PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Canada’s Proposed AML Changes for MSBs

What’s Old is New Again, Well Updated

On June 9th, 2018, draft amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations (there are five separate regulations that we’re going to collectively call regulations here for simplicity’s sake). This article is intended to give a high-level summary of the proposed amendments as they relate to Money Services Businesses (MSBs).

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Finally, we want to encourage the community to discuss the proposed changes and submit meaningful feedback for policy makers. The comment period for this draft is 90 days. After this, the Department of Finance takes the feedback to the bat cave and drafts a final version of the amendments. From the time that the final version is published, the draft indicates that there will be 12 months of transition to comply with the new requirements.

♬The Times Regulations Are Changing♬

Foreign MSBs

Currently, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has issued a policy interpretation (PI-5594) in August of 2013, which states that a “real and substantial connection” to Canada must be present for an entity to be required to register as an MSB with FINTRAC.  A “real and substantial connection” was defined in the interpretation as having one or more of the following:

  • Whether the business is incorporated in Canada;
  • Whether the business has agents in Canada;
  • Whether the business has physical locations in Canada; and/ or
  • Whether the business maintains a bank account or a server in Canada.

The draft amendments introduce a new definition, which is “Foreign Money Services Business” that means anyone serving Canadian customers or entities in Canada is now subject to all Canadian requirements no matter where they are located.  Throughout the proposed changes, where there is a reference to money services businesses, there is also a reference to foreign money services businesses.  This will be significant to MSBs who operate non-face-to-face in the online marketplace and do not reside in Canada.

Non-Face-To-Face Customer Identification

Currently, there is a requirement that when customers are identified using the dual process method, the document and/or data that you collect is in its “original” format. This has been interpreted to mean that if the customer receives a utility bill in the mail, they must send you the original paper (not scanned or copied) document. The word “original” will be replaced with “authentic” (meaning that so long as you believe that the utility bill is a real utility bill for that person, it doesn’t need to be the same piece of paper that they received in the mail).

In addition, there are provisions that would allow reporting entities to rely on the identification conducted previously by other reporting entities. If this method is used to identify a customer, the reporting entity must immediately obtain the identification information from the other reporting entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification within 3 days of the request.

Reporting EFTs of $10,000 or More

If you conduct international remittance transactions at the request of your customers, the requirement to report transactions of $10,000 or more will now be your responsibility, not your financial services provider.

The proposed change removes the language commonly known as the “first in, last out” rule.  This means that the first person/entity to ‘touch’ the funds for transactions incoming to Canada or the last person/entity to ‘touch’ the funds for a transaction outgoing from Canada had the reporting obligation (as long as the prescribed information was provided to them).

The update will change the reporting obligation to whoever maintains the customer relationship. So if you initiate a transaction at your customer’s request (outgoing transaction) or provide final receipt of payment to your customer (incoming transaction), it will be your obligation to report that transaction to FINTRAC.

For example, if the flow of the instructions for payment were as follows:

Currently, the reporting obligation of the outgoing EFT would fall to the bank in Canada.  With the draft updates, the reporting obligation would now fall to the MSB in Canada, because they have the relationship with the customer initiating the transaction.

 

Third Party Determination

Currently, the obligation to determine whether a third party is involved in a transaction relates to Large Cash Transactions.  The proposed changes would include the obligation to make a third party determination for all EFTs of $10,000 or more.  This would also require similar record keeping obligations as a third party determination under the current Large Cash Transaction records.

Suspicious Transaction Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. This change appeared in the last round of amendments that came into force last year, and the proposed new wording would be another significant change:

The person or entity shall send the report to the Centre within three days after the day on which measures taken by them enable them to establish that there are reasonable grounds to suspect that the transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist activity financing offence.

This means that a report would be due three days after the reporting entity conducts an investigation or does something that allows them to reach the conclusion that there are reasonable grounds to suspect.

