PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Are You BOC Registration Ready?

By now, you have likely heard of the Retail Payment Activities Act (RPAA) and associated incoming requirements, which includes the requirement to register with the Bank of Canada (BOC). To help make this a bit easier, Outlier has put together a spreadsheet that will help if you are an organization that needs to register. The RPAA (including registration) generally applies to PSPs that perform any of the following five payment functions: 

  • the provision or maintenance of a payment account;
  • the holding of end-user funds until withdrawn by the end user or transferred to another individual or entity;
  • the initiation of a payment at the request of an end user;
  • the authorization of an electronic funds transfer, transmission, reception, or facilitation of a payment message; or
  • clearing or settlement.

The requirements apply to businesses with payment activities with a place of business in Canada, or those that provide services to end users in Canada. This includes activities that many Money Services Businesses (MSBs) provide. The BOC has provided a tool to determine if an organization must register with the BOC. For organizations that do register, the registration provisions of the RPAA will take place between November 1, 2024 to November 15, 2024. It should be noted that this is different from your MSB registration under AML requirements.

The registration application itself consists of 18 sections and comprises over 200 questions. While a substantial amount of information and data is needed, the majority of information relates to business and corporate information. This includes: 

  • Ownership structure and financial information;
  • Information related to your product services and flow of funds;
  • Information related users;
  • Value/volumes related to transactions;
  • Geographic perimeter; and
  • Information related to 3rd party vendors.

It is not a requirement to provide your operational risk management and incident response framework (policy and procedures) as part of the application process.

To help aid in the registration process, we have put together a spreadsheet that will allow you to keep needed data and information organized. It will also allow you to determine if you need  assistance with sections of the registration, or understanding what these changes mean to your business. The spreadsheet is a tool to assist with registration and not meant to replace the registration guidance the BOC has published. 

Note: requirements that introduce prescribed operational risk management standards under this new regime come into force at a later date on September 8, 2025.

Outlier is here to help, so please get in touch.

Regulated Entities Now Covering the Bill For FINTRAC Compliance Costs

Written with Heidi Unrau

 

We have recently become aware that some reporting entities may not be up to speed on a new piece of regulation that came into force earlier this year. If your business has received an invoice from The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), you will want to read this article.

As of April 1, 2024, FINTRAC officially transferred the cost of its compliance activity from taxpayers to the businesses it regulates, referred to as reporting entities (RE). The move comes four years after the government announced its intention to cut the purse strings in its 2020 Fall Economic Statement. This change allows FINTRAC to start recovering costs from the 2024-2025 fiscal year.

Why the Change?

FINTRAC, Canada’s financial intelligence agency, was previously bankrolled by the taxpayer through the federal budget. The purpose of the new funding model is to align the costs of compliance with those responsible for adhering to anti-money laundering regulations. Simply put, the businesses that are legally required to comply should be the ones funding the oversight needed to ensure compliance. The move aligns with other regulatory agencies that have already established funding models allowing them to recover the costs of their supervisory functions.

Each year, FINTRAC will forecast the total cost of the program for the next three fiscal years. This will determine the amount charged to reporting entities for the upcoming year. They must aso communicate how funds were spent against plans and priorities during the previous fiscal year. This information is included in FINTRAC’s Departmental Results Report.

How the Funding Model Works

Federally regulated financial institutions such as banks, trust and loan companies, and insurance companies are always required to contribute a minimum base amount. All other entities only pay if they submit 500 or more threshold transaction reports to FINTRAC in a fiscal year (i.e. large cash transaction reports [LCTRs], large virtual currency transaction reports [LVCTRs], electronic funds transfer reports [EFTRs], and casino disbursement reports [CDRs]). These ‘other entities’ include but are not limited to:

  • Money Services Businesses
  • Dealers in Precious Metals and Stones
  • Real Estate Brokerages
  • Securities Dealers
  • Casinos
  • Etc.

The Cost Formula

FINTRAC calculates how much reporting entities need to pay based on four key factors:

  1. Type of Entity: Federally regulated entities are charged differently from non-federally regulated entities. These include banks, trust and loan companies, and insurance companies. Federally regulated entities are subject to a base amount, whereas non-federally regulated entities are not subject to this particular fee.
  2. Base Amount: This is the minimum starting fee based on the total value of assets controlled by a federally regulated entity, excluding the assets of their subsidiaries. Base amounts are tiered based on asset value in Canadian dollars. There are nine asset value ranges, from $1 to $1 trillion, with corresponding base amounts ranging from $5,000 to $250,000.
    Range of asset values Corresponding base amount
    $1,000,000,000,000 or more $250,000
    Between $500,000,000,000 and $999,999,999,999 $200,000
    Between $100,000,000,000 and $499,999,999,999 $150,000
    Between $10,000,000,000 and $99,999,999,999 $100,000
    Between $1,000,000,000 and $9,999,999,999 $75,000
    Between $500,000,000 and $999,999,999 $50,000
    Between $100,000,000 and $499,999,999 $25,000
    Between $10,000,000 and $99,999,999 $10,000
    Between $1 and $9,999,999 $5,000

    Source: FINTRAC

  3. Remaining Compliance Cost: This is the leftover cost after collecting the base amounts, divided among all types of reporting entities.
  4. Transaction Volume: Businesses that report over 500 large transactions to FINTRAC pay an additional fee on top of the base amount. Federally regulated banks are not subject to this reporting threshold.

