Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

2019 AML Updates – Redlined Versions

The following red-lined versions have been created to reflect the changes to Canadian anti-money laundering (AML) regulations published in the Canada Gazette on July 10th, 2019.  A redlined version of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), reflecting the changes published in Bill C-97 which received Royal Assent on June 21, 2019, is also included below.

These documents are not official versions of the regulations. Official versions can be found on the Government of Canada’s Justice Laws Website.

Proceeds of Crime (Money Laundering) and Terrorist Financing Act

Please click the link below for a downloadable pdf file.

PCMLTFA_July_2019_Redline

Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations

Please click the links below for downloadable pdf files.

PCMLTFR_July_2019_Redlined_Full

PCMLTFR_July_2019_Redlined_Schedules Removed

Additional Updates to Follow

We’ll continue updating this page as we publish redlines of each of the regulations and schedules.

Need a Hand?

Whether you need to figure out if you’re a dealer in virtual currency, to put a compliance program in place, or to evaluate your existing compliance program, we can help. You can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Information Should Be Free!

Outlier has produced an open-source AML and CTF, and Privacy repositories of definitions, acronyms, and terminology that is free for whoever wants it.

Please feel free to provide contributions and/or feedback, as it would be greatly appreciated. We have already had three contributors!

Discombobulated

About a year ago, we had a client who was interacting with the world of Anti-Money Laundering (AML) and Counter Terrorist Financing (CTF) for the first time. They were aggravated by the amount of jargon, acronyms, and uncommon uses of certain commonly understood terms. An example is, a business relationship. Those of you that are relatively familiar with the AML space know a business relationship doesn’t mean what the rest of the world thinks it means. In Canada, in the AML context, it means something very different.

A Helping Hand

At the time, they wished for a simple reference point where they could easily find the meaning for different terms. Unfortunately, this entails combing multiple locations, including FINTRAC’s website, plus the Act and Regulations themselves. To make a long story short, there is no easy way. Fed up, they (not so) gently suggested that we (Outlier) fix this. Their idea was creating a GitHub repository.

For those unfamiliar with GitHub, it is a web-based hosting service for version control. It is mostly used for computer code, but has also been used to write and edit books. It offers access control and several collaboration features. A GitHub repository is where the code and/or information is maintained for a specific project. This process is fairly simple to someone who is a coder with years of experience working with GitHub. For myself, this was not so simple. A year later, almost to the day, the repository is created, open and available to the public. There is no need to be scared, you are able to comment and make suggestions without knowing how to code at all. If you can’t figure out how to provide commentary in GitHub, send it to use via email at info@outliercanada.com with the subject line “GitHub Feedback.”

The Power of Collaboration

The (not so) gentle nudge meshed well with one of Outlier’s core beliefs: that information should be free. By collecting the information, housing it in GitHub, and making it available to anyone, we are able to provide free information to everyone who wants it. By making information free and public, it gives others the opportunity to make suggestions, add content, and improve the quality of the information.

What Happens When We Work Together?

By sharing this open-source project with the world, we are looking to empower anyone willing to be empowered. From the client who is interacting with the world of AML for the first time. To the seasoned-veteran who is looking for helpful resources. To the person who wants to provide their customer with a helpful resource. Take the information and do what you wish with it. If you would like to attribute Outlier, awesome! If not, that’s ok too. Our only request is this should never be provided for a fee.

Have a Question?

If you looked at the resource and are curious about how to make a contribution, please feel free to contact us anytime. Contributions can include anything from corrections and suggestions, to the addition of different jurisdictional definitions, specifically the European perspective.

This is not a solicitation (but we do get this request often), should you want to provide a tip in BTC or ETH, our addresses are listed below.

