Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Amending the Amendments!

Background

Back on July 10, 2019, the highly anticipated final version of the amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were published. However, on February 15, 2020, further proposed amendments to those amended regulations was published in the Canada Gazette. To make reading these changes a little easier, we have created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

The Regulatory Impact Statement for this round of proposed changes states the following: “The proposed amendments to the regulations would strengthen Canada’s AML/ATF Regime, align measures with international standards and level the playing field across reporting entities by applying stronger customer due diligence requirements and beneficial ownership requirements to designated non-financial businesses and professions (DNFBPs); modifying the definition of business relationship for the real estate sector; aligning customer due diligence measures for casinos with international standards; aligning virtual currency record-keeping obligations with international standards; clarifying the cross-border currency reporting program; clarifying a number of existing requirements; and making minor technical amendments”. The proposed amendments are expected to come into force on June 1, 2021.

As with all proposed changes, there is a comment period. This comment period is much shorter than the last one, at only 30 days. For anyone interested in commenting on the proposed changes, comments are to be addressed to Lynn Hemmings, Director General, Financial Crimes and Security Division, Financial Sector Policy Branch, Department of Finance, 90 Elgin Street, Ottawa, Ontario K1A 0G5 or email: fin.fc-cf.fin@canada.ca.

While these are proposed changes, guidance from FINTRAC related to the amendments to regulation would hopefully be seen ahead of the coming into force dates of the final version.

We have summarized what this could mean for your business below.

Money Services Businesses

PEP

The most significant proposed change for Money Services Businesses (MSB)s is related to Politically exposed persons (PEP) determinations. Currently, a PEP determination must be made for international EFTs of CAD 100,000 or more. The proposed regulations will require MSBs to make a PEP determination when the MSB enters into a business relationship with a person.

If you currently conduct list screening, PEP screening could easily be added to that process.

Dealers in Virtual Currency

Travel Rule

For dealers in virtual currency, there is an additional proposed requirement on top of the requirements that were published in the last round of AML changes.  The proposed amendments add the requirement for records to be kept for virtual currency transfers of CAD 1,000 or more.

The record must contain the following:

  1. include with the transfer, the name, address and, if any, the account number or other reference number of both the person or entity that requested the transfer and the beneficiary; and
  2. take reasonable measures to ensure that any transfer received includes the information referred to in paragraph (a) above.

If the information required is not obtained, a determination of whether the transaction should be suspended or rejected will need to be made.

Given the nature of virtual currency transfers, it will be interesting to see how this requirement plays out, as currently, there are no technology solutions (that we are aware of) that would solve for this.

A reminder that dealers in virtual currency will be considered MSBs as of June 1, 2020. Check out our blog post for a full list of regulatory requirements related to dealers in virtual currency.

Real Estate

Business Relationship

One of the most significant proposed changes for real estate developers, brokers and sale representatives is related to the definition of a business relationship. Currently, a business relationship is defined as:

If a person or entity does not have an account with you, a business relationship is formed once you have conducted two transactions or activities for which you have to:

  • verify the identity of the individual; or
  • confirm the existence of the entity.

The proposed amendments will change that definition for real estate developers, brokers and sale representatives to only one transaction.

For business relationships, a reporting entity must:

  • keep a record of the purpose and intended nature of the business relationship;
  • conduct ongoing monitoring of your business relationship with your client to:
    • detect any transactions that need to be reported as suspicious;
    • keep client identification and beneficial ownership information, as well as the purpose and intended nature records, up-to-date;
    • reassess your clients risk level based on their transactions and activities; and
    • determine if the transactions and activities are consistent with what you know about your client;
  • keep a record of the measures you take to monitor your business relationships and the information you obtain as a result.

We will have to wait for guidance to see how ongoing monitoring obligations applies to the real estate sector if this change takes effect.

PEP

The proposed amendments will require real estate developers, brokers and sale representatives to make a Politically exposed persons (PEP) determination when they enter into a business relationship (as defined above) with a client. In addition, they will also be required to take reasonable measures to determine whether a client from whom they receive an amount of CAD 100,000 or more is a PEP.

Beneficial Ownership

The proposed amendments will require real estate developers, brokers and sale representatives to comply with existing beneficial ownership requirements that apply to other reporting entities.

This means when identifying an entity, a reporting entity needs to collect the following for all Directors and individuals who own or control, directly or indirectly, 25% or more of the organization:

  • Their full legal name;
  • Their full home address; and
  • Their role and/or ownership stake in the organization.

Given the obligation is to obtain, rather than verify, such information, we do not expect this requirement to be overly burdensome for the real estate sector.

Dealers in Precious Metals and Stones

PEP

Dealers in Precious Metals and Stones (DPMS)s will be required to make a PEP determination when they enter into a business relationship with a client. In addition, a DPMS will be required to take reasonable measures to determine whether a person from whom they receive an amount of CAD 100,000 or more is a PEP.

A reminder that a business relationship is defined as:

If a person or entity does not have an account with you, a business relationship is formed once you have conducted two transactions or activities for which you have to:

  • verify the identity of the individual; or
  • confirm the existence of the entity.

Given the definition of a business relationship, we do not expect this requirement to be overly burdensome. If you currently conduct list screening, PEP screening could easily be added to that process.

Beneficial Ownership

The proposed amendments will required DPMSs to comply with existing beneficial ownership requirements that apply to other reporting entities.

This means when identifying an entity, a reporting entity needs to collect the following for all Directors and individuals who own or control, directly or indirectly, 25% or more of the organization:

  • Their full legal name;
  • Their full home address; and
  • Their role and/or ownership stake in the organization.

Given the obligation is to obtain, rather than verify, such information, we do not expect this requirement to be overly burdensome for the DPMS sector.

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch!

Regulations Amending the Regulations February 15, 2020- Redlined Versions

The following red-lined versions have been created to reflect the amendments to Canadian anti-money laundering (AML) regulations published in the Canada Gazette on February 15, 2020.

Redlined versions of all the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations are listed below for download.

These documents are not official versions of the regulations. Official versions can be found on the Government of Canada’s Justice Laws Website.