Therefore, the more assets you have and transactions reported to FINTRAC, the higher your final bill will be. Each type of business has its own formula for calculating their share of the cost:

Type of Entity (Business) How Charges Are Calculated
Federally Regulated Banks Base Fee + extra charges based on the value of Canadian Assets.
Trust & Loan Companies, Life Insurance Companies Fewer than 500 reports: Base Fee only.

500 or more reports: Base Fee + extra charges based on value of Canadian assets and volume of large transactions reported.
All Other Entities Over 500 reports: Charges based on volume of large transactions reported compared to others in the same category.

Case Study: How Much Will They Pay?

A small, family-owned currency exchange kiosk in Winnipeg, Manitoba, operates from a single location and is not part of a chain. FINTRAC regulates this type of business as a Money Services Business (MSB). The store typically submits roughly 700 large cash transaction reports each year. Since they exceed the 500 reports threshold, FINTRAC calculates their charges like this (based on industry averages):

Calculation

  1. Base Amount: Not applicable because it is not a federally regulated financial institution (FI).
  2. Remaining Compliance Cost: Total compliance cost to be divided is $33,110,000. This is the sum of all base amounts subtracted from the annual cost of FINTRAC’s compliance program.
  3. Total Reports Submitted by All Entities: 35,000,000 transaction reports were submitted to FINTRAC for the year by all reporting entities, including banks.
  4. Total Reports Submitted by Only Non-Bank Entities: 3,500,000 transactions were submitted to FINTRAC by non-bank entities only, regardless of the transaction reporting threshold amount.
  5. Total Reports Submitted Over the Threshold by Non-Bank Entities: 3,425,000 transactions were submitted to FINTRAC by non-bank entities exceeding the 500-transaction reporting threshold.
  6. Number of Reports Submitted by The Currency Exchange Kiosk: This is the total number of transactions reported to FINTRAC by the currency exchange kiosk in Winnipeg, MB.

Final Charge

Using FINTRAC’s formula: $33,110,000 x (3,500,000 ÷ 35,000,000) x (700 ÷ 3,425,000) = $676.70

Result

The currency exchange kiosk’s total charge for the year would be approximately $676.70. Based on their reporting activity, the bill reflects their share of FINTRAC’s overall compliance costs. Because the kiosk is not a federally regulated bank, trust, loan, or insurance company, the base amount does not apply.

FINTRAC will notify the business via email with an invoice for the cost assessment. The total amount owed is final, conclusive, binding, and due in full upon receipt of the invoice.

Impact on Your Business

The additional financial burden is not ideal, especially for small businesses, but there are ways you can prepare for it. First, you’ll need to budget effectively to avoid surprise charges. Visit the FINTRAC website for a detailed breakdown of the formula used for your type of business, known as ‘Type of Entity’.

Exact charges will vary from year to year depending on the value of your Canadian assets (if applicable), the number of large transactions reported (more or less than 500), and FINTRAC’s compliance cost analysis.

Next, and most importantly, you need an effective and efficient anti-money laundering program to avoid the cost of non-compliance. Violations can result in reputational damage that negatively impacts your business as well as potentially expensive fines, known as administrative monetary penalties (AMPs). FINTRAC has recently levied record-breaking fines for serious violations by repeat offenders. These penalties are preventable and well within your control.

Need a Hand?

If you have any questions or concerns about the new funding model, reach out to us today. We’re here to help you every step of the way, from understanding your new financial obligation, to building, reviewing, or fine-tuning your AML program.

Bill C-47 Amendments To the Proceeds of Crime (Money Laundering) and Terrorist Financing Act

Background

Back on June 22, 2023, Bill C-47 received royal assent. As it relates to AML obligations, this has introduced changes to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). We have summarized what we believe to be the most significant changes below.

To make reading these changes a little easier, we (thanks Rodney) have created a redlined version of the legislation, with new content showing as tracked changes, which can be found here.

What’s Changed?

Structuring
Amendments to the PCMLTFA introduce structuring as an offence: “Every person or entity commits an offence that directly or indirectly undertakes, or attempts to undertake, a structured financial transaction.” For clarity, a structured financial transaction is a series of financial transactions that:

  • cause a regulated entity to be in receipt of cash or virtual currency or involve the initiation of an international electronic funds transfer;
  • would, if they occurred as a single financial transaction, require a person or entity referred to report to FINTRAC; and
  • are undertaken with the intent that a regulated entity will not have to report the transaction to FINTRAC.

