CCC — CSI Canadian Compliance Course Quick Reference

Last revised: June 29, 2026

Compact review support for Canadian Securities Institute CSI Canadian Compliance Course (CCC) candidates covering regulation, registration, supervision, conflicts, AML, complaints, and conduct controls.

How to Use This Quick Reference

This independent Quick Reference supports candidates preparing for the Canadian Securities Institute CSI Canadian Compliance Course (CCC), exam code CCC. Use it to organize the core compliance concepts, not as a substitute for the Canadian Securities Institute course materials or current regulatory text.

Focus your review on:

Who regulates what: CSA, provincial commissions, CIRO, FINTRAC, OBSI, CIPF.
Who is accountable: UDP, CCO, supervisors, registered individuals, boards/senior management.
What controls are expected: policies, supervision, monitoring, escalation, remediation, records.
Applied judgment: conflicts, KYC/KYP/suitability, complaints, AML, market conduct, communications.
Exam scenarios: identify the regulatory issue, choose the first control action, escalate correctly.

Canadian Securities Compliance Map

Area	Primary focus	High-yield exam angle
Securities regulation	Investor protection, fair markets, disclosure, registration	Canada has provincial/territorial securities regulators coordinated through the CSA, not one single national securities commission.
Self-regulation	Dealer conduct, market integrity, prudential rules	CIRO rules can be stricter or more operationally detailed than securities legislation.
Compliance management	Systems, supervision, controls, monitoring, escalation	Compliance is an ongoing control framework, not a one-time policy binder.
Conduct risk	Conflicts, unsuitable recommendations, misleading communications, market abuse	The exam often asks for the best preventive or corrective control.
Client protection	KYC, KYP, suitability, disclosure, complaints, vulnerable clients	Disclosure alone is usually not enough for a material conflict.
AML/ATF	Client identification, suspicious activity, sanctions/terrorist property, reporting	AML obligations are separate from, but supported by, securities KYC.
Records and evidence	Books, notes, approvals, exception reports, complaint files	If it was not documented, the firm may struggle to prove supervision.

Regulatory Bodies and Their Roles

Body / organization	What it does	What it does not do	Exam traps
Provincial and territorial securities regulators	Administer securities legislation, registration, prospectus/disclosure, exemptions, investigations, enforcement	They are not a single national securities commission	Know that securities regulation in Canada is primarily provincial/territorial.
Canadian Securities Administrators (CSA)	Coordinates harmonized rules, national instruments, policy initiatives, notices	Not itself a direct single regulator replacing provincial commissions	CSA guidance influences interpretation but distinguish guidance from binding law.
Canadian Investment Regulatory Organization (CIRO)	Self-regulatory organization for dealer members and market integrity rules, including member conduct, prudential oversight, surveillance, and discipline	Does not replace securities commissions or FINTRAC	Current exam framing may use CIRO; legacy IIROC/MFDA references may appear only in context.
FINTRAC	Federal AML/ATF intelligence unit and compliance regulator under AML legislation	Does not decide securities suitability or approve investments	AML reporting and securities complaint handling are separate workflows.
OBSI	Independent dispute-resolution service for eligible banking/investment complaints	Not a securities regulator or court	A complaint file can involve both internal complaint handling and external dispute resolution information.
Canadian Investor Protection Fund (CIPF)	Protects eligible client property if a member firm becomes insolvent	Does not protect against market losses, bad advice, or normal investment risk	Insolvency protection is not performance insurance.
OSFI	Prudential regulator for federally regulated financial institutions	Does not regulate most securities dealer conduct	Do not confuse banking prudential oversight with securities sales conduct.
Courts / law enforcement	Criminal, civil, and statutory proceedings	Not routine day-to-day compliance supervision	Serious misconduct may trigger regulatory, civil, and criminal consequences.
Canadian Securities Institute	Education and exam provider for the CSI Canadian Compliance Course (CCC)	Not the securities regulator or SRO	Course provider identity is separate from regulatory authority.

