PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Regulated Entities Now Covering the Bill For FINTRAC Compliance Costs

Written with Heidi Unrau

 

We have recently become aware that some reporting entities may not be up to speed on a new piece of regulation that came into force earlier this year. If your business has received an invoice from The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), you will want to read this article.

As of April 1, 2024, FINTRAC officially transferred the cost of its compliance activity from taxpayers to the businesses it regulates, referred to as reporting entities (RE). The move comes four years after the government announced its intention to cut the purse strings in its 2020 Fall Economic Statement. This change allows FINTRAC to start recovering costs from the 2024-2025 fiscal year.

Why the Change?

FINTRAC, Canada’s financial intelligence agency, was previously bankrolled by the taxpayer through the federal budget. The purpose of the new funding model is to align the costs of compliance with those responsible for adhering to anti-money laundering regulations. Simply put, the businesses that are legally required to comply should be the ones funding the oversight needed to ensure compliance. The move aligns with other regulatory agencies that have already established funding models allowing them to recover the costs of their supervisory functions.

Each year, FINTRAC will forecast the total cost of the program for the next three fiscal years. This will determine the amount charged to reporting entities for the upcoming year. They must aso communicate how funds were spent against plans and priorities during the previous fiscal year. This information is included in FINTRAC’s Departmental Results Report.

How the Funding Model Works

Federally regulated financial institutions such as banks, trust and loan companies, and insurance companies are always required to contribute a minimum base amount. All other entities only pay if they submit 500 or more threshold transaction reports to FINTRAC in a fiscal year (i.e. large cash transaction reports [LCTRs], large virtual currency transaction reports [LVCTRs], electronic funds transfer reports [EFTRs], and casino disbursement reports [CDRs]). These ‘other entities’ include but are not limited to:

  • Money Services Businesses
  • Dealers in Precious Metals and Stones
  • Real Estate Brokerages
  • Securities Dealers
  • Casinos
  • Etc.

The Cost Formula

FINTRAC calculates how much reporting entities need to pay based on four key factors:

  1. Type of Entity: Federally regulated entities are charged differently from non-federally regulated entities. These include banks, trust and loan companies, and insurance companies. Federally regulated entities are subject to a base amount, whereas non-federally regulated entities are not subject to this particular fee.
  2. Base Amount: This is the minimum starting fee based on the total value of assets controlled by a federally regulated entity, excluding the assets of their subsidiaries. Base amounts are tiered based on asset value in Canadian dollars. There are nine asset value ranges, from $1 to $1 trillion, with corresponding base amounts ranging from $5,000 to $250,000.
    Range of asset values Corresponding base amount
    $1,000,000,000,000 or more $250,000
    Between $500,000,000,000 and $999,999,999,999 $200,000
    Between $100,000,000,000 and $499,999,999,999 $150,000
    Between $10,000,000,000 and $99,999,999,999 $100,000
    Between $1,000,000,000 and $9,999,999,999 $75,000
    Between $500,000,000 and $999,999,999 $50,000
    Between $100,000,000 and $499,999,999 $25,000
    Between $10,000,000 and $99,999,999 $10,000
    Between $1 and $9,999,999 $5,000

    Source: FINTRAC

  3. Remaining Compliance Cost: This is the leftover cost after collecting the base amounts, divided among all types of reporting entities.
  4. Transaction Volume: Businesses that report over 500 large transactions to FINTRAC pay an additional fee on top of the base amount. Federally regulated banks are not subject to this reporting threshold.

Therefore, the more assets you have and transactions reported to FINTRAC, the higher your final bill will be. Each type of business has its own formula for calculating their share of the cost:

Type of Entity (Business) How Charges Are Calculated
Federally Regulated Banks Base Fee + extra charges based on the value of Canadian Assets.
Trust & Loan Companies, Life Insurance Companies Fewer than 500 reports: Base Fee only.

500 or more reports: Base Fee + extra charges based on value of Canadian assets and volume of large transactions reported.
All Other Entities Over 500 reports: Charges based on volume of large transactions reported compared to others in the same category.

Case Study: How Much Will They Pay?

A small, family-owned currency exchange kiosk in Winnipeg, Manitoba, operates from a single location and is not part of a chain. FINTRAC regulates this type of business as a Money Services Business (MSB). The store typically submits roughly 700 large cash transaction reports each year. Since they exceed the 500 reports threshold, FINTRAC calculates their charges like this (based on industry averages):

Calculation

  1. Base Amount: Not applicable because it is not a federally regulated financial institution (FI).
  2. Remaining Compliance Cost: Total compliance cost to be divided is $33,110,000. This is the sum of all base amounts subtracted from the annual cost of FINTRAC’s compliance program.
  3. Total Reports Submitted by All Entities: 35,000,000 transaction reports were submitted to FINTRAC for the year by all reporting entities, including banks.
  4. Total Reports Submitted by Only Non-Bank Entities: 3,500,000 transactions were submitted to FINTRAC by non-bank entities only, regardless of the transaction reporting threshold amount.
  5. Total Reports Submitted Over the Threshold by Non-Bank Entities: 3,425,000 transactions were submitted to FINTRAC by non-bank entities exceeding the 500-transaction reporting threshold.
  6. Number of Reports Submitted by The Currency Exchange Kiosk: This is the total number of transactions reported to FINTRAC by the currency exchange kiosk in Winnipeg, MB.

Final Charge

Using FINTRAC’s formula: $33,110,000 x (3,500,000 ÷ 35,000,000) x (700 ÷ 3,425,000) = $676.70

Result

The currency exchange kiosk’s total charge for the year would be approximately $676.70. Based on their reporting activity, the bill reflects their share of FINTRAC’s overall compliance costs. Because the kiosk is not a federally regulated bank, trust, loan, or insurance company, the base amount does not apply.

