Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

2019 AML Updates for Credit Unions

Background

On July 10th, 2019 the final amendments to Canada’s anti-money laundering (AML) regulations, were published in the Canada Gazette.  Many of the changes are based on requirements set out by the Financial Action Task Force (FATF), an inter-governmental body that sets out international standards for combating money laundering and terrorist financing, as well as from certain amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) made through the Economic Action Plan 2014 Act, No. 1 and the Budget Implementation Act, 2017, No. 1.

For those that prefer to see the updates in context, we have created unofficial red-lined versions of the regulations, which can be found here.

It is expected that all regulated entities will have to significantly revamp their AML compliance program due to the changes. There are three different “coming into force” dates that should be noted:

  • June 25, 2019: a wording change from “original” to “authentic” related to identification. This is welcomed news for digital identification.
  • June 1, 2020: changes related dealers in virtual currency (which do not directly apply to Credit Unions).
  • June 1, 2021: all other regulatory amendments.

Updated guidance from FINTRAC is expected to be seen ahead of the coming into force dates. Given the legislative changes, there will be adjustments to various FINTRAC policy interpretations so be sure to monitor closely and save any interpretations that you may have used for due diligence purposes.

Hefty Disclaimer

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you borrow content that we wrote and published publicly, we may think you’re a jerk but we’re not sending an army of lawyers).

What Does This Mean For Your Credit Union?

Changes to Canada’s AML regulations will have a direct impact on a Credit Union’s AML obligations, including the following:

  • Reporting;
  • Record keeping; and
  • Member identification.

Many changes will require adjustments in your IT systems to ensure that all necessary information is available to be included in FINTRAC reports, particularly those involving online transactions. If you’re not sure where to start please feel free to contact us. From a practical standpoint, while you do have some time to update your AML program, it is best to start budgeting and planning now.  It may also be prudent to discuss changes with your board of directors as well.

FINTRAC Reporting

This round of changes to AML regulations has a much greater focus on reporting including changes to the information that will need to be included in various reports. We have summarized the applicable changes below.

Certain reports will require information that was not originally included. These changes include information such as:

  • Purpose of transaction;
  • Source of cash or source of funds;
  • For online transactions:
    • Type of device used by person who makes request;
    • Number that identifies device;
    • Internet Protocol address used by device;
    • Person’s or entity’s user name; and
    • Date and time of when a person makes a request.

While most of these fields are mandatory, where fields are marked as optional, if an entity has the information (this may mean in the background of your IT systems), it is expected that it be included in the report. For full details on what has changed for FINTRAC report fields, we have created an unofficial redline which can be found here.

All changes related to reporting come into force on June 1, 2021.

STR Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction, or attempted transaction, is related to money laundering or terrorist financing, a report must be submitted to FINTRAC. The timeframe for submission was within 30 days of the date that a fact was discovered that caused the suspicion. The revised regulations amend this to “as soon as reasonably practicable after measures have been completed to establish that there are reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing.”

This means that a report will be due shortly after a reporting entity has conducted their analysis that established reasonable grounds for suspicion. It will be important to have detailed processes for unusual transaction investigations and this should include a step in the process that clearly identifies when a determination is made that establishes reasonable grounds to suspect the transaction is related to money laundering or terrorist financing. A defined time for what “as soon as reasonably practicable” means should be documented as well to ensure reports are completed and submitted on time. It will be interesting to see how FINTRAC looks at this obligation during examinations.

Terrorist Property Reporting

A very small change (or clarification), related to Terrorist Property Reports, has been made in the final regulations. The timing requirement for filing has changed from “without delay” to “immediately”. This means regulated entities need to report that they are in possession of terrorist property as soon as they become aware.

EFT Reporting

The definition of an EFT has changed with the amended regulations and reads as such:

An electronic funds transfer means the transmission by any electronic, magnetic or optical means of instructions for the transfer of funds, including a transmission of instructions that is initiated and finally received by the same person or entity. In the case of SWIFT messages, only SWIFT MT-103 messages and their equivalent are included. It does not include a transmission of instructions for the transfer of funds:

    1. that is carried out by means of a credit or debit card or a prepaid payment product if the beneficiary has an agreement with the payment service provider that permits payment by that means for the provision of goods and services;
    2. that involves the beneficiary withdrawing cash from their account;
    3. that is carried out by means of a direct deposit or a pre-authorized debit;
    4. that is carried out by cheque imaging and presentment;
    5. that is both initiated and finally received by persons or entities that are acting to clear or settle payment obligations between themselves; or
    6. that is initiated or finally received by a person or entity referred to in paragraphs 5(a) to (h.1) of the Act for the purpose of internal treasury management, including the management of their financial assets and liabilities, if one of the parties to the transaction is a subsidiary of the other or if they are subsidiaries of the same corporation.

The definition now includes instructions initiated and received by the same person or entity, which means certain internal transfer transactions may be caught.