Information Included In Reports to FINTRAC

Certain information is required in reports to FINTRAC. Even where information is marked as being optional, if a reporting entity has the information, it becomes mandatory to include it. Some of the additional proposed data fields are:

  • every reference number that is connected to the transaction,
  • type of device used by person who makes request online,
  • number that identifies device,
  • internet protocol address (IP address) used by device,
  • person’s user name, and
  • date and time of person’s online session in which request is made.

These fields may require significantly more data to be included in reports, especially for transactions that are conducted online.

Ongoing Compliance Training

Currently, there are five required elements of a Canadian AML compliance program, but there is soon to be a sixth.  Before you get too worried, it’s not that major.  The change is specific to your ongoing compliance training obligations, which says you must institute and document a plan for your ongoing compliance training program and the delivery of the training.  Basically, in your AML compliance program documentation, you need to provide a description of your training program for at least the next year and how the training will be delivered. Many MSBs have already implemented this best practice.

Risk Assessment Obligations

With the recent addition of the “New Technologies and Developments” category to the Risk-Based Approach requirements, the next logical progression has be added.  The updates include the obligation to assess the money laundering and terrorist financing risk of any new technology before implementation.  Meaning, if you are looking to take your business online and are going to use this fancy, new non-face-to-face ID system, you had better take careful inventory of where your risks are and be sure the appropriate controls have been put in place before going live. Much like the training plan, many MSBs have already implemented this best practice.

Virtual Currency

The draft updates also include major changes related to virtual currency. “Dealers in virtual currencies’ would be regulated as MSBs. New record keeping and reporting obligations would apply to all reporting entities that accept payment in virtual currency, or send virtual currency on behalf of their customers.

For more information on updates specific to virtual currency, please check out our full article.

What Next

If you’ve read this far, congratulations and thank you!

We hope that you will contribute your thoughts and comments. You can do this by contacting the Department of Finance directly. Their representative on this file is:

Lynn Hemmings

Acting Director General

Financial Systems Division

Financial Sector Policy Branch

Department of Finance

90 Elgin Street

Ottawa, Ontario

K1A 0G5

Email: fin.fc-cf.fin@canada.ca

If you would like assistance drafting a submission, or have questions that you would like Outlier to answer, please get in touch!

If you are interested in sharing your comments with the Canadian MSB Association (and we highly encourage you to do so) please email luisa@global-currency.com. She will have more information on the industry group’s submission and consultation process.

Finalized Breach of Security Safeguards Regulations

Back in June of 2015, the Digital Privacy Act, received royal assent resulting in amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). Most amendments came into force at that time, except for the much-anticipated requirements related to breach notification. These requirements will come into force once regulations have been developed and put into place and will affect any organization that collects, uses or discloses personal information in the course of commercial activities.

 On September 2, 2017, a draft of those regulations was published for public comment in the Canada Gazette and on April 18, 2018 the final Breach of Security Safeguards Regulations under PIPEDA were published. The regulations set out prescribed requirements for mandatory breach reporting and will come into force on November 1, 2018.

The objective of the regulations is to:

  • Ensure that all Canadians receive consistent information about data breaches that pose a risk of significant harm to them.
  • Ensure that data breach notifications contain sufficient information to enable individuals to understand the significance and potential impact of the breach.
  • Ensure that the Commissioner receives consistent and comparable information about data breaches that pose a risk of significant harm.
  • Ensure that the Commissioner is able to provide effective oversight and verify that organizations are complying.

The regulations require organizations to report, to the privacy Commissioner, any breach of security safeguards involving personal information under its control if it is reasonable to believe the breach creates a real risk of significant harm. The regulations state that such a report must contain the following:

  • a description of the circumstances of the breach and, if known, the cause;
  • the day or the period in which the breach occurred;
  • a description of the personal information that was involved in the breach;
  • an estimate of the number of individuals impacted – were the breach creates a real risk of significant harm;
  • the steps that the organization has taken to reduce the risk of harm to the impacted individuals;
  • the steps that the organization has taken or will take to notify impacted individuals; and
  • the name and contact information of a person who can answer, on behalf of the organization, the Privacy Commissioner’s questions about the breach.

