PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Who Wins The De-Risking Shell Game?

BankRisk_2The volume of evidence, both empirical and anecdotal, grows every day. The story on the surface is simple enough: banks are making the decision to “de-risk” (a polite way to say close the account of) certain types of businesses including money service businesses (MSBs) and digital currency businesses that are considered “too risky” by traditional financial services providers. The unintended consequences have included strained remittance corridors and frustration for businesses struggling to get by without reliable banking services. While these consequences are well documented, there are other unintended consequences of the de-risking phenomenon that have been less widely discussed. These include a growing lack of transparency between some industries and their banking service providers and directly threatens our ability to effectively manage money laundering and terrorist financing risk at both the financial institution and national levels.

It’s a shell game of “hide the risk” – and we’re all losing.

Businesses Are Losing

By now, if you haven’t heard about businesses struggling to survive without access to banking facilities, you would have had to ignore financial media for the past two years. The global effects of de-risking have attracted the attention of the G-20, the Financial Action Task Force (FATF), Financial Crimes Enforcement Network (FinCEN), the World Bank, and many more. While it’s clear that there are issues in terms of access to banking, let’s be honest with one another: while some businesses will close up shop, many others will take a different track.

Whether it’s using alternative financial service providers, payment processors, personal bank accounts or merely opening accounts at other financial institutions without revealing the true nature of the underlying activity, businesses will find a way to carry on. I’ve spoken personally to businesses that have taken these approaches, and it has never been their first or most ideal choice. These aren’t criminals carrying on some nefarious business! They are entrepreneurs who would rather be able to provide their real business plan to their banks and explain their activity honestly, but they do not believe that this option is open to them.

Banks Are Losing

Consequently, a bank with a policy that prohibits these types of businesses from holding accounts will deal with businesses that have gone to great lengths to conceal the true nature of their activity. The banks are unaware of the true nature of the activity passing through their accounts, and therefore ill equipped to manage the risk related to these activities. The strain on banking resources must be phenomenal, as banks must constantly devise new ways to interpret patterns of customer activity to detect undeclared MSB or digital currency activity. While it isn’t easy to quantify these costs, I can only surmise that the cost of this detective work must be high, despite being ineffective.

To further muddy the waters, businesses who fail to provide transparent information to their banks for fear of de-risking may also conduct completely legal activities in a way that starts to look like criminal activity. For example, if you believe that your business banking relationship is not reliable, you may open many accounts (in some combination of personal and business names) and conduct fractions of your banking through each, transferring funds from one account to another as needed to meet your obligations. On the surface, it can seem much like “layering” or “structuring” activity (techniques used by money launderers to make funds more difficult to trace). This further adds to the banks’ burden by creating more activity that must be monitored and investigated.

Entire Nations Are Losing

It has been widely publicized that in some cases like Somalia, entire nations that are dependent on remittance payments from friends and family living and working abroad are experiencing increased difficulty. Reliable and cost-effective remittance payment providers are a shrinking pool. This seems absurd in a time when technology can facilitate a payment in seconds.

National Security Is Losing

It’s not just far-flung places dependent on remittance payments that are losing. Here at home, we have a national security system that is dependent on our financial intelligence units (FIUs) having access to reliable data. The reliability of that data is undermined at every level by the de-risking shell game:

  • Businesses do not declare the true nature of their activity – and there are no incentives for them to do so;
  • Banks do not understand the nature of their customers’ activities, making it difficult detect potentially criminal activity; and
  • There is likely to be an increase in “false positives”, where activity conducted by businesses that do not believe that they can reveal the true nature of their activity to their banks instead conduct business in a manner that resembles criminal money laundering techniques.

Taken together, this results in the likelihood that key information is not being reported to FIUs correctly. Consequently, it becomes more difficult for law enforcement and other national securities to rely on this data to perform their roles effectively.

Who Is Winning?

There are two potential winners in this game and much like the shell games that you see duping tourists on the streets of large cities, neither is without malevolent intent.

The first are unregistered/unlicensed MSB businesses. These are businesses that have ignored regulatory requirements and carried on business without any FIU reporting. In some cases, these businesses will even minimize their interaction with the local financial system by using foreign bank accounts (and point of sale terminals) to collect customer funds. While the risk of penalty is high, the reward for these businesses (in particular where they are able to complete transactions that pose a challenge for their compliant counterparts) can also be high.

The second is criminal organizations. When legitimate businesses are performing transactions that look like money laundering, detecting true criminal activity becomes exponentially more difficult. I can only assume that the criminals are laughing all the way to the bank.

Shutting Down The Shell Game

De-risking is a complex problem with complex outcomes, but the solution need not be complicated. It does, however, involve the cooperation of all levels of the financial services community: regulators, banking service providers and businesses.

The costs and benefits of de-risking need to be reassessed. Where banking service providers are capable of accepting and managing accounts for businesses considered to be “higher risk”, they should do so, with their regulator’s blessing. Rather than perpetuating the shell game, regulators should encourage banking service providers to manage risk (and provide solid guidance with reference to how this should be done). Finally, there should be open communication between banking service providers, regulators and business banking customers. The lines of communication closed by de-risking must be opened, allowing banks to have honest conversations that will provide real insight into their customers’ business and lead to effective long-term risk management.

Micro Deposits & Micro Withdrawals

The Big DisclaimerAmber looking at laptop blank screen

We’re not lawyers and nothing that we write should be considered a legal opinion. Whether or not a solution will be acceptable to your regulators will always depend on your implementation and documentation – please contact us if you need help with either.

Background

There are a limited number of ways for Canadian reporting entities to identify individuals without meeting face to face. Previously, we have sought opinions from the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) on whether or not micro deposits and micro withdrawals could be used to confirm a customer’s identity. Until recently, the answer had been no. We reached out to FINTRAC again on the issue after learning that technology had evolved in a way that could meet the requirements. We’re pleased to share with you that FINTRAC is of the opinion that – given the right technology conditions – micro deposits and micro withdrawals can indeed be used to confirm a customer’s identity.

Confirmation Of A Deposit Account

The methods that can be used to confirm a customer’s identity are listed in Schedule 7 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR). (Since this post was written, Schedule 7 has been repealed and replaced by FINTRAC’s Methods to Identify Individuals). The “Confirmation of a Deposit Account Method” involves confirming that the person has a deposit account (this means a chequing or savings type of account) with a Canadian financial entity (this means a bank, credit union or caisse populaire). To use this method, reporting entities must keep a record of the name of the financial entity where the account is held, the account number and the date of the confirmation.

The key elements of this method involve determining that the account belongs to the person that you are trying to identify and determining that the account is indeed a chequing or savings type of account.

Micro Deposits and Micro Withdrawals

Previously, micro deposits and micro withdrawals were viewed as failing on both of these key elements. Confirming the amount of a micro transaction proved that a person had access to the account, but not that they owned the account. It was also viewed as impossible to determine the type of account (for instance the account may have been a line of credit that had a similar account number structure).

Fortunately, technology has advanced and some payment processors are able to conduct name matching (in some cases, payments are even stopped if there isn’t a match) as well as the type of account. Not all payment processors may have the capabilities, but if you’re looking for a way to automate some of your non face-to-face customer identification, this could be an option.

