PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

The FINTRAC Outage: Guide for AML Reporting Agencies

Written with Heidi Unrau

 

On March 2, 2024, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) experienced a major cyber incident. As a security precaution, FINTRAC has taken most of its reporting systems offline, including MSB registration. Canadian reporting entities remain responsible for all anti-money laundering (AML) requirements during the outage.

Application programming interfaces (APIs) are available for some reports, including large cash transaction reports (LCTRs), large virtual currency transaction reports (LVCTRs), and suspicious transaction reports (STRs), as of April 8, 2024.

Reporting entities that are not able to submit reports via API must do so once other systems are back online. In the interim, special processes for priority STR submission and other notifications have been established.

Watch for Official Guidance

It’s essential that you follow FINTRAC’s official communications regarding the outage. Outlier’s insights are meant to complement this directive, not replace it. The official word from FINTRAC remains the final authority on these matters.

It is recommended that all Canadian AML Compliance Officers sign up for FINTRAC’s mailing list to get the latest news from the regulator (if you are not signed up already).

Accessing FINTRAC’s APIs

As of April 8, 2024, FINTRAC APIs are currently available for:

  • LCTRs
  • LVCTRs
  • STRs

An API is a way for different computer programs to communicate with each other. To use FINTRAC’s APIs, reporting entities must first apply to register and be granted access by FINTRAC. The implementation of APIs for reporting will require the support of your technical team or software provider. Reporting via API is different from batch reporting (for those that use it) as the API provides a secure exchange of information that does not require the installation of batch-transmitting software.

For reporting entities that have not implemented API functionality, additional guidance has been provided by FINTRAC.

Priority STRs

For priority STRs with national security or other dangerous implications, FINTRAC has provided a dedicated email address and telephone number to help you with this (see below).

Please note that the CSIS and RCMP systems for Terrorist Property Reporting (TPR) are unaffected by the outage and remain operational.

Priority STR Submission Contact Info:

  • Email: STR-DOD@fintrac-canafe.gc.ca
  • Call Centre: 1-866-346-8722 (toll free)

Reporting entities that are unsure of whether or not an STR is considered a priority may first contact FINTRAC using the information above to determine whether this submission method should be used. It is expected that STRs submitted via this method will also be re-submitted once systems are back online.

No Late Reporting Penalties

FINTRAC has indicated that the regulator understands that late reporting is an inevitable consequence of the outage. Therefore, FINTRAC has indicated that reporting entities will not be penalized for late reporting (within reason). It is expected that reporting entities will submit reports promptly once systems are back online.

Fulfilling Reporting Obligations

During the outage, reporting entities are required to track all reportable transactions. Keep detailed records of transactions that could not be reported during the outage. This will ensure that all required transaction reports are accurately and efficiently submitted once systems are restored.

In addition to information about reportable transactions, reporting entities should keep detailed records of:

  • The outage timing (provides useful context that may factor into future audit and examination-related data analysis)
  • All late reports submitted
  • Time required to clear the backlog once systems become operational

At this time, FINTRAC has not indicated that reporting entities should submit a voluntary self-declaration of non-compliance (VSDONC) related to late reporting due to the current outage. However, if there is a reporting backlog that will take significant time to clear, this may be considered once the outage has been resolved.

No Paper Submissions!

FINTRAC has explicitly advised against submitting paper copies of reports during the outage. Once the issue has been resolved, electronic reporting through the appropriate channels will resume.

MSB Registration & Inquiries

In a recent update on May 17, 2024, FINTRAC introduced a new web form specifically for existing Money Services Businesses (MSBs). This form allows currently registered MSBs to renew, update, or cancel their registration easily. You can access the form here:

It does not appear that new MSB registrations can be completed at this time. MSB registration inquiries can be directed to:

Be Prepared & Stay Alert

Stay up to date on the latest FINTRAC communications to ensure compliance should directives change.

For critical reporting and MSB registration needs, use the designated emails and phone numbers provided by FINTRAC. Keep all communications clear, concise, and accurate with all the necessary information.

Key FINTRAC Contact Information

Issue Email Phone
New MSB Registration Inquiries MSBRegistration@fintrac-canafe.gc.ca n/a
Existing MSB Registration Renewals, Updates, or Cancellations https://forms-formulaires.alpha.canada.ca/en/id/clwtp4i5j031kx883je15qc78? n/a
Priority STR Reporting STR-DOD@fintrac-canafe.gc.ca 1-866-346-8722
General Inquiries guidelines-lignesdirectrices@fintrac-canafe.gc.ca n/a
API Support tech@fintrac-canafe.gc.ca n/a

Additional Resources

Below, you’ll find a slide deck presentation and a YouTube video with the same information in this article. You are welcome to use and distribute these resources:

Need a Hand?