To open a channel with our Lightning Node, our address is: 03acb418d5b88c0009cf07d31ec53d0486814bc77917c352bd7e952520edf7bf3c@99.236.76.38:9735

or you can use Tippin.Me.

bitcoin ethereum
33CdqJTw6jMWVBAveT9Ue3rPym8HPKKPow 0x03CDF23a2Eb070F2c79De5B2E6FB90671D3c70fE

FINTRAC Alert – Laundering the Proceeds of a Romance Scam

Quick Overview

On April 11th, 2019, FINTRAC published an Operational Alert issued in part with the Canadian Anti-Fraud Centre.  The information provided related to laundering the proceeds of romance scams and mass marketing fraud. The publication provided an explanation of what constitutes a romance scam, some common indicators that may be present and transaction patterns or flow of funds that may suggest fraud.

What Does it Mean?

The suspicious indicators provided by FINTRAC list circumstances or activities that might signal potential cases of individuals caught in a romance scam or the subject of a mass marketing fraud.  This does not mean that if one or more of the indicators are present that the transaction is definitely suspicious and must be reported to FINTRAC. It is meant to ensure that you are aware of the potential that suspicious activity may be taking place.  In that context, if you are involved in customer’s transactions, whether on the front lines or in back office, you must be aware of the indicators in the alert.  If you do encounter a transaction that may be considered unusual, you should attempt to collect additional information that will aid in the Compliance Officer’s decision to report it or clearly document why it was not considered suspicious. Where the Compliance Officer makes the decision to report the transaction to FINTRAC as suspicious, be sure to include “Project CHAMELEON” or “#CHAMELEON” in Part G—Description of suspicious activity in the STR. This will help to facilitate FINTRAC’s disclosure process.

What Now?

In order to ensure familiarity for anyone who interacts with customers and their transactions, the list of FINTRAC’s indicators should be included in your ongoing AML compliance training program.  Furthermore, the indicators should also be included in your procedure manuals, allowing easy access to the information.  Finally, the indicators should be incorporated into your Risk Assessment documentation.  Specifically, when determining customer risk and the controls used to effectively mitigate potential risks.

We’ve made it easier for you to integrate this content into your program by putting the indicators in a Word document for you.

Need a Hand?

Outlier has taken the list of indicators provided by FINTRAC and formatted them into an easy to use Microsoft Word document, which can be found here.  This should allow companies to easily update their documentation and ensure they are sufficiently monitoring for potential instances of romance scams or mass marketing fraud. If you aren’t sure what to do with this information and would like some assistance, please feel free to contact us.

Meaningful Consent

Meaningful Consent

The Office of the Privacy Commissioner of Canada’s Guidelines for obtaining meaningful consent became effective on January 1, 2019. The new guideline builds on examining the current state of consent in Canada (see Background section below), and is meant to assist businesses in distinguishing between those things an organization “must do” to obtain meaningful consent, and those things an organization “should do” related to consent.

The guideline is comprised of seven guiding principles for obtaining meaningful consent. These are:

  1. Emphasize key elements (What personal information is being collected, with whom personal information is being shared, for what purposes personal information is collected, used or disclosed and risk of harm and other consequences);
  2. Allow individuals to control the level of detail they get and when;
  3. Provide individuals with clear options to say ‘yes’ or ‘no’;
  4. Be innovative and creative;
  5. Consider the consumer’s perspective;
  6. Make consent a dynamic and ongoing process; and
  7. Be accountable: Stand ready to demonstrate compliance.

Consent – Must Dos

The new guideline lists out the following things an organization must do in order to meet their obligations related to consent:

  1. Make privacy information readily available in complete form, while giving emphasis or bringing attention to the four key elements (What personal information is being collected, with sufficient precision for individuals to meaningfully understand what they are consenting to, with what parties personal information is being shared, for what purposes personal information is being collected, used or disclosed, in sufficient detail for individuals to meaningfully understand what they are consenting to and risks of harm and other consequences).
  1. Provide information in manageable and easily-accessible ways.
  2. Make available to individuals a clear and easily accessible choice for any collection, use or disclosure that is not necessary to provide the product or service.
  3. Consider the perspective of your consumers, to ensure consent processes are user-friendly and generally understandable.
  4. Obtain consent when making significant changes to privacy practices, including use of data for new purposes or disclosures to new third parties.
  5. Only collect, use or disclose personal information for purposes that a reasonable person would consider appropriate, under the circumstances.
  6. Allow individuals to withdraw consent (subject to legal or contractual restrictions).