Implementation Checklist

We’ve broken down the implementation into seven key questions. If you’re able to answer yes in each case, you’re likely to be ready to implement micro deposits or micro withdrawals as an identification method.

  1. Does my payment processor conduct name matching (our client’s name against the account being debited or credited) and what confirmation do we receive of a match?
  2. Is our system set up to keep a record that demonstrates that the name was matched?
  3. Does my payment processor have access to the account type when an account is being debited or credited and can they pass that information to us and/or confirm for us that the account is a deposit account?
  4. Is our system set up to keep a record of the type of account or confirmation that the account is a deposit account?
  5. Is our system set up to keep a record of the name of the financial entity where the account is held?
  6. Is our system set up to keep a record of the account number?
  7. Is our system set up to keep a record of the date of the confirmation?

In addition to this list, you should also give some thought to what happens when identification fails (for example if the name doesn’t match or the account isn’t the right type). You’ll need to consider an alternative way to identify your client, and you probably don’t want their account stuck in limbo.

Need a Hand?

If you want to be certain that you’re meeting the standard described in this blog, or just someone to chat with to make sure that you’re on the right track please contact us.

Full Text Response

Good afternoon Ms. Scott,

Thank you for contacting the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canada’s independent agency responsible for the collection, analysis, assessment and disclosure of information in order to assist in the detection, prevention, and deterrence of money laundering and financing of terrorist activities in Canada and abroad.

You indicated, “some payment providers have the capacity to match the customer’s name to the name on the account (and will not process transactions if there is not a match) and return information about the type of account to which the transaction was pushed.”

In light of this, you have asked whether micro-withdrawals and/or micro-deposits would be acceptable for use as confirmation of a deposit account provided that:

(a) there was a confirmed name match; and

(b) the account type was confirmed as a deposit account.

Subparagraph 64(1)(b)(ii) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) states that non-face-to-face identification can be done by using a combination of identification methods as set out in Part A of Schedule 7, the confirmation of deposit account method being one. This method of ascertaining a person’s identity consists of confirming that the person has a deposit account with a financial entity, other than an account referred to in section 62 of the PCMLTFR. For the deposit account method, paragraph 67(c) of the PCMLTFR requires that the client name, the deposit account number, the financial entity name, and the date of the confirmation be recorded. Therefore, if the payment provider confirms the client name, the deposit account number, the financial entity name, and the date of the confirmation, then yes, the micro-withdrawals and/or micro-deposits is an acceptable means to confirm a deposit account with a financial entity as per Part A of Schedule 7 of the PCMLTFR, and would satisfy one of the two combination methods required.

Please note that FINTRAC does not endorse nor advertise any products, companies, or providers of consumer information.

I trust this information will be of assistance.

Insights From the 2014 CMSBA Conference

CMSBA

We were honoured to present at this year’s Canadian MSB Association (CMSBA) conference in Toronto. Speakers included representatives from the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the Canadian Federation of Independent Businesses (CFIB), money service businesses (MSBs), consultants, lawyers and technology service providers. Priced between CAD 200 and 250 (depending on membership status and the timing of the registration), the price of this annual event, which includes breakfast, lunch, a post event reception, an annual CMSBA membership and a training certificate is likely one of the most informative and reasonably priced resources for MSBs. We would like to thank the CMSBA for providing a top quality event.

The Big Disclaimer

The information that follows is based on our experience attending the conference, and the information that we feel will help our friends and clients the most. While there were many excellent sessions, we weren’t able to enjoy them all. If you feel that we’ve missed something vital, or misrepresented an important point, please feel free to contact us and we’ll do our best to correct it.

FINTRAC Exams Are Changing

Lisa Douglas of FINTRAC tackled an update on the regulators expectations with candor, diplomacy and even a sense of humour on occasion. Among the most important points for reporting entities was the implementation of the regulatory changes that came into effect in February of 2014, and changes to the types of testing that FINTRAC will be performing in examination:

  • Business Relationships: has the nature and purpose of the business relationship been documented? Has the customer been identified where there is a business relationship (and if not, are efforts to identify the customer documented)? Is ongoing monitoring in place?
  • Suspicious Activity: Do the policies and procedures reflect the right indicators for the business model (see FINTRAC’s Guideline 2 for a full list)? Is there activity that seems to be suspicious that was not reported? If so, are you able to explain objectively why the activity was not considered to be suspicious (and is the explanation backed up by documentation)?
  • Ongoing Monitoring: Are monitoring efforts documented? Is the monitoring for high-risk customers and business relationships different (in nature and frequency)?
  • Beneficial Ownership: Is there documentation that confirms beneficial ownership? If not, has Senior Officer been identified and is the customer classified as high risk?
  • Customer Information Updates: Is customer information being updated on a regular schedule according to the customer’s risk?
  • Quality Reporting: Are the reports that FINTRAC receives complete and accurate? Are all fields (including fields that aren’t mandatory) completed if you have the information on file?

Ms. Douglas received the most questions about applying an ‘objective standard’ to deciding whether or not there are reasonable grounds to suspect money laundering or terrorist financing activity, and stressed that it is not enough to know that the activity is consistent for a customer over time if the activity could be indicative of money laundering or terrorist financing. This theme was echoed by Paul Burak of MNP LLP in his discussion of customer due diligence. In his illustrative example, Mr. Burak described a hotel that made large cash deposits with few credit card or debit card payments, in volumes that were out of synch with local tourist traffic. While the pattern of activity was consistent for the client over time, it did not make sense when an objective standard was applied.

There are Many More MSBs with ‘Zero Deficiencies’ Than MSBs with Penalties

Although there are several published administrative monetary penalties that have been published for MSBs, approximately 25% of MSBs examined between 2008 and 2014 have passed examinations with zero deficiencies.   While this isn’t likely to reduce the stress that comes with preparing for an examination, the information (obtained from a recent access to information request that Outlier filed with FINTRAC) is important in understanding that the MSB industry has historically been more compliant than the headlines would have us believe. That said it’s always vital to take the time to prepare for your examination and ensure that all of the materials requested by FINTRAC are assembled and delivered on time. We’ve put together some free resources to help reporting entities get organized, available here.

We were fortunate enough to co-present on this topic with two very experienced lawyers, J. Bruce McMeekin and Tushar K. Pain. Both emphasized the importance of reaching out to a legal professional early if you may be facing an administrative monetary penalty, as well as the value of regular compliance testing (not just limited to the effectiveness reviews required every two years) to assess compliance and fix anything that may be offside.

Banking Remains an Issue for MSBs

Robert Osbourne of Grant & Thornton provided excellent insights on maintaining banking relationships, including requesting and account manager, and maintaining regular contact (rather than simply responding to issues or information requests). Despite recent public policy positions from the Financial Action Task Force (FATF) and Financial Crimes Enforcement Network (FinCEN) warning against wholesale de-risking, few Canadian banks are currently accepting MSBs. Among those that we are aware are taking on MSB customers:

  • Royal Bank of Canada (RBC)
  • Bank of Montreal (BMO)
  • DirectCash Bank (DC)

There are additional financial institutions, including credit unions that offer accounts to MSBs, however many of these are not currently taking on new MSB customers. Access to banking is one of the issues that we’re likely to hear more about from both the CMSBA and the CFIB in the coming months.