If you have any questions or concerns, the team at Outlier Solutions are here to help. Please contact us.

Interview with SafetyDetectives: A Deep Dive into AML and Data Privacy

In a candid interview with SafetyDetectives, Amber Scott and David Vijan, co-founders of Outlier Compliance Group, delve into the intricacies of anti-money laundering (AML) and data privacy in the evolving landscape of financial regulation. With backgrounds as former bankers turned compliance experts, Amber and David offer a unique perspective on the challenges and innovations shaping AML strategies today.

Can you please introduce yourself and talk about your role at Outlier?

Amber: Hi, I’m Amber Scott, the co-founder and CEO at Outlier Compliance Group. David and I were both previously bankers, working in the compliance space. For me, the idea for Outlier started once I left banking and started working in the consulting space. I saw how the leverage model worked, which was the idea that, essentially, if you throw enough smart folks at a problem, you can solve it. This was really different from the approach that Malcolm Gladwell espoused in his book Outliers, which is the idea that to be terribly good at something, you have to practice it a lot, roughly 10,000 hours.

When Outlier was founded, the idea was really that everyone on the team would have at least 10,000 hours of in-house compliance experience, so that people would understand compliance, how organizations work, and how operationalizing those concepts really worked in the long term.

David: Hi, I am David Vijan. I am a co-founder and CRO here at Outlier. We are an AML consulting firm, a compliance consulting firm, that specializes in AML, privacy, and other regulatory compliance consulting matters.

With financial crime tactics becoming more sophisticated, what sets your AML solution apart from others in detecting these threats?

Amber: I think it’s important to preface that our solutions are really consulting services, as opposed to software. When it comes to software, I won’t say that we’re exactly software agnostic, because we do recommend solutions and we always look for those solutions to be a good fit for our clients. However, in theory, we could work with any software solution.

I think that there are always two really important considerations.

  1. Does the software in question meet the regulatory requirements? Meaning, is it up to the regulator’s expectations in terms of what needs to be implemented.
  2. Does it manage the risk effectively?

Ideally, both of those conditions are met.

How does artificial intelligence and machine learning play a role in your solution’s detection and reporting capabilities?

David: As Amber mentioned, our wheelhouse is not in software related solutions per se. AI in general is great. We do have to remember the rule of garbage in, garbage out. That’s definitely something that we have to keep in mind here. AI really has to be understood by compliance staff.

We’ve seen compliance teams play around with AI, and they’re trying to develop policies and procedures using it. And while it does spit out something, it doesn’t have the level of detail that would meet the expectations of the regulator. It wouldn’t pass muster.

That’s a very important piece to the process, as it needs to be explainable to the regulator, but also meet their requirements and expectations. Because at the end of the day, it’s the regulator’s expectations that we’re really trying to satisfy.

Also, with AI, the rationale for decisions needs to be able to be translated into human-readable language. If you present something to someone, and they’re not able to recreate or understand it, it doesn’t really meet the needs of our regulatory obligations or the capabilities of what we need it to do.

Amber: This is incredibly important in an examination context with your regulator. If you’re an in-house compliance person, and you’re going to be called upon to explain how you came to a certain decision. The answer can’t be “I did what the robot told me to do”, “it came out of a black box”, or “we don’t understand the rationale for a decision”. It has to be something that you can translate to human-readable, human-understandable language, and that needs to be part of your documentation all the way down.

How do you approach data privacy and security, especially when dealing with sensitive financial data?

Amber: Amber: I think it’s important to acknowledge that there’s a natural tension between anti-money laundering (AML) and privacy. For us, at Outlier as a service firm, we consider it to be very important to minimize the amount of data and personal information that we ingest, particularly when we’re talking about our customer’s customer.

However, that’s not always practical or even possible for our clients who have very different requirements. From their perspective, it’s always important to understand:

  • Where the data lives across various systems
  • How you are using that data
  • How different systems are communicating with one another, both your own internal systems and your vendor systems, that you’re going to be using to do various functions.

Having a solid mapping of where that personal information, or PI, lives, and how that PI is used, is incredibly important and to keep that updated on a regular basis.

At the other end, not just knowing what’s happening during that lifecycle, but you need to have a plan to be able to anonymize or purge PI that’s no longer required, or no longer in use.

There’s this funny thing about data that when we’re holding on to personal information or sensitive information, the risk associated with that data never goes away. It can actually increase over time where the usefulness of that data decreases over time. So you have something that just stays risky but doesn’t stay useful to you. That alone needs to be a motivator to start to look at how we age off this data and how we move away from just retaining data forever. That doesn’t necessarily have a use for us. And that isn’t something that we could justify having if it were problematic.