Regulations Amending the Regulations Amending Certain Regulations Made Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act

Please click the link below for downloadable PDF file.
Amending_the_Regulations_Amending_Certain_Regulations_Made_Under_the_Proceeds_of_Crime_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations

Please click the links below for downloadable pdf files.
PCMLTF_July_2019_Redlined_Full_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations

Please click the links below for downloadable pdf files.
PCMLTF_Suspicious_Transaction_Reporting_Regulations_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Registration Regulations

Please click the link below for a downloadable PDF file.
PCMLTF_Registration_Regulations_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations

Please click the link below for a downloadable pdf file.
PCMLTF_Administrative_Monetary_Penalties_Regulations_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Cross-Border Currency and Monetary Instruments Reporting Regulations

Please click the link below for a downloadable pdf file.
PCMLTF_Cross-Border_Currency_and_Monetary_Instruments_Reporting_Regulations_July_2019 – Redlined_Feb_2020

Need a Hand?
Whether you need to figure out if you’re a dealer in virtual currency, to put a compliance program in place, or to evaluate your existing compliance program, we can help. You can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Are Your Business Relationship Records Ready for FINTRAC?

This article is focused on business relationships that are not account-based (which means that if you are a financial institution or a securities dealer that only conducts transactions with your customers in the context of the accounts that they hold with you, you can skip this one).

Over the past few months, I have assisted some of my clients with their Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) examinations.  While I cannot generally answer questions on my clients’ behalf during these meetings, I can help them prepare for the examination, understand what the examiner is asking for, and redirect them if they stray off track (provided that they have signed an Authorizing_or_Cancelling_a_Representative form). While the businesses examined were quite different in size and complexity, their examinations have been similar, particularly when it came to questions about business relationships.  

For certain types of reporting entities, including money services businesses (MSBs), real estate businesses, and dealers in precious metals and stones (DPMSs) (which are the focus of this article), during each on-site review, the FINTRAC examiner requested a list of all the “Business Relationships” for the review period. Certain information was requested, which was the same in each instance, and included the following:

  • The purpose and intended nature of the business relationship (sometimes called PINBR for short);
  • The risk rating;
  • The date the reporting entity entered into a business relationship with the customer; 
  • The records of any ongoing monitoring (or enhanced measures for high risk business relationships) that has been conducted; and 
  • The last time the customer information was reviewed/updated.

In most cases, this information was not requested in advance.  This meant that it needed to be provided to the examiner while the examiner was on-site (typically a single business day).  For some reporting entities, obtaining this information was not something that their recordkeeping systems were set up to do easily.

Quick Review – What is a Business Relationship?

The Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) defines a Business Relationship as:

Any relationship with a client, established by a person or entity, to conduct financial transactions or provide services related to those transactions and, as the case may be,

(a) If the client holds one or more accounts with that person or entity, all transactions and activities relating to those accounts; or

(b) If the client does not hold an account, only those transactions and activities in respect of which that person or entity is required to ascertain the identity of a person or confirm the existence of an entity under these Regulations.

If you’re not entirely certain what that means, FINTRAC’s guidance on Business Relationship Requirements provides additional clarification:

You enter into a Business Relationship when you conduct two or more transactions where you have to:

    1. ID an individual; or
    2. Confirm the existence of an organization.

Specifically, conducting the following transactions or activities that require you to identify an individual or confirm the existence of an entity:

  • Remittances or transmissions of $1,000 or more (for MSBs);
  • Foreign currency exchange of $3,000 or more (for MSBs);
  • Issuing or redeeming negotiable instruments of $3,000 or more (for MSBs);
  • Large cash transactions (for all reporting entity types);
  • Suspicious transactions and attempted suspicious transactions (for all reporting entity types);
  • Activities which trigger a receipt of funds record (for Real Estate);
  • Virtual currency exchange transactions of $1,000 or more (for MSBs as of June 1, 2020);
  • Large Virtual Currency Transactions Reports (for all reporting entities as of June 1, 2020); and
  • Activities which trigger the creation of a client information record (it’s probably worth mentioning here that these will also trigger a third party determination):
    • Entering into an ongoing service agreement with a customer that is an entity (for MSBs); and/or
    • Entering into a purchase or sale agreement (for Real Estate).

In its simplest form, a business relationship means that a client or customer has done two things that cause identification requirements to be triggered.

Business Relationship Recordkeeping & Monitoring

When you establish a Business Relationship with a customer, you have three things to do.  

First, determine and record the “purpose and intended nature” of the Business Relationship. Some examples provided in the FINTRAC guidance are: 

For MSBs:

  • Foreign exchange for travel or purchase of goods; 
  • Funds transfers for family support or purchase of goods; 
  • Buying/cashing money orders or traveller’s cheques; 

For Real Estate businesses:

  • Purchasing or selling residential property;
  • Purchasing or selling commercial property;
  • Purchase or selling land for commercial use;

For DPMSs:

  • Purchasing or selling jewellery;
  • Purchasing or selling precious metals (for example, gold, silver, platinum, or palladium); and
  • Purchasing or selling precious stones (for example, diamonds, sapphires, emeralds, tanzanite, rubies, or alexandrite).

Next, you need to conduct ongoing monitoring of all Business Relationships, based on the level of risk.  This seems to be where the biggest stumbling blocks are for reporting entities. The purpose of ongoing monitoring is to ensure the following:

  • Detect any transactions that need to be reported as suspicious;
  • Keep identification and beneficial ownership information, as well as the purpose and intended nature records, up-to-date;
  • Reassess the risk level based on their transactions and activities; and 
  • Determine if the transactions make sense given the nature and purpose recorded.

It is not enough just to conduct the monitoring, you must be able to produce some type of record that proves that you’ve done the monitoring. The record should be specific about what was done, and what conclusions were drawn.

If there is something out of the ordinary, expect that the FINTRAC examiner will ask questions. For example, if a customer has indicated that the purpose and intended nature of the business relationship is “fund transfer for family support” but it is clear that payments are being made that are related to the purchase of goods, questions will be raised. It is expected that information about the purpose and intended nature of the business relationship is updated if it has changed – and that you will ask questions when the actual transaction patterns are different than what you expected.

It is this final step, keeping a record of the measures taken to monitor your business relationships and the information you obtain as a result, that is most crucial to successful examination results. 

The additional information collected about the customer is used to compare your expectations for that relationship, with the transactions that customer is conducting.  

Here are a few examples, broken down by industry:

MSBs

If the nature and purpose provided was foreign exchange for travel, does it make sense that the customer returns every other day with $2,700 in cash?   

DPMSs

If the nature and purpose provided was purchasing jewellery as a wedding gift, does it make sense that the customer returns every month on the same day to make a new purchase?

Real Estate

If the nature and purpose provided was the purchase of a first-time owner-occupied home, does it make sense that the customer purchases another owner-occupied home shortly after?  

In each of the scenarios above, it is quite clear that the activities don’t align with the nature and purpose of the business relationship collected. This doesn’t automatically make it suspicious, but certainly leaves some questions that need answering. When you question the customer about the discrepancy, be sure you’re taking notes.  This does not have to be a complete reiteration (though it can be), but simply a brief synopsis of the conversation, any additional information collected and/or adjustments made to the customer’s risk rating. It should be written in a way that would be clear to someone from outside of your business that is reading the notes two years later.