The offence of structuring would be punishable by a fine and/or imprisonment for a term up to five years.

These requirements come into force on a day to be fixed by order of the Governor in Council (which we are still awaiting).

Money Services Businesses (MSBs)
Amendments to the PCMLTFA will prohibit MSBs from engaging with agents or mandataries convicted of certain types of offences. As such, MSBs will be required to perform due diligence on their agents to ensure that they have not committed certain designated offences.

As part of due diligence, the following documents must be obtained and reviewed:

  • a document that sets out their record of criminal convictions, or states that the person does not have one, that is issued by a competent authority in the jurisdiction in which the person resides; or
  • if the agent or mandatary is an entity, for each of the chief executive officer, the president and the directors of the entity and for each person who owns or controls, directly or indirectly, 20% or more of the entity or the shares of the entity, a document that sets out the person’s record of criminal convictions, or states that the person does not have one, and that is issued by a competent authority in the jurisdiction in which the person resides.

If any documentation is in a language other than English or French, the person or entity shall also obtain and review a translation of it.

These requirements come into force on a day to be fixed by order of the Governor in Council (which we are still awaiting).

Also as it relates to MSBs, this round of changes has criminalized the operation of unregistered money services businesses. Any business or entity that knowingly engages in MSB activity for which it is not registered with FINTRAC is guilty of an offence and liable of a fine up to CAD 500,000 and/or imprisonment up to five years.

These requirements come into force June 22, 2024.

Back in 2022, The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) published an advisory related to Underground Banking through Unregistered Money Services Businesses highlighting the risk of such activity. If you suspect individuals or businesses are operating unregistered money services businesses or foreign money services businesses, you may wish to submit voluntary information to FINTRAC anonymously.

Other Changes
The amendments to the PCMLTFA will require regulated entities to report to FINTRAC where a reporting obligation arises under the Special Economic Measures Act as well as under the Justice for Victims of Corrupt Foreign Officials Act (Sergei Magnitsky Law).

Related to Ministerial Directives, the Minister of Finance may issue orders setting conditions in respect of the trading or suspend or cancel trading of compliance units or invalidate any trade of compliance units if the Ministers are of the opinion that the trade or use of a compliance unit has a negative impact on the integrity of the Canadian financial system or its reputation.

As it relates to sharing of information, FINTRAC will be able to share information with different governmental departments, which includes sharing information with the Department of Finance for the purposes of granting, revoking, suspending or amending approvals under the Retail Payment Activities Act.

What Next?

Regulated entities that have transaction limits in place that are just under reporting thresholds (i.e., CAD 9,990) may want to rethink those limits and the reasons they are in place, due to the offence of “structuring”.

As it relates to MSB specific changes, compliance program updates may be required where existing agent relationships exist.

As with all legislative changes, we await FINTRAC guidance for clarity.

We’re Here To Help

If you would like assistance in understanding what these changes mean to your business, or if you need help in creating or updating your compliance program and processes, please get in touch.

The Proposed Retail Payment Activities Regulations

Background

On February 11, 2023, the proposed Retail Payment Activities Regulations were published in the Canada Gazette. This is to support the Retail Payment Activities Act (RPAA) which was released under Bill C-30 and received royal assent in June 2021. The Retail Payment Activities Regulations are required to bring the RPAA into force.

A Payment Service Provider (PSP) is defined as an individual or entity who performs payment functions as a service or business activity that is not incidental to another service or business activity. Certain entities, such as financial institutions, are exempt as they are regulated under other federal obligations (i.e., Office of the Superintendent of Financial Institutions’ Operational Risk and Enterprise Risk management guidelines.)

The current lack of requirements and supervision increases risks, such as the risk of financial loss in instances of business insolvency, and threats to the security of sensitive personal information. The Regulations aim to address gaps in the supervision of unregulated PSPs and are meant to align with other jurisdictions which already have regimes for PSPs.

The principles that guide the Regulations are:

  • Necessity — supervision should address risks that lead to significant harm to end users and avoid duplication of existing rules;
  • Proportionality — level of supervision should be commensurate with the level of risk posed by the payment activity;
  • Consistency — similar risks should be subject to a similar level of supervision; and
  • Effectiveness — requirements should be clear, accessible and easy to integrate within different payment services.

PSPs will be required to apply and register with The Bank of Canada (no date for this yet). There is a proposed registration fee of CAD 2500. Additionally, an annual assessment fee will be required.

In the following sections, we have summarized what we feel are the most important requirements to note.

