Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

FINTRAC Identification Guidance

Background

On July 10th, 2019, the final amendments to Canada’s anti-money laundering (AML) regulations were published in the Canada Gazette.  One of the welcomed changes that came into force immediately upon publication was related to identification. On November 14th, 2019, FINTRAC published guidance related to “Methods to verify the identity of an individual and confirm the existence of a corporation or an entity other than a corporation.” This is good news considering the range of identification methods has been broadened, and a step forward in digital identification methods. The updated methods are designed to make it easier to identify customers that are not physically present.

As defined under the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), reporting entities have to identify their customers in certain situations (specific information on when customers need to be identified is outlined in FINTRAC’s guidance on “When to identify individuals and confirm the existence of entities”). The identification guidance outlines ways to verify the identity of an individual, and how to identify corporations or entities other than corporations (such as a partnership).

Identification Methods For Individuals

There are three ways in which an individual can be identified:

  • Government-issued photo identification method;
  • Credit file method; and
  • Dual-process method.

Government-Issued Photo Identification Method

Under this method, an organization can use an authenticvalid and current government-issued photo identification document, issued by either a federal, provincial or territorial government in order to be used to verify the identity of an individual. Foreign government-issued photo identification can be accepted if it’s equivalent to a Canadian document such as those listed in the guidance.

The photo identification document used to verify identity must:

  • indicate the individual’s name;
  • include a photo of the individual;
  • include a unique identifying number; and
  • match the name and appearance of the individual being identified.

If a customer is physically present, an organization can authenticate an identification document by looking at the characteristics on the physical document such as security features.

If the customer is not physically present, the authentication of the identification document must be determined by using technology capable of assessing the document’s authenticity. The guidance makes it clear that it is not sufficient to view a person and an identification document through video conference or similar. Meaning, a selfie while holding your driver’s license is not sufficient for identification purposes.

Whatever method is selected by an organization, the process to authenticate a photo identification document, and how the organization will confirm that it is authentic, valid and current, must be documented.

Credit File Method

Under this method, an organization can use valid and current information from a Canadian credit file to identify an individual.

The Credit File must:

  • be from a Canadian credit bureau (credit files from foreign credit bureaus are not acceptable);
  • have been in existence for at least three years; and
  • match the name, address and date of birth that the individual provided.

To rely on a credit file, the search must be completed at the time an organization is verifying the individual’s identity, and can be completed via an automated system or the use of a third party vendor.

When using the Credit File method, organizations must keep a record of the following information:

  • the individual’s name;
  • the date they consulted or searched the credit file;
  • the name of the Canadian credit bureau or third party vendor holding the credit file; and
  • the individual’s credit file number.

The guidance clarifies that sometimes information found within the credit file may contain variations of the name or address provided by a customer. In these cases, it’s up to the organization to determine whether the information in the credit file is a match to the information collected from the individual.

Dual-Process Method

Under this method, an organization can use valid and current information from two reliable sources. Under the dual-process method, an organization can verify an individual’s identity by referring to any two of the following options:

  • information from a reliable source that includes the individual’s name and address;
  • information from a reliable source that includes the individual’s name and date of birth; or
  • information that includes the individual’s name and confirms that they have a deposit account, credit card or other loan account with a financial entity.

In order to qualify as reliable, the sources should be well-known and considered reputable. There must be two sources providing the information, and the information cannot come from the individual whose identity is being verified, nor can it come from the organization doing the verification. For example, reliable and independent sources can be the federal, provincial, territorial and municipal levels of government, crown corporations, financial entities or utility providers.

A Canadian credit file can be used as one of the two sources required to verify the identity of an individual. so long as the credit file has been in existence for at least six months.

The organization must keep a record of the following:

  • the individual’s name;
  • the date they verified the information;
  • the name of the two different sources that were used to verify the identity of the individual;
  • the type of information consulted (for example, utility statement, bank statement, marriage licence); and
  • the number associated with the information (for example, account number or if there is no account number, a number that is associated with the information, which could be a reference number or certificate number, etc.).

Identification Methods For Organizations

The guidance details how to confirm the existence of a corporation, or an organization that is not a corporation. This can be done by referring to a paper or electronic record that was obtained from a source that is accessible to the public such as:

  • For corporations:
    • its certificate of incorporation;
    • a certificate of active corporate status;
    • a record that has to be filed annually under provincial securities legislation; or
    • any other record that confirms the corporation’s existence, such as the corporation’s published annual report.
  • For organizations that are not corporations:
    • a partnership agreement;
    • articles of association; or
    • any other record that confirms its existence as a legal entity.