Recording these types of discussions is paramount to evidence that you’re meeting your ongoing monitoring obligations because, in the compliance world, if you can’t prove it… it never happened.

FINTRAC Exam Readiness Tool for Business Relationships

We’ve made a quick checklist to help you prepare for your FINTRAC examinations.

Question Response & Action Plan
Can I generate a list of my business relationships for the examination period?
Is there a risk rating recorded for each business relationship?
Do I have evidence of ongoing monitoring being conducted?
Do I have evidence of enhanced due diligence and enhanced transaction monitoring for high risk business relationships?
Do I have the date of when I entered in the business relationship with each customer?
Is there a record of the last time the customer information was reviewed and/or updated?

 

Need a Hand?

Outlier has created a FINTRAC Examination Preparation Package, and it can be downloaded for free here.  FINTRAC has also provided information on their assessment manual, which details the approach and methods it uses to conduct compliance examinations

For additional information, assistance, or a review of your FINTRAC Examination submission package (the information requested by FINTRAC for an examination), you can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.  At Outlier, we firmly believe that good compliance is good business.

Dealers In Virtual Currencies Can Pre-Register With FINTRAC

Last week, the Canadian Federal anti–money laundering agency, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), announced that money services businesses (MSBs) dealing in virtual currencies will be allowed to voluntarily register in advance of becoming reporting entities. All dealers in virtual currency are expected to register with FINTRAC by June 1, 2020.

The process of registration is relatively straightforward, beginning with a pre-registration form. In order to complete pre-registration, you simply need to provide full business and contact information. There is no cost to register an MSB with FINTRAC, although we’ve heard of several scams claiming that there is a fee. We also suggest that before you hire someone to assist, you try to complete the form on your own. 

To read more on the full registration details and all obligations that will apply to dealers in virtual currency beginning June 1, 2020, check out our blog 2019 AML Regulation Highlights for Dealers in Virtual Currency.

We’re Here To Help

Whether you need to figure out if you’re a dealer in virtual currency, put a compliance program in place, or evaluate your existing compliance program, we can help. You can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

FINTRAC Identification Guidance

Background

On July 10th, 2019, the final amendments to Canada’s anti-money laundering (AML) regulations were published in the Canada Gazette.  One of the welcomed changes that came into force immediately upon publication was related to identification. On November 14th, 2019, FINTRAC published guidance related to “Methods to verify the identity of an individual and confirm the existence of a corporation or an entity other than a corporation.” This is good news considering the range of identification methods has been broadened, and a step forward in digital identification methods. The updated methods are designed to make it easier to identify customers that are not physically present.

As defined under the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), reporting entities have to identify their customers in certain situations (specific information on when customers need to be identified is outlined in FINTRAC’s guidance on “When to identify individuals and confirm the existence of entities”). The identification guidance outlines ways to verify the identity of an individual, and how to identify corporations or entities other than corporations (such as a partnership).

Identification Methods For Individuals

There are three ways in which an individual can be identified:

  • Government-issued photo identification method;
  • Credit file method; and
  • Dual-process method.

Government-Issued Photo Identification Method

Under this method, an organization can use an authenticvalid and current government-issued photo identification document, issued by either a federal, provincial or territorial government in order to be used to verify the identity of an individual. Foreign government-issued photo identification can be accepted if it’s equivalent to a Canadian document such as those listed in the guidance.

The photo identification document used to verify identity must:

  • indicate the individual’s name;
  • include a photo of the individual;
  • include a unique identifying number; and
  • match the name and appearance of the individual being identified.

If a customer is physically present, an organization can authenticate an identification document by looking at the characteristics on the physical document such as security features.

If the customer is not physically present, the authentication of the identification document must be determined by using technology capable of assessing the document’s authenticity. The guidance makes it clear that it is not sufficient to view a person and an identification document through video conference or similar. Meaning, a selfie while holding your driver’s license is not sufficient for identification purposes.

Whatever method is selected by an organization, the process to authenticate a photo identification document, and how the organization will confirm that it is authentic, valid and current, must be documented.

Credit File Method

Under this method, an organization can use valid and current information from a Canadian credit file to identify an individual.

The Credit File must:

  • be from a Canadian credit bureau (credit files from foreign credit bureaus are not acceptable);
  • have been in existence for at least three years; and
  • match the name, address and date of birth that the individual provided.

To rely on a credit file, the search must be completed at the time an organization is verifying the individual’s identity, and can be completed via an automated system or the use of a third party vendor.

When using the Credit File method, organizations must keep a record of the following information:

  • the individual’s name;
  • the date they consulted or searched the credit file;
  • the name of the Canadian credit bureau or third party vendor holding the credit file; and
  • the individual’s credit file number.

The guidance clarifies that sometimes information found within the credit file may contain variations of the name or address provided by a customer. In these cases, it’s up to the organization to determine whether the information in the credit file is a match to the information collected from the individual.

Dual-Process Method

Under this method, an organization can use valid and current information from two reliable sources. Under the dual-process method, an organization can verify an individual’s identity by referring to any two of the following options:

  • information from a reliable source that includes the individual’s name and address;
  • information from a reliable source that includes the individual’s name and date of birth; or
  • information that includes the individual’s name and confirms that they have a deposit account, credit card or other loan account with a financial entity.

In order to qualify as reliable, the sources should be well-known and considered reputable. There must be two sources providing the information, and the information cannot come from the individual whose identity is being verified, nor can it come from the organization doing the verification. For example, reliable and independent sources can be the federal, provincial, territorial and municipal levels of government, crown corporations, financial entities or utility providers.

A Canadian credit file can be used as one of the two sources required to verify the identity of an individual. so long as the credit file has been in existence for at least six months.

The organization must keep a record of the following:

  • the individual’s name;
  • the date they verified the information;
  • the name of the two different sources that were used to verify the identity of the individual;
  • the type of information consulted (for example, utility statement, bank statement, marriage licence); and
  • the number associated with the information (for example, account number or if there is no account number, a number that is associated with the information, which could be a reference number or certificate number, etc.).

Identification Methods For Organizations

The guidance details how to confirm the existence of a corporation, or an organization that is not a corporation. This can be done by referring to a paper or electronic record that was obtained from a source that is accessible to the public such as:

  • For corporations:
    • its certificate of incorporation;
    • a certificate of active corporate status;
    • a record that has to be filed annually under provincial securities legislation; or
    • any other record that confirms the corporation’s existence, such as the corporation’s published annual report.
  • For organizations that are not corporations:
    • a partnership agreement;
    • articles of association; or
    • any other record that confirms its existence as a legal entity.