Organizations that experience such a breach will have also have to do the  following:

  • Determining if the breach poses a “real risk of significant harm” to any individual whose personal information was involved in the breach by conducting a risk assessment;
  • Notifying affected individuals if it is determined that there is a real risk of significant harm. How the notification will take place depends on serval factors such as if contact information of the impacted individuals is known, cost, and if the method chosen to deliver such a notification will cause further harm;
  • Issuing notification that contains:
    • a description of the circumstances of the breach;
    • the day or period during which the breach occurred;
    • a description of the personal information that was involved in the breach;
    • the steps that the organization has taken to reduce the risk of harm to the impacted individuals;
    • the steps that the impacted individuals could take to reduce the risk of harm resulting from the breach;
    • a toll-free number or email address that the impacted individuals can use to obtain further information about the breach; 
    • information about the organization’s internal complaint process and about the individual’s right, under PIPEDA and that they can make a complaint with the Privacy Commissioner;
  • Notifying other organizations or government institution if they believe the they may be able to reduce the risk of harm to the impacted individuals.  (i.e. law enforcement agencies). If this is the case, consent of individuals is not required for such disclosures; and
  • Keeping records of any data breach for a minimum of 24 months.

In determining if there is a “real risk of significant harm”, the assessment of risk conducted must consider factors such as the sensitivity of the personal information involved, whether or not the data was encrypted, whether the personal information was misused, if the information has been recovered, etc. The true risk of such factors may not always be known at the time that the risk assessment is first conducted.  One distinction from the draft regulations is that the final regulations also refer to harm “that could result from the breach” rather than harm “resulting from the breach”. This final wording is more practical than that of the language found in the draft, as potential harms will often be speculative at the time the breach is first discovered.

In reporting “as soon as feasible,” the final regulations allow for an organization to submit new information to the Commissioner after the initial report has been submitted. This is a significant improvement over the draft regulations, since organizations often do not have all information at the time a report is required to be submitted.

We’re Here To Help

If you have questions regarding these new requirements or any questions related to privacy legislation in general, please contact us.

PIPEDA’s Security Breach Notification Provisions

Back in September we published an article on Breach of Security Safeguards Regulation. Those requirements will come into force on November 1, 2018, according to an Order in Council issued on March 26, 2018.

The much-anticipated requirements will require organizations to report, to the privacy commissioner and affected individuals, any breach of security safeguards involving personal information under its control if it is reasonable to believe the breach creates a real risk of significant harm.

While the final regulation is not yet available, a draft of the regulation can be found here.

We’re Here To Help

If you have questions regarding how your organization will be impacted by these requirements or any questions related to privacy legislation in general, please contact us.

Breach of Security Safeguards Regulations

Back in June of 2015, the Digital Privacy Act received royal assent, resulting in amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). Most amendments came into force at that time, except for the much-anticipated requirements related to breach notification. These requirements will come into force once regulations have been developed and put into place, and will affect any organization that collects, uses or discloses personal information in the course of commercial activities.

On September 2, 2017, a draft of those regulations was published in the Canada Gazette. The draft regulations will require organizations to report, to the privacy commissioner, any breach of security safeguards involving personal information under its control if it is reasonable to believe the breach creates a real risk of significant harm. The draft regulations state that such a report would have to contain the following:

  • a description of the circumstances of the breach and, if known, the cause;
  • the day or the period in which the breach occurred;
  • a description of the personal information that was involved in the breach;
  • an estimate of the number of individuals impacted – where the breach creates a real risk of significant harm;
  • the steps that the organization has taken to reduce the risk of harm to the impacted individuals;
  • the steps that the organization has taken or will take to notify impacted individuals; and
  • the name and contact information of a person who can answer, on behalf of the organization, the Privacy Commissioner’s questions about the breach.