Tools and Technology

The importance of tools and technology for recordkeeping and compliance management cannot be understated. The Canadian market is served by a number of great providers, and more solutions are being added on a regular basis. The solutions that are implemented should be well aligned with your business model and Risk Assessment. They should also be secure, in particular where sensitive or personal information (PI) is stored. Garry Clement of Clement Advisory Group emphasized how vulnerable the industry may be to cyber threats, and steps that MSBs can take to recognize threats and protect their data.

Digital Currency

Jillian Friedman of the Bitcoin Embassy (formerly, now she can be found at montrealtechlawyer.com) and Susan Han of Miller Thompson provided an overview of digital currency. While it was clear that many MSBs are interested in the potential that bitcoin and other digital currencies can offer, the same barriers to banking faced by MSBs are faced by digital currency companies in Canada. MSBs that deal in digital currency may face additional de-risking concerns with their banks. Zach Ramsay of CoinCulture, though not presenting, was on hand to offer clarification about the digital currency related services that may interest MSBs including bitcoin teller machines (BTMs) and bitcoin payment processing.

Need a Hand?

If you would like more information about the CMSA, including information about how to become a member, you can contact them here.

If you have questions about AML or CTF compliance, please contact us for more information.

Why bitcoin?

BitcoinAcceptedHereI’ve been asked the question enough times that I probably should have blogged about it a year ago, but the kicker for me was coming across an article that seemed to have no purpose but to question why an AML consulting firm would speak at the Bitcoin Expo.   The truth is that a few years ago, I may have approached the situation with the same type of skepticism. In those years, I’ve worked with excellent companies that are working hard to manage their risk (some of them in the absence of any law that would compel them to do so). I’ve not only come to believe that working with companies in the digital currency space is well-aligned with Outlier’s core mission (helping Canadian businesses to succeed), I’ve become enthusiastic about digital currency in general.

The First Bit

A longtime friend and client approached me about the digital currency aspects of his business. While I won’t go into great detail about the specifics (client confidentiality is important to me – and my clients), I will admit that my understanding of the space was rudimentary at best. If the request had come from someone that I knew and trusted less I may have taken a different approach to learning, but given the circumstances I wanted to know as much as I could as quickly as I could. I thought that the best way to learn would be to ask to be paid in bitcoin. This meant that I had to figure out how to set up a wallet, secure it, receive bitcoin and of course spend the bitcoin. What became clear to me very quickly were the advantages: bitcoin transactions were fast, cheap, traceable (by way of the blockchain’s public ledger) and irreversible.

Being a self-proclaimed AML nerd, I was surprised to see that I didn’t need to provide personal information to set up a wallet, though it was also clear to me that the idea of complete anonymity wasn’t accurate either. I hadn’t worked with any digital currency exchanges or brokerages yet, and I wasn’t quite sure what to do with my bitcoin, so I held it in my wallet and checked the price every few days. I was lucky at the time, the price shot up. I started exploring reputable vendors that accepted bitcoin (the list was a lot smaller at the time), settling on a tablet for my husband from a UK-based vendor as my first bitcoin purchase.

The transaction was fast, efficient, and reminded me that bitcoin was not as anonymous as the headlines would have had me believe. The vendor required relatively comprehensive information in order to deliver the tablet, and noted on the site that identification would be required by the delivery company in order to release the package. The cost of the tablet was less than the cost of the bitcoin that I received, but I decided to hold off on looking for things to spend it on right away. From that point, I’ve always held bitcoin (and later on a few other alt coins as well).

Brokerages, Exchanges and BTMs

Since that first transaction, I’ve worked with bitcoin exchanges, brokerages and BTM companies (as well as a few other wonderfully innovative business models that I can’t describe here) in Canada and in the United States. What I’ve experienced with these companies has been remarkably similar to traditional financial companies in many ways.

There is a real desire to understand the legislation and to do what’s needful.

There is a real desire to implement compliance without stifling innovation (especially when it comes to the customer’s experience).

There is a real desire to be part of the conversation with the people that write the laws, and the regulators that enforce it.

While I’ll admit that my sample is very biased (criminals are unlikely to hire a firm like mine), my experience in the digital currency community has been overwhelmingly positive.

Our Bit

I see the role of Outlier, and other professionals like us, as threefold. Our first task is to understand. Our next task is to provide valuable services and our final task is to act as advocates. These are sequential – the final two tasks cannot be done with any degree of competency without the first. Recently I’ve been approached by a number of very large firms asking how they can provide services to digital currency companies. I ask them the same question that 100% of the bitcoiners that I’ve worked with have asked me “Do you have bitcoin?” There is no teaching tool like experience, and right now digital currency is something that almost anyone with a computer and Internet access can experience.

This understanding translates into being able to truly add value for digital currency companies, but a point in time understanding won’t be enough. There are incredible innovations developing every day. I wasn’t involved deeply in the evolution of the Internet in the 1990s, but I imagine that it must have felt something like working in digital currency today. Ideas that add value for digital currency companies must support business innovation while teaching the traditions of compliance and sound risk management practices. As an AML professional, there is nothing more rewarding than working with clients that are pushing the boundaries of the possible, and helping them to do that without ending up on the wrong side of the law. The projects are exciting and more often than not, the aim is to benefit society as a whole.

It’s that excitement and those lofty goals that will make you an advocate. For Outlier, and for me personally, advocacy and education have been a labour of love. We speak at conferences, to merchants and traditional financial institutions, and we do what we can to connect policy makers to experts. We do all of this free of charge, because we believe that digital currency has great potential to do good. Like anything with value, it can be used to launder money, even though it’s not nearly as anonymous as some may believe it to be.  We’re not ignoring this, nor do we believe that it’s the whole story. Digital currencies like bitcoin can also be used to transfer funds quickly, efficiently (and in many cases without fees) to the people that need it most and to allow individuals more complete control over their funds in oppressive and corrupt regimes.

The Last Bit

Since that first payment, Outlier has always accepted payment in bitcoin, but conversations are always free. If you have questions, please feel free to contact us.

Outlier BTC Tipping AddressTipping QR Code

Why We Believe In The Right To Business Banking

I remember my first thoughts on money services businesses (MSBs) very distinctly.   Years ago, when I moved from being a banker to being a consultant, I thought of MSBs as being predatory and fly by night. I didn’t know much about MSBs, and I was hesitant to work with them as clients. Fortunately, a colleague determined to change my point of view, brought me to a meeting with one of her clients, a remittance company that served a particular ethnic community.

My colleague asked her client to walk me through the business model, and as the discussion progressed, I quickly understood that the MSB was offering many services that the banks were not – some of them free of charge. Not only was the MSB providing services in their customers’ native language, the fees were low and there were a slew of additional services like lawyer and employment agency referrals (all services in the customers’ native language). The office space was a bright and clean retail location and all of the staff seemed genuinely excited to be there. It was clear that I had misjudged MSBs (or at the very least, this MSB).

Over the years I’ve worked with many MSB clients and have come to understand that this was not a unique situation. In Canada we have many great MSBs that are providing services in nimble and efficient ways that truly meet the needs of their communities. My team and I have been able to help MSBs build compliance programs, risk assessments, training and complete effectiveness reviews, but the most common request that we’ve received is something that we’re simply not able to do: open a bank account.