Operational Risk Management

PSPs will have to implement and maintain an Operational Risk Framework consisting of the following:

  • Identify its operational risks (i.e., business continuity, cybersecurity, fraud, data management, information technology, human resources, process and product design and implementation, change management, physical security and third parties);
  • Protect its retail payment activities from those risks;
  • Detect incidents and control breakdowns;
  • Respond to and recover from incidents;
  • Review, test and audit its Risk Management Framework;
  • Establish roles and responsibilities for the management of operational risk;
  • Have access to sufficient human and financial resources; and
  • Manage risks from third-party service providers, agents and mandataries.

PSP must ensure that the above are proportional to the impact that a reduction, deterioration, or breakdown of its payment activities could have on end users.

Incident Response

Under the proposed Regulations, PSPs must develop a comprehensive plan for investigating, responding to and recovering from incidents that have a material impact on an end user. An incident is defined as an event or series of related events that is unplanned and that results in or could reasonably be expected to result in the reduction, deterioration or breakdown of any payment activity performed by a PSP.

The incident would be reported to the Bank of Canada and would include the following at a minimum:

  • A description of the incident;
  • The impact on individuals or entities listed in the Act; and
  • Actions taken by the PSP to respond to the incident.

There would also need to be a notice to impacted end users and other impacted parties.

PSPs can only resume operations after an incident once they have verified the integrity and confidentiality of all systems, data and information have been restored, and that it is able to perform retail payment activities without reduction, deterioration or breakdown.

Audit, Testing and Training

Under the proposed Regulations, PSP’s will have to complete various types of testing related to the Framework and have training in place.

All staff who have a role in establishing, implementing or maintaining the PSP’s Risk Management Framework must be provided with the information and training that are necessary to carry out that role.

Framework Review

On at least an annual basis, PSP’s must evaluate its compliance with regulatory requirements. Such a review is also required before any significant changes are made to the PSP’s operations or controls after an incident (defined in the section above).  The findings of the review must be reported to a senior officer.

Testing

PSPs must also establish and implement a testing methodology to determine the effectiveness of its Risk Management Framework. This must be tested at least once every three years and findings must also be provided to a senior officer.

Independent Review

In addition to the above, a PSP must have their Framework independently reviewed at least every three years. The review must be documented and describe the scope, methodology use and findings. Findings of the review must be reported to a senior officer.

Biennial Independent Review

PSPs must have requirements related to safeguarding of funds tested at least once every two years by a sufficiently skilled individual who has had no role in the establishment, implementation, or maintenance of the safeguarding requirements under a PSPs Framework. We discuss what safeguards requirements are below.

Safeguards

PSPs will be required to hold customer funds in a trust account or a segregated account, with insurance or a guarantee to safeguard end-user funds against financial losses due to insolvency.

For consumer protection, the Regulations contain requirements to protect the end user from loss. These requirements include:

  • End-user funds must be held at prudentially regulated financial institutions;
  • Insurance or guarantee cannot be from an affiliate of the PSP;
  • The proceeds from the insurance or guarantee cannot form part of the PSP’s estate;
  • The Bank of Canada must be notified at least 30 days in advance of the cancellation of the insurance or guarantee;
  • PSPs must implement and maintain a written fund safeguarding framework to ensure that end-users have reliable access to their funds without delay; and
  • PSPs must keep a ledger with the names of their end-users and the amount of funds held.

This will require detailed flow of funds documentation.

Reporting

Under the proposed Regulations , PSPs will have to complete various types of reports.

Annual Report

PSPs will need to provide an annual report to the Bank of Canada, no later than March 31 of each year.  Some of the information that must be contained in the report is:

  • A description of any changes made to the payment service provider’s risk management and incident response framework;
  • A description of the human and financial resources for implementing and maintaining the risk management and incident response framework;
  • A description of the PSP’s operational risks in respect of the reporting year, their potential causes and the manner in which they were identified;
  • A description of the systems, policies, procedures, processes, controls, including any approvals required;
  • A description of training;
  • A description of all reviews, and independent reviews; and
  • A description of any incidents that the payment service provider experienced during the reporting year.

Also, the report will need to contain certain volume and value statistics related to the services a PSP is providing.

Significant Change Report

PSPs will be required to notify the Bank of Canada, at least five days in advance, before making a significant change that could materially impact operational risks or the safeguarding of end user funds.

The information that must be contained in the report is:

  • The name and contact information of the individual who may be contacted regarding the significant change;
  • A description of the change or new activity to be performed;
  • The reason for the change or new activity;
  • The date on which the change is to be made;
  • The PSP’s assessment of the effect that the change or new activity will have on its operational risks; and
  • A copy of all documentation in relation to the PSP’s Risk Management Framework, that has been amended to reflect the change or new activity, including any necessary approvals.

If a PSP has senior officers, the change or new activity must be approved and receive formal sign off by senior management before submission of a report. This should be taken into account from a planning perspective, as it can take some time to obtain such internal approvals.