Also related to EFT reporting, the final amendments removes the language commonly known as the “first in, last out” rule. This means that the first person/entity to ‘touch’ the funds for a transaction incoming to Canada, or the last person/entity to ‘touch’ the funds for a transaction outgoing from Canada, had the reporting obligation (as long as the prescribed information was provided to them). The update will change the reporting obligation to whoever maintains the customer relationship.

Large Virtual Currency Transaction Reporting

If you plan to conduct transactions involving virtual currencies such as bitcoin, you will be required to report the receipt or the sending of amounts of CAD 10,000 or more in a virtual currency to FINTRAC. These basically are the same as Large Cash Transaction reporting obligations, including making a determination if the person from whom the virtual currency is received is acting on behalf of a third party, and will require reporting entities to maintain a Large Virtual Currency Transaction Record.

Most of the recordkeeping requirements for virtual currency are very similar to Large Cash Transaction requirements.

The 24-Hour Rule

Multiple transactions performed by, or on behalf of, the same customer or entity, or are for the same beneficiary, within a 24-hour period are to be considered as a single transaction for reporting purposes when they total CAD 10,000 or more. This would mean that only one report would need to be submitted to capture all transactions that aggregate to CAD 10,000 or more. If you use software to automatically detect these types of transactions, you should begin discussions with your IT department or software provider to determine the time and resources that will be required to update the detection process.

For example, currently, a Large Cash Transaction Report must be submitted either for single transactions of CAD 10,000 (or more), or for multiple transactions of less than CAD 10,000 each that add up to CAD 10,000 or more in a 24-hour period. This can result in situations where two reports are filed for transactions taking place in a 24-hour period.

Cash deposit of CAD 12,000 – LCTR #1 for CAD 12,000
Cash deposits of CAD 5,000 and CAD 6,000 – LCTR #2 for CAD 11,000

Using the same example, under the new rules we would have:
Cash deposits of CAD 12,000, CAD 5,000 and CAD 6,000 – Single LCTR for CAD 23,000

We can expect to see guidance from FINTRAC ahead of the enforce date. If you have questions prior to this,  it is possible to write to FINTRAC to request a policy interpretation.

Compliance Program

In addition to the process changes, including reporting changes discussed above, there are some other changes that you will need to make to your compliance program.

Training

The amended regulations have introduced a new requirement to institute and document a plan for ongoing compliance training.  This differs from the current requirement to develop and maintain a written training program.

In practice, this means that in addition to documenting all of the training that has already been completed, you will need to clearly document future training plans. Be sure staff is receiving training on process changes that are applicable to their roles.

Risk Assessment

One of the deficiencies identified in the Financial Action Task Force (FATF) review of Canada was not having a requirement to assess new technologies before their launch. The final amendments require all reporting entities to assess the risk related to products and their delivery channels, as well as the risk associated with the use of new technologies, prior to public release.

This has been a best practice since the requirement to conduct a risk assessment came into force, but this change makes this a formal requirement. This will require strong communication and closer cooperation between compliance officers and teams involved in the development of new products or services.

Records of Reasonable Measures

The requirement to keep records related to reasonable measures to obtain certain information, has been removed with this round of changes. It is important to note that credit unions must still take reasonable measures and it is only the requirement to keep a record of the measures used that has been repealed. 

Identification

The range of identification methods that can be used will be broadened. This is good news, especially for credit unions that are using identification methods for members who are not physically present.

Prior to this round of changes, there was a requirement that when members are identified, the document and/or data that you collect must be in its “original” format. The final regulations replace the word “original” with “authentic”, and state that a document used for verification of identity must be “authentic”, valid and current. This would allow for scanned copies of documentation, and/or for software that can authenticate a person’s identification document. This change came into force on June 26, 2019.

Other changes to the identity verification requirements are as follows:

  • For credit file verification (single source), the credit file information must now be derived from more than one source (i.e. cannot contain only one trade line on the credit file);
  • For the dual source method, when relying on a credit report as part of a dual source, the credit file must have been in existence for at least six months. Additionally, the person or entity that is verifying the information cannot be a source (i.e. you cannot be a tradeline of the credit file).

In addition, there are provisions that allow a credit union to rely on the identification conducted previously by other reporting entities. If this method is used to identify a member, the credit union must immediately obtain the identification information from the other reporting entity, and have a written agreement in place requiring the entity doing the identification to provide the identification verification as soon as feasible.

If you have members that are publicly traded trusts, credit unions will be required to obtain names and addresses of all persons who own or control, directly or indirectly, 25% or more of the units of the trust.

Politically Exposed Persons (PEPs)

The amended regulations add some new requirements related to PEPs, which are as follows:

  • You must obtain the “source of wealth” of a PEP; and
  • If a PEP is a head of an international organization, the person will continue to be treated as a PEP for five years after they have held the position.

This change comes into force on June 1, 2021, and will likely result in IT system changes related to record keeping and monitoring.

Prepaid Products

If you offer Prepaid Payment Products, the amended regulations now include new obligations for prepaid cards that are issued by financial entities. The obligations are similar to those that apply to regular member accounts, and comes into force on June 1, 2021.