From startups to MSB businesses that have been in existence for many years, opening a bank account (and keeping it open) is more difficult than staying in compliance with the law, or running a profitable business. Recently, we’ve also been approached by companies that deal in digital currencies like bitcoin with the same type of request. While we can certainly provide advice on how to approach the problem (see our blog on keeping your bank happy), we aren’t a bank and don’t have the power to compel banks to open accounts for our customers, or to keep them open. The lack of available banking facilities is deeply troubling to me, both as a Canadian entrepreneur and as a compliance expert.

Stifling Innovation

Recently, the Canadian Senate Committee on Banking, Trade and Commerce held sessions related to digital currency. One of the messages that was clear in all sessions was the disconnect between the traditional financial system (represented primarily by banks) and the emerging digital currency markets. While digital currency has come a long way, companies have difficulty operating using digital currency alone. Unfortunately, many of these companies are currently unbanked (including companies that have a history of profitability and companies that accept payment in digital currency – but do not sell digital currency to the public). While Canada is, in many ways, recognized as a hotbed of digital currency innovation, banking challenges are daunting to companies considering a Canadian presence.

While some laud the regulation of digital currencies expected to come into play following the Royal Assent of Bill C-31 earlier this year, it is noteworthy that this is unlikely to solve the existing banking issues faced by these companies. ‘Dealers in digital currency’ (a term that has yet to be fully defined) will be regulated as MSBs, and MSBs face very similar banking challenges despite being regulated entities. New MSB startups (including MSBs that aren’t dealing in digital currency) have great difficulty in obtaining and maintaining basic banking facilities.

The Risk of ‘De-Risking’

As an entrepreneur, it troubles me that companies that have followed all of the rules are denied the opportunity to innovate because they don’t have access to banking services. As a compliance professional, I’m equally troubled by the workarounds that I’ve seen in action. These have ranged from misrepresenting the nature of a company’s business to incorporating multiple companies that settle transactions between one another (or access banking services on one another’s behalf) to the use of personal bank accounts to operate businesses. In essence, accessing banking in a way that banking service providers don’t understand because providing accurate information is seen as putting the business at risk.

Banks and other banking service providers are heavily regulated, and their requirements include knowing their customers and understanding their customers’ transactions. MSBs and digital currency businesses are generally (effectively always) seen as being higher risk and requiring enhanced due diligence (EDD). There are few motivations for banking service providers to take on higher risk customers, in particular if the banking service provider cannot be certain that the account will be profitable. To this end, some banks have openly stated that they will not deal with MSBs or digital currency companies at all. Others charge screening fees (which can range up to several thousand dollars) required as part of the account application process, with no guarantee of an account. Most banks that offer accounts to these types of businesses charge fees (in addition to regular banking fees) in order to maintain accounts.

Even when an MSB or digital currency company opens a bank account, there is the possibility that the banking service provider will close the account (referred to in the banking community as “de-marketing” or “de-risking”) with very little notice. Consequently, there is very little incentive for MSBs or digital currency companies to be transparent with their banking service providers. These businesses need bank accounts in order to thrive, and they don’t perceive themselves as being able to access banking services by being open and transparent. This creates a situation wherein many companies operate “under the radar,” accessing banking services without providing a fulsome understanding of their business or transactions.

In these situations, banking service providers are not meeting their regulatory obligations as they don’t truly know their customer, nor understand their transactions. Many financial institutions have mechanisms in place to detect undeclared MSB activity and /or digital currency related activity. While it’s not possible to say with certainty how effective these controls are, my experience would suggest that the number of financial institutions that are dealing with MSBs and digital currency businesses is close to 100% (regardless of the policies or controls in place). In other words, de-risking MSBs today is about as effective as the prohibition of alcohol in the USA in the 1920s

Not Just A Canadian Issue

Businesses across the globe are facing similar issues, and international groups such as the World Bank have become more vocal in proposing solutions.  In their 2013 Special-Purpose Note titled “Barriers to Access to Payment Systems in Sending Countries and Proposed Solutions,” the World Bank’s  Global Remittances Working Group (GRWG) suggest five solutions, including the creation of banks focussed on serving money transfer businesses.  The issue was raised again during Global Payments Week in New York, where it was noted that it has been brought to the attention of the G20 Ministers of Finance.  While the issue is not uniquely Canadian, we believe that Canada could become a world leader in implementing a solution.

Solving The Problem

We believe that the solution to mitigating the risk related to MSB and digital currency transactions is not de-risking. This strategy only penalizes honest companies and creates an environment of mistrust. We believe that all Canadian businesses should have a right to basic banking services, in the same way that individuals are entitled to these services. In order for this to be true, businesses would need to be included in the rules set out in the Access to Basic Banking Services Regulations under the Bank Act, or similar legislation.

The risk posed by MSBs and digital currency businesses should be assessed and managed. This can only occur where these companies understand that revealing the nature of their business will not lead to “de-risking,” provided that the business is operating within the parameters set out by Canadian law (including the requirement for MSBs to be registered with FINTRAC in Canada and licensed by the AMF in Quebec). While the cost of managing related risks and performing enhanced due diligence exist, the fees related to MSB and digital currency accounts should not be so unreasonably high as to prevent access for smaller companies.

We’re Not Lobbyists, But…

Canada’s 2014 Economic Action Plan mentions “universal banking.” The website reads: “Universal access to basic banking is a cornerstone of Canada’s financial sector in which Canadians can take pride.” We’re working with industry groups to spread the message. We believe that universal banking should apply not only to individuals, but to the Canadian organizations that are innovating and helping to make Canada great.

What You Can Do

If you believe in the right to business banking, as we do, we encourage you to contact your Member of Parliament to share your thoughts.

If you own a business in Canada, you can also contact the Canadian Federation of Independent Businesses (CFIB) to request action on this initiative.  CFIB has been a powerful lobbying force for Canadian businesses in the past, and we have discussed these issues with them.  Action is most likely when it is clearly supported by their membership.

MSBs and those that work with MSBs may also consider contacting the Canadian MSB Association (CMSBA) to learn about their current initiatives.  The CMSBA represents the interests of Canadian MSBs, in addition to providing training and conferences (the next of which takes place November 18th in Toronto).

Contact Us

You can contact Outlier at any time using our online form or contact the author directly by emailing amber@outliercanada.com.

Implementing 2014 AML & CTF Regulatory Changes

We’ve done many AML Compliance Effectiveness Reviews of late, and my first question to clients is always the same: have you implemented the changes that came into effect in February of this year? The answers have varied from a confident “Yes, of course!” to “What changes?” We have a simple guideline for blogs at Outlier. If we receive a question more than three times, we write about it, and we make as much useful information as possible free. We do this because we believe that knowledge is power – and that everyone should have access to it. In the spirit of making knowledge free and available, we’ve decided to share the most significant changes related to updates to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) that came into effect earlier this year, and the solutions that we’ve implemented with our clients.

The Big Disclaimer

This blog was not written by a lawyer and shouldn’t be considered legal advice.

