and obtaining annual policy attestations. No client losses were identified.
Exhibit: Review summary
| Business line | Files tested | KYC exceptions | Repeats from prior review |
|---|---|---|---|
| Retail managed accounts | 20 | 7 | 6 |
| High-net-worth accounts | 20 | 1 | 0 |
| Institutional accounts | 20 | 0 | 0 |
Which follow-up is best supported by these findings?
- A. Repeat firm-wide KYC training and close the issue once attestations are updated.
- B. Perform a root-cause review of retail KYC supervision and retest after control changes.
- C. Wait for a client complaint before treating the repeat exceptions as material.
- D. Shift the next review sample to institutional accounts because retail risk is already known.
Best answer: B
Explanation: The findings show that training and attestations did not solve the problem in retail managed accounts, where most exceptions are repeats. That supports targeted root-cause analysis, stronger controls in that workflow, and follow-up testing to confirm the fix works.
Review findings should drive remediation based on the pattern and persistence of exceptions, not just the number of files with issues. Here, the key fact is that 6 of the 7 retail managed-account exceptions are repeats from the prior review even after refresher training and attestations. That suggests the earlier response did not address the underlying control weakness, likely in the retail workflow or supervisory approval process.
- investigate where the retail KYC breakdown occurs
- strengthen the relevant supervisory or documentation control
- assign ownership and deadlines for remediation
- retest the retail area to confirm the change is effective
A broad reminder or a shift in testing would not address the concentrated repeat weakness shown by the data.
Question 23
A portfolio manager and exempt market dealer is reviewing whether its compliance function has enough independence from the business. Based on the exhibit, which interpretation is best supported?
Exhibit: Governance snapshot
| Item | Current practice |
|---|---|
| CCO’s quarterly board report | Routed through Head of Distribution before the board package is finalized |
| CCO’s annual compensation review | Approved by Head of Distribution |
| Q2 compliance exceptions from Distribution | 76% of firm total |
| Extensions to remediate Distribution findings | Approved by Head of Distribution |
- A. Routing issues through senior management before the board strengthens governance.
- B. The exhibit shows a remediation-capacity issue, not an independence issue.
- C. Distribution’s influence over CCO reporting, pay, and remediation weakens oversight.
- D. The data supports more surveillance only, not a governance concern.
Best answer: C
Explanation: The exhibit shows the Head of Distribution can affect what reaches the board, how the CCO is assessed, and when Distribution findings are remediated. Because Distribution also generates most exceptions, those reporting lines weaken the independence needed for effective governance.
A key governance principle is that compliance must be able to challenge the business without undue influence from the area being reviewed. Here, the Head of Distribution oversees the business line producing most exceptions and also controls three important levers affecting compliance independence: the CCO’s path to the board, the CCO’s compensation review, and approval of remediation extensions for Distribution issues.
- Board reporting should allow direct escalation of material compliance matters.
- A revenue-generating business head should not control the CCO’s incentives when that area is under review.
- Remediation timing for findings in a business line should be subject to independent oversight.
Extra testing may be useful, but it does not fix a governance structure that can blunt compliance challenge.
Question 24
During a monthly fee-surveillance review at a mutual fund dealer, compliance’s initial test of two branches finds 54 clients left in a higher-cost series after a system change. The higher-cost series offers no additional service, and the excess fees may have been charged for four months firmwide. What is the best next step?
- A. Send a fee notice and fix the faulty mapping next release.
- B. Reimburse the sampled clients and defer broader testing.
- C. Request a root-cause memo before stopping the faulty mapping.
- D. Stop the faulty mapping, escalate internally, and review all affected accounts.
Best answer: D
Explanation: The fair-dealing response is to contain ongoing client harm first, then determine scope and remediate clients consistently. Because the initial test already shows a likely firmwide overcharge with no added service, compliance should stop the faulty process, escalate it, and complete an affected-client review.
Fair dealing requires a registered firm to act fairly, honestly, and in good faith when it identifies a practice that may be harming clients. Here, the issue is not just a technology defect; it is a potential ongoing overcharge with no offsetting client benefit. The proper compliance sequence is to contain the harm immediately, escalate the issue to appropriate management, determine the full population and amount of excess fees, and then remediate clients on a consistent basis. Waiting for complaints, relying on disclosure, or limiting action to the initial sample would leave some clients exposed or uncompensated. The key takeaway is that client protection comes before convenience, root-cause paperwork, or delayed system fixes.