CRTC has recently released its “Guidelines to help businesses develop corporate compliance programs”.  The CRTC is quite tentative in their Guidelines.   This we know.  The Guidelines are not legal advice, they are guidance and they “may” help facilitate legal compliance.  Each organization is different.  It is general guidance, not prescriptive and it is not exhaustive.  Reading all the caveats is exhausting.   The Guidelines provide some good 'motherhood and apple pie' type advice dealing with compliance issues such as CASL.  Although not geared for charities and non-profit much of the guidelines is equally helpful to charities and non-profits.  

Here is my take on some of the points made in the 6 page document:  

Due diligence defence:  Having a good corporate compliance program may “help businesses establish a due diligence defence in the case of a violation of the Rules or CASL.”  “…a credible and effective documented program may enable a business to demonstrate that it took reasonable steps to avoid contravening the law. “

Senior management involvement – “In the case of large businesses, the business’s senior management should consider playing an active and visible role in fostering a culture of compliance within their organization.”  I am not sure why the CRTC states “In the case of small and medium-sized businesses, the business could identify a point person who is responsible and accountable for compliance with the Rules and/or CASL.”  In small and medium sized business or charity can the senior management not play an active and visible role?

Risk Assessment -which activities are most risky for non-compliance

Written corporate compliance policy – This is the point where lawyers get very excited.   Some of the elements according to the CRTC may include:  

  • establish internal procedures for compliance with the Rules and/or CASL;
  • address related training that covers the policy and internal procedures;
  • establish auditing and monitoring mechanisms for the corporate compliance program;
  • establish procedures for dealing with third parties (for example, partners and subcontractors) to ensure that they comply with the Rules and/or CASL;
  • address record keeping, especially with respect to consent; and
  • contain a mechanism that enables employees to provide feedback to the chief compliance officer or point person.

Record keeping – the CRTC outlines a number of ways that good books and records can be helpful including:

(i) identify potential non-compliance issues, 
(ii) investigate and respond to consumer complaints, 
(iii) respond to questions about the business’s practices and procedures, 
(iv) monitor their corporate compliance program, 
(v) identify the need for corrective actions and demonstrate that these actions were implemented, and 
(vi) establish a due diligence defence in the event of complaints to the Commission against the business.

Training program – having a training program and refresher training can help employees (and volunteers in the case of a charity) to avoid problems.

Auditing and monitoring – this will be helpful in preventing and detecting problems and seeing if the compliance program is effective.

Complaint-handling system – you may receive complaints.  How will they be handled?

Disciplinary or Corrective Action – some people will deliberately or inadvertently contravene the rules.  What is your organization going to do about it.   

Here is a link to the Guidelines to help businesses develop corporate compliance programs 

Here is a PDF copy