David: Those are very important pieces. In our consulting services, we often see clients that don’t know where the data lives. It’s really important to understand where it’s mapped. Under privacy legislation, and we’re not really going to get into that, there are principles and one of them is limited use. Consent is given for a certain piece and sometimes we hear the business say, “Oh, well, we’ll use the data for something else later.” Well, there’s a whole other consent requirement you have to go back to. To Amber’s point, is there really a reason to hang on to data as it ages? Yes, in some cases, there are regulatory requirements, but we’ve seen data that goes back 10 – 20 years still in organizations systems. Is there a reason it’s still there and what is the risk? It’s probably not worth hanging on to it that long.

Can you discuss the significance of real-time monitoring versus batch processing in AML detection and reporting?

David: There definitely is value in having both approaches, and often you need both. Real-time is going to help with certain things such as fraud in progress, things that need to be captured right away. An example of that is listed person or sanctions. Those are transactions that you want to stop and that’s where real-time is going to really be important.

But sometimes batch reporting is needed because it actually learns. There are longer transaction patterns that it’s detecting, that will actually help you with different types of alerts. It’s important to look over those patterns over time and for those parameters to be changed. So that the system adapts over time and patterns become normal.

Amber: Absolutely. Nothing stays the same, except for the idea that things will change eventually.

That segues nicely to our next questions. How do you see the future of AML evolving, especially with the advent of new payment methods and financial technologies?

I think it’s important to say that monitoring at scale is impossible without technology solutions. We still, from time to time, see things where people are saying all of our monitoring is manual. I think we’re coming into a space where that’s not going to be the expectations of regulators at all. And it’s important to note that. There is an expectation that we’re using some kind of technology solution, and those solutions are going to continue to evolve.

The best solutions, in my opinion, consider the whole scope of a customer’s activity. This means their activity across different products and services. For example, if a customer has a mortgage, checking account, and credit card with us, we’re not looking at the risks of each of those products in isolation. We’re seeing the scope of the activity across all the products and services that the customer is using with us.

We’re also looking at the changes in patterns over time. We’re bringing in open-source intelligence or OSINT. So, what do we know about that customer from different potential sources? Where there’s virtual currency, we’re also looking at the risks that can be incurred from on-chain activity. If we know that a certain wallet is associated with that customer, we look at the risk of that wallet, not just in the transactions that are happening with our institution, but we’re able to monitor the general level of that wallet over time and what that wallet is interacting with.

Similarly, we can see connections between customers, so groups of people and entities that transact with each other, people that may own companies or entities together, sit on boards together, those types of things where you have multiple touchpoints between individuals. I think, in particular, if there’s one of those individuals that suddenly becomes high risk, that’s something that can trigger us to take a look at the other individuals to see if they may be involved in similar activity that would also change their risk ratings.

I think one of the biggest challenges is still data across various regions and across various languages. As we move more towards open banking and open data, I think this becomes very interesting because there are a number of external data points that we’ll be able to pull in and use in terms of monitoring and risk in very novel ways that we don’t necessarily see today.

 

Final Amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations – October 2023

Background

On October 11, 2023, final amendments to regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act were published in the Canada Gazette. The most noteworthy changes fall under the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations and the addition of a new regulation. This round of anticipated changes introduces the compliance requirements for armoured car companies and mortgage lending entities. Additionally, FINTRAC will now be able to charge businesses and individuals for the annual cost of its compliance program as part of its assessment of expenses funding model.

Other changes include the new requirements for correspondent banking relationships, and additional requirements related to the Money Services Business (MSB) registration.

To make reading these changes a little easier, we (thanks Rodney) have created a redlined version of the regulations, with new content showing as tracked changes, which can be found in a combined document here.

What’s Changed?

From the draft regulations published back in February of this year, there have not been significant changes to the final publication. As expected, entities that collect currency, money orders, traveller’s cheques, or other similar negotiable instruments (except for cheques payable to a named person or entity) will be treated as a new category of MSB. With these changes, such providers will be subject to existing money services businesses requirements.

With respect to mortgage lenders (brokers responsible for mortgage origination, lenders responsible for underwriting the loan or supplying the funds, and administrators responsible for servicing the loan), they will now have to comply with AML compliance requirements imposed on reporting entities. Note the definition of a mortgage lender was changed slightly from the draft regulations, narrowing the scope of who is captured.