If an organization refers to a publicly accessible electronic record to confirm the existence of a corporation or of an entity other than a corporation, a record must be retained including the corporation/entity’s registration number and the source of the electronic version of the record. If a paper record is used, a copy should be retained. At a minimum, for all organization types, an organization must collect and keep a record of the following:

  • their full legal name;
  • the organization’s structure;
  • the organization’s principal business;
  • the organization’s physical address; and
  • information about the organization’s directors and beneficial owners.

Other Identification Considerations

The guidance details how a domestic or foreign affiliate, an agent or a mandatary can be used to verify the identify of a customer. If this method is used, it is important for organizations to remember that, legally, they are responsible for verifying a customer’s identity, even though they are relying on someone else to do it. Organizations should obtain the identification information from the other entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification as soon as feasible.

The guidance details how to identify children under 12 years of age (organizations must verify the identity of a parent, guardian, or tutor) and how to identify children between the ages of 12 and 15. For this age range, organizations can verify identity by using one of the prescribed methods to verify an individual’s identity and where not possible, relying on certain  information from the child’s parent, guardian, or tutor, and information that includes the child’s name and date of birth.

The guidance also reminds organizations that while the personal information that they are collecting is protected by the Personal Information Protection and Electronic Documents Act (PIPEDA), personal information that is required to be included in reporting to FINTRAC does not have to be disclosed to the Office of the Privacy Commissioner of Canada. It is important that organizations remember that safeguarding is a key consideration for all personal information collected in the normal course of business.

Conclusion

The most significant change for identification standards is related to the Government-Issued Photo Identification Method. A wording change from “original” to “authentic”, that was found in the prior version of the regulations, now allows for scanned copies of documentation, so long as it can be authenticated. It is noteworthy that the guidance gives clarity to all methods that can be used. Where further clarity is warranted, organizations can contact FINTRAC for a policy position related to the identification guidance. This can be done free of charge by emailing guidelines-lignesdirectrices@fintrac-canafe.gc.ca. This can also be done on a no-names basis by a lawyer or consultant on your behalf.

We’re Here To Help

If you have questions related to the identification changes, or need help updating your identification processes, you can get in touch using the online form on our website, by emailing us at info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

2019 AML Changes for MSBs

Background

On July 10th, 2019, the highly anticipated final amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were published. This article is intended to give a high-level summary of the amendments as specific to MSBs. If you’re the type that likes to read original legislative text, you can find it here. We also created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

It is expected that all regulated entities will have to significantly revamp their AML compliance program due to the amount of changes. There are three different “coming into force” dates that should be noted.

  • June 25, 2019: a wording change from “original” to “authentic” related to identification. This is welcomed news for digital identification.
  • June 1, 2020: changes related dealers in virtual currency (which do not apply to MSBs).
  • June 1, 2021: all other regulatory amendments.

While this does give regulated entities some time to get their AML compliance programs updated and in order, we recommend that you start budgeting and planning now.

Guidance from FINTRAC, related to the changes in regulation, is expected to be seen ahead of coming into force dates. Given the legislative changes, there will be changes to FINTRAC policy interpretations as well so be sure to monitor closely and save any interpretations that you may have used for due diligence purposes.

Hefty Disclaimer

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Foreign MSBs

In the past, foreign MSBs only had to comply with Canadian AML requirements if they had a “real and substantial connection” to Canada. A “real and substantial connection” was defined in FINTRAC policy interpretations as having one or more of the following statements be true:

  • Is the business incorporated in Canada;
  • Does the business have agents in Canada;
  • Does the business have physical locations in Canada; and/ or
  • Does the business maintain a bank account or a server in Canada.

The final amendments create obligations for foreign businesses that direct and provide certain services to people located in Canada, via the Internet. If you are a foreign MSB, check out our blog on full requirements as they relate to a foreign MSB with dealings in Canada.

What Does This Mean For My Business?

Changes to Canada’s AML regulations will have a direct impact on MSB AML obligations, including the following:

  • Customer identification;
  • Reporting; and
  • Compliance Program requirements.

While there are quite a number of changes, only some will have more of an impact on MSBs. We’ve summarized the changes that will impact MSBs below.

Customer Identification

Currently, there is a requirement that when customers are identified, the document and/or data that you collect must be in its “original” format. This has been interpreted to mean that if the customer receives a utility bill in the mail, they must send you the original paper (not scanned or copied) document. The final regulations replace the word “original” with “authentic”, and state that a document used for verification of identity must be “authentic”, valid and current. This would allow for scanned copies of documentation, and/or for software that can authenticate a person’s identification documents.

Other changes to the identity verification requirements are as follows:

  • A customer’s identity must be verified if they are the beneficiary of an international EFT of CAD 1,000 or more;
  • For credit file verification (single source) the credit file information must now be derived from more than one source; and
  • For the dual source method, when relying on a credit report as part of a dual source, the credit file must have been in existence for at least six months. Additionally, the person or entity that is verifying the information cannot be a source.

In addition, there are provisions that allow reporting entities to rely on the identification conducted previously by other reporting entities. If this method is used to identify a customer, the reporting entity must immediately obtain the identification information from the other reporting entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification as soon as feasible.

FINTRAC Reporting

Reporting EFTs of CAD 10,000 or More

If you conduct international remittance transactions at the request of your customers, the requirement to report transactions of CAD 10,000 or more will now be your responsibility, not your financial services provider.

The final amendments removes the language commonly known as the “first in, last out” rule. This means that the first person/entity to ‘touch’ the funds for a transaction incoming to Canada, or the last person/entity to ‘touch’ the funds for a transaction outgoing from Canada, had the reporting obligation (as long as the prescribed information was provided to them). The update will change the reporting obligation to whoever maintains the customer relationship. So, if you initiate a transaction at your customer’s request (outgoing transaction), or provide final receipt of payment to your customer (incoming transaction), it will be your obligation to report that transaction to FINTRAC.

Virtual Currency Reporting

If you conduct transactions involving virtual currencies such as bitcoin, you will be required to report the receipt, or the sending, of amounts of CAD 10,000 or more in a virtual currency transaction to FINTRAC. These are basically the same as Large Cash Transaction reporting obligations, including making a determination of whether the person is acting on behalf of a third-party. There will also be the requirement for reporting entities to maintain a Large Virtual Currency Transaction record.

For more information on the full scope of updates specific to virtual currency, please check out our full article here.