Incident Report

PSPs must report incidents that have a material impact on an end user, other PSPs, or designated financial market infrastructures, to the Bank of Canada and other impacted individuals and entities.

The information that must be contained in the report is:

  • A description of the incident;
  • What impact does the incident have on individuals and entities; and
  • What actions have been taken by the PSP to respond and remediate.

The Regulations do not make it clear what timeframe is required for reporting such incidents, however they do state the standard time to respond to a request from the Bank of Canada is 15 days. Failure to report an incident can result in an administrative monetary penalty classified as very serious.

What Does This Mean?

From the highlights, it’s evident that these Regulations will create a substantial burden for PSPs, especially ones that are smaller or just starting. A significant amount of time, resources and cost are going to be needed to manage the compliance requirements that PSPs will need to follow. If a PSP does not comply or there is partial compliance, they may be subject to administrative monetary penalties that range from CAD 1,000,000 per each serious violation, up to CAD 10,000,000 per each very serious violation. The draft Regulations did not make clear what a dispute process would like.

It should be noted that most PSPs captured under the RPAA are also considered money services businesses (MSBs), and as such must also comply with anti-money laundering (AML) compliance obligations. Check out our blog related to that here.

What Next?

Due to these changes not being final, we wait. There is no set date for when we can expect final legislation or when they will come into force, but it is a good time to start budgeting and align resources.

Also, as there is a 45-day comment period for the proposed Regulations which closes on March 28, 2023, PSPs should review the Regulations carefully and provide feedback. Comments can be submitted online via the commenting feature after each section of the proposed Regulations, via email, or via regular mail to Nicolas Marion, Senior Director, Payments Policy, Department of Finance, 90 Elgin Street, Ottawa, Ontario K1A 0G5.

We’re Here To Help

If you have questions related to the proposed changes, or need help starting to plan, you can get in touch using the online form on our website, by emailing us at info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

First AML Compliance Effectiveness Review Timing

As a company that gets to work with a lot of startups, and existing companies entering the Canadian market, we get to help folks understand the regulatory landscape in Canada. One of the required elements of a Canadian compliance program is an AML Compliance Effectiveness Review. These reviews must be completed every two years at a minimum. You can think of it like an audit, but for compliance.

The purpose of an effectiveness review is to determine whether your AML compliance program has gaps or weaknesses that may prevent your business from effectively preventing, detecting and deterring money laundering and terrorist financing. Recently, we have seen an increased focus on Effectiveness Reviews during FINTRAC examinations. Specifically, on whether the review really tested the effectiveness of the compliance program as a whole (not just what you say you’re doing, but also what you’re actually doing). This has led to FINTRAC examiners requesting the working papers for completed effectiveness reviews where the report did not clearly describe how the effectiveness was tested and assessed. This is the main reason Outlier has started providing our working papers with the final report. This also provides a pretty good reference point for making sure you are meeting your regulatory expectations.

First Time for Everything

In previous engagements, Outlier has operated on the theory that the clock for when your first review was due stemmed from the MSB’s FINTRAC registration date. However, we were incorrect. It wasn’t until a recent conversation where the registration date preceded any customer transactions by six months, that really spurred on an official clarification from the regulator. The trigger for the 2-year clock to start ticking is not registration but “a registered MSB is required to create a compliance program once it engages in one or more of the MSB-related activities.” This means that the clock starts ticking after the MSB has conducted their first transaction.

Here is a PDF version of the policy interpretation we received from FINTRAC that you can keep for your records.

Potential Corrections

If we have completed a review for you in the past that has a commencement date prior to your first customer transaction, please feel free to reach out so we can amend your report to the proper date.

Upcoming Effectiveness Reviews

While this article talks about your first review, you must also be sure to initiate all subsequent reviews within 2 years of the start date of your previous review. Please note that this is based on the previous commencement date, not the date of completion or issuance of the final report.

Need a Hand?

If you are looking for an idea of pricing for an upcoming review or have questions about a review that is currently underway, please feel free to contact us.

FINTRAC MSB Registration Expired?!?

FINTRAC Registration

Over the past few months, we have heard from several money services businesses (MSBs) that have experienced issues in renewing their MSB registrations with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). In most cases, these issues are easily resolved. However, if MSB registration issues are not addressed promptly, administrative monetary penalties (AMPs) or criminal charges may ensue.

It is likely that registration-related issues have become more common as FINTRAC is increasingly requesting additional information or clarifications from MSBs as part of the initial registration and registration renewal process. These requests are sent via email to the contact person listed in the MSB registration form.

Check Your MSB registration Status

You can view the status of your MSB registration by searching for your business on the public MSB registry. While this article is about the MSB registration status, anytime you are on this page, it is a useful practice to check to ensure that all of the information is up to date. There are several possible options for the “Registration status of MSB” field:

Registered: this is the status that is displayed for active MSBs. The detailed view will also show the expiry date of the registration.