While our solutions have been reviewed by:

  • Outlier;
  • Our clients who have implemented these solutions; and
  • The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) (in the form of examinations conducted with our clients who have implemented these solutions),

this doesn’t guarantee that these solutions will be a perfect fit for your business. They will need to be edited and customized to suit your business model – but we think that they will point you in the right direction.

2014 PCMLTFR Changes In Brief

The most recent changes to the PCMLTFR came into effect in February of this year. Among the most significant changes were:

  • The addition of business relationships;
  • The addition of customer information updates (with more frequent updates for higher risk customers);
  • The addition of delivery channels to the risk assessment (bundled with products and services); and
  • The addition of enhanced transaction monitoring for higher risk customers.

Each of these changes has an impact on your anti money laundering (AML) and counter terrorist financing (CTF) program. They should be incorporated into your program documents (your policies, procedures and training) and have an impact on your operations (what you’re doing to meet these obligations).

Business Relationships

Reporting entities have a business relationship when a customer has performed any combination of transactions that requires identification and/or confirming the existence of an entity more than twice. This includes suspicious transactions and attempted suspicious transactions. When you have a business relationship with your customer, you must keep a record of the “purpose and intended nature of the business relationship.” In its simplest form, this means asking the customer the purpose of their business with you, and keeping a record of the response. This information is also useful in transaction monitoring, as it allows you to look for activity that isn’t consistent with the answer that the customer has provided.

This is something that you can ask your customer verbally (by phone is fine), by email, via a web form, by fax, or in any other way that makes sense for your business. You don’t need the customer to sign anything, but you do need to document the response. There is also flexibility in how you keep a record of the customer’s response.

If you have flexible information technology (IT) development, you can add a business relationship indicator to your system, as well as a field for the purpose and intended nature of the business relationship. Ideally, the system would detect business relationships automatically, and prompt your staff to collect information about the purpose and intended nature of the business relationship. If your business is relatively straightforward, you may even be able to develop a dropdown menu.

If your IT systems are less flexible, you’ll need to find another way to record this information. This can range from notes in the customer profile section of your client management system to an excel spreadsheet. Whichever method you use, you’ll need to think of a way to make sure that you know about all of the business relationships that exist.

You’ll also need to add a section to your program documentation that explains:

  • What a business relationship is;
  • How you know when you have a business relationship with your customer; and
  • What you do when there is a business relationship.

Your staff and agent training should also be updated to include a definition of business relationships, and your processes where you have a business relationship with your customer.

Here’s some sample language:

Business Relationships

We have a business relationship with anyone that has conducted two or more transactions that require identification (for individuals) or confirmation of the existence of an entity (for organizations). When we have a business relationship with our customer, we need to keep a record of the purpose and intended nature of their business relationship with us. Although this may seem self-evident, it is something that needs to be recorded.

Our system has been updated to prompt all staff to enter the purpose and intended nature of business relationships. This field is not optional; it must be completed whenever we have a business relationship with our customers.

We must also monitor business relationships that and keep information up to date (including customer identification, if the customer is active with us). The Compliance Officer will determine whether or not information about our customers and/or businesses relationships is up to date may contact staff for additional information.

Information Updates

Reporting entities must also keep customer information up to date. Updates should be more frequent for high-risk customers, although the PCMLTFR does not specifically prescribe how often these updates should take place. Depending on your business model and how frequently you interact with your customers, there may be significant differences in how often you perform updates.

Customer information updates refer to the customer’s name, address, email address, telephone number and occupation or principal business. Customers that are organizations are also required to confirm the organization’s beneficial ownership and director information.   This doesn’t mean that you need to collect the articles of incorporation (or other documentation that you’ve already got on file) a second time, but rather than you’re confirming with the customer that this information has not changed, or updating your records if there were any changes.

Once again, if your IT systems are flexible, you can add automatic prompts to ensure that this is completed. Anyone that uses online banking will be familiar with this the type of updates that have occurred this year. When you log into your account, you’re asked to confirm your personal details before proceeding to the banking site.

You’ll also need to add a section to your program documentation that explains:

  • What information must be updated;
  • How frequently this information is updated; and
  • How you update this information;

Your staff and agent training should also be updated to include information updates as well.

Here’s some sample language:

Customer Information Updates

Customer information updates refer to the customer’s name, address, email address, telephone number and occupation or principal business.

Customers that are organizations are also required to confirm the organization’s beneficial ownership and director information.

Inactive Customers

Inactive customers are re-identified in order to re-activate an account and conduct transactions that require identification.

Inactive customers that are required to be re-identified are also required to update their customer information.

Low & Medium-Risk Customers

Low and medium-risk customers that were identified face to face are required to update their customer information at the point that the identification document has expired.

In the case that there is no expiry date for the identification document initially provided, customer information is updated every five years.

In the case that the customer has been identified using non-face-to-face methods, customer information is updated every five years.

Low and medium-risk customers that are not recognized visually or by voice must be re-identified using either face to face or non face to face methods when they request transactions that require identification.

High-Risk Customers

High-risk customers are required to update their customer information every two years.

High-risk customers that are not recognized visually or by voice must be re-identified using either face-to-face or non face-to-face methods when they request transactions that require identification.

If the reason that a customer has been considered high-risk relates to doubts about the veracity of any of the information or identification provided, additional identification or confirmation of customer identification may be required at the Compliance Officer’s discretion.

Risk Assessment: Delivery Channels

Your Risk Assessment (that document that describes the risk that your business could be used to launder money or finance terrorism) already describes the risk related to your products and services (what you sell). This has been updated to include delivery channels (how you deliver your products and services to your customers). This should include all of the methods that you use to interact with your customers (whether they’re sales and service or service only), and a description of the risk associated with those methods. Generally speaking, high-touch delivery methods (anything that allows you to interact directly with the customer) provide more opportunities to detect potential money laundering or terrorist financing activities. This doesn’t mean that low-touch options like online ordering are bad, but it does mean that you need to have good controls in place to prevent money laundering and terrorist financing.

Your Risk Assessment should be updated to describe your “Products, Services and Delivery Channels” (rather than simply “Products and Services”). It should clearly explain how your products and services are delivered, and the risks associated with your delivery methods. The delivery methods should include all of your touch points with your customers (including things that may not be advertised, that you only do for existing customers).

Here’s some sample language:

Delivery Channels

We complete the sales process with our customers:

  • In person (at our retail/commercial locations);
  • In person (at locations other than our own premises);
  • Via mail;
  • Via phone;
  • Via fax;
  • Via internet.

In addition, we provide servicing to our customers:

  • In person
  • Via social media sites;
  • Via email; and
  • Via phone.

Our delivery channels include a mix of “high-touch” and “low-touch” options. High touch options provide us with greater opportunities to interact with our customers, observe customer behavior and ask questions. Low-touch options do not afford the same opportunities to observe behaviours. In these cases, we are more reliant on transaction monitoring and transaction review to detect unusual activity. In the case of low-touch options, we are generally able to contact the customer via our servicing channels to request additional details where the transaction is not consistent with what we know about the customer.