There are also requirements related to the form of consent and consent for children under the age of 13. 

Background

The new guideline builds on previous publications examining the current state of consent.

In May 2016, the Office of the Privacy Commissioner of Canada (OPC) published a discussion paper exploring potential enhancements to the Personal Information Protection and Electronic Documents Act (PIPEDA). The paper asked organizations, individuals and other interested parties to provide comments related to key issues and potential solutions to the consent model as currently formulated.

On June 15, 2017 the Office of the Privacy Commissioner of Canada (OPC) published a report on qualitative public opinion research conducted with Canadians on the issue of consent under the PIPEDA. The purpose of the research was to understand Canadians’ opinions, attitudes, and concerns with respect to consent.

It was noted that the question of consent became a recurring theme in discussions and emerged as the key measure used by participants for assessing what are acceptable or not acceptable uses of personal information by companies. There was widespread agreement among participants that consent implies both understanding and acceptance of terms and conditions related to the collection and use of their personal information.

On September 21, 2017, the OPC also published their Report on Consent in their 2016-17 Annual Report to Parliament. The report outlined recommendations to address consent challenges posed by the digital age.

Keep In Mind

Consent is one of the foundational elements of PIPEDA. To ensure your organization is always meeting requirements related to consent, you should be able to answer yes (and evidence) the following questions from the OPC’s PIPEDA Self-Assessment Tool related to consent, regardless of the types of products or services you offer:

  • You obtain customer consent for any collection, use or disclosure of personal information.
  • If you don’t obtain customer consent for the collection, use and disclosure of personal information, you have determined that it is not required under s.7 of PIPEDA.
  • You make reasonable efforts to ensure that clients and customers are notified of the purposes for which personal information will be used or disclosed.
  • You do not require clients and customers to consent to the collection, use or disclosure of personal information beyond what is necessary to fulfill explicitly specified and limited purposes as a condition of supplying a product or service.
  • You assess the purposes and limit the collection, use and disclosure of personal information when it is required as a condition for obtaining a product or service.
  • You obtain consent through lawful and fair means.
  • You allow a client or customer to withdraw consent at any time subject to legal or contractual restrictions and reasonable notice.
  • You inform clients and customers of the implication of the withdrawal of consent.
  • You consider the sensitivity and intended use of personal information, and the reasonable expectations of clients and customers in determining which form of consent (implied or expressed) you will accept for the collection, use and disclosure of personal information.

It is important to note that evidence of consent should be retained in a manner that is easily retrievable and easily sortable.  

We’re Here To Help

If you have questions about this new guideline regarding your consent obligations under PIPEDA, or compliance in general, please contact us.

Mandatory Breach Reporting under PIPEDA

Back in late 2017 we published an article on breach reportingOn November 1, 2018, the new provisions to the Personal Information Protection and Electronic Documents Act (PIPEDA) related to breach of security safeguards along with the Breach of Security Safeguards Regulations came into force.

The regulations require organizations to report to the Office of the Privacy Commissioner (OPC) and affected individuals, any breach of security safeguards involving personal information under its control, if it is reasonable to believe the breach creates a “real risk of significant harm”. Failure to report a breach is punishable by a fine of up to CAD 100,000.

On October 29, 2018, the OPC published the final guidance intended to assist organizations with the Breach of Security Safeguards Regulations. The guidance provides direction on how organizations can assess whether a breach creates a “real risk of significant harm” (the guidance provides a non-exhaustive list of the types of harm that will be considered significant) and provides a breach report form that organizations may use to report a breach to the OPC.

We’re Here To Help

If you have questions regarding how your organization will be impacted by these requirements, or any questions related to privacy legislation in general, please contact us.

Outlier Is Hiring

Outlier Solutions Inc. (Outlier) is hiring for the position of Admin Assistant, Office Co-ordinator & Jack and/or Jill of All Trades.