Ceased: this status is displayed when an MSB has cancelled their registration (e.g. because the business is no longer conducting MSB activity or is only performing MSB activity as the agent of another MSB).

Expired: this status is displayed when an MSB has not submitted an MSB registration renewal on time, has not responded to requests for information from FINTRAC, or has not provided sufficient information to FINTRAC to complete the renewal process.

Revoked: this status indicates that FINTRAC has revoked an MSB’s registration.

If the Expiry Date is Coming Up Soon

If you notice that your MSB’s registration is expiring soon, there are several steps that you should take proactively. First, make sure that you have your login credentials and access FINTRAC’s secure MSB Registration portal. On the left-hand side of the screen, you may see an option to submit your renewal application. If this option is not yet present, it is still a useful practice to select “view completed form” and review the MSB information to ensure that everything is up to date. If there is anything that needs to be updated, you can update the form (information must be updated within 30 days of any changes; do not wait for the renewal date to make updates).

If the renewal can be processed at this time, make sure that you take the time to look at all data fields. Are these fields complete and accurate? Does the information related to the MSB’s beneficial ownership match what will be found in any corporate registries (if not, additional information and/or correction may be required before the registration can be processed). FINTRAC may request additional information by email, and your registration will not be renewed until these queries have been satisfied.

If the Registration is Expired

If you notice that your registration has expired, you should immediately access FINTRAC’s secure MSB Registration portal to renew it. It may be that you have simply missed a deadline, or that you did not notice an error message or request for additional information from FINTRAC. Whatever the cause, you should work to resolve the issue and renew the registration as soon as possible.

If you are not able to renew the registration, contact FINTRAC immediately by emailing guidelines-lignesdirectrices@fintrac-canafe.gc.ca and MSBRegistration@fintrac-canafe.gc.ca immediately with the subject line “URGENT – MSB Renewal Issue – Renewal Date Passed”.

  • In the body of the email, let them know:
  • The company name and MSB number
  • That you have been attempting to renew the MSB registration
  • If you have responded to any requests for additional information, the details of these correspondences (attach copies if possible)
  • Ask what information is needed at this stage to renew the MSB registration

Keep a copy of this and all communications with FINTRAC.

You may also want to consider making a voluntary self-declaration of non-compliance (VSDONC) to FINTRAC. For help with disclosures, check out our previous blog post.

If you receive a “Notice of Violation”

Where an MSB registration is expired, and the MSB continues to perform MSB activities (other than as an agent for another MSB), a penalty may be assessed, and a “Notice of Violation” may be issued. At this stage, a law firm should be engaged (we’re happy to recommend competent firms if this is something that you need). There are specific and relatively short timeframes for all response steps, and this should be treated as urgent.

We’re here to help.

If you are not sure what to do next or need assistance with compliance, please get in touch.

EFTs, PSPs & Crowdfunding : Canada’s Changing Regulatory Landscape

On April 27th, 2022 amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) and associated regulations related to penalties for non-compliance were passed. These amendments were unusual, as there was little prior public consultation, no pre-publication for public comment, and they came into force “on publication” (right away). This is particularly unusual, as new business models were included in the money services business (MSB) and foreign money services business (FMSB) categories.

Specifically, a number of payment services providers (PSPs) became MSBs through a change in the definition of electronic funds transfers (EFTs), and companies that provide crowdfunding services also became MSBs/FMSBs. Historically, these types of changes would have included a pre-publication of the proposed amendment with time for industry participants to comment. There is also, generally, a period of time between the publication of final amendments and the coming into force date (often a year). Absent these buffers, both industry and Canada’s AML regulator, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) have been scrambling to assess the many nuances of the amendments.

While we’ve seen a number of responses to individual applicants for MSB registrations and requests for policy interpretations from FINTRAC, today’s release was the first substantial piece of public guidance from the regulator. For those inclined, it can be accessed here: https://fintrac-canafe.canada.ca/notices-avis/2022-07-21-eng

EFTs and PSPs

What may have seemed like an inconsequential change to the definition of EFTs, which removed certain exemptions, has significant impacts on payment services providers.

“As payment services are not a prescribed service under the PCMLTFA, FINTRAC is taking the position that persons or entities that provide invoice payment services or payment services for goods and services are engaged in the business of remitting or transmitting funds, or dealing in virtual currency.”

FINTRAC’s guidance goes on to define each of these activities and the (very limited) exemptions in each case.