Organizations that experience such a breach will also have to do the  following:

  • Determine if the breach poses a “real risk of significant harm” to any individual whose personal information was involved in the breach by conducting a risk assessment;
  • Notify affected individuals if it is determined that there is a real risk of significant harm. How the notification will take place depends on serval factors such as if contact information of the impacted individuals is known, cost, and if the method chosen to deliver such a notification will cause further harm;
  • Issue notification that contains:
    • a description of the circumstances of the breach;
    • the day or period during which the breach occurred;
    • a description of the personal information that was involved in the breach;
    • the steps that the organization has taken to reduce the risk of harm to the impacted individuals;
    • the steps that the impacted individuals could take to reduce the risk of harm resulting from the breach;
    • a toll-free number or email address that the impacted individuals can use to obtain further information about the breach; and
    • information about the organization’s internal complaint process and about the individual’s rights under PIPEDA, and that they can make a complaint with the privacy commissioner;
  • Notify other organizations or government institutions if they believe they may be able to reduce the risk of harm to the impacted individuals (i.e. law enforcement agencies). If this is the case, consent of individuals is not required for such disclosures; and
  • Keep records of any data breach for a minimum of 24 months.

The determination if there is a real risk of significant harm to an individual, and reporting “as soon as feasible” requirements, are likely to be the most challenging for organizations.

In determining if there is a “real risk of significant harm”, the assessment of risk conducted must consider factors such as the sensitivity of the personal information involved, whether or not the data was data encrypted, whether the personal information could be misused, if the information has been recovered, etc. The true risk of such factors may not always be known at the time that the risk assessment is first conducted. If not known, it may be best to use a worst case scenario in the assessment.

In reporting “as soon as feasible” after an organization determines that the breach has occurred, to both the Privacy Commissioner and impacted individuals, organizations may be hesitant to provide specific information. Reasons why organizations may be hesitant may include, details and information may change as further investigating of the breach is conducted, or for fear of litigation risk down the road. Additionally, there is reputational risk that organizations will be concerned about. When notifying the Privacy Commissioner, organizations may want to state that the investigation is ongoing and that updates will be provided in a timely manner. When notifying impacted individuals, organizations should ensure that all required information is contained in the notification. It is best to be transparent and truthful in such notifications, as not doing so may cause even greater litigation and reputational risk.

Regulatory Impact Analysis and Regulations

The draft regulations are open for a comment period, to read full details of the draft and the accompanying regulatory impact analysis statement please visit the Canada Gazette.

We’re Here To Help

If you have questions regarding this or any questions related to privacy legislation in general, please contact us.

Alert – Terrorist Property Reporting

FINTRAC has recently published their reorganized guidelines and one notable change to Guideline 1, in particular, is the change to the CSIS Financing Unit unclassified fax.

  • Old: 613-231-0266
  • New: 613-369-2303

Policies related to Terrorist Property Reports (TPRs) should be updated to reflect this change.

Note that there have been changes in FINTRAC’s expectations which are reflected in the other updated guidance documents.

We’re Here To Help

If you have questions about these changes, or AML compliance in general, please contact us.

Canada’s 2017 Budget & PCMLTFA Updates

Greetings fellow compliance geeks!

As you may know, Canada’s latest budget bill contains a number of amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). We’ve created a marked up version of the PCMLTFA to help you work through and understand the changes, and you can access it using the link below with this caveat: you are welcome to use and share this markup, but you may not charge money for access to it. Information should be free.

Yes, I get it, give me access!

If you prefer a copy of the markups in Microsoft Word, please contact us.

Analysis Notes

The biggest takeaway from these amendments is related to section 5 (e.1), which adds “trust companies incorporated or formed by or under a provincial Act that are not regulated by a provincial Act” as being federally regulated entities. This has been a loophole in Canadian legislation for a long time, and was called out in Canada’s most recent mutual evaluation by the Financial Action Task Force (FATF). If you’re company falls into this category, it’s time to start thinking about anti money laundering (AML) compliance. If you have business arrangements (clients, suppliers, etc.) that are unregulated provincial trusts, there are a few early steps that you might want to consider:

  • Re-assess the AML risk that these provincial trust companies pose;
  • Reach out to ask if they have a Compliance Officer and an AML program (in some cases, you will be pleasantly surprised); and
  • Consider whether or not additional controls are required to mitigate the risk posed.