FINTRAC will notify the business via email with an invoice for the cost assessment. The total amount owed is final, conclusive, binding, and due in full upon receipt of the invoice.

Impact on Your Business

The additional financial burden is not ideal, especially for small businesses, but there are ways you can prepare for it. First, you’ll need to budget effectively to avoid surprise charges. Visit the FINTRAC website for a detailed breakdown of the formula used for your type of business, known as ‘Type of Entity’.

Exact charges will vary from year to year depending on the value of your Canadian assets (if applicable), the number of large transactions reported (more or less than 500), and FINTRAC’s compliance cost analysis.

Next, and most importantly, you need an effective and efficient anti-money laundering program to avoid the cost of non-compliance. Violations can result in reputational damage that negatively impacts your business as well as potentially expensive fines, known as administrative monetary penalties (AMPs). FINTRAC has recently levied record-breaking fines for serious violations by repeat offenders. These penalties are preventable and well within your control.

Need a Hand?

If you have any questions or concerns about the new funding model, reach out to us today. We’re here to help you every step of the way, from understanding your new financial obligation, to building, reviewing, or fine-tuning your AML program.

The Iran Ministerial Directive’s Impact

Quick Overview

On July 25, 2020, a new Ministerial Directive (MD) was published in the Canada Gazette by the Minister of Finance on financial transactions associated with the Islamic Republic of Iran.  On July 27, 2020, FINTRAC issued guidance on how to incorporate the MD into your anti-money laundering (AML) program, along with some indicators for determining if a transaction is associated with Iran. This MD requires that every transaction originating from or bound for Iran be treated as high risk, regardless of the amount. This includes identifying every client, performing customer due diligence, and recording certain information. It is vital that your AML compliance program documentation contains internal processes related to MDs, even if you do not conduct transactions with Iran (or North Korea, based on the previous MD issued December 9, 2017).

What is a Ministerial Directive?

MDs are specific requirements imposed by the Minister of Finance that are meant to mitigate risks associated with activities that pose elevated risk and safeguard the integrity of Canada’s financial system. To date, these areas of elevated risk have been identified by the Financial Action Task Force (FATF) as posing strategic deficiencies with regards to international standards for anti-money laundering and counter terrorist financing.

What does this Ministerial Directive require?

The guidance from FINTRAC states that every bank, credit union, financial services cooperative, caisse populaire, authorized foreign bank and Money Services Business (MSB) must:

  • Treat every financial transaction originating from or bound for Iran, regardless of its amount, as a high-risk transaction;
  • Verify the identity of any client (person or entity) requesting or benefiting from such a transaction;
  • Exercise customer due diligence, including ascertaining the source of funds in any such transaction, the purpose of the transaction and, where appropriate, the beneficial ownership or control of any entity requesting or benefiting from the transaction;
  • Keep and retain a record of any such transaction;
  • Determine whether there are reasonable grounds to suspect the commission or attempted commission of a money laundering or terrorist financing offence and report all suspicious transactions to FINTRAC;
  • Reporting all other reportable transactions (if applicable).

To be clear, this MD does not apply to transactions where there is no suspicion or explicit connection with Iran and there is no evidence of the transaction originating from or being bound for Iran. A couple of examples were provided in the FINTRAC Guidance:

  • A client who has previously sent funds to Iran requests an outgoing EFT, where the transaction details do not suggest that this transaction is bound for Iran and you are unable to obtain further details about the transaction destination; or
  • The client’s identification information is the only suggestion of a connection to Iran (for example, a transaction where the conductor’s identification document is an Iranian passport).

What does it mean to you?

It is important to understand that even if your business does not facilitate transactions involving Iran, it is expected that you have a process in place for adhering to MDs, including how the Compliance Officer stays up to date. Within your AML compliance program documentation, you need to have a section that talks about MDs generally, plus specific procedures related to handling the current MDs (transactions involving Iran and North Korea). In the FINTRAC guidance related to this MD, it states that during an examination, FINTRAC will assess your compliance with MDs and failures to do so are considered very serious and may result in a penalty.

What now?

In order to ensure familiarity for anyone who interacts with customers and their transactions, the list of FINTRAC’s indicators should be communicated immediately.  Furthermore, the indicators should also be included in your procedure manuals and annual AML compliance training topics, allowing easy access to the information. Documenting the information and related processes for MDs is very important so you can demonstrate to FINTRAC your adherence to the requirements during an examination.

Need a hand?

We’ve made it easier for you to integrate this content into your program by putting the information into a Word document for you. If you aren’t sure what to do with this information and would like some assistance, please feel free to contact us.

Amended AML Regulations June 10, 2020 – Redlined Versions

The following red-lined versions have been created to reflect final amendments to Canadian anti-money laundering (AML) laws & regulations published in the Canada Gazette on June 10, 2020.  Amendments to the Cross-border Currency and Monetary Instruments Reporting Regulations will come into force on June 1, 2020. All other amendments will come into force on June 1, 2021. We have created industry specific blogs to make understanding the changes easier, which are located here.

Redlined versions of all the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations are listed below for download.

These documents are not official versions of the regulations. Official versions can be found on the Government of Canada’s Justice Laws Website.

Regulations Amending the Regulations Amending Certain Regulations Made Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act

Please click the link below for downloadable PDF file.