The regulations apply to any prepaid payment product that is tied to an account, that permits funds or virtual currency that total CAD 1,000 or more to be added to the account within a 24-hour period, or where a balance of CAD 1,000 or more will be maintained.

Records that will have to be maintained are as follows:

  • a record of the name and address of each holder of a prepaid payment product account and each authorized user, the nature of their principal business or their occupation and, in the case of a person, their date of birth;
  • if an account holder is a corporation, a copy of the part of its official corporate records that contains any provision relating to the power to bind the corporation in respect of the prepaid payment product account or the transaction;
  • a record of every application in respect of the prepaid payment product account;
  • a prepaid payment product slip in respect of every payment that is made to the prepaid payment product account;
  • every debit and credit memo that it creates or receives in respect of the prepaid payment product account;
  •  a copy of every account statement that it sends to a holder of the prepaid payment product account; and
  • a foreign currency exchange transaction ticket in respect of every foreign currency exchange transaction that is connected to the prepaid payment product account.

There are also record keeping obligations where an international electronic funds transfer of CAD 1,000 or more has been conducted through the prepaid product. Additionally, a prepaid payment product slip, similar to a deposit slip, must be maintained.

Similar to member accounts, you will also have to keep account applications and any foreign currency transaction information related to the prepaid product. A PEP determination is to be made when the prepaid product account is opened, and when a payment of CAD 100,000 or more is made to a prepaid product account.

We’re Here To Help

If you would like assistance in updating your compliance program and/or processes, or have any questions related to the changes, you can get in touch using our online form on our website, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

2019 AML Updates – Redlined Versions

The following red-lined versions have been created to reflect the changes to Canadian anti-money laundering (AML) regulations published in the Canada Gazette on July 10th, 2019.  A redlined version of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), reflecting the changes published in Bill C-97 which received Royal Assent on June 21, 2019, is also included below.

These documents are not official versions of the regulations. Official versions can be found on the Government of Canada’s Justice Laws Website.

 

Proceeds of Crime (Money Laundering) and Terrorist Financing Act

Please click the link below for a downloadable pdf file.

PCMLTFA_July_2019_Redline

 

Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations

Please click the links below for downloadable pdf files.

PCMLTFR_July_2019_Redlined_Full

PCMLTFR_July_2019_Redlined_Schedules Removed

Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations

Please click the link below for a downloadable pdf file.

PCMLTF_Suspicious_Transaction_Reporting_Regulations_July_2019_Redlined

Proceeds of Crime (Money Laundering) and Terrorist Financing Registration Regulations

Please click the link below for a downloadable pdf file.

PCMLTF_Registration_Regulations_July_2019_Redlined

Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations

Please click the link below for a downloadable pdf file.

PCMLTFR_Administrative_Monetary_Penalties_Regulations_July_2019_Redlined

Cross-Border Currency and Monetary Instruments Reporting Regulations

Please click the link below for a downloadable pdf file.

PCMLTFR_Cross-Border_Currency_and_Monetary_Instruments_Reporting_Regulations_July_2019_redline

 

Need a Hand?

Whether you need to figure out if you’re a dealer in virtual currency, to put a compliance program in place, or to evaluate your existing compliance program, we can help. You can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Are On Demand Products Right For You?

For certain industries, including dealers in precious metals and stones (DPMSs) and real estate, Outlier’s on-demand products are anti-money laundering (AML) and counter terrorist financing (CTF) programs that you can buy, customize online using our set up wizard, and download in fully customizable formats.

These can be purchased as single elements (Policies & Procedures, Risk Assessments, Training, Compliance Effectiveness Reviews) or bundled to save you money.

Why On Demand Products

Outlier’s Founder, Amber D. Scott, noticed two things that made her believe that on-demand products could help Canadian reporting entities. First, for many small and medium sized businesses, there are very similar business models and risk profiles. Second, many businesses don’t have the means to pay for consulting services but have the same obligations as larger reporting entities. She had a vision of creating a model that could level the playing field by making it easier for these businesses to create plain language documents in an affordable way.

Are On Demand Products Right For You?

While we’ve worked to keep the on demand products as plain language as possible, they will still require you to be able to read and understand the content and adjust them for your business model and compliance processes. You’ll also need to review and update them regularly (once a year – no matter what, and more often if Canadian laws and/or your business models change).

These program elements can save you money by providing a customizable framework for you to work with, but you’ll need to put in the time and effort to customize them and keep them up to date.

What If You Download A Product And Need Help?

If you’ve downloaded on demand products and you’re stuck, we can help. Please contact us and let us know what you need. In your request, include the product that you’ve purchased and describe the problem that you’re trying to solve. We’ll get back you within two business days. If you need help sooner, please mark your request as urgent, and we’ll do our best to get back to you sooner.

Is Outlier The Only Company That Can Help?