Sources of Compliance Obligations

Source	Typical content	Binding force / use
Securities acts	Core offences, registration, prospectus requirements, enforcement powers	Binding law
Regulations / rules	Detailed operational requirements under statutes	Binding law
National instruments	Harmonized CSA rules, such as registration and conduct obligations	Binding where adopted by jurisdictions
Companion policies	Interpretation and regulatory expectations	Not usually the rule itself, but highly relevant for exam reasoning
CSA staff notices / guidance	Regulator views, emerging risks, interpretive positions	Guidance; useful for understanding expectations
CIRO rules	Dealer conduct, supervision, prudential, margin, market integrity	Binding on CIRO members and applicable approved persons
Firm policies and procedures	Internal implementation of laws and rules	Binding internally; may be stricter than minimum regulatory requirements
Codes of conduct / ethics	Standards of professional behaviour	Support disciplinary and supervision expectations

Hierarchy trap: a firm policy cannot permit something prohibited by law or CIRO rules. A firm may, however, impose stricter internal standards.

Registration and Gatekeeper Roles

Firm and Individual Registration

Category	Core role	Compliance focus
Dealer	Trades or sells securities to clients	Registration category, product shelf, supervision, suitability, disclosure, capital/prudential controls
Adviser / portfolio manager	Advises on securities or manages portfolios	Fiduciary-like discretion controls, client mandate, IPS, suitability, conflicts, performance reporting
Investment fund manager	Directs the business and operations of investment funds	Fund governance, valuation, disclosure, conflicts, custody, service-provider oversight
Dealing representative	Individual who trades/advises within permitted dealer category	KYC, KYP, suitability, client communications, conflict disclosure, accurate documentation
Advising representative	Provides advice for portfolio management	Portfolio suitability, mandate adherence, discretionary controls
Associate advising representative	Provides advice under required supervision	Supervisor approval and clear scope limits
Ultimate designated person (UDP)	Senior executive accountability for compliance culture and system oversight	Tone from the top, resources, escalation, firm-wide accountability
Chief compliance officer (CCO)	Compliance system design, monitoring, reporting, escalation	Policies, controls, testing, annual reporting, material issue escalation
Supervisor / branch manager	First-line supervision of representatives and activity	Daily/periodic reviews, approvals, coaching, escalation
Permitted individual	Senior officer/director/significant influence person in registration context	Fitness, conflicts, influence, integrity concerns

UDP vs CCO vs Supervisor

Role	Primary accountability	Typical evidence	Common exam confusion
UDP	Promotes a compliance culture and ensures the firm has an effective compliance system	Senior management minutes, resource decisions, escalation response	UDP is not simply the person who drafts procedures.
CCO	Establishes and monitors policies/procedures for compliance with securities law	Compliance reports, testing results, policies, issue logs, annual reports	CCO monitors and escalates; business supervisors still supervise day-to-day conduct.
Supervisor	Oversees registered individuals, trades, branches, client files, exceptions	Trade reviews, approvals, branch reviews, supervision notes	Supervisory responsibility cannot be outsourced to compliance alone.
Registered individual	Deals fairly, honestly, and in good faith with clients; follows registration conditions and firm procedures	KYC notes, suitability rationale, disclosure records, emails	“My supervisor approved it” does not excuse misconduct.

Compliance System Lifecycle

    flowchart LR
	    A[Governance and risk appetite] --> B[Risk assessment]
	    B --> C[Policies and procedures]
	    C --> D[Training and communication]
	    D --> E[Supervision and monitoring]
	    E --> F[Exceptions and escalation]
	    F --> G[Remediation and discipline]
	    G --> H[Testing / audit / reporting]
	    H --> B

Lifecycle step	Practical meaning	Exam-ready question
Governance	Board/senior management oversight, UDP accountability, compliance resources	Who owns the issue and who must be informed?
Risk assessment	Identify inherent risk, controls, residual risk	Is the firm focusing on the highest-risk activity?
Policies	Translate rules into firm standards	Is the policy clear enough for staff to follow?
Procedures	Step-by-step controls and evidence	Who does what, when, and how is it documented?
Training	Communicate obligations and changes	Would the rep understand the red flag?
Supervision	First-line review of people, accounts, trades, communications	Was activity reviewed before harm escalated?
Monitoring	Compliance surveillance, trend analysis, exception testing	Are isolated exceptions becoming systemic?
Escalation	Notify CCO, UDP, legal, regulators, CIRO, FINTRAC, or board as required	Is the matter material, reportable, urgent, or client-harming?
Remediation	Correct client harm, fix root cause, discipline misconduct	Did the firm only fix the file, or also fix the control gap?
Records	Maintain proof of decisions, approvals, reviews, and disclosures	Can the firm demonstrate compliance after the fact?