The additional information that’s changing includes a lot of items that most us would consider housekeeping, like changing foreign country to foreign state in a number of places, and adding bullet points to what is considered “prescribed information:”

  • the name, address, electronic mail address and telephone number of every trustee and every known beneficiary and settlor of a trust referred to in paragraph (a);
  • the name, address, electronic mail address and telephone number of each person who owns or controls, directly or indirectly, 25 % or more of an entity referred to in paragraph (a), other than a trust; and
  • information respecting the ownership, control and structure of an entity referred to in paragraph (a).

The only piece there that will be new (at least in terms of requirements) is the “electronic mail address” (email) for beneficial owners. If you’re not already collecting this information, it’s time to think about how to get started. If you’re collecting the email address, but its optional, consider making it a required field.

The modifications also give the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) the ability to share information with the Department of National Defence and the Canadian Forces where there are reasonable grounds to believe that there is a threat. Presumably, this would include contexts like a terrorist attack on Canada. It’s somewhat surprising that this was not already in place.

There have also been changes to the things about which “the Governor in Council may, on the recommendation of the Minister, make any regulations that the Governor in Council considers necessary for carrying out the purposes and provisions of this Act, including regulations…” These are interesting in thinking about what may be next in line for additional regulation:

  • respecting dealing in virtual currencies;
  • respecting the keeping of records referred to in section 6;
  • respecting the verification of the identity of persons and entities referred to in section 6.1; (d) respecting the reports to the Centre referred to in section 7 and subsections 7.1(1) and 9(1);
  • respecting the determination of whether a person is a person described in any of paragraphs 9.3(1)(a) to (c);
  • respecting the measures referred to in subsections 9.3(2) and (2.1);
  • respecting the measures referred to in subsection 9.4(1);
  • respecting the program referred to in subsection 9.6(1);
  • respecting the special measures referred to in subsection 9.6(3);
  • respecting the registration referred to in sections 11.1 to 11.2;
  • respecting the reports referred to in subsection 12(1); and
  • prescribing anything that by this Act is to be prescribed.

The only truly interesting point here is dealing in virtual currency, which also came up in Bill C-31 which passed in 2014. This bill, also called the Economic Action Plan 2014 Act, No. 1, has not been fully implemented. Some of its provisions (including those specifically related to including dealing in virtual currency under the definition of money services businesses) are also being amended. In the markups, these changes are highlighted in blue rather than in yellow to distinguish between the two.

Finally, there is a change to the definition of a head of an international organization. This one seems a bit nitpicky to me, but if you’re in the process of updating your documentation for the changes that are coming into force in June of this year, you might want to consider this as well. Head of an international organization (HIO) means a person who, at a given time, holds — or has held within a prescribed period before that time — the office or position of head of an international organization that is established by the governments of states or the head of an institution of any such organization.

We’re Here To Help

If you have questions about these changes, the changes coming into force in June of this year, or AML compliance in general, please contact us.

Security Alert: Password Reset Required

This is a security alert for anyone that has set up an account on our website.

It is our responsibility to inform our clients about a potential data breach that may or may not have occurred over the past five months of CloudFlare, one of Outlier’s partners in managing the website.

CloudFlare is a service that we use to provide a fast experience while using the Outlier website. Generally, this is quite secure, but it was revealed yesterday that during a period between October 2016 and February 2017, some data may have leaked between CloudFlare clients. The notice put out by CloudFlare says that there was a one-in-3.3-million chance that data may have been compromised, so the likelihood that your data will have been breached is slim, but we felt that it was important that you were notified. You can read more about the breach here: There has been a serious data leak that affects all Cloudflare customer websites and their site visitors.