Regulations Amending the Regulations Amending Certain Regulations Made Under the Proceeds of Crime July 2019 – Redlined_June 2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations

Please click the links below for downloadable pdf files.
PCMLTF_July_2019_Redlined_Full_July_2019 – Redlined_June 2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations

Please click the links below for downloadable pdf files.
PCMLTF_Suspicious_Transaction_Reporting_Regulations_July_2019 – Redlined_June 2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Registration Regulations

Please click the link below for a downloadable PDF file.
PCMLTF_Registration_Regulations_July_2019 – Redlined_June 2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations

Please click the link below for a downloadable pdf file.
PCMLTF_Administrative_Monetary_Penalties_Regulations_July_2019 – Redlined_June 2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Cross-Border Currency and Monetary Instruments Reporting Regulations

Please click the link below for a downloadable pdf file.
PCMLTF_Cross-Border_Currency_and_Monetary_Instruments_Reporting_Regulations_July_2019 – Redlined_June 2020

Need a Hand?

Whether you need to figure out if you’re a dealer in virtual currency, to put a compliance program in place, or to evaluate your existing compliance program, we can help. You can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Amending the Amendments!

Background

Back on July 10, 2019, the highly anticipated final version of the amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were published. However, on February 15, 2020, further proposed amendments to those amended regulations was published in the Canada Gazette. To make reading these changes a little easier, we have created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

The Regulatory Impact Statement for this round of proposed changes states the following: “The proposed amendments to the regulations would strengthen Canada’s AML/ATF Regime, align measures with international standards and level the playing field across reporting entities by applying stronger customer due diligence requirements and beneficial ownership requirements to designated non-financial businesses and professions (DNFBPs); modifying the definition of business relationship for the real estate sector; aligning customer due diligence measures for casinos with international standards; aligning virtual currency record-keeping obligations with international standards; clarifying the cross-border currency reporting program; clarifying a number of existing requirements; and making minor technical amendments”. The proposed amendments are expected to come into force on June 1, 2021.

As with all proposed changes, there is a comment period. This comment period is much shorter than the last one, at only 30 days. For anyone interested in commenting on the proposed changes, comments are to be addressed to Lynn Hemmings, Director General, Financial Crimes and Security Division, Financial Sector Policy Branch, Department of Finance, 90 Elgin Street, Ottawa, Ontario K1A 0G5 or email: fin.fc-cf.fin@canada.ca.

While these are proposed changes, guidance from FINTRAC related to the amendments to regulation would hopefully be seen ahead of the coming into force dates of the final version.

We have summarized what this could mean for your business below.

Money Services Businesses

PEP

The most significant proposed change for Money Services Businesses (MSB)s is related to Politically exposed persons (PEP) determinations. Currently, a PEP determination must be made for international EFTs of CAD 100,000 or more. The proposed regulations will require MSBs to make a PEP determination when the MSB enters into a business relationship with a person.

If you currently conduct list screening, PEP screening could easily be added to that process.

Dealers in Virtual Currency

Travel Rule

For dealers in virtual currency, there is an additional proposed requirement on top of the requirements that were published in the last round of AML changes.  The proposed amendments add the requirement for records to be kept for virtual currency transfers of CAD 1,000 or more.

The record must contain the following:

  1. include with the transfer, the name, address and, if any, the account number or other reference number of both the person or entity that requested the transfer and the beneficiary; and
  2. take reasonable measures to ensure that any transfer received includes the information referred to in paragraph (a) above.

If the information required is not obtained, a determination of whether the transaction should be suspended or rejected will need to be made.

Given the nature of virtual currency transfers, it will be interesting to see how this requirement plays out, as currently, there are no technology solutions (that we are aware of) that would solve for this.

A reminder that dealers in virtual currency will be considered MSBs as of June 1, 2020. Check out our blog post for a full list of regulatory requirements related to dealers in virtual currency.

Real Estate

Business Relationship

One of the most significant proposed changes for real estate developers, brokers and sale representatives is related to the definition of a business relationship. Currently, a business relationship is defined as:

If a person or entity does not have an account with you, a business relationship is formed once you have conducted two transactions or activities for which you have to:

  • verify the identity of the individual; or
  • confirm the existence of the entity.

The proposed amendments will change that definition for real estate developers, brokers and sale representatives to only one transaction.

For business relationships, a reporting entity must:

  • keep a record of the purpose and intended nature of the business relationship;
  • conduct ongoing monitoring of your business relationship with your client to:
    • detect any transactions that need to be reported as suspicious;
    • keep client identification and beneficial ownership information, as well as the purpose and intended nature records, up-to-date;
    • reassess your clients risk level based on their transactions and activities; and
    • determine if the transactions and activities are consistent with what you know about your client;
  • keep a record of the measures you take to monitor your business relationships and the information you obtain as a result.

We will have to wait for guidance to see how ongoing monitoring obligations applies to the real estate sector if this change takes effect.

PEP

The proposed amendments will require real estate developers, brokers and sale representatives to make a Politically exposed persons (PEP) determination when they enter into a business relationship (as defined above) with a client. In addition, they will also be required to take reasonable measures to determine whether a client from whom they receive an amount of CAD 100,000 or more is a PEP.

Beneficial Ownership

The proposed amendments will require real estate developers, brokers and sale representatives to comply with existing beneficial ownership requirements that apply to other reporting entities.

This means when identifying an entity, a reporting entity needs to collect the following for all Directors and individuals who own or control, directly or indirectly, 25% or more of the organization:

  • Their full legal name;
  • Their full home address; and
  • Their role and/or ownership stake in the organization.

Given the obligation is to obtain, rather than verify, such information, we do not expect this requirement to be overly burdensome for the real estate sector.

Dealers in Precious Metals and Stones

PEP

Dealers in Precious Metals and Stones (DPMS)s will be required to make a PEP determination when they enter into a business relationship with a client. In addition, a DPMS will be required to take reasonable measures to determine whether a person from whom they receive an amount of CAD 100,000 or more is a PEP.

A reminder that a business relationship is defined as:

If a person or entity does not have an account with you, a business relationship is formed once you have conducted two transactions or activities for which you have to:

  • verify the identity of the individual; or
  • confirm the existence of the entity.