Three Lines of Defence

Line	Who	Purpose	Watch for
First line	Business units, reps, supervisors, branch managers	Own and manage risk in daily activity	Cannot rely on compliance to catch everything after the fact.
Second line	Compliance, risk, AML, privacy, finance controls	Set standards, monitor, challenge, escalate	Must be independent enough to challenge business pressure.
Third line	Internal audit / independent review	Test whether controls work as designed	Not responsible for daily supervision.
Senior oversight	UDP, executives, board/partners	Set culture, approve resources, respond to material issues	“Tone at the top” is tested through actions, not slogans.

Risk-Based Compliance

Concept	Meaning	Example
Inherent risk	Risk before controls	Complex products sold to seniors; high-volume trading; leveraged accounts
Control	Preventive, detective, or corrective measure	Pre-approval, exception report, branch review, restricted list
Residual risk	Risk remaining after controls	High-risk business line with controls but recurring exceptions
Risk appetite	Level of risk the firm is willing to accept	Firm prohibits certain high-risk products for retail clients
Key risk indicator	Metric that signals rising risk	Complaint trend, high concentration, high trade corrections
Control testing	Evidence that control operates effectively	Sample account reviews, trade surveillance testing, file audits
Root-cause analysis	Identify why the issue occurred	Training gap, incentive conflict, unclear procedure, system failure

Registration Fitness and Ongoing Obligations

Area	What to assess	Compliance evidence
Proficiency	Education, experience, product knowledge	Course records, approvals, supervision plans
Integrity	Honesty, disciplinary history, outside activities, conflicts	Disclosure forms, background checks, attestations
Solvency	Financial difficulties that may create client risk	Disclosure and review of bankruptcies or serious financial stress
Registration category	Activities must fit category and conditions	Approved products, restricted activities, role descriptions
Outside activities	Business, employment, volunteer, directorship, paid or unpaid influence roles	Pre-approval, conflict review, public disclosure where required
Changes in information	Material changes must be updated through required channels	Registration filings, internal notifications
Supervisory conditions	Extra oversight when required	Trade pre-approval, file reviews, periodic reports

Exam trap: registration is not just entry permission. It is an ongoing status tied to proficiency, integrity, solvency, scope of activity, and disclosure.

Client Lifecycle Controls

Stage	Key controls	Common failure
Prospecting	Fair marketing, approved titles/designations, no misleading performance claims	Rep exaggerates credentials or downplays risk.
Account opening	Identity verification, AML risk rating, KYC, account type, RDI, conflicts, referral disclosure, trusted contact where applicable	Account opened before required information is complete.
Product approval	KYP due diligence, risk rating, target client, conflicts, shelf approval	Product sold because it is popular or profitable, not because it is understood.
Recommendation / order	Suitability, client interest first, cost impact, concentration, liquidity, leverage, documentation	“Client wanted it” used to avoid suitability analysis.
Ongoing service	KYC updates, account reviews, fee/performance reporting, communications supervision	Material client changes not reflected in advice.
Complaint / issue	Acknowledge, investigate, preserve evidence, respond, remediate, escalate	Treating a serious allegation as a minor service request.
Account transfer / closure	Accurate processing, fee disclosure, record retention, complaint capture	Delays or missing records hide unresolved concerns.

KYC, KYP, Suitability, and RDI

Obligation	Core question	Must cover	Exam trap
KYC	Who is the client and what are their needs?	Identity, personal circumstances, financial circumstances, investment needs/objectives, risk profile, time horizon, liquidity needs, tax considerations where relevant	KYC is not a formality or one-time checkbox.
KYP	What is the product and who is it for?	Structure, risks, costs, liquidity, complexity, conflicts, issuer, performance drivers, target market	A rep cannot recommend what the firm and rep do not understand.
Suitability	Is the action appropriate for this client and in the client’s interest?	KYC + KYP + concentration + leverage + costs + liquidity + account type + alternatives	A suitable product can become unsuitable because of concentration, timing, leverage, or cost.
RDI	What relationship and account information must the client understand?	Nature of services, account operation, charges, conflicts, reporting, complaint process	Disclosure must be clear and useful, not buried in boilerplate.
Conflict handling	Does the firm or rep have an interest that may affect judgment?	Identify, disclose, control, avoid if needed	Disclosure alone may not cure a material conflict.