Enhanced Transaction Monitoring

Reporting entities are required to monitor transactions in order to identify patterns that may indicate that money laundering or terrorist financing is taking place. For higher risk customers, there must be some form of enhanced transaction monitoring. Enhanced means that it is different from the transaction monitoring that takes place for all customers. It can be different either in quality (what you do to monitor transactions) or quantity (how frequently monitoring takes place, or how unusual a transaction must be in order to generate an alert).

If you have an IT system that automatically monitors transactions and generates alerts, and there is flexibility in programming this system, you can make changes to the monitoring activities that take place based on customer risk level. If you’re monitoring transactions manually, you can incorporate enhanced transaction monitoring into the enhanced due diligence that you conduct for your high-risk customers. This can be as simple as reviewing the last two years of high-risk customer activity. Regardless of the method that you use to conduct enhanced transaction monitoring, you’ll need to update your program documentation to describe what you’re doing and what records you’re keeping.

Where transactions are monitored by an IT system, the language in your program documents should reflect the parameters set in your system. If you are monitoring transactions manually, here’s some sample language:

Enhanced Transaction Monitoring

For high-risk customers, enhanced transaction monitoring is conducted. The Compliance Officer (or a delegate) reviews the information that is on file about the customer, as well as records of the customer’s activity for the past two years. If there is activity that appears to be related to money laundering or terrorist financing, appropriate reports are filed with FINTRAC (and in the case of terrorist property, with CSIS and the RCMP).

High-risk customer accounts are reviewed at least annually, and more frequently where triggered by customer activity (for example where there is an internal report submitted to the Compliance Officer). The Compliance Officer will maintain complete records of the reviews and maintain these records for at least five years

Keeping Up To Date

Remember to document the fact that you’ve reviewed and updated your program. This can be done in a simple spreadsheet, or within the program documents. The record should include what updates were completed, when the updates were completed, and by whom the updates were approved.

Need A Hand?

If you need assistance reviewing your program, implementing the updates described in this blog, or just someone to chat with to make sure that you’re on the right track please contact us.

FINTRAC EFT Reporting Clarification

We’ve recently had quite a few conversations with our clients and friends about electronic fund transfer (EFT) reporting.

For entities that EFT 10Kare required to report EFTs, any amount valued at CAD 10,000 or more that is sent out of Canada or received from outside of Canada on behalf of a customer is reportable to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) within 5 business days.  The question that keeps coming up relates to situations that have multiple senders or beneficiaries.

For example:

When Jaques (your customer in Canada) sends the equivalent of CAD 12,000 to his aunt Sally in Europe, this is clearly reportable as an EFT.

But

What if instead of sending the whole amount to his aunt Sally, Jacques instead send three transactions, each equivalent to CAD 4,000 to each of his nephews, Ralph, Jean and Morty?

After hearing different answers from different people, we thought it best to get a policy clarification from FINTRAC.  You can see the full text of that question, and FINTRAC’s answer below.

Outgoing EFTs With Multiple Beneficiaries Are Reportable

In the case that we mentioned above, Jacques’ transactions would be reportable EFTs, provided that all of the transactions happened within the same 24 hour period.  In this case, 3 reports would be sent, adding up to the total amount (which is over CAD 10,000).

Incoming EFTs From Multiple Senders Are Reportable

It stands to reason that if you receive multiple EFTs of behalf of the same beneficiary, the same rules would apply.

In the example above, for instance, let’s say that the money sent to Jacques’ nephews was a loan.  All of the nephews pay pack the loan at the same time, and you receive 3 EFTs for Jacques, each from a different sender, with a value of CAD 4,000 each (CAD 12,000 in total for the three EFTs).  These are also reportable, provided that the transactions all occurred within the same 24-hour period.

What Does It Mean If You’ve Interpreted the Reporting Requirements Differently?

In some cases, this may mean updates to your IT systems, to allow you to detect transactions that are received on behalf of the same beneficiary, or sent on behalf of the same sender.

It may also mean looking back at your transaction data, in order to figure out whether or not there are any EFTs that should have been reported to FINTRAC that were missed.  If this is the case, we recommend that you consider filing a voluntary disclosure with FINTRAC to proactively let them know about the issue, and what you’re doing to fix it.  If this is the case, we’ve created some free resources to help make this process as simple as possible.

Need a Hand?

If you’re not sure what to do next or you need extra hands to review your IT system updates or a package that you’re submitting to FINTRAC, please contact us.

 

Full Text of FINTRAC’s Response

Amber, 

     I am writing further to your e-mail of May 13, 2014, concerning how to report an electronic funds transfer sent by one client but to

multiple beneficiaries.

     As you know, pursuant to the /Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations/ (PCMLTFR),  reporting entities are required to report to FINTRAC electronic funds transfers valued at $10,000 or more (in the course of a single transaction) at the request of a client, along with the information referred to in Schedule 2 or 5, as the case may be; and the receipt from outside Canada of electronic funds transfers, sent at the request of a client, of $10,000 or more in the course of a single transaction, along with the information referred to in Schedule 3 or 6, as the case may be.

     When a client requesting an EFT conducts a transaction with the initial amount of $10,000 or more and instructs that it be divided between multiple beneficiaries, the EFT is still being carried out by one client, and the EFT must be reported using multiple reports (one per beneficiary).  The key to determining the reporting requirement is the instruction given by the client. To better explain this, I have provided two examples below:

     1)  A client instructs that $15,000 be sent via EFT to different beneficiaries, $5000 each. In this instance, the reporting entity would be required to send three different reports, one for each beneficiary, for a total of the $15,000 that the client requested be sent via EFT. When submitting the reports, the 24-hour-rule indicator must be selected, although this is not considered to be a single transaction of $10,000 or more as defined under section 3 of the PCMLTFR.

     OR

     2)  A client instructs that $5000 be sent to beneficiary subsequent $5000 be sent to beneficiary B and a third $5000 be sent to beneficiary C. In this instance, the 24- hour rule must be considered.

The 24-hour rule applies if the reporting entity knows, or an employee or senior officer knows, that the transactions were made within 24 consecutive hours of each other, by or on behalf of the same individual or entity. It applies only to transactions that are under $10,000. If a transaction is for $10,000 or more, it is reportable as one transaction.  As such, if the reporting entity knows that the first two EFTs of $5000 each were made by, or on behalf of, the same person, then the reporting entity would be required to submit two reports under the 24-hour rule, as these two EFTs total $10,000.    

I trust this information will be of assistance.

Best regards

Canadian Digital Currency Regulation

BitcoinAcceptedHereLate last week, Canadian Bill C-31 received royal assent (meaning that it has been approved and will become Canadian law).  The bill covered many areas, one of which was anti money laundering (AML) and counter terrorist financing (CTF) requirements for Canadian businesses.  This included adding “dealers in digital currency” to the definition of money services businesses (MSBs).

It’s not yet clear when these changes will come into force, but we expect that there will be a period of at least six months before businesses need to be compliant.   You can read the final version of the bill here. In the mean time, we expect to see a consultation paper and draft regulations before final regulations are released.  The law will not come into effect until final regulations are released, and the regulations will clarify exactly what dealers in digital currency need to do to comply.

For businesses that operate in Canada or have Canadian customers (customers that are served in Canada – including via the web), this will mean registering with government agencies as an MSB, maintaining an AML and CTF compliance program, being compliant with the laws (which includes keeping records and identifying customers and reporting certain types of transactions), answering to the regulators and disclosing certain information to financial service providers.