There are a number of professionals in Canada that can help you customize your program, including consultants, lawyers and Compliance Officers working in your field. Using Outlier’s on demand product doesn’t mean that we’re the only people that can work with you, in fact, we believe that competition makes us all better at what we do.

How Do I Buy On Demand Products?

You can buy our on demand products through this website using a credit card. Start by selecting the type of reporting entity that you are to view the products that are currently available.

If you’re looking for something that doesn’t seem to be on the list, please contact us.

Why rich people don’t just open a bank…

 

It can be tough to open and maintain a bank account as a crypto-business. A policy of “derisking” (when banks avoid conducting business with customers perceived as being higher risk) leaves many crypto-businesses (and other MSBs) ill-served by the existing banking system.

A not-uncommon response to this reality (i.e. we’ve had this conversation enough times to deem it worthy of a blog post) is some variation of: “I’m a rich person! Why don’t I just open a bank?”

No doubt, this impulse comes from the admirably entrepreneurial spirit of our community. There’s a problem (lack of access to banking services), so let’s solve it.

But if you don’t have a background in compliance or banking and think that you’re “just” going to magically open your dream-crypto-paradise-bank… We’re here to advise you to slow your roll. We’re not saying you can’t do it… but here are some things you should consider. Knowledge is power.

Sidenote: We’re Canadian and these notes refer to Canadian processes. There are likely to be some differences in other countries, but we won’t know what they are. If you want to know, do the research. Let us know what you find if it’s interesting.

Opening a bank is expensive.

While you may think you have the cash to spare, opening a bank is expensive, and probably more expensive than you expect, both in terms of what you need to have in reserve, and what you’ll spend initially. We’ve heard the figure of $50m buy-in—which, by the way, does not guarantee you a charter.

You will spend money for years before you serve customers.

If you’re curious about where all those millions could possibly go, you’re going to get friendly* with an army of consultants, lawyers, and accountants over the next few years. (*And by friendly, we mean pay a lot of money to).

The process of getting issued a charter is lengthy (if you don’t believe us, you may enjoy perusing the 27-page long PDF guide from OFSI on the subject) and getting this process right means your investment will be whittled away by hiring people who can help navigate you through this labyrinth. You’ll also be spending money on employees, by the way, for years before you’ll ever have the privilege of serving a customer. Years. Plural.

Your team will spend a long time pleasing regulators before you’re operational.

Yes, even though you won’t be permitted to have customers for a long time, you will still need to assemble a team that can put together all of the elements of a bank into place. Your team will spend all of their time implementing processes, demonstrating to the regulator(s) that they’ve done so, and then tweaking these processes as the regulators require or request (in these instances, a request is really a politely stated requirement). If it’s any comfort, your employees will certainly be kept busy, even without customers.

You’re probably not going to be the CEO…

Despite making the decision to open a bank, you will likely not become the bank’s CEO, or even its COO. Senior management positions at banks require regulatory approval. Regulators are looking for you to have had a long history, at a senior level, in a bank or other federally regulated financial institution

… or even on the Board of Directors.

As with senior management positions, seats on the Board of Directors require regulatory approval. Even if you successfully jump through all the hoops required to start your bank, you will likely end up with little to no say in how it is ultimately run.

Well That’s Awkward!

There’s a noble sentiment behind the desire to “just open a bank” and solve the problems you see in the current banking system. But, the risks, effort, and returns are seldom well understood. In essence, opening a bank means making a substantial investment (in both time and money) in something that may one day become an asset (but may not). You can own the bank, but will likely not run it, despite the multi-year multi-million commitment you make. Even if you’re a wealthy investor with patient money, we’d suggest that you ought to be really passionate about setting up a bank if you want to embark upon this kind of endeavour.

What can you do instead?

So, if you’re not going to start a bank but are still frustrated by the banking system as it currently stands—what can you do instead?

Frankly, we need grassroots pressure to change the system we have. It’s important for us to have discussions with the gatekeepers (regulators, traditional banking institutions) for crypto business to get access to banking services. Part of the burden of being in this space is taking the time to educate those who control access to the resources we need. We’ve found that often even people with responsibility for developing policy related to bitcoin and other virtual currencies or tokens don’t fully understand it (and therefore its risk implications). While it may be frustrating to explain that it is possible to buy a fraction of a bitcoin to someone who we really think ought to understand this already, the more we can normalize crypto within the system, the more access we can hope to gain.

And while it can be difficult to speak out if you are a business who has been refused a bank account (or had your account shut down), we’d encourage you to share your experiences of trying to find banking services. Make a complaint to the institution. Share your story with the media (even if you don’t name the FI) or contact your political representatives. You can also, at the moment, contribute your feedback on the draft legislation on AML Regulations for “Virtual Currencies.” (See this blog post for more on how to do that). Exert pressure on the existing players.

But, of course… if you’ve decided you are passionate enough (and deep-pocketed enough) to start a truly crypto-friendly bank: more power to you and definitely let us know how you get on.

We’re Here To Help

If you have questions about virtual currency and regulation in Canada, or regulation in Canada in general, please contact us.