As part of the assessment of expenses funding model, the new Financial Transactions and Reports Analysis Centre of Canada Assessment of Expenses Regulations will allow FINTRAC to pass on expenses, to reporting entities, that it incurs in the administration of the PCMLTFA. Note there have been some changes to the formula that will be used for assessment amounts. The base assessment amount for federally regulated banks, trust and loan companies, and life insurance companies will be based on their value of consolidated Canadian assets that excludes its subsidiary’s reported value of Canadian assets. Guidance related to how reporting entities will be charged has been issued and can be found here.

Please refer to our previous blog post that outlines details on the changes and the exact requirements that will come into force.

What Next?

Requirements for armoured car companies come into force on July 1, 2024, and October 1, 2024 for mortgage lending entities. Effective April 1, 2024, FINTRAC will commence recovering costs from the 2024–25 fiscal year.

In the meantime, FINTRAC will have to issue guidance related to cash transport and mortgage lending. Additionally, there may be FINTRAC policy interpretations that will no longer be able to be relied upon, as it relates to cash transport and mortgage lending.

While we await guidance, armoured car and mortgage lending entities should start working on developing their compliance program in anticipation of the respective in-force dates noted above.

We’re Here To Help

If you would like assistance in understanding what these changes mean to your business, or if you need help in creating or updating your compliance program and processes, please get in touch.

Bill C-47 Amendments To the Proceeds of Crime (Money Laundering) and Terrorist Financing Act

Background

Back on June 22, 2023, Bill C-47 received royal assent. As it relates to AML obligations, this has introduced changes to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). We have summarized what we believe to be the most significant changes below.

To make reading these changes a little easier, we (thanks Rodney) have created a redlined version of the legislation, with new content showing as tracked changes, which can be found here.

What’s Changed?

Structuring
Amendments to the PCMLTFA introduce structuring as an offence: “Every person or entity commits an offence that directly or indirectly undertakes, or attempts to undertake, a structured financial transaction.” For clarity, a structured financial transaction is a series of financial transactions that:

  • cause a regulated entity to be in receipt of cash or virtual currency or involve the initiation of an international electronic funds transfer;
  • would, if they occurred as a single financial transaction, require a person or entity referred to report to FINTRAC; and
  • are undertaken with the intent that a regulated entity will not have to report the transaction to FINTRAC.

The offence of structuring would be punishable by a fine and/or imprisonment for a term up to five years.

These requirements come into force on a day to be fixed by order of the Governor in Council (which we are still awaiting).

Money Services Businesses (MSBs)
Amendments to the PCMLTFA will prohibit MSBs from engaging with agents or mandataries convicted of certain types of offences. As such, MSBs will be required to perform due diligence on their agents to ensure that they have not committed certain designated offences.

As part of due diligence, the following documents must be obtained and reviewed:

  • a document that sets out their record of criminal convictions, or states that the person does not have one, that is issued by a competent authority in the jurisdiction in which the person resides; or
  • if the agent or mandatary is an entity, for each of the chief executive officer, the president and the directors of the entity and for each person who owns or controls, directly or indirectly, 20% or more of the entity or the shares of the entity, a document that sets out the person’s record of criminal convictions, or states that the person does not have one, and that is issued by a competent authority in the jurisdiction in which the person resides.

If any documentation is in a language other than English or French, the person or entity shall also obtain and review a translation of it.

These requirements come into force on a day to be fixed by order of the Governor in Council (which we are still awaiting).

Also as it relates to MSBs, this round of changes has criminalized the operation of unregistered money services businesses. Any business or entity that knowingly engages in MSB activity for which it is not registered with FINTRAC is guilty of an offence and liable of a fine up to CAD 500,000 and/or imprisonment up to five years.

These requirements come into force June 22, 2024.

Back in 2022, The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) published an advisory related to Underground Banking through Unregistered Money Services Businesses highlighting the risk of such activity. If you suspect individuals or businesses are operating unregistered money services businesses or foreign money services businesses, you may wish to submit voluntary information to FINTRAC anonymously.

Other Changes
The amendments to the PCMLTFA will require regulated entities to report to FINTRAC where a reporting obligation arises under the Special Economic Measures Act as well as under the Justice for Victims of Corrupt Foreign Officials Act (Sergei Magnitsky Law).

Related to Ministerial Directives, the Minister of Finance may issue orders setting conditions in respect of the trading or suspend or cancel trading of compliance units or invalidate any trade of compliance units if the Ministers are of the opinion that the trade or use of a compliance unit has a negative impact on the integrity of the Canadian financial system or its reputation.

As it relates to sharing of information, FINTRAC will be able to share information with different governmental departments, which includes sharing information with the Department of Finance for the purposes of granting, revoking, suspending or amending approvals under the Retail Payment Activities Act.

