Multilateral Instrument MI 52-109 Certification of Disclosure of Issuers’ Annual and Interim Filings (Certification Rule) got off to a bumpy start in 2003. Being subject to a number of amendments, as well as a repeal and restatement proposal, it is not difficult to understand why there is still confusion about what is required to be certified.

Previous transition period exemptions having expired, issuers subject to the Certification Rule are now required to file certificates in respect of annual filings for the year ended December 31, 2006 (which applies to most Canadian public issuers), certifying the following in respect of annual filings, disclosure controls and internal controls:

The CEO and CFO must certify that the annual filings (which means the AIF, annual financial statements and annual MD&A, and anything incorporated by reference into the AIF):

The CEO and CFO must certify that they:

The CEO and CFO must certify that they:

Similar certifications are also required for all interim periods ending after the issuer’s first year-end following June 30, 2006, the only significant difference being that interim certificates relate to interim financial statements and interim MD&A and are not required to include a certification regarding the evaluation of the effectiveness of an issuer’s disclosure controls and procedures (nor the corresponding disclosure in the interim MD&A, as discussed below, although disclosure of any change in the issuer’s internal control over financial reporting from the most recent interim period is required).

In compliance with the certifications, corresponding disclosure regarding the effectiveness of disclosure controls and procedures and any changes in internal control over financial reporting must also be included in the issuer’s MD&A. Specifically, annual MD&A must include disclosure relating to:

Interim MD&A must include disclosure relating to any change in the issuer’s internal control over financial reporting that occurred during the issuer’s most recent interim period that has materially affected, or is reasonably likely to materially affect, the issuer’s internal control over financial reporting.

The CSA noted in CSA Staff Notice 52-315 Certification Compliance Review (published September 22, 2006) that approximately 28% of issuers surveyed failed to include the disclosure of the certifying officers’ conclusions about the effectiveness of the disclosure controls and procedures in their annual MD&A. In the CSA’s opinion, this "widespread non-compliance with such a clear and basic requirement shows that many issuers are not paying adequate attention to their disclosure obligations" and raised particular concerns considering that, in most cases, the certifying officers specifically represented in their certificates that they had caused the issuer to include this disclosure in the annual MD&A. CSA Staff Notice 52-315 also reminds issuers of the following:

By way of clarification of the Certification Rule, on September 29, 2006, the CSA issued CSA Staff Notice 52-316 - Certification of Design of Internal Control Over Financial Reporting. This notice sets out the CSA’s view on the ability of certifying officers to certify as to the design of internal control over financial reporting where they have identified a weakness in the design. In the notice the CSA acknowledge that there are certain circumstances in which a certifying officer may be able to provide the required certification even though a weakness has been identified. In such circumstances, the CSA advise that the issuer's disclosure of the weakness should present "an accurate and complete picture" of the condition of the design of the internal controls. To this end, the CSA are of the view that the conclusions about the effectiveness of disclosure controls and procedures (required to be included in the annual MD&A) should include disclosure of any identified weaknesses in disclosure controls and procedures, and given the overlap between disclosure controls and internal control over financial reporting, the annual MD&A should disclose the nature of any weaknesses in the design of the issuer’s internal control over financial reporting, the risks associated with it, and any plans to remediate it; and if there are no plans despite such a weakness, an explanation of why.

The Certification Rule first came into force effective March 30, 2004, and allowed issuer’s to omit certification relating to disclosure controls and internal controls for periods ending on or before March 30, 2005. The Certification Rule was then amended effective June 6, 2005 to provide a further grace period in respect of the certification required for internal controls (which grace period expired with the first year-end following June 30, 2006). The Certification Rule was also subject to a proposed repeal and restatement in conjunction with the proposed, and now defunct, Proposed Multilateral Instrument 52-111 Reporting on Internal Control Over Financial Reporting. As reported in our May 2006 Securities Law Update, pursuant to CSA Notice 52-313, published on March 10, 2006, the CSA have abandoned their plans to implement the proposed separate internal control certification rule (and to repeal and restate the Certification Rule). They instead intend to add the following additional matters to the certificates that are currently required under the Certification Rule, therefore requiring that the CEO and CFO certify that they have, as of the end of the financial year, (i) evaluated the effectiveness of the issuer’s internal control over financial reporting, and (ii) caused the issuer to disclose in its annual MD&A their conclusions about the effectiveness of internal control over financial reporting. It is also proposed that issuers will be required to include a description of the process used for evaluating the effectiveness of the issuer’s internal control over financial reporting and conclusions about such effectiveness in the corresponding annual MD&A.