Proposed AML Updates for Credit Unions (2018)

Today’s guest blogger is Jonathan Krumins, Vice-President, AML Risk & Compliance, at vCAMLO Solutions Inc. vCAMLO provides anti money laundering (AML) and counter terrorist financing (CTF) support to Canadian credit unions. You can learn more about vCAMLO at www.vcamlo.ca.

Background

On June 9, 2018, draft amendments to Canada’s AML regulations, including the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) were published in the Canada Gazette.

These changes are not yet in force, and are open to public comment until September 9, 2018.

They will come into effect 12 months after the finalized amendments are published (date to be determined).

The proposed changes are based on requirements set out by the Financial Action Task Force (FATF), an inter-governmental body that sets out international standards for combating money laundering and terrorist financing, as well as from certain amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) made through the Economic Action Plan 2014 Act, No. 1 and the Budget Implementation Act, 2017, No. 1.

From a practical standpoint, you should consider what changes will be required to your record keeping, reporting processes, and IT systems once the amendments come into effect, and what resources would be required. It would be prudent to discuss this with your board of directors as well. While it can be useful to start allocating resources (particularly if your IT systems need to be updated), it makes sense to wait until the final version of the changes has been published.

If you have thoughts on the proposed changes, you should consider submitting these either directly to the Ministry of Finance, or through your Credit Union Central.

Why Do These Changes Matter to Credit Unions?

The proposed changes will have a direct impact on a Credit Union’s AML obligations, including reporting, record keeping, and member identification. They will require additional training of staff, changes to record keeping and Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) reporting processes. They will likely require changes in your IT systems to ensure that all necessary information is available to be included in FINTRAC reports, particularly those involving online transactions.

FINTRAC Reporting

This round of changes to AML regulations has a much greater focus on reporting, including shorter a deadline for reporting STRs, changes to the contents of the reports themselves changes to calculation of 24 hour large cash reports, and the introduction of new reporting requirements for transactions involving virtual currencies such as bitcoin.

STR Filing

The proposed changes will shorten considerably the filing period for a Suspicious Transaction Report. The current filing deadline for STRs is within 30 days:

“after the day on which the person or entity or any of their employees or officers detects a fact respecting a financial transaction or an attempted financial transaction that constitutes reasonable grounds to suspect that the transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist activity financing offence.”

This will be changed to a new standard of 3 days:

“3 days after the day on which the reporting entity completes the analysis that establishes that there are reasonable grounds to suspect that the transaction was related to the commission of a money laundering or terrorist activity financing offence”

Report Contents

Many additional pieces of information will be required to be collected and submitted to FINTRAC. You should begin to evaluate where this information is stored (ex: banking system, other databases such as lending software, reports provided by your banking system provider or Credit Union Central, or paper file).

A comparison of current and proposed FINTRAC report fields can be found here: Download Table

These changes include information that was not previously required to be collected by credit unions, such as:

  • “Purpose of transaction” (for LCTRs),
  • “Purpose of electronic funds transfer” (for EFTRs), and
  • Source of cash or source of funds.

For transactions that are performed online, additional fields will be required in EFTRs and STRs:

  • Type of device used by person who makes request online,
  • Number that identifies device,
  • Internet Protocol address used by device [mandatory field],
  • Person’s user name, and
  • Date and time of person’s online session in which request is made [mandatory field].

Additional “Know Your Client” information will be required in all reports (if on file). A selection follows:

  • Personal accounts: reports will include fields for alias, e-mail address, and name, address and phone number for the member’s employer.
  • Business accounts: reports will include fields for type and number of document or information used to identify an entity, information respecting ownership, control and structure of the entity, name of each beneficial owner, name, address, e-mail address and phone number for each director.
  • Trust accounts: reports will include fields for name, address, e-mail address and phone number of each trustee, name and address of each settlor of trust, name, address, e-mail address, and telephone number of each beneficiary of trust.

The 24-Hour Rule

The formula for calculating 24 hour reports for Large Cash Transaction Reports is being changed. If you use software to automatically detect these types of transactions, you should begin discussions with your IT department or software provider to determine the time and resources that would be required to update the detection process.

Currently, a Large Cash Transaction Report must be submitted either for single transactions of $10,000 (or more) or for multiple transactions of less than $10,000 each that add up to $10,000 or more in a 24 hour period. This can result in situations where 2 reports are filed for transactions taking place in a 24 hour period.

For example:

 

Cash deposit of $12,000 cash – LCTR #1 for $12,000

Cash deposits of $5,000 and $6,000 cash – LCTR #2 for $11,000

The new calculation will consider all cash deposits that add up to $10,000 or more in a 24 hour period to be included in a single report.

 

Using the same example above, under the new rules we would have:

Cash deposits of $12,000, $5,000 and $6,000 – Single LCTR for $23,000

Virtual Currency Reporting

If you offer (or plan to offer) accounts that hold virtual currencies such as bitcoin, you will be required to report the receipt or the sending of amounts of $10,000 or more in a virtual currency to FINTRAC in two new report types; “Report with Respect to Receipt of Virtual Currency” and “Report with Respect to Transfer of Virtual Currency.”