The 24-Hour Rule

The final regulations clarify that multiple transactions performed by, or on behalf of, the same customer or entity, or are for the same beneficiary, within a 24-hour period, are to be considered as a single transaction for reporting purposes when they total CAD 10,000 or more. This would mean that only one report would need to be submitted to capture all transactions that aggregate to CAD 10,000 or more. If you use software to automatically detect these types of transactions, you should begin discussions with your IT department or software provider to determine the time and resources that will be required to update the detection process.

For example, currently, a Large Cash Transaction Report must be submitted either for single transactions of CAD 10,000 (or more), or for multiple transactions of less than CAD 10,000 each that add up to CAD 10,000 or more in a 24-hour period. This can result in situations where two reports are filed for transactions taking place in a 24-hour period.

Cash deposit of CAD 12,000 – LCTR #1 for CAD 12,000

Cash deposits of CAD 5,000 and CAD 6,000 – LCTR #2 for CAD 11,000

Using the same example, under the new rules we would have:

Cash deposits of CAD 12,000, CAD 5,000 and CAD 6,000 – Single LCTR for CAD 23,000

We can expect to see guidance from FINTRAC ahead of the enforce date. If you have questions prior to this,  it is possible to write to FINTRAC to request a policy interpretation.

Suspicious Transaction Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction, or attempted transaction, is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. The revised regulations amended this to “’as soon as reasonably practicable’ after measures have been completed to establish that there are reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing”.

This would require reports to be submitted to FINTRAC shortly after a reporting entity conducts an analysis that established reasonable grounds for suspicion. It will be important to have detailed processes for unusual transaction investigations. It will be interesting to see how FINTRAC looks at this obligation during examinations.

Terrorist Property Reporting

A very small change (or clarification), related to Terrorist Property Reports, has been made in the final regulations. The timing requirement for filing has changed from “without delay” to “immediately”. This means regulated entities need to report that they are in possession of terrorist property as soon as they become aware.

Information Included in Reports to FINTRAC

Certain information is required in reports to FINTRAC. The final regulations introduce changes to reporting schedules, requiring more detailed information to be filed with FINTRAC then previously was required. Even where information is marked as being optional, if a reporting entity has the information, it becomes mandatory to include it. Some of the additional data fields are:

  • every reference number that is connected to the transaction;
  • type of device used by person who makes request online;
  • number that identifies device;
  • internet protocol address (IP address) used by device;
  • person’s or entity’s user name; and
  • date and time of person’s online session in which request is made.

These fields may require significantly more data to be included in reports, especially for transactions that are conducted online. Such changes may mean working with your IT folks to ensure you are retaining the needed data in a format that will be easy to extract.

For full details on what has changed for FINTRAC report fields, we have created unofficial redline which can be found here.

Ongoing Compliance Training

The amended regulations have introduced a requirement to document a plan for ongoing compliance training. This differs from the current requirement to develop and maintain a written training program.

In practice, this means that in addition to documenting all of the training that has already been completed, you will need to clearly document future training plans.

Risk Assessment Obligations

With the last round of AML changes, we saw the addition of “New Technologies and Developments” as a newly added category to the Risk-Based Approach requirements. This round of changes makes the next logical progression, which is the obligation to assess the money laundering and terrorist financing risk of any product, delivery channel or new technology before implementation. Meaning, if you are looking to take your business online and are going to use this fancy, new ID software, you had better take careful inventory and document where your risks are, and be sure the appropriate controls have been put in place, before going live but many MSBs have already implemented this best practice.

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch using our online form on our website, by emailing info@outliercanada.com or by calling us toll-free at 1-844-919-1623.

Foreign Money Services Business in Canada

Background

On July 10, 2019 the highly anticipated final amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were released in the Canada Gazette. With this round of changes, Foreign Money Services Businesses (MSBs) will be subject to Canadian AML obligations.  This article is intended to give a high-level summary of the requirements as they relate to Foreign MSBs.

While foreign MSBs will have until June 1, 2020 to become compliant with Canadian requirements, it is highly recommended that you start budgeting and planning from now. It is expected that our regulator, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), will allow foreign MSBs to register ahead of this date.

Note this article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

What Is A Money Services Business?

MSBs are considered reporting entities under the law in Canada.  This means that they must comply with certain requirements and answer to their regulator.  You are a money services business (MSB) in Canada if your business offers any of the following services to the public:

  • Foreign exchange dealing;
  • Remitting or transmitting funds;
  • Issuing or redeeming money orders, traveller’s cheques and other negotiable instruments;
  • Dealing in virtual currencies.

In the past, foreign MSBs only had to comply with Canadian AML requirements if they had a “real and substantial connection” to Canada. A “real and substantial connection” was defined in FINTRAC policy interpretations as having one or more of the following statements be true:

  • Is the business incorporated in Canada;
  • Does the business have agents in Canada;
  • Does the business have physical locations in Canada; and/ or
  • Does the business maintain a bank account or a server in Canada.

As part of the recent AML amendments, foreign businesses that conduct any of the above transactions, and your services are directed to persons in Canada, Canadian AML obligations will apply.  You will need to be aware of the requirements under Canadian law as they apply to their Canadian customers.

Compliance Program

Under regulation, you will be required to have an anti-money laundering (AML) and counter terrorist financing (CTF) program that consists of these five elements:

  • Written policies and procedures: these list your responsibilities under Canadian law, and what you are doing to meet them.
  • A documented Risk Assessment: a document that describes and assesses the risk that your business could be used to launder money or finance terrorism.
  • The appointment of a Compliance Officer: the person who is ultimately responsible to develop and maintain your Canadian AML and CTF compliance program. Note the person appointed does not have to be located in Canada.
  • AML Compliance Effectiveness Reviews: testing and reporting completed at least every two years that assesses how well your compliance program is working.
  • Training: A documented training plan, and conducting, at least annually, testing to ensure that staff understands their roles and responsibilities as it relates to Canadian law.

Operational Compliance

In addition to a documented program, you will need to ensure you operate in a compliant manner with various requirements as it relates to your Canadian customers. This includes:

  • Collecting and recording client identification information;
  • Know your customer (KYC) information;
  • Reporting certain types of transactions to regulators and government agencies;
  • Maintaining appropriate registration and licensing; and
  • Keeping records.

