The Ultimate Designated Person (“UDP”) category of registration is a curiosity.

The UDP was traditionally viewed as a name that had to be filled in to complete a firm registration…a figurehead with no genuine functional role.

However, over time, and especially since the introduction of NI 31-103, the role of UDP, began to take shape.

A UDP’s responsibility is formally set out under Part 5.1 of National Instrument 31-103, and is explained in the Companion Policy as follows:

The UDP is responsible for promoting a culture of compliance and overseeing the effectiveness of the firm’s compliance system. They do not have to be involved in the day to day management of the compliance group.  There are no specific education or experience requirements for the UDP. However, they are subject to the proficiency principle in section 3.4.

To understand this regulatory hieroglyphic, one has to first consider the key condition to qualify as UDP.  Part 11.2 explains that the UDP must be the individual who functionally serves as CEO of the registerable business.

In the novel “The Great Gatsby”, F. Scott Fitzgerald describes the main character, Jay Gatsby, as follows:

If personality is an unbroken series of successful gestures, then there was something gorgeous about him (Gatsby).”

Just as personality cannot be reduced to a series of successful gestures, the effectiveness of a firm’s compliance structure cannot be reduced to a series of forms, logs and approval protocols administered by the Chief Compliance Officer (“CCO”).

The UDP category is recognition that the individual who manages the day-to-day compliance functions (the CCO) is often not the person with most influence over whether a firm maintains compliance with its regulatory obligations.   The CEO can either enhance or undermine a firm’s compliance structure.

NI 31-103 has simply applied a UDP label to this individual and removed any impediments such as specific exams or experience that could stand in the way of holding him or her accountable as UDP.

The CSA may have provided little guidance on specific actions that a UDP must take, to avoid offering a “safe harbor” of steps he/she can complete and be free from regulatory harm.

Below, I have discussed some of the key roles and expectations of a UDP.

A UDP must first exercise care in the selection of a CCO.  The CCO must have an appropriate level of knowledge, experience and judgment to administer and oversee the compliance function.   This individual should typically have access to resources, including published materials, consultants, appropriate courses/seminars and input from CCOs at similar firms, as appropriate.

More importantly, the CCO must have enough time to administer his/her role.  Many smaller EMDs get into regulatory trouble because no one in the organization has the time to keep abreast of regulatory developments, or the regulatory implications of business changes, or to perform expected compliance tasks, on a day to day basis.

A UDP will be faulted personally for appointing a CCO who does not have sufficient time or resources to effectively perform his or her role.

Once appointed, the UDP must continue to oversee the CCO’s activities.  Depending on the size and complexity of the firm, oversight can include controls such as, establishing goals or projects for the CCO and ensuring their completion, formalizing regular meetings with the CCO to review compliance matters, and advising the CCO of specific matters (e.g. complaints) that must be brought to the UDP’s attention.

The UDP must take care to ensure there is documentary evidence of each key supervisory step.

The UDP should be generally familiar with his/her firm’s policies and procedures, and assess whether they are appropriate for the business.  For example, a UDP should be generally familiar with the type of information collected from clients, and whether it is appropriate for the Firm’s type of business and operations.  However, a UDP is not expected to understand details such as, steps one has to take verify the identity of persons who have trading authority over a client’s account.

A UDP cannot be passive.  If he or she is made aware of a regulatory problem or systematic control weakness, he/she must take immediate and appropriate action.   Action can be simply consulting with counsel, or assigning specific tasks to others in the organization.  However, the UDP must also verify successful conclusion of the matter that was brought to his/her attention.

Perhaps the most cryptic obligation of a UDP is to establish a culture of compliance within the firm.   Many UDPs who have run successful businesses are well aware of the importance of business culture and tone.

It starts with the background and attitude of individuals a Firm hires to market its financial offerings and perform other key functions.  Formal and informal rules such as compensation arrangements, how staff are evaluated, and the firm’s policies regarding staff conduct influence how staff may act when “no one is looking”.

Perhaps the most important influence of compliance culture is the UDP’s daily decisions and actions on compliance matters.  For example, a UDP will undermine a firm’s compliance structure if he or she is willing to bend company policy for certain staff, tries to gloss over unethical conduct of high performing representatives, fails to maintain an open and supportive relationship with the CCO, or does not take routine compliance matters such as attendance at compliance seminars or completion of documentation seriously.

Just as personality cannot be reduced to a series of successful gestures, a compliance structure cannot be limited to a series of tasks.  The role of a UDP is to ensure that regulatory expectations and ethical conduct permeates the daily operations of a registered firm.