Start-Up Life

While Outlier has been operating successfully for five years, we are still in many ways a start-up. As we grow, we need to add a team member to get/keep us organized. We’re experts at documenting processes for our clients, but we haven’t always been great at documenting our own processes. This puts us at risk of missing things as we grow – which is an ironic problem for a risk management company, isn’t it? This will begin as a part-time position with the potential to grow into a full-time position. Hours and working location are flexible (meaning that if you need to pick up the kids, go to class, or just flat out need to take a day to get things done you’ll be able to schedule around it).

Our virtual office is based in Toronto and our core team resides in Hamilton, Oakville and Markham. We sometimes meet in Hamilton, and this is likely to be the most convenient place for our ideal candidate to be located. We are looking for someone that reasonably close to this geographic area. A driver’s license is not required but is an asset (for the right candidate, we’d consider covering the cost of getting licensed, but it does mean that we’ll also send you out on missions that involve driving).

In terms of culture, we’re super geeky. We don’t expect you to know everything about compliance, AML, etc…. but it’s helpful if you think this stuff is interesting because we talk about it. A lot.

Check us out before you apply: www.outliercanada.com

Responsibilities: 

  • Act as the first point of contact for all clients and communicate in a professional manner
  • Answer and direct external phone calls, emails, and contact forms
  • Open, sort and distribute incoming correspondence
  • Point person for maintenance, mailing, shipping, supplies, equipment, bills, and errands
  • Organize office operations and procedures
  • Manage proposals, quotations and invoices for prospective and existing clients
  • Proofread, edit and format reports/documents to ensure accuracy and brand coherence.
  • Prepare operational reports and schedules to ensure efficiency in the team
  • Create, maintain and update General Calendar
  • Assist with coordinating events and meet-ups
  • Manage social media accounts and other marketing related activities
  • Arrange and coordinate travel logistics.
  • Perform other duties and assist with special projects as required

Qualifications: 

  • Excellent project and time management skills
  • Excellent communication and interpersonal skills, including the ability to write and present information in a clear and concise manner to a variety of audiences
  • Superior organizational skills and excellent attention to detail and ability to multitask
  • Ability to work both independently and as part of a team in a fast-paced environment
  • Ability to work under stress and meet deadlines
  • Ability to think creatively and solve problems
  • Proficient computer skills, including Microsoft Office Suite (Word, PowerPoint, and Excel); scheduling appointments

Other Stuff:

Location: Position is home based with some in-office/in-person meeting requirements (including in-person training).

Job Type: Part-time

Salary: 18$/hour

Experience: 2 years

Language: English fluently, French is an asset

How to Apply:

Please upload a CV and/or resume with a cover letter telling us, in your own words, why you think there is a good fit here.

All submissions received by close of business (5 pm ET) on September 19th will be considered.

While we’re grateful for all interest, only candidates selected for an interview will be contacted following submissions.

Why rich people don’t just open a bank…

 

It can be tough to open and maintain a bank account as a crypto-business. A policy of “derisking” (when banks avoid conducting business with customers perceived as being higher risk) leaves many crypto-businesses (and other MSBs) ill-served by the existing banking system.

A not-uncommon response to this reality (i.e. we’ve had this conversation enough times to deem it worthy of a blog post) is some variation of: “I’m a rich person! Why don’t I just open a bank?”

No doubt, this impulse comes from the admirably entrepreneurial spirit of our community. There’s a problem (lack of access to banking services), so let’s solve it.

But if you don’t have a background in compliance or banking and think that you’re “just” going to magically open your dream-crypto-paradise-bank… We’re here to advise you to slow your roll. We’re not saying you can’t do it… but here are some things you should consider. Knowledge is power.

Sidenote: We’re Canadian and these notes refer to Canadian processes. There are likely to be some differences in other countries, but we won’t know what they are. If you want to know, do the research. Let us know what you find if it’s interesting.

Opening a bank is expensive.

While you may think you have the cash to spare, opening a bank is expensive, and probably more expensive than you expect, both in terms of what you need to have in reserve, and what you’ll spend initially. We’ve heard the figure of $50m buy-in—which, by the way, does not guarantee you a charter.

You will spend money for years before you serve customers.

If you’re curious about where all those millions could possibly go, you’re going to get friendly* with an army of consultants, lawyers, and accountants over the next few years. (*And by friendly, we mean pay a lot of money to).