What Next?

Regulated entities that have transaction limits in place that are just under reporting thresholds (i.e., CAD 9,990) may want to rethink those limits and the reasons they are in place, due to the offence of “structuring”.

As it relates to MSB specific changes, compliance program updates may be required where existing agent relationships exist.

As with all legislative changes, we await FINTRAC guidance for clarity.

We’re Here To Help

If you would like assistance in understanding what these changes mean to your business, or if you need help in creating or updating your compliance program and processes, please get in touch.

TW – With Antisemitism on the Rise, Canadian AML Geeks Must Identify Hamas Linked Activity

Since Hamas’ attacks on Israel on October 7th, 2023, several Canadians have been reported dead. Several more are being held hostage.

Closer to home, on October 12th, a day on which Hamas’ leaders were calling for a “global day of Jihad,” three young men, two of whom were minors, entered a Jewish school in Toronto, ON, destroyed property and uttered threats of death and violence. Ultimately, they left the school and were arrested without any violent fallout. They are now free on bail, while students of the school grapple with mounting terror and trauma.

While we have, as Canadians, enjoyed a long period of relative peace and prosperity, we cannot rest in any certainty that global conflicts will not land on our home shores. In all likelihood, they already have.

As practitioners in the anti-money laundering (AML) and anti-terrorist financing (ATF) spaces, we must look to gain deeper understandings of the funding mechanisms that fuel such incidents in the hope that such intelligence can be used to prevent, detect, disrupt and deter such activities. While it is not yet clear whether last week’s school incident was financially motivated, it is noteworthy that there are well-known paths for terrorism funding paths related to attacks against Jews in Israel:

  • Funds originating in Iran, but often flowing through sympathetic third countries flow to terrorist conspirators and their families;
  • Payments are made in specific amounts for the completion of specific tasks: e.g.
    • USD 10,000 for each death of a targeted person, or person from a targeted group; and
    • Additional bonuses paid to the family of the threat actor where they lost their own life, such as in a suicide bombing.

While it does not appear that such brazen attacks are yet being carried out against Jews on Canadian soil, it is nonetheless important to be vigilant. On October 20th, the U.S. AML authority, the Financial Crime Enforcement Network (FinCEN) related updated guidance specific to Hamas and related activity. While the Canadian authority, the Financial Transactions and Analysis Centre of Canada (FINTRAC) has not yet released specific guidance, its guidance on terrorism financing, including guidance on ideologically motivated domestic extremism is instructive. The bulletin notes that when reporting to FINTRAC, #IMVE can be used to denote “ideologically motivated violent extremism” in the freeform field.

From the FinCEN bulletin, we know that:

  • Operatives are being harboured in, and funds are flowing through third countries including:
  • Sudan
  • Türkiye
  • Algeria
  • Qatar

From a Canadian perspective, it’s important to note that the sanctions regime related to Iran is not the same as in the US, and it is possible to see transactions originating directly from Iran as well.

Red flags include

  • Transactions with a nexus to sanctioned entities, persons or virtual currency addresses
  • Information in a transaction (such as the message to the recipient) that appears to support Hamas or related terrorist activities
  • Unusual MSB transactions (e.g. a customer that does not usually deal with MSBs) involving MSBs that deal in high risk jurisdictions, including the third countries noted above, or Iran[1]
  • Transactions that involve vaguely named or described “trading companies” that have a nexus in high risk jurisdictions, including the third countries noted above, or Iran
  • Charities or not for profit organizations that collect donations and do not appear to do charitable works, or appear to support Hamas or other terrorist groups, or activities.

Canadian reporting entities can submit suspicious transaction reports to FINTRAC, and should indicate in the opening sentence that the activity being reported may be related to terrorism and threats to Canada’s national security. For non-reporting entities, a voluntary report can also be submitted online. In both cases, the person and/or entity submitting the report is protected so long as the report is made in good faith.

Reports related to matters of national security can also be made directly to the Royal Canadian Mounted Police (RCMP) RCMP National Security Information Network by phone at 1‐800‐420‐5805 or by email at RCMP.NSIN-RISN.GRC@rcmp-grc.gc.ca. Reports can also be made to the Canadian Security Intelligence Service (CSIS) online.

As an AML geek, and as an ally, I urge all readers to be vigilant in your personal and professional lives. Hate cannot be allowed to spread unchecked. Terror must not be permitted to reach into our schools. We must stand against it.