Third Party Determinations

Similar to the existing requirement to conduct a Third Party Determination during an LCTR, you will need to make a similar determination when you are required to report an incoming Electronic Funds Transfer or Receipt of Virtual Currency.

If you have separate fraud and AML teams, it may be worth considering whether or not the AML team should alert the fraud team to third parties, particularly where these don’t make sense, or where it appears that your member may be a victim of fraud.

Training Program

The amended regulations have introduced a requirement to institute and document a plan for ongoing compliance training. This differs from the current requirement to develop and maintain a written training program.

In practice, this means that in addition to documenting all of the training that has already been completed, you will need to clearly document future training plans.

Risk Assessment Updates

One of the deficiencies identified in the Financial Action Task Force (FATF) review of Canada was not having a requirement to assess new technologies before their launch. A proposed amendment would require credit unions to assess the risk related to assess the risk of products and their delivery channels, as well as the risk associated with the use of new technologies, prior to their launch.

This has been a best practice since the requirement to conduct a risk assessment came into force, but this change would make this a formal requirement. This may require closer cooperation between compliance officers and other teams involved in the development of new products or services.

Identification Methods

The range of identification methods that can be used will be broadened. This is good news, especially for credit unions that are using non-face-to-face identification methods.

Currently, there is a requirement that when members are identified using the dual process method, the document and/or data that you collect is in its “original” format. This has been interpreted to mean that if the member receives a utility bill in the mail, they must send you the original paper (not scanned or copied) document. The word “original” will be replaced with “authentic” (meaning that so long as you believe that the utility bill is a real utility bill for that person, it doesn’t need to be the same piece of paper that they received in the mail).

In addition, there are provisions that would allow a credit union to rely on the identification conducted previously by other reporting entities. If this method is used to identify a member, the credit union must immediately obtain the identification information from the other reporting entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification within 3 days of the request.

Public Comments

Public comments about the proposed changes will be accepted by the Ministry of Finance until September 9, 2018. They must be submitted in writing, as follows:

Attention: Lisa Pezzack

Director General, Financial Systems Division

Department of Finance

90 Elgin Street

Ottawa, Ontario, K1A 0G5

Email: fin.fc-cf.fin@canada.ca

If you have thoughts on the proposed changes, you should consider submitting these either directly to the Ministry of Finance, or through your Credit Union Central.

Need a Hand?

If you would like someone to look over your submission before you make comments to the Department of Finance, you can get in touch with us free of charge. We will look over your submission and make suggestions, without any cost to you. If you need a hand, please feel free to contact vCAMLO or Outlier.

 

Canada’s 2017 Budget & PCMLTFA Updates

Greetings fellow compliance geeks!

As you may know, Canada’s latest budget bill contains a number of amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). We’ve created a marked up version of the PCMLTFA to help you work through and understand the changes, and you can access it using the link below with this caveat: you are welcome to use and share this markup, but you may not charge money for access to it. Information should be free.

Yes, I get it, give me access!

If you prefer a copy of the markups in Microsoft Word, please contact us.

Analysis Notes

The biggest takeaway from these amendments is related to section 5 (e.1), which adds “trust companies incorporated or formed by or under a provincial Act that are not regulated by a provincial Act” as being federally regulated entities. This has been a loophole in Canadian legislation for a long time, and was called out in Canada’s most recent mutual evaluation by the Financial Action Task Force (FATF). If you’re company falls into this category, it’s time to start thinking about anti money laundering (AML) compliance. If you have business arrangements (clients, suppliers, etc.) that are unregulated provincial trusts, there are a few early steps that you might want to consider:

  • Re-assess the AML risk that these provincial trust companies pose;
  • Reach out to ask if they have a Compliance Officer and an AML program (in some cases, you will be pleasantly surprised); and
  • Consider whether or not additional controls are required to mitigate the risk posed.

The additional information that’s changing includes a lot of items that most us would consider housekeeping, like changing foreign country to foreign state in a number of places, and adding bullet points to what is considered “prescribed information:”

  • the name, address, electronic mail address and telephone number of every trustee and every known beneficiary and settlor of a trust referred to in paragraph (a);
  • the name, address, electronic mail address and telephone number of each person who owns or controls, directly or indirectly, 25 % or more of an entity referred to in paragraph (a), other than a trust; and
  • information respecting the ownership, control and structure of an entity referred to in paragraph (a).

The only piece there that will be new (at least in terms of requirements) is the “electronic mail address” (email) for beneficial owners. If you’re not already collecting this information, it’s time to think about how to get started. If you’re collecting the email address, but its optional, consider making it a required field.

The modifications also give the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) the ability to share information with the Department of National Defence and the Canadian Forces where there are reasonable grounds to believe that there is a threat. Presumably, this would include contexts like a terrorist attack on Canada. It’s somewhat surprising that this was not already in place.