If an organization refers to a publicly accessible electronic record to confirm the existence of a corporation or of an entity other than a corporation, a record must be retained including the corporation/entity’s registration number and the source of the electronic version of the record. If a paper record is used, a copy should be retained. At a minimum, for all organization types, an organization must collect and keep a record of the following:

  • their full legal name;
  • the organization’s structure;
  • the organization’s principal business;
  • the organization’s physical address; and
  • information about the organization’s directors and beneficial owners.

Other Identification Considerations

The guidance details how a domestic or foreign affiliate, an agent or a mandatary can be used to verify the identify of a customer. If this method is used, it is important for organizations to remember that, legally, they are responsible for verifying a customer’s identity, even though they are relying on someone else to do it. Organizations should obtain the identification information from the other entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification as soon as feasible.

The guidance details how to identify children under 12 years of age (organizations must verify the identity of a parent, guardian, or tutor) and how to identify children between the ages of 12 and 15. For this age range, organizations can verify identity by using one of the prescribed methods to verify an individual’s identity and where not possible, relying on certain  information from the child’s parent, guardian, or tutor, and information that includes the child’s name and date of birth.

The guidance also reminds organizations that while the personal information that they are collecting is protected by the Personal Information Protection and Electronic Documents Act (PIPEDA), personal information that is required to be included in reporting to FINTRAC does not have to be disclosed to the Office of the Privacy Commissioner of Canada. It is important that organizations remember that safeguarding is a key consideration for all personal information collected in the normal course of business.

Conclusion

The most significant change for identification standards is related to the Government-Issued Photo Identification Method. A wording change from “original” to “authentic”, that was found in the prior version of the regulations, now allows for scanned copies of documentation, so long as it can be authenticated. It is noteworthy that the guidance gives clarity to all methods that can be used. Where further clarity is warranted, organizations can contact FINTRAC for a policy position related to the identification guidance. This can be done free of charge by emailing guidelines-lignesdirectrices@fintrac-canafe.gc.ca. This can also be done on a no-names basis by a lawyer or consultant on your behalf.

We’re Here To Help

If you have questions related to the identification changes, or need help updating your identification processes, you can get in touch using the online form on our website, by emailing us at info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Foreign Money Services Business in Canada

Background

On July 10, 2019 the highly anticipated final amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were released in the Canada Gazette. With this round of changes, Foreign Money Services Businesses (MSBs) will be subject to Canadian AML obligations.  This article is intended to give a high-level summary of the requirements as they relate to Foreign MSBs.

While foreign MSBs will have until June 1, 2020 to become compliant with Canadian requirements, it is highly recommended that you start budgeting and planning from now. It is expected that our regulator, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), will allow foreign MSBs to register ahead of this date.

Note this article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

What Is A Money Services Business?

MSBs are considered reporting entities under the law in Canada.  This means that they must comply with certain requirements and answer to their regulator.  You are a money services business (MSB) in Canada if your business offers any of the following services to the public:

  • Foreign exchange dealing;
  • Remitting or transmitting funds;
  • Issuing or redeeming money orders, traveller’s cheques and other negotiable instruments;
  • Dealing in virtual currencies.

In the past, foreign MSBs only had to comply with Canadian AML requirements if they had a “real and substantial connection” to Canada. A “real and substantial connection” was defined in FINTRAC policy interpretations as having one or more of the following statements be true:

  • Is the business incorporated in Canada;
  • Does the business have agents in Canada;
  • Does the business have physical locations in Canada; and/ or
  • Does the business maintain a bank account or a server in Canada.

As part of the recent AML amendments, foreign businesses that conduct any of the above transactions, and your services are directed to persons in Canada, Canadian AML obligations will apply.  You will need to be aware of the requirements under Canadian law as they apply to their Canadian customers.

Compliance Program

Under regulation, you will be required to have an anti-money laundering (AML) and counter terrorist financing (CTF) program that consists of these five elements:

  • Written policies and procedures: these list your responsibilities under Canadian law, and what you are doing to meet them.
  • A documented Risk Assessment: a document that describes and assesses the risk that your business could be used to launder money or finance terrorism.
  • The appointment of a Compliance Officer: the person who is ultimately responsible to develop and maintain your Canadian AML and CTF compliance program. Note the person appointed does not have to be located in Canada.
  • AML Compliance Effectiveness Reviews: testing and reporting completed at least every two years that assesses how well your compliance program is working.
  • Training: A documented training plan, and conducting, at least annually, testing to ensure that staff understands their roles and responsibilities as it relates to Canadian law.