Crowdfunding

While crowdfunding gets a nod in the title of the guidance, it doesn’t really factor into the substance of today’s piece. There are definitions in the amendments themselves in this case, and it’s likely that additional guidance will follow as FINTRAC works through these registrations.

crowdfunding platform means a website or an application or other software that is used to raise funds or virtual currency through donations. (plateforme de sociofinancement)”

crowdfunding platform services means the provision and maintenance of a crowdfunding platform for use by other persons or entities to raise funds or virtual currency for themselves or for persons or entities specified by them. (services de plateforme de sociofinancement)”

FINTRAC’s MSB/FMSB Registration Process

The guidance notes that FINTRAC is working on getting businesses registered “over the next several weeks.” As there are many businesses that will be newly registering as MSBs or FMSBs, industry participants should expect some delays. It has also become much more common for FINTRAC to ask for additional details about the business, such as the business model and flow of funds.

There is also a tool to check to see if your business should be registered: https://www.fintrac-canafe.gc.ca/msb-esm/questions/2-eng

If you’re ready to register, you can find an overview of the process and links to the pre-registration form here: https://fintrac-canafe.canada.ca/msb-esm/register-inscrire/reg-ins-eng

Requesting Policy Interpretations

There are two important FINTRAC email addresses. If you have a question specifically about whether or not your business should register, first try msb-esm@fintrac-canafe.gc.ca.

For other policy interpretation requests (or if your request is particularly complex), your best avenue is most likely guidelines-lignesdirectrices@fintrac-canafe.gc.ca.

Enforcement Actions

FINTRAC’s guidance indicates that the regulator will take a reasonable approach to entities required to register.

“We understand that there will be challenges in meeting certain obligations. FINTRAC will be reasonable in its assessment and enforcement approach, and is committed to working with reporting entities subject to the PCMLTFA and its Regulations to increase their awareness, understanding and compliance with their obligations. Please continue to monitor our website for updates or additional guidance.”

This gentle approach will not last indefinitely. If your business needs to be registered (and get its house in order AML compliance-wise), it’s time to get started.

We’re here to help.

Whether you want a hand drafting a policy interpretation request, an AML compliance program, or training for your newly minted AML Compliance Officer (congratulations, I’m sorry), we’re here to help. Please get in touch.

Effectiveness Reviews for Dealers in Virtual Currency

Effective June 1, 2020, dealers in Virtual Currency activities were considered as Money Services Businesses (MSBs) and as such, must comply with MSB obligations under amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). One obligation is to have an AML effectiveness review at least once every two years. MSBs must start their effectiveness review no later than two years from the start of their previous review or in the case of dealers in Virtual Currency, no later than June 1, 2022, the date they were considered to be MSBs under law.

Such reviews must test your compliance program and effectiveness of your operations. Our reviews follow a similar format to examinations conducted by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), which you can read more about in a previous Blog Post.

We’re Here To Help

If you have not yet engaged or commenced your review, there are still a couple of weeks to be compliant. If you would like to engage Outlier to conduct your AML Compliance Effectiveness Review or have questions regarding this obligation, please get in touch.

Amendments To The Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations – 2022

Background

On April 27, 2022 amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations were published in the Canada Gazette. To make reading these changes a little easier, we (thanks Rodney) have created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

The Regulatory Impact Statement for these changes state the following:

Crowdfunding platforms and some payment service providers are not currently covered by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the Act) and therefore have no money laundering and terrorist financing obligations under federal statute. This lack of oversight presents a serious and immediate risk to the security of Canadians and to the Canadian economy. This risk was highlighted in early 2022, when illegal blockades took place across Canada that were financed, in part, through crowdfunding platforms and payment service providers. Allowing these gaps to continue represents a risk to the integrity and stability of the financial sector and the broader economy, as well as a reputational risk for Canada.

Amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations, and consequential amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations, will help prevent the financing of illegal activities through these types of financial services.

What’s Changed?

The changes are substantial and sudden. They will affect many companies that have not been previously under the purview of AML regulation in Canada. These changes are effective immediately and there is no comment period, which is not the norm for such changes.

To help digest these changes, we have summarized what we feel are the most important changes below:

The definition for an electronic funds transfer has been removed and the corresponding section within the body of the regulations was amended. Previous exemptions related to remitting or transmitting from one person or entity to another by Credit or Debit Card, or Prepaid Payment Product if the beneficiary has an agreement with the payment service provider that permits payment for the provision of goods and services, has been revoked for money services businesses, which as we mentioned now includes Payment Service Providers.

The definitions section was amended by adding the following:

  • crowdfunding platform means a website or an application or other software that is used to raise funds or virtual currency through donations. (plateforme de sociofinancement)
  • crowdfunding platform services means the provision and maintenance of a crowdfunding platform for use by other persons or entities to raise funds or virtual currency for themselves or for persons or entities specified by them.

With these changes, crowdfunding platforms and payment service providers will now be subject to existing money services businesses requirements. These obligations include:

  • Registration with FINTRAC;
  • Developing a compliance program;
  • Customer identification and due diligence;
  • Transaction monitoring and customer risk scoring;
  • Reporting certain transactions to regulators and government agencies;
  • Complying with Ministerial Directives; and
  • Keeping records.