Given the definition of a business relationship, we do not expect this requirement to be overly burdensome. If you currently conduct list screening, PEP screening could easily be added to that process.

Beneficial Ownership

The proposed amendments will required DPMSs to comply with existing beneficial ownership requirements that apply to other reporting entities.

This means when identifying an entity, a reporting entity needs to collect the following for all Directors and individuals who own or control, directly or indirectly, 25% or more of the organization:

  • Their full legal name;
  • Their full home address; and
  • Their role and/or ownership stake in the organization.

Given the obligation is to obtain, rather than verify, such information, we do not expect this requirement to be overly burdensome for the DPMS sector.

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch!

Regulations Amending the Regulations February 15, 2020- Redlined Versions

The following red-lined versions have been created to reflect the amendments to Canadian anti-money laundering (AML) regulations published in the Canada Gazette on February 15, 2020. You can also read our article “Amending the Amendments!” for a summary of the proposed changes by industry.

Redlined versions of all the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations are listed below for download.

These documents are not official versions of the regulations. Official versions can be found on the Government of Canada’s Justice Laws Website.

Regulations Amending the Regulations Amending Certain Regulations Made Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act

Please click the link below for downloadable PDF file.
Amending_the_Regulations_Amending_Certain_Regulations_Made_Under_the_Proceeds_of_Crime_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations

Please click the links below for downloadable pdf files.
PCMLTF_July_2019_Redlined_Full_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations

Please click the links below for downloadable pdf files.
PCMLTF_Suspicious_Transaction_Reporting_Regulations_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Registration Regulations

Please click the link below for a downloadable PDF file.
PCMLTF_Registration_Regulations_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations

Please click the link below for a downloadable pdf file.
PCMLTF_Administrative_Monetary_Penalties_Regulations_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Cross-Border Currency and Monetary Instruments Reporting Regulations

Please click the link below for a downloadable pdf file.
PCMLTF_Cross-Border_Currency_and_Monetary_Instruments_Reporting_Regulations_July_2019 – Redlined_Feb_2020

Need a Hand?

Whether you need to figure out if you’re a dealer in virtual currency, to put a compliance program in place, or to evaluate your existing compliance program, we can help. You can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

FINTRAC Identification Guidance

Background

On July 10th, 2019, the final amendments to Canada’s anti-money laundering (AML) regulations were published in the Canada Gazette.  One of the welcomed changes that came into force immediately upon publication was related to identification. On November 14th, 2019, FINTRAC published guidance related to “Methods to verify the identity of an individual and confirm the existence of a corporation or an entity other than a corporation.” This is good news considering the range of identification methods has been broadened, and a step forward in digital identification methods. The updated methods are designed to make it easier to identify customers that are not physically present.

As defined under the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), reporting entities have to identify their customers in certain situations (specific information on when customers need to be identified is outlined in FINTRAC’s guidance on “When to identify individuals and confirm the existence of entities”). The identification guidance outlines ways to verify the identity of an individual, and how to identify corporations or entities other than corporations (such as a partnership).

Identification Methods For Individuals

There are three ways in which an individual can be identified:

  • Government-issued photo identification method;
  • Credit file method; and
  • Dual-process method.

Government-Issued Photo Identification Method

Under this method, an organization can use an authenticvalid and current government-issued photo identification document, issued by either a federal, provincial or territorial government in order to be used to verify the identity of an individual. Foreign government-issued photo identification can be accepted if it’s equivalent to a Canadian document such as those listed in the guidance.

The photo identification document used to verify identity must:

  • indicate the individual’s name;
  • include a photo of the individual;
  • include a unique identifying number; and
  • match the name and appearance of the individual being identified.

If a customer is physically present, an organization can authenticate an identification document by looking at the characteristics on the physical document such as security features.

If the customer is not physically present, the authentication of the identification document must be determined by using technology capable of assessing the document’s authenticity. The guidance makes it clear that it is not sufficient to view a person and an identification document through video conference or similar. Meaning, a selfie while holding your driver’s license is not sufficient for identification purposes.

Whatever method is selected by an organization, the process to authenticate a photo identification document, and how the organization will confirm that it is authentic, valid and current, must be documented.

Credit File Method

Under this method, an organization can use valid and current information from a Canadian credit file to identify an individual.

The Credit File must:

  • be from a Canadian credit bureau (credit files from foreign credit bureaus are not acceptable);
  • have been in existence for at least three years; and
  • match the name, address and date of birth that the individual provided.

To rely on a credit file, the search must be completed at the time an organization is verifying the individual’s identity, and can be completed via an automated system or the use of a third party vendor.

When using the Credit File method, organizations must keep a record of the following information:

  • the individual’s name;
  • the date they consulted or searched the credit file;
  • the name of the Canadian credit bureau or third party vendor holding the credit file; and
  • the individual’s credit file number.

The guidance clarifies that sometimes information found within the credit file may contain variations of the name or address provided by a customer. In these cases, it’s up to the organization to determine whether the information in the credit file is a match to the information collected from the individual.

Dual-Process Method

Under this method, an organization can use valid and current information from two reliable sources. Under the dual-process method, an organization can verify an individual’s identity by referring to any two of the following options:

  • information from a reliable source that includes the individual’s name and address;
  • information from a reliable source that includes the individual’s name and date of birth; or
  • information that includes the individual’s name and confirms that they have a deposit account, credit card or other loan account with a financial entity.

In order to qualify as reliable, the sources should be well-known and considered reputable. There must be two sources providing the information, and the information cannot come from the individual whose identity is being verified, nor can it come from the organization doing the verification. For example, reliable and independent sources can be the federal, provincial, territorial and municipal levels of government, crown corporations, financial entities or utility providers.