Client Identification

As an MSB, you will be required to identify Canadian customers in accordance with Canadian law. You must verify the identity of a person who requests the following:

  • requests that they issue or redeem money orders, traveller’s cheques or similar negotiable instruments in an amount of CAD 3,000 or more;
  • requests that they initiate an electronic funds transfer of CAD 1,000 or more;
  • requests that they exchange an amount of CAD 3,000 or more in a foreign currency exchange transaction;
  • requests that they transfer an amount of CAD 1,000 or more in virtual currency;
  • requests that they exchange an amount of CAD 1,000 or more in a virtual currency exchange transaction; or
  • is a beneficiary of an international electronic funds transfer of CAD 1,000 or more, or of a transfer of an amount of CAD 1,000 or more in virtual currency, to whom they make the remittance.

As part of the recent AML changes, the identification methods that can be used to verify identification have been updated and modernized. Previously, a document used to verify identity was required to be “original, valid and current”. You can now confirm the identity of a customer by relying on an identity document where it is “authentic, valid, and current”, meaning you can confirm identification using acceptable documents, presented in an electronic means, so long as it can be authenticated.

There are other methods to verify a customer’s identity, which include referring to their Canadian credit file (Equifax or TransUnion), provided it has been in existence for at least three years, or a dual process method which involves referring to information from two reliable and independent sources.

If the customer is an entity (a company, partnership, trust, etc.), then measures must be taken to confirm the entity’s existence and beneficial ownership. This means certain details must be collected for directors, trustees, beneficiaries of trusts, and anyone that owns or controls 25% or more of an entity.

Registration

You must register as a Foreign MSB with FINTRAC before June 1, 2020. The process itself is relatively straightforward and begins with a pre-registration form. As part of this process, you must provide FINTRAC with complete information about your business, including:

  • Bank account information;
  • Information about your compliance officer;
  • Number of employees;
  • Incorporation information (if your business type is a corporation);
  • Information about your MSB’s owners and senior management, such as their name and date of birth;
  • Certain information about the directors of the company and every person who owns or controls 20% or more.
  • An estimate of the expected total dollar amount of transactions per year for each MSB service you provide;
  • Detailed information about every branch; and
  • Detailed information about every Canadian MSB agent.

Once registered, the registration must be maintained, and you must:

  • Keep information up to date;
  • Respond to requests for, or to clarify, information in the prescribed form and manner, within 30 days;
  • Renew your registration before it expires; and
  • Let FINTRAC know if you stop offering MSB services to Canadians.

SCAM ALERT: There is no cost to register an MSB with FINTRAC – although we’ve heard of several scams claiming that there is a fee. Please ensure that you are only registering through valid FINTRAC sites, which will contain “fintrac-canafe.gc.ca” in the URL. If you have received a phishing email or other request to pay FINTRAC registration fees, we recommend reporting this to both the Canadian Anti-Fraud Centre and to FINTRAC directly.

Reporting

Foreign MSBs are required to report certain transactions to FINTRAC where Canadians are involved, regardless if the funds or the instructions to transfer funds involve Canada. Foreign MSBs will be required to report to FINTRAC the following transactions:

  • The receipt, from a person or entity in Canada, of CAD 10,000 or more in cash;
  • The initiation, at the request of a person or entity in Canada, of an EFT of CAD 10,000 or more, if the EFT is sent or is to be sent from one country to another;
  • The final receipt of an EFT of CAD 10,000 or more, if the EFT was sent from one country to another and the beneficiary is in Canada;
  • The receipt from a person or entity in Canada of CAD 10,000 or more in virtual currency;
  • Any suspicious or attempted suspicious transactions; and
  • Any terrorist property.

We’re Here To Help

If you are a foreign MSB that deals in virtual currency, please check out our blog. If you have any questions related to your compliance obligations in Canada, or need assistance in developing your Canadian AML compliance program, please get in touch!

2019 AML Regulation Highlights for Dealers in Virtual Currency

Back in June 2018, we published an article on proposed AML rules for dealers in Virtual Currency. On July 10th, 2019, updates to Canada’s anti-money laundering (AML) regulations were published in the Canada Gazette. There are three different “coming into force” dates (the dates on which the content of various updates become requirements for regulated entities). 

  • July 10, 2019: a small change in wording (from “original” to “authentic”) is good news for digital identification.
  • June 1, 2020: dealers in virtual currency must be registered as money services businesses (MSBs) and have AML compliance programs in place.
  • June 1, 2021: additional provisions, including reporting large virtual currency transactions.

This is a significant regulatory package with a lot of changes (the document is over 200 pages long). This article will cover the major points for dealers in virtual currency, but it’s important to remember that there is a lot of nuances and differences between business models. We recommend speaking to your local neighbourhood compliance geek about how to adapt to these changes (if you need a compliance geek, please get in touch).

It is also worth noting that tokens that are considered securities would not be considered virtual currencies. Securities and securities dealers were already regulated. If you’re not sure whether or not a token is a security, we recommend reaching out to a securities lawyer (if you need recommendations, please feel free to contact us). It is possible to be both a securities dealer and a dealer in virtual currencies, but if you are only looking for the changes pertinent to securities dealers, you will find those in another article.

Hefty Disclaimers & Sharing

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Dealers In Virtual Currency

It’s important to start by understanding what’s being regulated. This is best done by considering some of the definitions that have been added to the regulation.

fiat currency means a currency that is issued by a country and is designated as legal tender in that country. (monnaie fiduciaire)

funds means

(a) cash and other fiat currencies, and securities, negotiable instruments or other financial instruments that indicate a title or right to or interest in them; or

(b) a private key of a cryptographic system that enables a person or entity to have access to a fiat currency other than cash.

For greater certainty, it does not include virtual currency. (fonds)

virtual currency means

(a) a digital representation of value that can be used for payment or investment purposes that is not a fiat currency and that can be readily exchanged for funds or for another virtual currency that can be readily exchanged for funds; or

(b) a private key of a cryptographic system that enables a person or entity to have access to a digital representation of value referred to in paragraph (a). (monnaie virtuelle)

virtual currency exchange transaction means an exchange, at the request of another person or entity, of virtual currency for funds, funds for virtual currency or one virtual currency for another. (opération de change en monnaie virtuelle)

In terms of who will be regulated, businesses (whether or not the business is incorporated) that conduct transactions on behalf of their customers, including:

  • Exchanging digital currencies for fiat currencies; and 
  • Exchanging between virtual currencies.

This would include custodial wallet services that hold customers’ private keys on their behalf, as well as exchanges, brokerages, and automated teller machines (ATMs). The requirements apply to foreign and domestically based businesses. The inclusion of foreign MSBs means that it won’t matter where your business is incorporated. If you are targeting your services to Canadians, you are expected to comply with Canadian rules and you will need to be aware of requirements as they apply to your Canadian customers.