Suitability Decision Prompts

Ask these in scenario questions:

Does the recommendation fit the client’s stated objectives and risk profile?
Does the client have the capacity to bear loss?
Is the product’s liquidity consistent with the time horizon and cash needs?
Are fees, commissions, spreads, or embedded compensation affecting the recommendation?
Does the position create excessive concentration?
Is borrowing or margin involved?
Does the rep have sufficient KYP understanding?
Is the action in the client’s interest, not merely permissible?

Client-Focused Conflict Management

Conflict source	Why it matters	Expected compliance response
Proprietary products	Firm earns more or has issuer relationship	KYP due diligence, shelf governance, disclosure, suitability controls, alternatives review
Compensation grids	Rep may favour higher-paying products or activity	Supervision of recommendations, compensation review, conflict disclosure
Referral arrangements	Client may not understand who pays whom and for what	Written arrangement, disclosure, approval, records, suitability boundaries
Outside activities	Divided loyalty, client confusion, misuse of position	Pre-approval, conflict assessment, supervision, prohibition if unmanageable
Gifts and entertainment	Influence over recommendations or allocations	Limits, pre-approval, logs, escalation
Personal financial dealings with clients	Exploitation, undue influence, conflicts	Generally high-risk; prohibit or tightly control under firm policy
Related/connected issuers	Biased recommendation or disclosure gap	Clear relationship disclosure and suitability review
Allocation of scarce investments	Favouritism among clients or accounts	Fair allocation policy, documented rationale
Research / investment banking	Biased research or recommendations	Information barriers, disclosure, review controls
Trade errors	Incentive to allocate losses to clients	Error policy, prompt correction, fair client treatment

Conflict sequence: identify → assess materiality → avoid or control → disclose clearly → supervise → document.

Supervision Reference

Control type	Best used for	Examples
Preventive	Stop problems before client harm	Product approval, pre-trade approval, restricted lists, account opening controls
Detective	Find issues after activity occurs	Exception reports, trade surveillance, email review, complaint trend analysis
Corrective	Fix identified issue	Reversal, compensation, discipline, revised procedure, retraining
Manual	Judgment-heavy review	Complex suitability review, complaint investigation
Automated	High-volume pattern detection	Concentration alerts, frequent trading flags, restricted list blocks
Branch review	Local practices, files, advertising, supervision evidence	On-site/remote reviews, sample testing
Head-office review	Firm-wide trends and consistency	Exception dashboards, policy testing, surveillance reports

Common Red Flags

Red flag	Likely issue	First compliance response
High trading volume in conservative account	Churning, unsuitable activity, commission conflict	Review account, rep rationale, costs, client authorization
Senior client suddenly changes objectives	Vulnerability, undue influence, fraud, capacity concern	Escalate, review trusted contact/temporary hold process where applicable
Large concentration in one speculative issuer	Suitability, disclosure, KYP	Review KYC, concentration rationale, risk disclosure
Frequent switches between similar funds	Unsuitable switching, fee generation	Review costs, benefits, client instructions
Client says “I never authorized this”	Unauthorized trading or misunderstanding	Treat as complaint, preserve records, escalate
Rep uses personal email or messaging app	Off-channel communication, record failure	Capture records if possible, investigate, discipline/training
Trade just before major issuer news	Insider trading risk	Escalate, review MNPI access, restricted/grey list
Pattern of end-of-day price-impacting trades	Market manipulation concern	Escalate to market conduct surveillance/legal
Rep borrows from or lends to client	Conflict, exploitation, registration conduct issue	Escalate immediately; review client harm
Client refuses to explain source of funds	AML concern	Enhanced due diligence, possible suspicious transaction review