A Canadian credit file can be used as one of the two sources required to verify the identity of an individual. so long as the credit file has been in existence for at least six months.

The organization must keep a record of the following:

  • the individual’s name;
  • the date they verified the information;
  • the name of the two different sources that were used to verify the identity of the individual;
  • the type of information consulted (for example, utility statement, bank statement, marriage licence); and
  • the number associated with the information (for example, account number or if there is no account number, a number that is associated with the information, which could be a reference number or certificate number, etc.).

Identification Methods For Organizations

The guidance details how to confirm the existence of a corporation, or an organization that is not a corporation. This can be done by referring to a paper or electronic record that was obtained from a source that is accessible to the public such as:

  • For corporations:
    • its certificate of incorporation;
    • a certificate of active corporate status;
    • a record that has to be filed annually under provincial securities legislation; or
    • any other record that confirms the corporation’s existence, such as the corporation’s published annual report.
  • For organizations that are not corporations:
    • a partnership agreement;
    • articles of association; or
    • any other record that confirms its existence as a legal entity.

If an organization refers to a publicly accessible electronic record to confirm the existence of a corporation or of an entity other than a corporation, a record must be retained including the corporation/entity’s registration number and the source of the electronic version of the record. If a paper record is used, a copy should be retained. At a minimum, for all organization types, an organization must collect and keep a record of the following:

  • their full legal name;
  • the organization’s structure;
  • the organization’s principal business;
  • the organization’s physical address; and
  • information about the organization’s directors and beneficial owners.

Other Identification Considerations

The guidance details how a domestic or foreign affiliate, an agent or a mandatary can be used to verify the identify of a customer. If this method is used, it is important for organizations to remember that, legally, they are responsible for verifying a customer’s identity, even though they are relying on someone else to do it. Organizations should obtain the identification information from the other entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification as soon as feasible.

The guidance details how to identify children under 12 years of age (organizations must verify the identity of a parent, guardian, or tutor) and how to identify children between the ages of 12 and 15. For this age range, organizations can verify identity by using one of the prescribed methods to verify an individual’s identity and where not possible, relying on certain  information from the child’s parent, guardian, or tutor, and information that includes the child’s name and date of birth.

The guidance also reminds organizations that while the personal information that they are collecting is protected by the Personal Information Protection and Electronic Documents Act (PIPEDA), personal information that is required to be included in reporting to FINTRAC does not have to be disclosed to the Office of the Privacy Commissioner of Canada. It is important that organizations remember that safeguarding is a key consideration for all personal information collected in the normal course of business.

Conclusion

The most significant change for identification standards is related to the Government-Issued Photo Identification Method. A wording change from “original” to “authentic”, that was found in the prior version of the regulations, now allows for scanned copies of documentation, so long as it can be authenticated. It is noteworthy that the guidance gives clarity to all methods that can be used. Where further clarity is warranted, organizations can contact FINTRAC for a policy position related to the identification guidance. This can be done free of charge by emailing guidelines-lignesdirectrices@fintrac-canafe.gc.ca. This can also be done on a no-names basis by a lawyer or consultant on your behalf.

We’re Here To Help

If you have questions related to the identification changes, or need help updating your identification processes, you can get in touch using the online form on our website, by emailing us at info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

2019 AML Updates for Credit Unions

Background

On July 10th, 2019 the final amendments to Canada’s anti-money laundering (AML) regulations, were published in the Canada Gazette.  Many of the changes are based on requirements set out by the Financial Action Task Force (FATF), an inter-governmental body that sets out international standards for combating money laundering and terrorist financing, as well as from certain amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) made through the Economic Action Plan 2014 Act, No. 1 and the Budget Implementation Act, 2017, No. 1.

For those that prefer to see the updates in context, we have created unofficial red-lined versions of the regulations, which can be found here.

It is expected that all regulated entities will have to significantly revamp their AML compliance program due to the changes. There are three different “coming into force” dates that should be noted:

  • June 25, 2019: a wording change from “original” to “authentic” related to identification. This is welcomed news for digital identification.
  • June 1, 2020: changes related dealers in virtual currency (which do not directly apply to Credit Unions).
  • June 1, 2021: all other regulatory amendments.

Updated guidance from FINTRAC is expected to be seen ahead of the coming into force dates. Given the legislative changes, there will be adjustments to various FINTRAC policy interpretations so be sure to monitor closely and save any interpretations that you may have used for due diligence purposes.

Hefty Disclaimer

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you borrow content that we wrote and published publicly, we may think you’re a jerk but we’re not sending an army of lawyers).

What Does This Mean For Your Credit Union?

Changes to Canada’s AML regulations will have a direct impact on a Credit Union’s AML obligations, including the following:

  • Reporting;
  • Record keeping; and
  • Member identification.

Many changes will require adjustments in your IT systems to ensure that all necessary information is available to be included in FINTRAC reports, particularly those involving online transactions. If you’re not sure where to start please feel free to contact us. From a practical standpoint, while you do have some time to update your AML program, it is best to start budgeting and planning now.  It may also be prudent to discuss changes with your board of directors as well.

FINTRAC Reporting

This round of changes to AML regulations has a much greater focus on reporting including changes to the information that will need to be included in various reports. We have summarized the applicable changes below.

Certain reports will require information that was not originally included. These changes include information such as:

  • Purpose of transaction;
  • Source of cash or source of funds;
  • For online transactions:
    • Type of device used by person who makes request;
    • Number that identifies device;
    • Internet Protocol address used by device;
    • Person’s or entity’s user name; and
    • Date and time of when a person makes a request.

While most of these fields are mandatory, where fields are marked as optional, if an entity has the information (this may mean in the background of your IT systems), it is expected that it be included in the report. For full details on what has changed for FINTRAC report fields, we have created an unofficial redline which can be found here.