Operational Compliance

In addition to a documented program, you will need to ensure you operate in a compliant manner with various requirements as it relates to your Canadian customers. This includes:

  • Collecting and recording client identification information;
  • Know your customer (KYC) information;
  • Reporting certain types of transactions to regulators and government agencies;
  • Maintaining appropriate registration and licensing; and
  • Keeping records.

Client Identification

As an MSB, you will be required to identify Canadian customers in accordance with Canadian law. You must verify the identity of a person who requests the following:

  • requests that they issue or redeem money orders, traveller’s cheques or similar negotiable instruments in an amount of CAD 3,000 or more;
  • requests that they initiate an electronic funds transfer of CAD 1,000 or more;
  • requests that they exchange an amount of CAD 3,000 or more in a foreign currency exchange transaction;
  • requests that they transfer an amount of CAD 1,000 or more in virtual currency;
  • requests that they exchange an amount of CAD 1,000 or more in a virtual currency exchange transaction; or
  • is a beneficiary of an international electronic funds transfer of CAD 1,000 or more, or of a transfer of an amount of CAD 1,000 or more in virtual currency, to whom they make the remittance.

As part of the recent AML changes, the identification methods that can be used to verify identification have been updated and modernized. Previously, a document used to verify identity was required to be “original, valid and current”. You can now confirm the identity of a customer by relying on an identity document where it is “authentic, valid, and current”, meaning you can confirm identification using acceptable documents, presented in an electronic means, so long as it can be authenticated.

There are other methods to verify a customer’s identity, which include referring to their Canadian credit file (Equifax or TransUnion), provided it has been in existence for at least three years, or a dual process method which involves referring to information from two reliable and independent sources.

If the customer is an entity (a company, partnership, trust, etc.), then measures must be taken to confirm the entity’s existence and beneficial ownership. Certain details must be collected for directors, trustees, beneficiaries of trusts, and anyone that owns or controls 25% or more of an entity.

Registration

You must register as a Foreign MSB with FINTRAC before June 1, 2020. The process itself is relatively straightforward and begins with a pre-registration form. As part of this process, you must provide FINTRAC with complete information about your business, including:

  • Bank account information;
  • Information about your compliance officer;
  • Number of employees;
  • Incorporation information (if your business type is a corporation);
  • Information about your MSB’s owners and senior management, such as their name and date of birth;
  • An estimate of the expected total dollar amount of transactions per year for each MSB service you provide;
  • Detailed information about every branch; and
  • Detailed information about every Canadian MSB agent.

Once registered, the registration must be maintained, and you must:

  • Keep information up to date;
  • Respond to requests for, or to clarify, information in the prescribed form and manner, within 30 days;
  • Renew your registration before it expires; and
  • Let FINTRAC know if you stop offering MSB services to Canadians.

SCAM ALERT: There is no cost to register an MSB with FINTRAC – although we’ve heard of several scams claiming that there is a fee. Please ensure that you are only registering through valid FINTRAC sites, which will contain “fintrac-canafe.gc.ca” in the URL. If you have received a phishing email or other request to pay FINTRAC registration fees, we recommend reporting this to both the Canadian Anti-Fraud Centre and to FINTRAC directly.

Reporting

Foreign MSBs are required to report certain transactions to FINTRAC where Canadians are involved, regardless if the funds or the instructions to transfer funds involve Canada. Foreign MSBs will be required to report to FINTRAC the following transactions:

  • The receipt, from a person or entity in Canada, of CAD 10,000 or more in cash;
  • The initiation, at the request of a person or entity in Canada, of an EFT of CAD 10,000 or more, if the EFT is sent or is to be sent from one country to another;
  • The final receipt of an EFT of CAD 10,000 or more, if the EFT was sent from one country to another and the beneficiary is in Canada;
  • The receipt from a person or entity in Canada of CAD 10,000 or more in virtual currency;
  • Any suspicious or attempted suspicious transactions; and
  • Any terrorist property.

We’re Here To Help

If you are a foreign MSB that deals in virtual currency, please check out our blog. If you have any questions related to your compliance obligations in Canada, or need assistance in developing your Canadian AML compliance program, please get in touch!

Return to Blog Listing


PROCESSING...