One of the most important notes in our view is “These amendments serve to mitigate the money laundering and terrorist activity financing vulnerabilities of virtual currency in a way that is consistent with the existing legal framework, while not unduly hindering innovation. For this reason, the amendments are targeted at persons or entities engaged in the business of dealing in virtual currencies, and not virtual currencies themselves.” It is expected that there will be additional updates to the regulations, and community consultations. During these processes, this distinction should remain an important one.

Digital Identification and “Authentic” Documents

Canadian businesses, such as MSBs, that are regulated for AML purposes must identify certain customers either because there is an ongoing service agreement, an account, or because the customer performs specific types of transactions. In these instances, the methods used to identify customers are prescribed in the regulations. Previously, there was a requirement that any document that was used in identification processes be “original”. A narrow view was taken of the definition of the word original: the document itself, in whatever form it was issued. No scans, copies or other digital representations were permitted. This was a significant challenge in non-face-to-face environments.

Effective on publication of the updates, the word “original” has been replaced with “authentic”. It’s important to keep in mind that while this does allow for documents to be submitted in a myriad of digital formats, there will be an expectation that reporting entities do something in order to determine whether or not the document is authentic. The regulations are not prescriptive in terms of how this will be done. We expect that a number of different solutions, ranging from having a human review documents, to using AI to make risk-based determinations, will be valid. If there are processes that you aren’t sure about, it is possible to write to FINTRAC to request a policy interpretation. We expect that FINTRAC will release updated guidance on identification, and issue many subsequent policy interpretations as the landscape evolves.

For customers that were previously identified, there is an expectation that the customer is identified in accordance with the rules that were in place at the time. Unfortunately, this means that if a customer was identified before the updated regulations were published, and an electronic version of a document was used, the identification may not be considered complete. It will be important for businesses to assess the processes that were in place at this point in time in order to make an accurate determination of whether or not the standards were being met.

Registering as a Money Services Business (MSB)

Although the legislation has been published, Dealers in Virtual Currency are not yet able to register as money services businesses (MSBs) with FINTRAC, Canada’s federal AML regulator and financial intelligence unit (FIU). The process is relatively straightforward, beginning with a pre-registration form. 

The FINTRAC registration process is generally very efficient (taking two to four weeks in total). As part of this process, you must provide FINTRAC with complete information about your business, including:

  • Bank account information;
  • Information about your compliance officer;
  • Number of employees;
  • Incorporation information (if your business type is a corporation);
  • Information about your MSB’s owners and senior management, such as their name and date of birth;
  • An estimate of the expected total dollar amount of transactions per year for each MSB service you provide;
  • Detailed information about every branch; and
  • Detailed information about every Canadian MSB agent.

You are not required to have locations or offices in Canada in order to register as an MSB with FINTRAC. Once registered, the registration must be maintained and you must:

  • Keep registration information up to date;
  • Respond to requests for, or to clarify information, in the prescribed form and manner, within 30 days;
  • Renew our registration before it expires; and
  •  Let FINTRAC know if we stop offering MSB services to Canadians

SCAM ALERT: There is no cost to register an MSB with FINTRAC – although we’ve heard of several scams claiming that there is a fee. Please ensure that you are only registering through valid FINTRAC sites, which will contain “fintrac-canafe.gc.ca” in the url. If you have received a phishing email or other request to pay FINTRAC registration fees, we recommend reporting this to both the Canadian Anti-Fraud Centre and to FINTRAC directly.

All dealers in virtual currency are expected to register with FINTRAC by June 1, 2020.

Building or Updating Your Compliance Program

MSBs in Canada are required to have a documented AML compliance program in place. In all instances, when something is a requirement it’s not enough to have done something to meet that requirement. Both your process and what you’ve actually done in order to meet the requirement must be documented. An AML compliance program has these elements:

  1. Compliance Officer: this is the person who will be responsible for your AML compliance program. They should understand Canadian AML requirements, be relatively senior in your company (access to your Board and Management team is necessary), and sign up to receive updates from FINTRAC.
  2. Policies and Procedures: these are documents that describe what you are required to do, and how you will do it. The processes should be an accurate description of what you are actually doing and detailed enough that a new hire could follow them.
  3. Risk Assessment: this is a document that considers the risk that your business could be used to launder money and/or finance terrorism. FINTRAC has released detailed guidance for MSBs to help create this type of document.
  4. Ongoing Training: any staff (including part-time and temporary staff) that deal with customers, transactions, and systems must receive training on a regular basis (this is generally interpreted to mean at least annually). It’s fine to rely on an external vendor, but your training should also include training on your processes.
  5. AML Compliance Effectiveness Reviews/Audits: every two years, you must complete a formal review of the effectiveness of your AML compliance program and operations. This can be conducted internally or by an external vendor.

In addition, to your documented program, you will need to ensure you operate in a compliant manner which includes, registering with FINTRAC, identifying customers under certain circumstances (more on this under customer identification), collect know your customer (KYC) information, keep records, and report certain transactions to FINTRAC.

All dealers in virtual currency are expected to have compliance programs in place and operational by June 1, 2020.

Customer Identification and Collecting KYC Information

For dealers in virtual currency, customer identification and the collection of KYC information will be required where virtual currency exchange transactions valued at CAD 1,000 or more are conducted. This will include exchanging fiat for virtual currency, as well as exchanges between virtual currencies.

Customers must also be identified, where possible if there are reasonable grounds to suspect that a transaction is related to money laundering or terrorist financing. When a transaction is suspicious, there is no minimum value threshold for identification.

Identification in this context must be completed in specific ways, each of which require particular records to be maintained. The chart below is from FINTRAC’s current customer identification guidance (which must be updated to reflect the change in wording from original to authentic, though other elements remain unchanged).

If the customer is an entity (a company, partnership, trust, etc.), then measures must be taken to confirm the entity’s existence and beneficial ownership. Certain details must be collected for directors, trustees, beneficiaries of trusts, and anyone that owns or controls 25% or more of an entity. This includes “indirect ownership” (such as ownership through another company).

There is also information about the customer that must be collected. For individuals, this includes name, date of birth, address, and occupation or principal business. For entities, this includes name, address, place of incorporation (if applicable), and incorporation number (if applicable). 

All dealers in virtual currency are expected to have processes in place to identify customers and collect KYC information by June 1, 2020.