All changes related to reporting come into force on June 1, 2021.

STR Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction, or attempted transaction, is related to money laundering or terrorist financing, a report must be submitted to FINTRAC. The timeframe for submission was within 30 days of the date that a fact was discovered that caused the suspicion. The revised regulations amend this to “as soon as reasonably practicable after measures have been completed to establish that there are reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing.”

This means that a report will be due shortly after a reporting entity has conducted their analysis that established reasonable grounds for suspicion. It will be important to have detailed processes for unusual transaction investigations and this should include a step in the process that clearly identifies when a determination is made that establishes reasonable grounds to suspect the transaction is related to money laundering or terrorist financing. A defined time for what “as soon as reasonably practicable” means should be documented as well to ensure reports are completed and submitted on time. It will be interesting to see how FINTRAC looks at this obligation during examinations.

Terrorist Property Reporting

A very small change (or clarification), related to Terrorist Property Reports, has been made in the final regulations. The timing requirement for filing has changed from “without delay” to “immediately”. This means regulated entities need to report that they are in possession of terrorist property as soon as they become aware.

EFT Reporting

The definition of an EFT has changed with the amended regulations and reads as such:

An electronic funds transfer means the transmission by any electronic, magnetic or optical means of instructions for the transfer of funds, including a transmission of instructions that is initiated and finally received by the same person or entity. In the case of SWIFT messages, only SWIFT MT-103 messages and their equivalent are included. It does not include a transmission of instructions for the transfer of funds:

    1. that is carried out by means of a credit or debit card or a prepaid payment product if the beneficiary has an agreement with the payment service provider that permits payment by that means for the provision of goods and services;
    2. that involves the beneficiary withdrawing cash from their account;
    3. that is carried out by means of a direct deposit or a pre-authorized debit;
    4. that is carried out by cheque imaging and presentment;
    5. that is both initiated and finally received by persons or entities that are acting to clear or settle payment obligations between themselves; or
    6. that is initiated or finally received by a person or entity referred to in paragraphs 5(a) to (h.1) of the Act for the purpose of internal treasury management, including the management of their financial assets and liabilities, if one of the parties to the transaction is a subsidiary of the other or if they are subsidiaries of the same corporation.

The definition now includes instructions initiated and received by the same person or entity, which means certain internal transfer transactions may be caught.

Also related to EFT reporting, the final amendments removes the language commonly known as the “first in, last out” rule. This means that the first person/entity to ‘touch’ the funds for a transaction incoming to Canada, or the last person/entity to ‘touch’ the funds for a transaction outgoing from Canada, had the reporting obligation (as long as the prescribed information was provided to them). The update will change the reporting obligation to whoever maintains the customer relationship.

Large Virtual Currency Transaction Reporting

If you plan to conduct transactions involving virtual currencies such as bitcoin, you will be required to report the receipt or the sending of amounts of CAD 10,000 or more in a virtual currency to FINTRAC. These basically are the same as Large Cash Transaction reporting obligations, including making a determination if the person from whom the virtual currency is received is acting on behalf of a third party, and will require reporting entities to maintain a Large Virtual Currency Transaction Record.

Most of the recordkeeping requirements for virtual currency are very similar to Large Cash Transaction requirements.

The 24-Hour Rule

Multiple transactions performed by, or on behalf of, the same customer or entity, or are for the same beneficiary, within a 24-hour period are to be considered as a single transaction for reporting purposes when they total CAD 10,000 or more. This would mean that only one report would need to be submitted to capture all transactions that aggregate to CAD 10,000 or more. If you use software to automatically detect these types of transactions, you should begin discussions with your IT department or software provider to determine the time and resources that will be required to update the detection process.

For example, currently, a Large Cash Transaction Report must be submitted either for single transactions of CAD 10,000 (or more), or for multiple transactions of less than CAD 10,000 each that add up to CAD 10,000 or more in a 24-hour period. This can result in situations where two reports are filed for transactions taking place in a 24-hour period.

Cash deposit of CAD 12,000 – LCTR #1 for CAD 12,000
Cash deposits of CAD 5,000 and CAD 6,000 – LCTR #2 for CAD 11,000

Using the same example, under the new rules we would have:
Cash deposits of CAD 12,000, CAD 5,000 and CAD 6,000 – Single LCTR for CAD 23,000

We can expect to see guidance from FINTRAC ahead of the enforce date. If you have questions prior to this,  it is possible to write to FINTRAC to request a policy interpretation.

Compliance Program

In addition to the process changes, including reporting changes discussed above, there are some other changes that you will need to make to your compliance program.

Training

The amended regulations have introduced a new requirement to institute and document a plan for ongoing compliance training.  This differs from the current requirement to develop and maintain a written training program.

In practice, this means that in addition to documenting all of the training that has already been completed, you will need to clearly document future training plans. Be sure staff is receiving training on process changes that are applicable to their roles.

Risk Assessment

One of the deficiencies identified in the Financial Action Task Force (FATF) review of Canada was not having a requirement to assess new technologies before their launch. The final amendments require all reporting entities to assess the risk related to products and their delivery channels, as well as the risk associated with the use of new technologies, prior to public release.

This has been a best practice since the requirement to conduct a risk assessment came into force, but this change makes this a formal requirement. This will require strong communication and closer cooperation between compliance officers and teams involved in the development of new products or services.

Records of Reasonable Measures

The requirement to keep records related to reasonable measures to obtain certain information, has been removed with this round of changes. It is important to note that credit unions must still take reasonable measures and it is only the requirement to keep a record of the measures used that has been repealed. 

Identification

The range of identification methods that can be used will be broadened. This is good news, especially for credit unions that are using identification methods for members who are not physically present.