Market Conduct and Trading Rules

Concept	Meaning	Compliance control
Insider trading	Trading while in possession of material non-public information	Restricted lists, information barriers, employee trading policies
Tipping	Informing another person of material non-public information	Training, access controls, investigation of leaks
Front-running	Trading ahead of client or market-moving order/information	Order handling controls, personal trading restrictions
Best execution	Seek advantageous execution terms for client orders	Policies, routing review, execution quality monitoring
Client priority	Client orders generally must not be disadvantaged by firm/pro trades	Order sequencing, principal/agency controls
Fair allocation	Allocate partially filled or scarce opportunities fairly	Allocation policy and documented rationale
Wash / matched trades	Trades creating artificial activity or misleading appearance	Surveillance alerts, trade review
Spoofing / layering	Non-bona fide orders to move market or mislead	Order surveillance, escalation
High closing / marking the close	Trades intended to influence closing price	End-of-day surveillance
Rumours	Spreading or trading on misleading information	Communications supervision, escalation
Short selling controls	Compliance with trading rules and locate/settlement expectations	Order marking, supervision, settlement monitoring

Exam trap: market manipulation can occur even without a successful profit if the intent or effect is to create a false or misleading market.

AML/ATF Quick Reference

Element	What compliance must do	Distinction to remember
Compliance officer	Designated responsibility for AML program	Separate from securities CCO role, though functions may coordinate.
Policies and procedures	Explain how the firm meets AML/ATF obligations	Must match actual business model and products.
Risk assessment	Assess clients, products, geography, delivery channels, transactions	Higher risk requires enhanced controls.
Training	Staff understand red flags and escalation	Front-line staff are key detection points.
Effectiveness review	Periodically test whether AML controls work	Not the same as daily transaction monitoring.
Client identification	Verify identity using permitted methods	Securities KYC does not automatically satisfy AML identity requirements.
Beneficial ownership	Understand who owns or controls entities	Shell companies and nominees are high-risk indicators.
Third-party determination	Determine whether client acts for someone else	Nominee activity may conceal beneficial owner.
PEP / HIO screening	Identify politically exposed persons and heads of international organizations where required	Requires source-of-funds/source-of-wealth attention when high risk.
Sanctions / terrorist property	Screen and escalate potential matches	Requires urgent handling and careful documentation.
Suspicious activity	Identify and escalate transactions with reasonable grounds for suspicion	Do not tell the client about a suspicious transaction report.
Recordkeeping	Keep required AML records	Records must support examination by FINTRAC or regulators.

AML Red Flags

Pattern	Possible concern
Client structures deposits or withdrawals to avoid reporting thresholds	Money laundering
Activity inconsistent with age, occupation, income, or stated purpose	False KYC / laundering
Rapid movement of funds in and out with little investment purpose	Layering
Reluctance to provide identity, beneficial ownership, or source-of-funds information	Concealment
Use of multiple accounts, nominees, or unexplained third parties	Beneficial ownership risk
High-risk jurisdictions without clear rationale	Sanctions, corruption, laundering
Sudden liquidation after account opening	Pass-through account
Client appears coached or controlled by another person	Elder abuse, fraud, third-party control
Unusual private placements or offshore structures	Placement/layering risk

Complaints, Errors, and Remediation

Issue type	Definition	Compliance handling
Service issue	Administrative concern without misconduct allegation	Log, resolve, monitor trends
Complaint	Allegation of misconduct, loss, unsuitable advice, unauthorized trading, misrepresentation, fee issue, or similar concern	Formal complaint process, investigation, response, escalation
Trade error	Execution or processing mistake	Error policy, correction, client fairness, root-cause review
Regulatory breach	Violation of securities law, CIRO rule, AML rule, privacy rule, or firm policy	Escalate, assess reporting, remediate, document
Client harm	Financial or non-financial harm from firm/rep action or control failure	Remediation, supervision review, possible compensation
Systemic issue	Repeated or widespread control failure	Senior escalation, broader testing, policy/process change

Complaint Handling Workflow

Capture the complaint or allegation.
Acknowledge and preserve relevant records.
Escalate to the appropriate supervisor/compliance function.
Investigate independently from the person complained about.
Assess client harm, rule breaches, and control failures.
Respond clearly and provide required dispute-resolution information where applicable.
Remediate the client and control environment.
Track trends by representative, branch, product, and issue type.

Exam trap: do not classify a serious allegation as a “service issue” to avoid complaint procedures.