The process of getting issued a charter is lengthy (if you don’t believe us, you may enjoy perusing the 27-page long PDF guide from OFSI on the subject) and getting this process right means your investment will be whittled away by hiring people who can help navigate you through this labyrinth. You’ll also be spending money on employees, by the way, for years before you’ll ever have the privilege of serving a customer. Years. Plural.

Your team will spend a long time pleasing regulators before you’re operational.

Yes, even though you won’t be permitted to have customers for a long time, you will still need to assemble a team that can put together all of the elements of a bank into place. Your team will spend all of their time implementing processes, demonstrating to the regulator(s) that they’ve done so, and then tweaking these processes as the regulators require or request (in these instances, a request is really a politely stated requirement). If it’s any comfort, your employees will certainly be kept busy, even without customers.

You’re probably not going to be the CEO…

Despite making the decision to open a bank, you will likely not become the bank’s CEO, or even its COO. Senior management positions at banks require regulatory approval. Regulators are looking for you to have had a long history, at a senior level, in a bank or other federally regulated financial institution

… or even on the Board of Directors.

As with senior management positions, seats on the Board of Directors require regulatory approval. Even if you successfully jump through all the hoops required to start your bank, you will likely end up with little to no say in how it is ultimately run.

Well That’s Awkward!

There’s a noble sentiment behind the desire to “just open a bank” and solve the problems you see in the current banking system. But, the risks, effort, and returns are seldom well understood. In essence, opening a bank means making a substantial investment (in both time and money) in something that may one day become an asset (but may not). You can own the bank, but will likely not run it, despite the multi-year multi-million commitment you make. Even if you’re a wealthy investor with patient money, we’d suggest that you ought to be really passionate about setting up a bank if you want to embark upon this kind of endeavour.

What can you do instead?

So, if you’re not going to start a bank but are still frustrated by the banking system as it currently stands—what can you do instead?

Frankly, we need grassroots pressure to change the system we have. It’s important for us to have discussions with the gatekeepers (regulators, traditional banking institutions) for crypto business to get access to banking services. Part of the burden of being in this space is taking the time to educate those who control access to the resources we need. We’ve found that often even people with responsibility for developing policy related to bitcoin and other virtual currencies or tokens don’t fully understand it (and therefore its risk implications). While it may be frustrating to explain that it is possible to buy a fraction of a bitcoin to someone who we really think ought to understand this already, the more we can normalize crypto within the system, the more access we can hope to gain.

And while it can be difficult to speak out if you are a business who has been refused a bank account (or had your account shut down), we’d encourage you to share your experiences of trying to find banking services. Make a complaint to the institution. Share your story with the media (even if you don’t name the FI) or contact your political representatives. You can also, at the moment, contribute your feedback on the draft legislation on AML Regulations for “Virtual Currencies.” (See this blog post for more on how to do that). Exert pressure on the existing players.

But, of course… if you’ve decided you are passionate enough (and deep-pocketed enough) to start a truly crypto-friendly bank: more power to you and definitely let us know how you get on.

We’re Here To Help

If you have questions about virtual currency and regulation in Canada, or regulation in Canada in general, please contact us.

The new 5th EU AML Directive

Coming into force by January 2020.

The new 5th EU AML Directive followed the 4th EU AML Directive quite soon, driven by the rise of digital currencies, and following the scandal of the Panama and Paradise Papers. It has only been two years since the last EU AML Directive came into force, and the EU wants to reassure its citizens and businesses that they are at the forefront of developing financial crime issues.

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

So, what are the new main changes then?

The update takes aim at:

  1. Improving transparency on the real owners of companies and trusts by establishing beneficial ownership registers;
  2. Virtual currencies are now in scope of regulation for obliged entities;
  3. The anonymous use of E-Money products such as prepaid cards are now limited; and
  4. High-risk third countries due diligence check on transactions.

Other features include enhanced co-operation and information sharing among all EU Financial Intelligence Units to make data more accessible. The FIUs would also obtain more powers under the 5th AML Directive prior to filing for a request for information.