Who Is a Dealer In Digital Currency?

Bill C-31 did not define dealers in digital currency.  Instead, the bill states that the definition will be included in the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (Regulations).  Generally speaking, being a dealer in any type of good or service implies that you are selling something for profit.  The proposed definition is likely to appear in the initial consultation paper (expected this summer) as well as the draft version of the regulations.

It’s important to note that if you are dealing in digital currency today, but not engaging in any other MSB activities, you’re still not considered an MSB and you don’t have compliance obligations (yet).

MSB Registration

Dealers in digital currency will need to register as MSBs.  Anyone dealing with customers in Canada will need to register as an MSB with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).  The process involves contacting FINTRAC to provide initial information and gaining access to the MSB registration site.  There will be a number of questions about the owners of the business, senior officers, banking relationships and projected revenues.  While the process is not costly, it can take time (in particular if the regulator requires clarification).

MSBs serving customers in the province of Quebec are also required to be licensed with the Authorite des Marches Financiers (AMF).  Licensing related fees range from about CAD 607 to CAD 2428, excluding additional fees of CAD 202 per automated teller machine (ATM) operated in Quebec.  You can learn more about the Quebec licensing process here.

Dealers in digital currency will not be able to register as MSBs at this time, but should expect to do so once the final regulations have been issued.  The registration processes can take time, and it’s useful for businesses to start the process as early as possible in order to avoid being off side with the law.

Compliance Programs

AML and CTF Compliance Programs generally have five elements:

  • A Compliance Officer (the person who oversees compliance for the organization),
  • Policies and Procedures (documents that describe what you’re doing to comply),
  • A Risk Assessment (a document that describes the risk that your business could be used to launder money or finance terrorism, and the controls that you have in place to prevent this from happening),
  • Training (this is delivered at least annually to all staff that deal with customers or transactions), and
  • Effectiveness Reviews (like an audit for compliance, these are completed at least every two years).

Some dealers in digital currency may already have voluntary compliance programs in place.  These programs will most likely need to be updated when the final regulations are published.

Operational Compliance

In addition to having a documented AML & CTF compliance program, there are certain things that MSBs need to do in order to comply with the law.  Currently, these include identifying customers when the MSB:

  • receives the equivalent of CAD 10,000 or more in cash,
  • sells or cashes $3,000 or more of traveller’s cheques, money orders, or anything similar instruments,
  • exchanges currency of $3,000 or more for another currency,
  • sends or receives international money transfers of $1,000 or more, and/or
  • suspects that a transaction, or an attempted transaction, of any amount, is related to a money laundering offence or a terrorist financing offence.

Identification in this case is tightly defined as either the MSB or it’s representative looking at an original, valid (not expired) piece of government issued identification in person (via Skype or webcam doesn’t count) or using specific methods described in the Regulations.

MSBs are also required to keep specific types of records for at least five years, including customer and transactions records.  All records must be stored in such a way that they can be quickly retrieved if the regulator requires them (generally within 30 days of the date that the regulator makes the request).  In addition, MSBs are required to report certain transactions to FINTRAC and other agencies within set timeframes.

Like having a compliance program in place, these requirements don’t apply to dealers in digital currency yet, but it’s helpful for business owners to start thinking about the types of changes that may need to be made to IT systems and processes once regulations are released.

Penalties

The penalties for non-compliance can be significant, and may include either civil penalties, criminal penalties or both.  For instance, failure to report suspicious transactions can result in penalties up to CAD 2 million and/or 5 years imprisonment.

In addition, FINTRAC may publish penalties on its website.  While monetary penalties can be substantial, it is the publication of these penalties that can ultimately be more damaging to businesses.  Few banks or other financial service providers are willing to work with organizations that have published violations for non-compliance.

What’s Next For You?

If your business is likely to be considered a dealer in digital currencies, you will have an opportunity later this year to comment on the consultation papers and draft regulations.  It is unlikely that the sector will remain unregulated in Canada for long, but you will have an opportunity to voice your opinion about the proposed changes.

In the mean time, it’s time to start thinking about what you’ll need to do in order to be compliant.  Who will your Compliance Officer be?  What changes will you need to make to your documents, systems and processes?  Although there are certain things that you won’t be able to do quite yet, you can organize your resources to be ready later this year.

If you’re concerned about the next steps and need a hand, please feel free to contact us anytime.  Conversation are always free, and if you choose to hire us for a project, we do accept payment in bitcoin.

Outlier BTC Tipping AddressTipping QR Code

Does Québec MSB Licensing Apply to Me?

We recently sought clarification from the Autorité des marchés financiers (AMF), Québec’s provincial regulator, on when money services businesses (MSBs) need to be licensed in Québec.  The Québec licensing process is completely separate from the federal MSB registration with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).  The full text of the response that we received appears below this blog entry.

Are You Required To Be Licensed in Québec?

To determine whether or not you need to be licensed in Québec, we’ve developed a chart:

Screen Shot 2014-05-19 at 2.08.51 PM

If you are offering any of the defined MSB services to people of organizations in Québec (including via the web) you are expected to be licensed as an MSB in that province.

The AMF has announced that digital currency exchanges and ATMs are also regulated under the MSB Act.

How Can You Become Licensed And What Does It Cost?

Before you apply for an MSB license, you must obtain a Québec Enterprise Number from the Enterprise Registrar.  This is a unique numeric identifier that you will use when dealing with Québec government agencies and business partners.  The registration process will cost approximately CAD 34.00 and will require you to provide documents such as your articles of incorporation.  We recommend that you speak with your tax professional about the implications of registering as an enterprise in Québec, as it is likely that you will need to consider this in future tax filings.  You can access the registration site here.

Next, you’ll need to apply for your Québec MSB license.  The AMF has developed a user guide that explains the process in plain language.  You must have a respondent (someone acting on your behalf) in the province of Québec.  If you do not have any physical operations in Québec, the respondent  can be a third party that you trust, such as a lawyer, paralegal, accountant, consultant  or other professional that will act on your behalf.  A licensing fee of CAD 650.00 applies to each category of product or service that you offer (except for ATMs).  This means that the total fee for this stage will range from CAD 650.00 to CAD 2600.00.

In addition, MSBs that operate ATMs will be required to pay a fee of CAD 216.00 per ATM machine (located in the province of Québec) later in the process.

In addition to these fees, specific security clearance fees are required.  These include CAD 121.00 for the enterprise and each of the following (that apply to your business):

  • The Respondent;
  • Officers;
  • Directors;
  • Partners;
  • Branch managers;
  • Any person or entity who directly or indirectly owns or controls the money-services business;
  • Employees working in Québec (unless they are not involved in any of the MSB business);
  • Mandataries (who are responsible for the money services offered on behalf of the MSB);
  • Officers of the mandataries;
  • Any lender that is not a financial institution; and
  • For any lender that is not a financial institution or a natural person, lender is not a natural person, its officers, directors or partners.

You must obtain consent and information from each of these individuals in order to complete the security clearance process.  You must also assemble and submit corporate documents for your MSB, including:

  • Business plan and description of business activities;
  • Financial statements;
  • Document showing legal structure of the business;
  • Document confirming appointment of respondent; and
  • Document showing corporate structure of the business.