[1] In Canada, transactions with a nexus to Iran are permitted for some purposes, however, all transactions with a known nexus to Iran are reported to FINTRAC under the Canadian Ministerial Directive on Iran – https://fintrac-canafe.canada.ca/obligations/dir-iri-eng

 

Proposed 2023 AML Changes: Mortgage Lenders and Armoured Car Services

Background

February seems to be the month for proposed legislative changes.

On February 18, 2023, draft amendments to the regulations under the Proceeds of Crime Money Laundering and Terrorist Financing Act (PCMLTFA), and a net-new draft regulation, were published in the Canada Gazette. If you’re the type that likes to read original legislative text, you can find it here. We (thanks Rodney) also created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

These changes are meant to renew and improve Canada’s anti-money laundering (AML) and anti-Terrorist Financing (ATF) regime, adapting to new money laundering (ML) and terrorist financing (TF) risk. One of the most significant changes, in our opinion, is the introduction of two new regulated entity types, mortgage lenders and armoured car companies.

Currently, mortgages issued by financial entities are captured under the PCMLTFA but these amendments would make all entities involved in the mortgage lending process (brokers responsible for mortgage origination, lenders responsible for underwriting the loan, and administrators responsible for servicing the loan) reporting entities. The intent here is to level the playing field between regulated and unregulated mortgage lenders, and to deter misuse of the sector for illicit activities.

While the activity of transportation is not currently supervised for AML purposes per se, armoured car carriers provide services largely to regulated entities. Given the flow of funds that is typically seen in this sector, reconciliation and identification of the origin of funds can sometimes be challenging, and allows funds to move with some degree of anonymity, which is an ML/TF vulnerability.

The draft regulations also introduce new requirements for correspondent banking relationships, and additional requirements related to the Money Services Business (MSB) registration. There are also some technical amendments related to existing reporting requirements and changes related to Administrative Monetary Penalties (AMPs).

Lastly, a new regulation would introduce a prescribed formula for the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) to assess the expenses it incurs in the administration of the PCMLTFA against reporting entities. Such models are seen from other regulators, such as the Office of the Superintendent of Financial Institutions (OSFI) and the Financial Consumer Agency of Canada (FCAC). Currently, FINTRAC is funded through appropriations.

In the following sections, we have summarized what we feel are the most important requirements to note.

Armoured Car Companies

The proposed changes would require a company that engages in “transporting currency or money orders, traveller’s cheques or other similar negotiable instruments” (except for cheques payable to a named person or entity) to be considered an MSB. As such, the following obligations will have to be met:

  • Development of a compliance program;
  • Maintaining an up-to-date MSB registration with FINTRAC;
  • Conducting compliance effectiveness reviews;
  • Reporting certain transactions;
  • Identifying customers;
  • Record keeping;
  • Risk ranking customers and business relationships;
  • Conducting transaction monitoring and list screening;
  • Conducting enhanced due diligence and transaction monitoring for high-risk customers and business relationships; and
  • Follow ministerial directives and transaction restrictions.

One record keeping obligation to note, which is new for armoured car companies, is the requirement to record the following information when transporting CAD 1,000 or more of cash or virtual currency, or CAD 3,000 or more in money orders or similar negotiable instruments:

  • The date and location of collection and delivery;
  • The type and amount of cash, virtual currency or negotiable instrument transported;
  • The name and address of the person or entity that made the request, the nature of their principal business/occupation and, in the case of an individual, their date of birth;
  • The name and address, if known, of each beneficiary;
  • The number of every account affected by the transport, the type of account, and the name of the account holder;
  • Every reference number that is connected to the transport, and has a function; equivalent to that of an account number; and
  • The method of remittance.

An additional requirement that will apply to armoured car companies is in relation to PEP determinations (existing PEP requirements for MSBs still apply). Specifically, a PEP determination is required whenever a person requests that the MSB transport more than CAD 100,000 in cash or virtual currency, or in an amount that is not declared.

Under the proposed regulations, there are some exemptions for reporting that are noteworthy. Large Cash and Large Virtual Currency reporting requirements will not apply where there is an agreement of transportation between:

  • The Bank of Canada and a person or entity in Canada;
  • Two financial entities;
  • Two places of business of the same person or entity; or
  • Canadian currency coins for purposes of delivery under the Royal Canadian Mint.

It is noteworthy, based on the definition, that there may be more than just armoured car companies that are captured under these new requirements. This will be clarified in guidance from FINTRAC that will follow publication of the legislation.

The requirements applicable to armoured car companies will come into force eight months after final publication in the Canada Gazette.