There have also been changes to the things about which “the Governor in Council may, on the recommendation of the Minister, make any regulations that the Governor in Council considers necessary for carrying out the purposes and provisions of this Act, including regulations…” These are interesting in thinking about what may be next in line for additional regulation:

  • respecting dealing in virtual currencies;
  • respecting the keeping of records referred to in section 6;
  • respecting the verification of the identity of persons and entities referred to in section 6.1; (d) respecting the reports to the Centre referred to in section 7 and subsections 7.1(1) and 9(1);
  • respecting the determination of whether a person is a person described in any of paragraphs 9.3(1)(a) to (c);
  • respecting the measures referred to in subsections 9.3(2) and (2.1);
  • respecting the measures referred to in subsection 9.4(1);
  • respecting the program referred to in subsection 9.6(1);
  • respecting the special measures referred to in subsection 9.6(3);
  • respecting the registration referred to in sections 11.1 to 11.2;
  • respecting the reports referred to in subsection 12(1); and
  • prescribing anything that by this Act is to be prescribed.

The only truly interesting point here is dealing in virtual currency, which also came up in Bill C-31 which passed in 2014. This bill, also called the Economic Action Plan 2014 Act, No. 1, has not been fully implemented. Some of its provisions (including those specifically related to including dealing in virtual currency under the definition of money services businesses) are also being amended. In the markups, these changes are highlighted in blue rather than in yellow to distinguish between the two.

Finally, there is a change to the definition of a head of an international organization. This one seems a bit nitpicky to me, but if you’re in the process of updating your documentation for the changes that are coming into force in June of this year, you might want to consider this as well. Head of an international organization (HIO) means a person who, at a given time, holds — or has held within a prescribed period before that time — the office or position of head of an international organization that is established by the governments of states or the head of an institution of any such organization.

We’re Here To Help

If you have questions about these changes, the changes coming into force in June of this year, or AML compliance in general, please contact us.

FINTRAC’s 2016 Real Estate Brief

Quick Overview

A little over a month ago, FINTRAC published an operational brief for the Canadian real estate industry.  The brief was intended to assist reporting entities in meeting the obligations to report suspicious transactions or attempted suspicious transactions that related to potential money laundering or terrorist financing.  The publication provided some common indicators that may be present in a transaction that suggest money laundering or terrorist financing could be involved.

What Does it Mean?

The suspicious indicators provided by FINTRAC list circumstances or activities that might signal potentially illicit activity.  This does not mean that if one or more of the indicators are present that the transaction is definitely suspicious and must be reported to FINTRAC, it is meant to ensure that you are aware of the potential that suspicious activity may be taking place.  In that context, if you are involved in real estate transactions, you must be aware of the indicators in the brief.  If you do encounter a transaction that may be considered suspicious, you will need to collect additional information that will aid in your decision to report it or document why it was not considered suspicious.

What Now?

In order to ensure familiarity for anyone who interacts with customers and their transactions, the list of FINTRAC’s indicators should be included in your ongoing AML compliance training program.  Furthermore, the indicators should also be included in your procedure manuals, allowing easy access to the information.  Finally, the indicators should be incorporated into your Risk Assessment documentation.  Specifically, when determining customer risk and the controls used to effectively mitigate potential risks.

We’ve made it easier for you to integrate this content into your program by putting the indicators in a Word document for you.

Need a Hand?

Outlier has taken the list of indicators provided by FINTRAC and formatted them into an easy to use Microsoft Word document, which can be downloaded here: FINTRAC Indicators Specific to Real Estate Transactions.  This should allow companies within the real estate sector to easily update their documentation and ensure they are sufficiently monitoring for potentially suspicious activity.  If you aren’t sure what to do with this information and would like some assistance, please feel free to contact us.

Would You Recognize Real Estate Red Flags?

Rodney_FINTRACOn November 14th, 2016 FINTRAC released a brief for all reporting entities who may be involved in real estate transactions.  The briefing is intended as guidance to provide some examples of indicators that may be present in transactions that may suggest they are linked to money laundering or terrorist financing.  The indicators described have been taken from transactions suspected of being related to money laundering or terrorist financing reported internationally.  The briefing focuses on the potential risks and vulnerabilities within the real estate industry and provides suggestions on how to ensure reporting entities are sufficiently meeting suspicious transaction reporting obligations.

The briefing is meant to provide operational guidance given the small overall number of suspicious transactions that have been reported to FINTRAC by the Real Estate industry.  The briefing states that these indicators will be used by FINTRAC to assess compliance with your reporting obligations.  If you are a reporting entity that interacts with the real estate industry in one form or another, the indicators and scenarios outlined in this brief should be considered when updating your Risk Assessment and training materials.