Prior to this round of changes, there was a requirement that when members are identified, the document and/or data that you collect must be in its “original” format. The final regulations replace the word “original” with “authentic”, and state that a document used for verification of identity must be “authentic”, valid and current. This would allow for scanned copies of documentation, and/or for software that can authenticate a person’s identification document. This change came into force on June 26, 2019.

Other changes to the identity verification requirements are as follows:

  • For credit file verification (single source), the credit file information must now be derived from more than one source (i.e. cannot contain only one trade line on the credit file);
  • For the dual source method, when relying on a credit report as part of a dual source, the credit file must have been in existence for at least six months. Additionally, the person or entity that is verifying the information cannot be a source (i.e. you cannot be a tradeline of the credit file).

In addition, there are provisions that allow a credit union to rely on the identification conducted previously by other reporting entities. If this method is used to identify a member, the credit union must immediately obtain the identification information from the other reporting entity, and have a written agreement in place requiring the entity doing the identification to provide the identification verification as soon as feasible.

If you have members that are publicly traded trusts, credit unions will be required to obtain names and addresses of all persons who own or control, directly or indirectly, 25% or more of the units of the trust.

Politically Exposed Persons (PEPs)

The amended regulations add some new requirements related to PEPs, which are as follows:

  • You must obtain the “source of wealth” of a PEP; and
  • If a PEP is a head of an international organization, the person will continue to be treated as a PEP for five years after they have held the position.

This change comes into force on June 1, 2021, and will likely result in IT system changes related to record keeping and monitoring.

Prepaid Products

If you offer Prepaid Payment Products, the amended regulations now include new obligations for prepaid cards that are issued by financial entities. The obligations are similar to those that apply to regular member accounts, and comes into force on June 1, 2021.

The regulations apply to any prepaid payment product that is tied to an account, that permits funds or virtual currency that total CAD 1,000 or more to be added to the account within a 24-hour period, or where a balance of CAD 1,000 or more will be maintained.

Records that will have to be maintained are as follows:

  • a record of the name and address of each holder of a prepaid payment product account and each authorized user, the nature of their principal business or their occupation and, in the case of a person, their date of birth;
  • if an account holder is a corporation, a copy of the part of its official corporate records that contains any provision relating to the power to bind the corporation in respect of the prepaid payment product account or the transaction;
  • a record of every application in respect of the prepaid payment product account;
  • a prepaid payment product slip in respect of every payment that is made to the prepaid payment product account;
  • every debit and credit memo that it creates or receives in respect of the prepaid payment product account;
  •  a copy of every account statement that it sends to a holder of the prepaid payment product account; and
  • a foreign currency exchange transaction ticket in respect of every foreign currency exchange transaction that is connected to the prepaid payment product account.

There are also record keeping obligations where an international electronic funds transfer of CAD 1,000 or more has been conducted through the prepaid product. Additionally, a prepaid payment product slip, similar to a deposit slip, must be maintained.

Similar to member accounts, you will also have to keep account applications and any foreign currency transaction information related to the prepaid product. A PEP determination is to be made when the prepaid product account is opened, and when a payment of CAD 100,000 or more is made to a prepaid product account.

We’re Here To Help

If you would like assistance in updating your compliance program and/or processes, or have any questions related to the changes, you can get in touch using our online form on our website, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

2019 AML Updates – Redlined Versions

The following red-lined versions have been created to reflect the changes to Canadian anti-money laundering (AML) regulations published in the Canada Gazette on July 10th, 2019.  A redlined version of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), reflecting the changes published in Bill C-97 which received Royal Assent on June 21, 2019, is also included below.

These documents are not official versions of the regulations. Official versions can be found on the Government of Canada’s Justice Laws Website.

 

Proceeds of Crime (Money Laundering) and Terrorist Financing Act

Please click the link below for a downloadable pdf file.

PCMLTFA_July_2019_Redline

 

Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations

Please click the links below for downloadable pdf files.

PCMLTFR_July_2019_Redlined_Full

PCMLTFR_July_2019_Redlined_Schedules Removed

Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations

Please click the link below for a downloadable pdf file.

PCMLTF_Suspicious_Transaction_Reporting_Regulations_July_2019_Redlined

Proceeds of Crime (Money Laundering) and Terrorist Financing Registration Regulations

Please click the link below for a downloadable pdf file.

PCMLTF_Registration_Regulations_July_2019_Redlined

Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations

Please click the link below for a downloadable pdf file.

PCMLTFR_Administrative_Monetary_Penalties_Regulations_July_2019_Redlined

Cross-Border Currency and Monetary Instruments Reporting Regulations

Please click the link below for a downloadable pdf file.

PCMLTFR_Cross-Border_Currency_and_Monetary_Instruments_Reporting_Regulations_July_2019_redline

 

Need a Hand?

Whether you need to figure out if you’re a dealer in virtual currency, to put a compliance program in place, or to evaluate your existing compliance program, we can help. You can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Are On Demand Products Right For You?

For certain industries, including dealers in precious metals and stones (DPMSs) and real estate, Outlier’s on-demand products are anti-money laundering (AML) and counter terrorist financing (CTF) programs that you can buy, customize online using our set up wizard, and download in fully customizable formats.

These can be purchased as single elements (Policies & Procedures, Risk Assessments, Training, Compliance Effectiveness Reviews) or bundled to save you money.

Why On Demand Products

Outlier’s co-founder, Amber D. Scott, noticed two things that made her believe that on-demand products could help Canadian reporting entities. First, for many small and medium sized businesses, there are very similar business models and risk profiles. Second, many businesses don’t have the means to pay for consulting services but have the same obligations as larger reporting entities. She had a vision of creating a model that could level the playing field by making it easier for these businesses to create plain language documents in an affordable way.

Are On Demand Products Right For You?