Centralised bank and payment account registers are to be set up and access would also be granted to FIU’s for easier information sharing.

It is fair to say that the full impact of the new Directive will not yet be known. However, firms are encouraged to prepare accordingly for these upcoming changes.

For the full text of the Directive and Factsheet please peruse the European Commission website here: http://europa.eu/rapid/press-release_STATEMENT-18-3429_en.htm

Need a Hand?

If you have questions about the 5th EU AML Directive, or AML & CTF compliance generally, please feel free to contact us.

 

 

AML Changes For The Real Estate Sector

Here We Go Again! Canada’s Proposed AML Changes for Real Estate Developers, Brokers and Sales Representatives

 

On June 9th, 2018, draft amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations (there are five separate regulations that we’re going to collectively call regulations here for simplicity’s sake). This article is intended to give a high-level summary of the proposed amendments as they relate to the real estate industry.

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Finally, we want to encourage the community to discuss the proposed changes and submit meaningful feedback for policy makers. The comment period for this draft is 90 days. After this, the Department of Finance takes the feedback to the bat cave and drafts a final version of the amendments. From the time that the final version is published, the draft indicates that there will be 12 months of transition to comply with the new requirements.

What does this mean for my business?

While there are quite a number of proposed changes (the draft is about 200 pages in length), some are likely to have more of an impact on for real estate developers, brokers and sales representatives than others. We’ve summarized the changes that we expect to have the most impact below. Remember these are just proposed changes so there is no need to update your compliance material just yet.

What’s New?

Virtual Currency:

While there are not many proposed amendments that will introduce new requirements for real estate developers, brokers and sales representatives the draft regulations introduce reporting requirements for the receipt of CAD 10,000 or more of virtual currency. These basically are the same as large cash reporting obligations and will require reporting entities to maintain a large virtual currency transaction record.

The requirements for reporting and recordkeeping for virtual currency will be very similar to cash reporting requirements.

What existing requirements are changing?

24-hour rule:

The draft regulations clarify that multiple transactions performed by or on behalf of the same customer or entity within a 24-hour period are considered a single transaction for reporting purposes when they total CAD 10,000 or more. Only one report would need to be submitted to capture all transactions that aggregate to CAD 10,000 or more. For real estate developers, brokers and sales representatives this would apply to recipient of cash deposits. Specifically, this will apply to large cash transactions or CAD 10,000 or more. 

Identification:

The draft regulations replace the word “original” with “authentic” and states that a document used for verification of identity must be “authentic, valid and current. This would allow for scanned copies of documentation and/or for software that can authenticate identification documents to be used for the dual process method for real estate developers, brokers and sales representatives that identify clients in a non-face-to-face manner. Another change, related to measures for verifying identity, is that the word “verify” has been replaced with “confirm” and “ascertain” has been replaced with confirm. What this will mean exactly is still unclear (FINTRAC will need to provide more guidance once the final amendments are released). We are hopeful that it will allow for easier customer identification – especially for customers outside of Canada.

Records:

There have been some changes to the details that must be recorded in records that real estate broker or sales representative must maintain. In particular, the draft regulations add the requirement that information records must contain details of every person or entity for which they act as an agent or mandatary in respect of the purchase or sale of real property. Under the existing regulations information related to the person or entity purchasing real estate only.

Risk Assessment:

Under current regulations, reporting entities are required to assess the risks associated with its business and develop a risk assessment specific to your situation. For real estate developers, brokers and sales representatives a risk assessment must address the following four areas:

  • Products, services, and delivery channels (to better reflect the reality of the real estate sector, this workbook will now only refer to services and delivery channels);
  • Geography;
  • Clients and business relationships; and
  • Other relevant factors

A proposed amendment would require all reporting entities to assess the risk related the use of new technologies, before they are implemented.  This has been a best practice since the requirement to conduct a risk assessment came into force, but this change would make this a formal requirement.

Suspicious Transaction Reporting:

Under current regulations if a reporting entity has reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. The revised regulations add to this requirement by stating:

The person or entity shall send the report to the Centre within three days after the day on which measures taken by them enable them to establish that there are reasonable grounds to suspect that the transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist activity financing offence.