Specific to record keeping, crowdfunding platforms that provide services to persons or entities in Canada where a person donates an amount of CAD 1,000 or more in funds or virtual currency will need to:

(a) keep an information record in respect of the person or entity to which they provide those services;

(b) keep a record of the purpose for which the funds or virtual currency are being raised; and

(c) if the person or entity for which the funds or virtual currency are being raised is different from the person or entity referred to in paragraph (a),

      1. keep a record of their name, and
      2. take reasonable measures to obtain their address, the nature of their principal business or their occupation and, in the case of a person, their date of birth, and keep a record of the information obtained.

What Next?

Due to these changes, FINTRAC will need to revise its interpretation of existing requirements to include crowdfunding platforms and payment service providers. There is no set date for when we can expect guidance from FINTRAC. Additionally, various FINTRAC policy interpretations will no longer be able to be relied upon (i.e. policy interpretations related to merchant services as well as payment processing for utility bills, mortgage and rent, payroll, and tuition being exempt from AML obligations). The hope is FINTRAC will issue new policy interpretations, but for now the industry is left with many questions.

We’re Here To Help

If you would like assistance in understanding what these changes mean to your business, or if you need help in creating or updating your compliance program and processes, please get in touch.

The Iran Ministerial Directive’s Impact

Quick Overview

On July 25, 2020, a new Ministerial Directive (MD) was published in the Canada Gazette by the Minister of Finance on financial transactions associated with the Islamic Republic of Iran.  On July 27, 2020, FINTRAC issued guidance on how to incorporate the MD into your anti-money laundering (AML) program, along with some indicators for determining if a transaction is associated with Iran. This MD requires that every transaction originating from or bound for Iran be treated as high risk, regardless of the amount. This includes identifying every client, performing customer due diligence, and recording certain information. It is vital that your AML compliance program documentation contains internal processes related to MDs, even if you do not conduct transactions with Iran (or North Korea, based on the previous MD issued December 9, 2017).

What is a Ministerial Directive?

MDs are specific requirements imposed by the Minister of Finance that are meant to mitigate risks associated with activities that pose elevated risk and safeguard the integrity of Canada’s financial system. To date, these areas of elevated risk have been identified by the Financial Action Task Force (FATF) as posing strategic deficiencies with regards to international standards for anti-money laundering and counter terrorist financing.

What does this Ministerial Directive require?

The guidance from FINTRAC states that every bank, credit union, financial services cooperative, caisse populaire, authorized foreign bank and Money Services Business (MSB) must:

  • Treat every financial transaction originating from or bound for Iran, regardless of its amount, as a high-risk transaction;
  • Verify the identity of any client (person or entity) requesting or benefiting from such a transaction;
  • Exercise customer due diligence, including ascertaining the source of funds in any such transaction, the purpose of the transaction and, where appropriate, the beneficial ownership or control of any entity requesting or benefiting from the transaction;
  • Keep and retain a record of any such transaction;
  • Determine whether there are reasonable grounds to suspect the commission or attempted commission of a money laundering or terrorist financing offence and report all suspicious transactions to FINTRAC;
  • Reporting all other reportable transactions (if applicable).

To be clear, this MD does not apply to transactions where there is no suspicion or explicit connection with Iran and there is no evidence of the transaction originating from or being bound for Iran. A couple of examples were provided in the FINTRAC Guidance:

  • A client who has previously sent funds to Iran requests an outgoing EFT, where the transaction details do not suggest that this transaction is bound for Iran and you are unable to obtain further details about the transaction destination; or
  • The client’s identification information is the only suggestion of a connection to Iran (for example, a transaction where the conductor’s identification document is an Iranian passport).

What does it mean to you?

It is important to understand that even if your business does not facilitate transactions involving Iran, it is expected that you have a process in place for adhering to MDs, including how the Compliance Officer stays up to date. Within your AML compliance program documentation, you need to have a section that talks about MDs generally, plus specific procedures related to handling the current MDs (transactions involving Iran and North Korea). In the FINTRAC guidance related to this MD, it states that during an examination, FINTRAC will assess your compliance with MDs and failures to do so are considered very serious and may result in a penalty.

What now?

In order to ensure familiarity for anyone who interacts with customers and their transactions, the list of FINTRAC’s indicators should be communicated immediately.  Furthermore, the indicators should also be included in your procedure manuals and annual AML compliance training topics, allowing easy access to the information. Documenting the information and related processes for MDs is very important so you can demonstrate to FINTRAC your adherence to the requirements during an examination.

Need a hand?

We’ve made it easier for you to integrate this content into your program by putting the information into a Word document for you. If you aren’t sure what to do with this information and would like some assistance, please feel free to contact us.

Return to Blog Listing