As a precaution, we have deactivated all user passwords on the Outlier website to prevent any malicious activity. You can reset your password by following these directions:

  1. Visit the Outlier Reset Password page at https://www.outliercanada.com/outlier/login/forgot-password/ (for Canada), or at https://www.outlierbarbados.com/outlier/login/forgot-password/ (for Barbados).
  2. Enter your email address in the box, and click the “Send Reset Password Request” button.
  3. Check your email. You will have received a message with a link in it to reset your password. Click the link.
  4. Enter your new password and click “Reset Password”.

That’s it! Your account will have a new password. You can use this new password to log into your account on Outlier in the future – your old password will no longer work.

As for moving forward, CloudFlare has patched the bug that allowed this to happen, but to be on the safe side, Outlier will be discussing with our technical team as to whether we want to continue our relationship with CloudFlare moving forward. Your security is our first concern and we take everything into account when we make decisions that may affect our clients.

Thank you for your understanding.

The Outlier Team

Would You Recognize Real Estate Red Flags?

Rodney_FINTRACOn November 14th, 2016 FINTRAC released a brief for all reporting entities who may be involved in real estate transactions.  The briefing is intended as guidance to provide some examples of indicators that may be present in transactions that may suggest they are linked to money laundering or terrorist financing.  The indicators described have been taken from transactions suspected of being related to money laundering or terrorist financing reported internationally.  The briefing focuses on the potential risks and vulnerabilities within the real estate industry and provides suggestions on how to ensure reporting entities are sufficiently meeting suspicious transaction reporting obligations.

The briefing is meant to provide operational guidance given the small overall number of suspicious transactions that have been reported to FINTRAC by the Real Estate industry.  The briefing states that these indicators will be used by FINTRAC to assess compliance with your reporting obligations.  If you are a reporting entity that interacts with the real estate industry in one form or another, the indicators and scenarios outlined in this brief should be considered when updating your Risk Assessment and training materials.

To put things into perspective, though the actual size of the real estate market is difficult to determine precisely, CMHC has produced some statistics.  CMHC suggests that between 2003 and 2013 over $9 trillion of mortgage credits were negotiated and roughly 5 million sales took place through Multiple Listing Services (MLS).  In contrast, FINTRAC received only 127 Suspicious Transactions Reports (STRs) from real estate brokers, agents and developers and 152 by other types of reporting entities, such as banks and trust/loan companies.  To go a step further, in FINTRAC’s 2015 Annual Report, between April 1, 2014 and March 31, 2015, a total of 92,531 STRs were filed across all reporting entities.

 

re-strs-filed-vs-sales

This evidence supports FINTRAC’s assertion that operational guidance for the real estate industry is needed.

The indicators and examples covered in the brief outline numerous scenarios that may suggest that a transaction is related to a money laundering or terrorist financing offense.  It also speaks to how the appearance of legitimacy obfuscates the clarity of suspicious transactions and requires more than a just “gut feel”.  What is required is the consideration of the facts related to the transaction and their context.  Does the transaction with all the known factors, positive or negative, make sense?

 

What This Means to Your Business? 

First off, FINTRAC will be using the indicators provided to assess your compliance with reporting obligations.  This has a couple different applications.  The first being, does your AML compliance program documentation make reference to the suspicious indicators that are provided.  Basically, are staff aware of the elements that may be present in a transaction that would suggest money laundering or terrorist financing may be occurring?

Secondly, is there an oversight process to ensure if there are transactions that contain one or more of these indicators where an STR was not submitted, is reviewed?  If so, does the process ensure supporting evidence that the Compliance Officer reviewed the transaction and determined there were not reasonable grounds to suspect its relation to money laundering or terrorist financing?  When you encounter a transaction involving any of the indicators provided, it is very important that you collect as much information as possible to assist the Compliance Officer with their determination of whether there are reasonable grounds to suspect that a transaction, or attempted transaction, may be related to money laundering or terrorist financing.  Alternatively, even if none of the indicators provided by FINTRAC are present but we still feel there is “something off” about our customer’s transaction, speak with your Compliance Officer.  They will be able to provide some insight on additional information that may assist our decision.  Once you have collected any additional information you may still not feel comfortable, but this does not mean you cannot complete the transaction, but that you must be sure your Compliance Officer is provided with all the information, which includes our reason for the escalation, so that they can decide whether there are reasonable grounds to suspect it may be related to a money laundering or terrorist financing offense.  The Compliance Officer will document their decision and, if necessary, submit an STR to FINTRAC.