This would require reports to be submitted to FINTRAC within three days after the reporting entity conducts an analysis that established reasonable grounds for suspicion.

Schedules:

The draft regulations introduce changes to reporting schedules, requiring more detailed information to be filed with FINTRAC then previously was required. This is in addition to including information that is marked as optional, if a reporting entity has the information. As it relates real estate developers, brokers and sales representatives these changes will impact attempted suspicious and suspicious transaction reporting, terrorist property reporting and large cash reporting. Some of the additional proposed data fields are:

  • every reference number that is connected to the transaction,
  • every other known detail that identifies the receipt (of cash for large cash transactions),
  • type of device used by person who makes request online,
  • number that identifies device,
  • internet protocol address (IP address) used by device,
  • person’s user name, and
  • date and time of person’s online session in which request is made.

Such changes may be onerous for reporting entities, especially for transactions that are conducted online.

Training:

Under current regulation, if real estate developers, brokers and sales representatives use agents, mandataries or other persons to act on their behalf, they must develop and maintain a written, ongoing compliance training program for those agents, mandataries or other persons. The draft regulations introduces an additional requirement in which there must be a documented plan for the ongoing compliance training program and delivering of that the training.

What’s Next?

If you’ve read this far, congratulations and thank you!

We hope that you will contribute your thoughts and comments. You can do this by contacting the Department of Finance directly. Their representative on this file is:

Lynn Hemmings
Acting Director General
Financial Systems Division
Financial Sector Policy Branch
Department of Finance
90 Elgin Street
Ottawa, Ontario
K1A 0G5
Email: fin.fc-cf.fin@canada.ca

If you would like assistance drafting a submission, or have questions that you would like Outlier to answer, please get in touch!

Canada’s Proposed AML Changes for MSBs

What’s Old is New Again, Well Updated

On June 9th, 2018, draft amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations (there are five separate regulations that we’re going to collectively call regulations here for simplicity’s sake). This article is intended to give a high-level summary of the proposed amendments as they relate to Money Services Businesses (MSBs).

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Finally, we want to encourage the community to discuss the proposed changes and submit meaningful feedback for policy makers. The comment period for this draft is 90 days. After this, the Department of Finance takes the feedback to the bat cave and drafts a final version of the amendments. From the time that the final version is published, the draft indicates that there will be 12 months of transition to comply with the new requirements.

♬The Times Regulations Are Changing♬

Foreign MSBs

Currently, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has issued a policy interpretation (PI-5594) in August of 2013, which states that a “real and substantial connection” to Canada must be present for an entity to be required to register as an MSB with FINTRAC.  A “real and substantial connection” was defined in the interpretation as having one or more of the following:

  • Whether the business is incorporated in Canada;
  • Whether the business has agents in Canada;
  • Whether the business has physical locations in Canada; and/ or
  • Whether the business maintains a bank account or a server in Canada.

The draft amendments introduce a new definition, which is “Foreign Money Services Business” that means anyone serving Canadian customers or entities in Canada is now subject to all Canadian requirements no matter where they are located.  Throughout the proposed changes, where there is a reference to money services businesses, there is also a reference to foreign money services businesses.  This will be significant to MSBs who operate non-face-to-face in the online marketplace and do not reside in Canada.

Non-Face-To-Face Customer Identification

Currently, there is a requirement that when customers are identified using the dual process method, the document and/or data that you collect is in its “original” format. This has been interpreted to mean that if the customer receives a utility bill in the mail, they must send you the original paper (not scanned or copied) document. The word “original” will be replaced with “authentic” (meaning that so long as you believe that the utility bill is a real utility bill for that person, it doesn’t need to be the same piece of paper that they received in the mail).

In addition, there are provisions that would allow reporting entities to rely on the identification conducted previously by other reporting entities. If this method is used to identify a customer, the reporting entity must immediately obtain the identification information from the other reporting entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification within 3 days of the request.