Mortgage Lending

The proposed regulations would require mortgage lenders, brokers, and administrators (mortgage participants) to put in place compliance regimes, similar to that of other regulated entities, which include the following:

  • Development of a compliance program;
  • Conducting compliance effectiveness reviews;
  • Reporting certain transactions;
  • Identifying customers;
  • Keeping records;
  • Risk ranking customers and business relationships;
  • Conducting transaction monitoring and list screening;
  • Conducting enhanced due diligence and transaction monitoring for high-risk customers and business relationships; and
  • Follow ministerial directives and transaction restrictions.

It is noteworthy, that many mortgage brokers already have existing voluntary AML compliance programs and already apply AML measures. This is in part due to various securities regulations and lending partners.

The requirements applicable to mortgage lending will come into force six months after final publication in the Canada Gazette.

Cost Recovery

As part of this round of regulatory changes, there is a net-new regulation, the Financial Transactions and Reports Analysis Centre of Canada Assessment of Expenses Regulations. This regulation will allow FINTRAC to pass on expenses, to reporting entities, that it incurs in the administration of the PCMLTFA. Only the following prescribed entity types are affected by this:

  • Banks and authorized foreign banks;
  • Life insurance companies;
  • Trust and loan corporations; and
  • Every entity that made more than 500 threshold reports during the previous fiscal year.

The regulations provide a formula that FINTRAC would use to calculate the assessment amounts payable by reporting entities on the basis of their annual asset value, and the volume of all threshold transaction reports submitted. For clarity, threshold transaction reports include Large Cash Transaction Reports (LCTRs), Large Virtual Currency Transaction Reports (LVCTRs), Electronic Funds Transfer Reports (EFTRs), and Casino Disbursement Reports (CDRs).

The requirement would come into force on April 1, 2024. This means FINTRAC would commence recovering costs from the 2024-2025 fiscal year and forward.

Other Changes

Enhancing MSB registration

Under the proposed amendments, as part of MSB registration, MSBs would now need to include the telephone numbers and email addresses of its president, directors and every person who owns or controls 20% or more of the MSB. This is in addition to current required information. Additionally, the number of the MSB’s agents, mandataries and branches in each country will be added (currently, only those within Canada are required).

This requirement will come into force twelve months after final publication in the Canada Gazette.

Streamlining requirements for sending AMPs

Under the proposed amendments, FINTRAC would be allowed to serve a reporting entity solely by electronic means when issuing an AMP. Currently, FINTRAC would also have to send an additional copy by registered mail.

This requirement would come into force on registration.

What Next?

There is a 30 day comment period (ending March 20, 2023) for the proposed regulations. It is strongly recommended that industry, and potentially impacted companies, review carefully and provide feedback. Comments can be submitted online via the commenting feature after each section of the proposed changes, or via email directly to Julien Brazeau, Associate Assistant Deputy Minister, Financial Sector Policy Branch, Department of Finance, 90 Elgin Street, Ottawa, Ontario K1A 0G5.

We’re Here To Help

If you have questions related to the proposed changes, or need help starting to plan, you can get in touch using the online form on our website, by emailing us directly at info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

New Illegal Wildlife Trade Indicators

FINTRAC has published a new Operational Alert on the Illegal Wildlife Trade.

The alert includes diagrams of known fund flows, both into and out of Canada (though the latter is most common). Three categories of indicators are included:

  • General wildlife trade,
  • Import into Canada, and
  • Export from Canada.

As a Compliance Officer, it’s important to think through where these indicators might be visible to you and your team. For instance, if you are offering remittance or payment services, and there is an available memo or purpose of payment field, there are several keywords in the indicators that should be added to your monitoring parameters (if they haven’t been already).

All Canadian reporting entities must use this information to:

  • Update the indicators in training materials,
  • Update the indicators in policies and procedures, and
  • Update transaction monitoring mechanisms (where applicable) to detect relevant indicators.

Of course, if you require assistance, Outlier Compliance is here to help. Please feel free to contact us.

Suspicious Transaction Reporting Updates

FINTRAC has published updated resources related to upcoming changes to suspicious transaction reports (STRs) on its Draft Documents page. This includes updated draft guidance on STRs, expected to come into force in September 2023.

While the updated forms are not yet in use, it is important that you communicate these changes to your information technology (IT) teams and service providers. The documentation published this week includes JSON schemas and API endpoints.

For reporting entities that complete STR reporting manually through FINTRAC’s online reporting portal, it is also important to familiarize yourself with updated structured reporting fields, including:

  • URL,
  • Type of device used,
  • Username,
  • Device identifier number,
  • Internet protocol address, and
  • Date and time in which online session request was made.

These can be reviewed in the draft STR form.

Of course, if you require assistance, Outlier Compliance is here to help, please contact us.

New Terrorist Financing Indicators

FINTRAC has published updated indicators related to terrorist activity financing.