Advertising, Communications, and Client Disclosure

Communication type	Main risk	Control
Advertisements	Misleading claims, omitted risks, exaggerated returns	Pre-approval, fair and balanced content
Performance advertising	Cherry-picking, unclear assumptions, unrealistic projections	Methodology review, disclosure, substantiation
Social media	Off-channel records, testimonials, unapproved claims	Approved platforms, retention, supervision
Seminars / webinars	General education becomes personalized advice	Scripts, disclaimers, supervision, attendee follow-up controls
Titles and credentials	Client confusion about expertise or registration	Approved title list, credential verification
Research	Conflicts, selective disclosure, MNPI risk	Research controls, disclosure, information barriers
Email / messaging	Inadequate records, unsuitable recommendations, privacy breach	Approved systems, surveillance, encryption where needed
Fee disclosure	Client misunderstanding of charges and compensation	Clear relationship disclosure and account reporting
Complaint disclosure	Client unaware of escalation options	Required complaint process communication

Standard: communications should be clear, fair, not misleading, and consistent with the firm’s registration, products, and services.

Privacy, Cybersecurity, and Records

Area	Compliance expectation	Exam cue
Privacy consent	Collect, use, and disclose personal information appropriately	Client information cannot be used for unrelated purposes without proper authority.
Safeguards	Protect client and firm information	Cyber risk is a compliance risk, not only an IT issue.
Breach response	Contain, assess, notify/escalate where required, remediate	Speed and documentation matter.
Access controls	Limit information to those with a business need	Supports confidentiality and insider information controls.
Record retention	Keep required books, records, approvals, communications, and evidence	Records must be retrievable and reliable.
Outsourcing	Vendor oversight, contracts, confidentiality, business continuity	Outsourcing a function does not outsource regulatory accountability.
Business continuity	Maintain critical operations during disruption	Include communications, client access, supervision, and records.
Mobile / remote work	Off-channel communications, privacy leakage	Approved devices, secure access, monitoring

Prudential and Operational Controls

Control area	Why it matters	Compliance watchpoint
Capital	Firm must remain financially sound enough to operate	Early warning indicators and accurate reporting
Segregation / custody	Protect client assets	Reconcile client property and identify control breaks
Insurance	Protect against specified operational risks	Know what insurance does and does not cover
Margin / credit	Leverage increases loss and suitability risk	Margin approval, concentration, maintenance monitoring
Reconciliations	Detect errors, fraud, and asset issues	Breaks must be investigated, not ignored
Outsourced service providers	Operational dependency	Due diligence, service standards, oversight
New business / products	Unknown risks	New product approval and compliance sign-off
Incident management	Operational failures can become regulatory issues	Escalation, root cause, client communication

Enforcement and Disciplinary Outcomes

Level	Possible actions	Compliance lesson
Internal firm discipline	Coaching, close supervision, compensation adjustment, suspension, termination	Internal action should match severity and be documented.
CIRO discipline	Fines, suspensions, conditions, bans, costs, public decisions	SRO enforcement focuses on member and approved-person obligations.
Securities regulator action	Registration terms, cease-trade orders, administrative penalties, bans, settlements, proceedings	Statutory breaches can affect firm and individual registration.
FINTRAC action	AML compliance findings and penalties	AML program failures can exist even without proven money laundering.
Civil litigation	Client claims, negligence, misrepresentation, damages	Regulatory compliance and civil liability may overlap.
Criminal proceedings	Fraud, laundering, insider offences, obstruction	Serious misconduct can leave the regulatory arena.