While we’ve worked to keep the on demand products as plain language as possible, they will still require you to be able to read and understand the content and adjust them for your business model and compliance processes. You’ll also need to review and update them regularly (once a year – no matter what, and more often if Canadian laws and/or your business models change).

These program elements can save you money by providing a customizable framework for you to work with, but you’ll need to put in the time and effort to customize them and keep them up to date.

What If You Download A Product And Need Help?

If you’ve downloaded on demand products and you’re stuck, we can help. Please contact us and let us know what you need. In your request, include the product that you’ve purchased and describe the problem that you’re trying to solve. We’ll get back you within two business days. If you need help sooner, please mark your request as urgent, and we’ll do our best to get back to you sooner.

Is Outlier The Only Company That Can Help?

There are a number of professionals in Canada that can help you customize your program, including consultants, lawyers and Compliance Officers working in your field. Using Outlier’s on demand product doesn’t mean that we’re the only people that can work with you, in fact, we believe that competition makes us all better at what we do.

How Do I Buy On Demand Products?

You can buy our on demand products through this website using a credit card. Start by selecting the type of reporting entity that you are to view the products that are currently available.

If you’re looking for something that doesn’t seem to be on the list, please contact us.

Why rich people don’t just open a bank…

 

It can be tough to open and maintain a bank account as a crypto-business. A policy of “derisking” (when banks avoid conducting business with customers perceived as being higher risk) leaves many crypto-businesses (and other MSBs) ill-served by the existing banking system.

A not-uncommon response to this reality (i.e. we’ve had this conversation enough times to deem it worthy of a blog post) is some variation of: “I’m a rich person! Why don’t I just open a bank?”

No doubt, this impulse comes from the admirably entrepreneurial spirit of our community. There’s a problem (lack of access to banking services), so let’s solve it.

But if you don’t have a background in compliance or banking and think that you’re “just” going to magically open your dream-crypto-paradise-bank… We’re here to advise you to slow your roll. We’re not saying you can’t do it… but here are some things you should consider. Knowledge is power.

Sidenote: We’re Canadian and these notes refer to Canadian processes. There are likely to be some differences in other countries, but we won’t know what they are. If you want to know, do the research. Let us know what you find if it’s interesting.

Opening a bank is expensive.

While you may think you have the cash to spare, opening a bank is expensive, and probably more expensive than you expect, both in terms of what you need to have in reserve, and what you’ll spend initially. We’ve heard the figure of $50m buy-in—which, by the way, does not guarantee you a charter.

You will spend money for years before you serve customers.

If you’re curious about where all those millions could possibly go, you’re going to get friendly* with an army of consultants, lawyers, and accountants over the next few years. (*And by friendly, we mean pay a lot of money to).

The process of getting issued a charter is lengthy (if you don’t believe us, you may enjoy perusing the 27-page long PDF guide from OFSI on the subject) and getting this process right means your investment will be whittled away by hiring people who can help navigate you through this labyrinth. You’ll also be spending money on employees, by the way, for years before you’ll ever have the privilege of serving a customer. Years. Plural.

Your team will spend a long time pleasing regulators before you’re operational.

Yes, even though you won’t be permitted to have customers for a long time, you will still need to assemble a team that can put together all of the elements of a bank into place. Your team will spend all of their time implementing processes, demonstrating to the regulator(s) that they’ve done so, and then tweaking these processes as the regulators require or request (in these instances, a request is really a politely stated requirement). If it’s any comfort, your employees will certainly be kept busy, even without customers.

You’re probably not going to be the CEO…

Despite making the decision to open a bank, you will likely not become the bank’s CEO, or even its COO. Senior management positions at banks require regulatory approval. Regulators are looking for you to have had a long history, at a senior level, in a bank or other federally regulated financial institution

… or even on the Board of Directors.

As with senior management positions, seats on the Board of Directors require regulatory approval. Even if you successfully jump through all the hoops required to start your bank, you will likely end up with little to no say in how it is ultimately run.

Well That’s Awkward!

There’s a noble sentiment behind the desire to “just open a bank” and solve the problems you see in the current banking system. But, the risks, effort, and returns are seldom well understood. In essence, opening a bank means making a substantial investment (in both time and money) in something that may one day become an asset (but may not). You can own the bank, but will likely not run it, despite the multi-year multi-million commitment you make. Even if you’re a wealthy investor with patient money, we’d suggest that you ought to be really passionate about setting up a bank if you want to embark upon this kind of endeavour.

What can you do instead?

So, if you’re not going to start a bank but are still frustrated by the banking system as it currently stands—what can you do instead?

Frankly, we need grassroots pressure to change the system we have. It’s important for us to have discussions with the gatekeepers (regulators, traditional banking institutions) for crypto business to get access to banking services. Part of the burden of being in this space is taking the time to educate those who control access to the resources we need. We’ve found that often even people with responsibility for developing policy related to bitcoin and other virtual currencies or tokens don’t fully understand it (and therefore its risk implications). While it may be frustrating to explain that it is possible to buy a fraction of a bitcoin to someone who we really think ought to understand this already, the more we can normalize crypto within the system, the more access we can hope to gain.

And while it can be difficult to speak out if you are a business who has been refused a bank account (or had your account shut down), we’d encourage you to share your experiences of trying to find banking services. Make a complaint to the institution. Share your story with the media (even if you don’t name the FI) or contact your political representatives. You can also, at the moment, contribute your feedback on the draft legislation on AML Regulations for “Virtual Currencies.” (See this blog post for more on how to do that). Exert pressure on the existing players.

But, of course… if you’ve decided you are passionate enough (and deep-pocketed enough) to start a truly crypto-friendly bank: more power to you and definitely let us know how you get on.

We’re Here To Help

If you have questions about virtual currency and regulation in Canada, or regulation in Canada in general, please contact us.

Return to Blog Listing