To put things into perspective, though the actual size of the real estate market is difficult to determine precisely, CMHC has produced some statistics.  CMHC suggests that between 2003 and 2013 over $9 trillion of mortgage credits were negotiated and roughly 5 million sales took place through Multiple Listing Services (MLS).  In contrast, FINTRAC received only 127 Suspicious Transactions Reports (STRs) from real estate brokers, agents and developers and 152 by other types of reporting entities, such as banks and trust/loan companies.  To go a step further, in FINTRAC’s 2015 Annual Report, between April 1, 2014 and March 31, 2015, a total of 92,531 STRs were filed across all reporting entities.

 

re-strs-filed-vs-sales

This evidence supports FINTRAC’s assertion that operational guidance for the real estate industry is needed.

The indicators and examples covered in the brief outline numerous scenarios that may suggest that a transaction is related to a money laundering or terrorist financing offense.  It also speaks to how the appearance of legitimacy obfuscates the clarity of suspicious transactions and requires more than a just “gut feel”.  What is required is the consideration of the facts related to the transaction and their context.  Does the transaction with all the known factors, positive or negative, make sense?

 

What This Means to Your Business? 

First off, FINTRAC will be using the indicators provided to assess your compliance with reporting obligations.  This has a couple different applications.  The first being, does your AML compliance program documentation make reference to the suspicious indicators that are provided.  Basically, are staff aware of the elements that may be present in a transaction that would suggest money laundering or terrorist financing may be occurring?

Secondly, is there an oversight process to ensure if there are transactions that contain one or more of these indicators where an STR was not submitted, is reviewed?  If so, does the process ensure supporting evidence that the Compliance Officer reviewed the transaction and determined there were not reasonable grounds to suspect its relation to money laundering or terrorist financing?  When you encounter a transaction involving any of the indicators provided, it is very important that you collect as much information as possible to assist the Compliance Officer with their determination of whether there are reasonable grounds to suspect that a transaction, or attempted transaction, may be related to money laundering or terrorist financing.  Alternatively, even if none of the indicators provided by FINTRAC are present but we still feel there is “something off” about our customer’s transaction, speak with your Compliance Officer.  They will be able to provide some insight on additional information that may assist our decision.  Once you have collected any additional information you may still not feel comfortable, but this does not mean you cannot complete the transaction, but that you must be sure your Compliance Officer is provided with all the information, which includes our reason for the escalation, so that they can decide whether there are reasonable grounds to suspect it may be related to a money laundering or terrorist financing offense.  The Compliance Officer will document their decision and, if necessary, submit an STR to FINTRAC.

Need a Hand?

If you are a reporting entity that interacts with the real estate industry and would like assistance updating your AML compliance program documentation or simply have some questions, please contact us.

Sanctions This Week: July 25th – 29th, 2016

 

OSFISanctions Pic

There were no updates released from OSFI this week.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released four updates last week.  One update was related to the publication of Cuba-related Frequently Asked Questions (FAQ), covering some of the recent changes made to the sanctions that had previously been placed on Cuba.  Other updates included the removal of 12 individuals from the Counter Terrorism Designations List, the issuance of a Finding of Violation and the publication of Iran General License J.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

The update to the Cuba-related FAQs was for the issuance of a new FAQ (#38) and a revision of an existing FAQ (#39), relating to certain information collection and recordkeeping requirements for persons subject to U.S. jurisdiction who provide authorized carrier or travel services to or from Cuba for specifically licensed travelers.

The update to the Counter Terrorism Designations List included the removal of 12 individuals of Libyan origin who are currently residing in the UK.

The Finding of Violation was issued to Compass Bank, which uses the trade name BBVA Compass, for violations of the Foreign Narcotics Kingpin Sanctions Regulations. From June 12, 2013 to June 3, 2014, Compass maintained accounts on behalf of two individuals on OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”).

The final update of the week was related to OFAC issuing “General License J”, authorizing the re-exportation of certain civil aircraft to Iran on temporary sojourn and related transactions.

See the Cuba-related FAQ update on OFAC’s website.

See the Counter Terrorism Designations List update on OFAC’s website.

See the issuance of a Finding of Violation to Compass Bank on OFAC’s website.

See the Iran General License J details on OFAC’s website.

See OFAC’s recent actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Redlined PCMLTFR Updates (June 2016)

Amber with laptop logo on screen 2On June 29, 2016 updates to the Proceeds of Crime (Money Laundering) & Terrorist Financing Regulations (PCMLTFR) were published in the Canada Gazette. The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has also published updated guidance related to identification, and we expect more updated guidance in the coming weeks.

In order to make it easier for our friends, colleagues and customers to understand the changes, we have created a “redlined” version of the document that can be downloaded and used free of charge.

Our only stipulation for those that choose to use this document in any way is that we do not permit a fee to be charged for access to it, in whole or in part, via any medium… That’s a fancy way of saying that you can share it as much as you like, but you can’t charge money for it.

That said, we hope that this document saves you time and money – it’s the least we can do:

June 29 2016 PCMLTFR Updates Redlined

Need A Hand?

Changes will not come into effect until next year (2017). If you need assistance updating your anti-money laundering (AML) compliance program, please contact us.

 

Return to Blog Listing


PROCESSING...