Reporting EFTs of $10,000 or More

If you conduct international remittance transactions at the request of your customers, the requirement to report transactions of $10,000 or more will now be your responsibility, not your financial services provider.

The proposed change removes the language commonly known as the “first in, last out” rule.  This means that the first person/entity to ‘touch’ the funds for transactions incoming to Canada or the last person/entity to ‘touch’ the funds for a transaction outgoing from Canada had the reporting obligation (as long as the prescribed information was provided to them).

The update will change the reporting obligation to whoever maintains the customer relationship. So if you initiate a transaction at your customer’s request (outgoing transaction) or provide final receipt of payment to your customer (incoming transaction), it will be your obligation to report that transaction to FINTRAC.

For example, if the flow of the instructions for payment were as follows:

Currently, the reporting obligation of the outgoing EFT would fall to the bank in Canada.  With the draft updates, the reporting obligation would now fall to the MSB in Canada, because they have the relationship with the customer initiating the transaction.

 

Third Party Determination

Currently, the obligation to determine whether a third party is involved in a transaction relates to Large Cash Transactions.  The proposed changes would include the obligation to make a third party determination for all EFTs of $10,000 or more.  This would also require similar record keeping obligations as a third party determination under the current Large Cash Transaction records.

Suspicious Transaction Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. This change appeared in the last round of amendments that came into force last year, and the proposed new wording would be another significant change:

The person or entity shall send the report to the Centre within three days after the day on which measures taken by them enable them to establish that there are reasonable grounds to suspect that the transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist activity financing offence.

This means that a report would be due three days after the reporting entity conducts an investigation or does something that allows them to reach the conclusion that there are reasonable grounds to suspect.

Information Included In Reports to FINTRAC

Certain information is required in reports to FINTRAC. Even where information is marked as being optional, if a reporting entity has the information, it becomes mandatory to include it. Some of the additional proposed data fields are:

  • every reference number that is connected to the transaction,
  • type of device used by person who makes request online,
  • number that identifies device,
  • internet protocol address (IP address) used by device,
  • person’s user name, and
  • date and time of person’s online session in which request is made.

These fields may require significantly more data to be included in reports, especially for transactions that are conducted online.

Ongoing Compliance Training

Currently, there are five required elements of a Canadian AML compliance program, but there is soon to be a sixth.  Before you get too worried, it’s not that major.  The change is specific to your ongoing compliance training obligations, which says you must institute and document a plan for your ongoing compliance training program and the delivery of the training.  Basically, in your AML compliance program documentation, you need to provide a description of your training program for at least the next year and how the training will be delivered. Many MSBs have already implemented this best practice.

Risk Assessment Obligations

With the recent addition of the “New Technologies and Developments” category to the Risk-Based Approach requirements, the next logical progression has be added.  The updates include the obligation to assess the money laundering and terrorist financing risk of any new technology before implementation.  Meaning, if you are looking to take your business online and are going to use this fancy, new non-face-to-face ID system, you had better take careful inventory of where your risks are and be sure the appropriate controls have been put in place before going live. Much like the training plan, many MSBs have already implemented this best practice.

Virtual Currency

The draft updates also include major changes related to virtual currency. “Dealers in virtual currencies’ would be regulated as MSBs. New record keeping and reporting obligations would apply to all reporting entities that accept payment in virtual currency, or send virtual currency on behalf of their customers.

For more information on updates specific to virtual currency, please check out our full article.

What Next

If you’ve read this far, congratulations and thank you!

We hope that you will contribute your thoughts and comments. You can do this by contacting the Department of Finance directly. Their representative on this file is:

Lynn Hemmings

Acting Director General

Financial Systems Division

Financial Sector Policy Branch

Department of Finance

90 Elgin Street

Ottawa, Ontario

K1A 0G5

Email: fin.fc-cf.fin@canada.ca

If you would like assistance drafting a submission, or have questions that you would like Outlier to answer, please get in touch!

If you are interested in sharing your comments with the Canadian MSB Association (and we highly encourage you to do so) please email luisa@global-currency.com. She will have more information on the industry group’s submission and consultation process.

Return to Blog Listing


PROCESSING...