Need a Hand?

If you are a reporting entity that interacts with the real estate industry and would like assistance updating your AML compliance program documentation or simply have some questions, please contact us.

Sanctions This Week: July 25th – 29th, 2016

 

OSFISanctions Pic

There were no updates released from OSFI this week.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released four updates last week.  One update was related to the publication of Cuba-related Frequently Asked Questions (FAQ), covering some of the recent changes made to the sanctions that had previously been placed on Cuba.  Other updates included the removal of 12 individuals from the Counter Terrorism Designations List, the issuance of a Finding of Violation and the publication of Iran General License J.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

The update to the Cuba-related FAQs was for the issuance of a new FAQ (#38) and a revision of an existing FAQ (#39), relating to certain information collection and recordkeeping requirements for persons subject to U.S. jurisdiction who provide authorized carrier or travel services to or from Cuba for specifically licensed travelers.

The update to the Counter Terrorism Designations List included the removal of 12 individuals of Libyan origin who are currently residing in the UK.

The Finding of Violation was issued to Compass Bank, which uses the trade name BBVA Compass, for violations of the Foreign Narcotics Kingpin Sanctions Regulations. From June 12, 2013 to June 3, 2014, Compass maintained accounts on behalf of two individuals on OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”).

The final update of the week was related to OFAC issuing “General License J”, authorizing the re-exportation of certain civil aircraft to Iran on temporary sojourn and related transactions.

See the Cuba-related FAQ update on OFAC’s website.

See the Counter Terrorism Designations List update on OFAC’s website.

See the issuance of a Finding of Violation to Compass Bank on OFAC’s website.

See the Iran General License J details on OFAC’s website.

See OFAC’s recent actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Sanctions This Week: July 18th – 22nd, 2016

OSFIOutlier3_032

On July 18th and 22nd, 2016, the Office of the Superintendent of Financial Institutions (OSFI) released the United Nations Security Council’s (UNSC’s) Al’Qaida and Taliban regulations updates to the sanctions list, deleting one individual and amending another.

The individuals are subject to the assets freeze, travel ban and arms embargo set out in paragraph 2 of Security Council resolution 2253 (2015) adopted under Chapter VII of the Charter of the United Nations.

The review of the individual who was deleted from the list was triggered by regularly scheduled updates.  However, no additional information was available regarding the justification.

The amendment of one individual’s information included the following:

  • A physical description;
  • The confirmation of the most recent position held within the Taliban, as of April 2015; and
  • That they are currently involved in drug trafficking and operate a heroin laboratory in Afghanistan.

See the July 18th update on the United Nations (UN) website.

See the July 22nd update on the United Nations (UN) website.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released three updates last week.  One update was related to the addition of three individuals to the Counter Terrorism Designations list.  The second update was related to the addition of multiple individuals and entities to the Syria and Non-proliferation Designations lists.  The final update last week was to the Kingpin Act and Panama-related Frequently Asked Questions (FAQs) regarding General Licenses.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

The changes to the Counter Terrorism Designations list included three individuals of different nationalities, Saudi Arabia, Egypt and Algeria, though all have been linked to Al Qa’ida.

The update to the Syria Sanctions list included eight individuals, all of whom are Syrian.  The seven entities, which range from construction, to finance to manufacturing industries and vary in location, which include:

  • Syria;
  • Saint Kitts and Nevis;
  • Cyprus;
  • UAE; and

The update to the Kingpin Act and Panama-related FAQs are specific General License 5B and 6B

See the Counter Terrorism Designations list update on OFAC’s website.

See the Syrian and Non-proliferation Designations lists update on OFAC’s website.

See the Kingpin Act and Panama-related General License FAQs update on OFAC’s website.

See OFAC’s recent actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Return to Blog Listing