You should expect the application process to take six to eight weeks if all of the forms are filled out completely and correctly.  It can take significantly longer if your applications are missing information or signatures.  We recommend looking over all of your documents carefully before you submit them and reaching out proactively to the AMF if you have questions about how to complete the application forms.

Need A Hand?

Many MSBs have successfully gone through this process on their own (you don’t need to hire a lawyer or consultant), but if you want a hand assembling your package and communicating with the AMF we’re happy to assist – please contact us.

Full Text Of AMF Response

As discussed earlier, any entity who executes from Québec or makes available the following money services for the people of Québec has to submit an application in order to have the Autorité des marchés financiers release a Money services business (MSB) licence:

  • Currency exchange;
  • Funds transfer (over the counter or internet);
  • Issue / redemption of traveller’s cheque, money order, bank drafts.
  • Cheque cashing
  • Operation of ATM

A corporation does not have to have an establishment, an address, a post office box or even a telephone line in Québec for it to be considered as carrying an activity in Québec as long as it conducts business for a profit. It is often the case for corporations acting in the funds transfer category.

 The first step towards registration for a MSB should first be registration as a corporate entity with the Registraire des entreprises (http://www.registreentreprises.gouv.qc.ca/). This will provide a corporation number (NEQ) to the registrant that will be required for application purposes.

 Afterwards will come the submission of the E-services access form by its appointed respondent (see section 5 of the MSB Act) along with a payment of 614$ for each money services category to appear on the licence.

 All info and documentation is available on our website (www.lautorite.qc.ca).

Keeping Your Bank Happy

For many reporting entities, a growing concern has become obtaining and maintaining banking relationships.  Most, if not all, businesses need a banking relationship to survive and prosper.  If you are an individual in Canada, you are entitled to basic banking services, but it is not so for businesses.  Banks and other financial service providers choose the business customers that they will serve.  This means that the stakes can be very high for businesses shopping for a banking relationship.

As reporting entities themselves, banks and other financial services companies have similar obligations to other reporting entities.  They must understand their customers and their customer’s transactions.  There is mounting pressure for banks to conduct due diligence that includes reviewing the compliance programs of clients that are reporting entities.  As a business owner, your best defence against losing your banking relationship is making your banker’s work easier.

This isn’t something that most business owners have spent a lot of time thinking about, but a few hours every year can go a long way towards ensuring that your banking relationships keep operating smoothly.  Based on my clients (and my own) experiences, I’ve summed up a five-step plan to help you on your way, which includes links to free resources to help you get started.

Step 1:  Have A Compliance Program (and Keep It Up To Date)

All reporting entities need to have an anti money laundering (AML) and counter terrorist financing (CTF) compliance program in place, that includes these five elements:

  1. Appoint A Compliance Officer (this is the person that is responsible for the compliance program; they should be fairly senior within your company and their appointment should be documented);
  2. Document Your Policies And Procedures (your documentation should be detailed enough to describe what you actually do, and be updated at least once a year);
  3. Create A Risk Assessment (this is a document that describes the risk that your business could be used to launder money or finance terrorism, and the controls that you have in place to prevent that from happening);
  4. Train Your Staff (this should happen at least once a year and all training sessions should be documented); and
  5. Have An AML Compliance Effectiveness Review (this is like an audit of your AML program and operations; it must be done at least every two years).

When you are creating and updating your documentation, remember that you and your staff are not the only people that will see it.  Your regulators, bankers and other people that don’t know your business the way that you do will also need to rely on your documentation.  This means that you need to write as if your reader doesn’t know your business.  Take the time to explain everything clearly.

If you need help creating a compliance program, please have a look at our resources pages for your reporting entity type or contact us.

Step 2:  Have a business plan

Your business plan should describe what you do, how you make money and include historical business volumes (for existing businesses) and predicted business volumes (for new and existing businesses).  This document should explain your business simply and clearly (to someone outside of your industry).  To make things easier for your banking service provider, you should explain the types of transactions that will go through your bank account and the estimated volumes.

Many business owners are hesitant to describe their transactions and marketing strategies in any type of document that will leave their hands.  This type of thinking can seriously harm banking relationships, especially if the bank perceives you as being secretive or evasive.  Remember that the bank needs to understand your business in order to keep you as a customer, and the easier that you can make it for them to understand, the better off you’ll be.

I’ve worked with consulting firms that charge high rates for business planning, but there is no real need to spend a lot of money creating a business plan.  There are many free resources available for Canadian businesses.  Here are some of my favourites:

Not surprisingly, the banks themselves offer many of these resources!

Step 3:  Have Contracts In Place

Any third party that is involved in your business (vendors, agents, etc) should have contracts in place, and your bankers may ask to see these agreements.  The contracts should spell out what the third party is obligated to do on your behalf and the copies of the agreements that you provide to your banker should be signed and dated by all parties.  Don’t provide original documents to your bank unless you are required to do so (often banks want copies only, as they will not be returned to you).

Many existing businesses have long-term business relationships that may never have had a formal agreement in place.  In these cases, especially if the third party is doing something like identifying customers on your behalf, you will need to get written agreements.  These don’t need to be overly complicated.  The agreement should state what all parties are required to do and when.  It can be a plain language document that you draft yourself, or something more complicated that you work on with the advice of a lawyer.  The important thing is that you have agreements in place and that they’re clear enough to allow the reader to understand how the parties are related.

Step 4:  Take The Time to Build Alliances

You don’t usually get to speak directly with your bank’s compliance department. The sales representative or branch manager is your liaison. They need to be your advocate.  In this type of scenario, a person becomes your advocate not because you’re cute or gave a nice gift but because they know, understand and can explain your business. This takes patience and time.  Remember you need them as much as they need you. Make it a no brainer for them to want you as a customer (profitable, low risk, low effort).

Your representative at the branch is your point of contact and can act as a sounding board for your documentation.  For instance, if they have requested your business plan, ask if you can walk through it with them and get their advice before it is submitted to the bank’s head office or compliance department.  Remember that they can’t write documentation for you, but they can provide excellent insights about what the bank expects to see.

Step 5:  Consider Having Audited Financial Statements Completed

In some cases, your financial service provider may require audited financial statements. Only a licensed accounting professional or firm (specifically someone with a CA or CPA) can issue this type of report in Canada.  The process involves an independent evaluation of your company’s financial statements and other documents.  The auditor expresses an opinion about your company’s financial statements, based on the audit work performed, to state if they feel that the financials are free from material errors.  This is not specific to anti-money laundering.  The audit report refers to the company’s financial risk and fraud risk, among many other topics, to give your financial service provider more comfort over the financials they are reviewing to help lower your risk profile.  While we at Outlier aren’t accountants, and don’t perform this type of work, we’re happy to recommend accounting firms that have experience with audited financial statements, including our friends at Helen Loukatos Chartered Accountant, who’ve generously given us permission to link to this Money Service Businesses Audit FAQ.

Stepping It Up

All of this is relatively simple, but it takes time.  Consider it an investment in your business.  If you need a hand getting started, please feel free to contact us.

Return to Blog Listing