High-Yield Distinctions

Pair	Distinction
Compliance vs supervision	Compliance designs, monitors, and challenges the system; supervisors oversee daily activity and representatives.
Policy vs procedure	Policy says what standard applies; procedure says how to perform and evidence it.
Rule vs guidance	Rules are binding; guidance explains regulator expectations and interpretation.
Disclosure vs consent	Disclosure informs; consent authorizes. Neither automatically fixes an unmanageable conflict.
KYC vs AML identity	KYC supports advice suitability; AML identity verifies who the client is and screens financial crime risk.
KYP vs product marketing	KYP is due diligence and approval; marketing is promotion and must be fair.
Suitability vs performance	Suitability assesses appropriateness at the time; it does not guarantee returns.
Complaint vs inquiry	A complaint alleges misconduct or harm; an inquiry asks for information or service.
Error vs misconduct	An error may be accidental; misconduct involves breach, negligence, dishonesty, or prohibited conduct.
CIRO vs CSA	CIRO is an SRO; CSA is a coordinating body of securities regulators.
CIPF vs OBSI	CIPF addresses eligible client property in insolvency; OBSI helps resolve disputes.
Preventive vs detective control	Preventive stops the issue; detective finds it after occurrence.
Material non-public information vs rumour	MNPI is confidential and price-sensitive; rumours can still create manipulation and disclosure risks.
Exemption vs exception	Exemption is a legal/regulatory carve-out; exception is an internal control alert or deviation.

Scenario Decision Table

If the scenario says…	Likely issue	Best first response
“The client insisted on the trade despite high risk”	Suitability / client interest	Assess and document suitability; escalate or refuse if unsuitable under firm rules.
“The rep did not update KYC for years”	Ongoing KYC failure	Update KYC, review holdings, test similar files.
“The product was approved but the rep cannot explain it”	KYP failure at rep level	Stop recommendations until training/approval; review affected accounts.
“The firm earns more on one recommended product”	Compensation conflict	Assess material conflict, disclose, control, supervise recommendations.
“A senior client is accompanied by a new person directing answers”	Vulnerability / undue influence / AML	Escalate, document, consider trusted contact or temporary hold process where applicable.
“Client funds arrive from unrelated third parties”	AML / beneficial ownership / third-party risk	Enhanced due diligence and suspicious activity review.
“Rep uses WhatsApp to discuss trades”	Records and supervision failure	Capture records, investigate, discipline/retrain, block off-channel use.
“Trade occurred before takeover news”	Insider trading risk	Escalate to compliance/legal; review MNPI access and employee trading.
“Complaint names the branch manager”	Independence issue	Assign independent investigator outside the conflict.
“Exception reports are generated but not reviewed”	Control design works, operation fails	Remediate backlog, assign accountability, test supervisory process.
“Same complaint occurs across branches”	Systemic issue	Root-cause review, senior escalation, policy/training/control change.
“Outsourced vendor loses client data”	Privacy/cyber/outsourcing	Incident response, client/regulatory assessment, vendor control review.
“Firm policy is stricter than the rule”	Internal standard breach	Apply firm policy unless changed through proper governance.
“Client wants compensation for market loss”	Not automatically complaint merit	Investigate advice, disclosure, suitability, and supervision before deciding.

Exam Traps Checklist

Do not treat the CSA as a single national regulator.
Do not confuse CIRO, FINTRAC, OBSI, and CIPF.
Do not assume disclosure alone resolves a material conflict.
Do not let “client instructed it” bypass suitability obligations.
Do not confuse product approval with product understanding by the representative.
Do not treat AML KYC and securities KYC as identical.
Do not ignore off-channel communications because “the client preferred it.”
Do not classify misconduct allegations as routine service requests.
Do not rely on policy existence without evidence of operation and testing.
Do not assume outsourcing removes firm accountability.
Do not equate CIPF protection with protection from investment losses.
Do not ignore root cause after fixing one client file.
Do not overlook senior/vulnerable client red flags.
Do not forget that supervisors, compliance, UDP, and CCO have different responsibilities.
Do not answer with the most aggressive enforcement step if the question asks for the first internal control response.

Final Review Priorities

Before exam day, be able to answer these quickly:

Who has jurisdiction or responsibility?
Is the issue registration, conduct, AML, privacy, market integrity, prudential, or complaint handling?
Is the control preventive, detective, or corrective?
Is the issue isolated or systemic?
Who must be escalated to: supervisor, CCO, UDP, legal, senior management, CIRO, securities regulator, or FINTRAC?
What records prove the firm acted reasonably?
What client harm or market integrity risk exists?
What remediation prevents recurrence?

Practical Next Step

Use this Quick Reference as a checklist while working CSI Canadian Compliance Course (CCC) practice scenarios. For each missed question, write down the issue category, responsible role, required control, escalation path, and the exam trap that made the wrong answer tempting.

Scenario Guide

The Role of Compliance