These are subdivided into three broad types of violent extremism:

  • religiously motivated violent extremism (RMVE),
  • politically motivated violent extremism (PMVE), and
  • ideologically motivated violent extremism (IMVE).

Each subtype has distinct characteristics and indicators. While it can be tempting to think that these types of things don’t happen here, unfortunately, they can and do happen here in Canada. As a Compliance Officer, it’s important to think through where these indicators might be visible to you and your team.

All Canadian reporting entities must use this information to:

  • Update the indicators in training materials,
  • Update the indicators in policies and procedures, and
  • Update transaction monitoring mechanisms (where applicable) to detect relevant indicators.

Of course, if you require assistance, Outlier Compliance is here to help, please contact us

EFTs, PSPs & Crowdfunding : Canada’s Changing Regulatory Landscape

On April 27th, 2022 amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) and associated regulations related to penalties for non-compliance were passed. These amendments were unusual, as there was little prior public consultation, no pre-publication for public comment, and they came into force “on publication” (right away). This is particularly unusual, as new business models were included in the money services business (MSB) and foreign money services business (FMSB) categories.

Specifically, a number of payment services providers (PSPs) became MSBs through a change in the definition of electronic funds transfers (EFTs), and companies that provide crowdfunding services also became MSBs/FMSBs. Historically, these types of changes would have included a pre-publication of the proposed amendment with time for industry participants to comment. There is also, generally, a period of time between the publication of final amendments and the coming into force date (often a year). Absent these buffers, both industry and Canada’s AML regulator, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) have been scrambling to assess the many nuances of the amendments.

While we’ve seen a number of responses to individual applicants for MSB registrations and requests for policy interpretations from FINTRAC, today’s release was the first substantial piece of public guidance from the regulator. For those inclined, it can be accessed here: https://fintrac-canafe.canada.ca/notices-avis/2022-07-21-eng

EFTs and PSPs

What may have seemed like an inconsequential change to the definition of EFTs, which removed certain exemptions, has significant impacts on payment services providers.

“As payment services are not a prescribed service under the PCMLTFA, FINTRAC is taking the position that persons or entities that provide invoice payment services or payment services for goods and services are engaged in the business of remitting or transmitting funds, or dealing in virtual currency.”

FINTRAC’s guidance goes on to define each of these activities and the (very limited) exemptions in each case.

Crowdfunding

While crowdfunding gets a nod in the title of the guidance, it doesn’t really factor into the substance of today’s piece. There are definitions in the amendments themselves in this case, and it’s likely that additional guidance will follow as FINTRAC works through these registrations.

crowdfunding platform means a website or an application or other software that is used to raise funds or virtual currency through donations. (plateforme de sociofinancement)”

crowdfunding platform services means the provision and maintenance of a crowdfunding platform for use by other persons or entities to raise funds or virtual currency for themselves or for persons or entities specified by them. (services de plateforme de sociofinancement)”

FINTRAC’s MSB/FMSB Registration Process

The guidance notes that FINTRAC is working on getting businesses registered “over the next several weeks.” As there are many businesses that will be newly registering as MSBs or FMSBs, industry participants should expect some delays. It has also become much more common for FINTRAC to ask for additional details about the business, such as the business model and flow of funds.

There is also a tool to check to see if your business should be registered: https://www.fintrac-canafe.gc.ca/msb-esm/questions/2-eng

If you’re ready to register, you can find an overview of the process and links to the pre-registration form here: https://fintrac-canafe.canada.ca/msb-esm/register-inscrire/reg-ins-eng

Requesting Policy Interpretations

There are two important FINTRAC email addresses. If you have a question specifically about whether or not your business should register, first try msb-esm@fintrac-canafe.gc.ca.

For other policy interpretation requests (or if your request is particularly complex), your best avenue is most likely guidelines-lignesdirectrices@fintrac-canafe.gc.ca.

Enforcement Actions

FINTRAC’s guidance indicates that the regulator will take a reasonable approach to entities required to register.

“We understand that there will be challenges in meeting certain obligations. FINTRAC will be reasonable in its assessment and enforcement approach, and is committed to working with reporting entities subject to the PCMLTFA and its Regulations to increase their awareness, understanding and compliance with their obligations. Please continue to monitor our website for updates or additional guidance.”

This gentle approach will not last indefinitely. If your business needs to be registered (and get its house in order AML compliance-wise), it’s time to get started.

We’re here to help.

Whether you want a hand drafting a policy interpretation request, an AML compliance program, or training for your newly minted AML Compliance Officer (congratulations, I’m sorry), we’re here to help. Please get in touch.

Return to Blog Listing