FINTRAC Reporting

For reporting, there are two important dates. By June 1, 2020, dealers in virtual currency will need to report the same types of transactions that MSBs are currently required to report. These are:

  • Large Cash Transactions: if you receive cash (this means fiat in the form of bills and/or coins) valued at CAD 10,000 or more in the same 24-hour period, by or on behalf of the same customer, it must be reported to FINTRAC within 15 calendar days. 
  • Suspicious Transactions: if there are reasonable grounds to suspect that a transaction is related to money laundering or terrorist financing, it must be reported to FINTRAC within 30 calendar days of the discovery of a fact that led you to determine that the transaction was suspicious.
  • Attempted Suspicious Transactions: if a customer or prospective customer requests a transaction, but does not complete it (including transactions that you reject), and there are reasonable grounds to suspect money laundering or terrorist financing, then it must be reported. The timeframe is the same as it would be for completed transactions.
  • Terrorist Property: if you’re in possession of property (which includes funds and virtual currency) that belong to a terrorist or terrorist group, it must be reported without delay, and the property must be frozen. In addition to reporting to FINTRAC, these reports are also sent to the CSIS and RCMP – by fax. In order to know if customers fall into this category, it is important to screen against lists published by OSFI. We’ve worked with some friends on a tool to make this easier, which you can try here (use the code Free100 for a free trial).
  • Electronic Funds Transfers: if you send or receive international electronic funds transfers (EFTs), including wires, valued at CAD 10,000 or more, by or on behalf of the same customer, it must be reported to FINTRAC within 5 working days.

If you are required to report transactions valued at CAD 10,000 or more in a 24-hour period, you must have a mechanism in place to detect reportable transactions.

It’s noteworthy that if you are conducting international EFTs on your customers’ behalf, you may already be an MSB. The best way to know for certain, in our opinion, is to request a policy position from FINTRAC. This can be done free of charge by emailing guidelines-lignesdirectrices@fintrac-canafe.gc.ca. This can also be done on your behalf by a lawyer or consultant.

By June 1, 2021, a new report will be introduced.

  • Large Virtual Currency Transactions: if you receive virtual currency valued at CAD 10,000 or more in the same 24-hour period, by or on behalf of the same customer, it must be reported to FINTRAC within 5 working days.

There will be some additional changes to reporting and reporting timelines, including the requirement to report suspicious and attempted suspicious transactions “as soon as practicable” after you have determined that there are reasonable grounds to suspect that the transaction is related to money laundering or terrorist financing.

For Extreme Compliance Nerds

We clearly mean nerd as the highest term of admiration and endearment, and for you, we have created red-lined versions of the regulations, with new content showing as tracked changes. This is not an official version of the regulations, and we do, of course, recommend that you check it against the official version.

Need a Hand?

Whether you need to figure out if you’re a dealer in virtual currency, to put a compliance program in place, or to evaluate your existing compliance program, we can help. You can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Now We Wait… Canada’s Proposed AML Updates

As of last Friday (September 7, 2018) the comment period for Canada’s draft AML amendments has closed (if you have something to say, they’ll likely still accept submissions for a few more days).

TLDR?

Check out our summary here, or this panel digging into the details.

Want to read our submissions? Here they are!

2018Sep07_OutlierCanada Submission to Finance

2018Sep07_Apendix_SurveyResults

What Now?

The Department of Finance is going to head back to the Bat Cave to revise the policy. We expect that a final version will be published at some point in 2019, and that the content will include “dealing in virtual currency” (including businesses like bitcoin exchanges).

Once the final version is published, there will be a transition period (we expect a year or more) before everything is in force. In the meantime, if you’re expecting to be considered a money services business (MSB) when the final version is published, we recommend checking out some of the community events for MSBs, like the Canadian MSB Association (CMSBA)’s Fall Conference in Toronto.

We’re Here To Help

If you have questions about virtual currency and regulation in Canada, or regulation in Canada in general, please contact us.

Canada’s Proposed AML Changes for MSBs

What’s Old is New Again, Well Updated

On June 9th, 2018, draft amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations (there are five separate regulations that we’re going to collectively call regulations here for simplicity’s sake). This article is intended to give a high-level summary of the proposed amendments as they relate to Money Services Businesses (MSBs).

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Finally, we want to encourage the community to discuss the proposed changes and submit meaningful feedback for policy makers. The comment period for this draft is 90 days. After this, the Department of Finance takes the feedback to the bat cave and drafts a final version of the amendments. From the time that the final version is published, the draft indicates that there will be 12 months of transition to comply with the new requirements.

♬The Times Regulations Are Changing♬

Foreign MSBs

Currently, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has issued a policy interpretation (PI-5594) in August of 2013, which states that a “real and substantial connection” to Canada must be present for an entity to be required to register as an MSB with FINTRAC.  A “real and substantial connection” was defined in the interpretation as having one or more of the following:

  • Whether the business is incorporated in Canada;
  • Whether the business has agents in Canada;
  • Whether the business has physical locations in Canada; and/ or
  • Whether the business maintains a bank account or a server in Canada.

The draft amendments introduce a new definition, which is “Foreign Money Services Business” that means anyone serving Canadian customers or entities in Canada is now subject to all Canadian requirements no matter where they are located.  Throughout the proposed changes, where there is a reference to money services businesses, there is also a reference to foreign money services businesses.  This will be significant to MSBs who operate non-face-to-face in the online marketplace and do not reside in Canada.

Non-Face-To-Face Customer Identification

Currently, there is a requirement that when customers are identified using the dual process method, the document and/or data that you collect is in its “original” format. This has been interpreted to mean that if the customer receives a utility bill in the mail, they must send you the original paper (not scanned or copied) document. The word “original” will be replaced with “authentic” (meaning that so long as you believe that the utility bill is a real utility bill for that person, it doesn’t need to be the same piece of paper that they received in the mail).

In addition, there are provisions that would allow reporting entities to rely on the identification conducted previously by other reporting entities. If this method is used to identify a customer, the reporting entity must immediately obtain the identification information from the other reporting entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification within 3 days of the request.

Reporting EFTs of $10,000 or More

If you conduct international remittance transactions at the request of your customers, the requirement to report transactions of $10,000 or more will now be your responsibility, not your financial services provider.

The proposed change removes the language commonly known as the “first in, last out” rule.  This means that the first person/entity to ‘touch’ the funds for transactions incoming to Canada or the last person/entity to ‘touch’ the funds for a transaction outgoing from Canada had the reporting obligation (as long as the prescribed information was provided to them).

The update will change the reporting obligation to whoever maintains the customer relationship. So if you initiate a transaction at your customer’s request (outgoing transaction) or provide final receipt of payment to your customer (incoming transaction), it will be your obligation to report that transaction to FINTRAC.

For example, if the flow of the instructions for payment were as follows:

Currently, the reporting obligation of the outgoing EFT would fall to the bank in Canada.  With the draft updates, the reporting obligation would now fall to the MSB in Canada, because they have the relationship with the customer initiating the transaction.

 

Third Party Determination

Currently, the obligation to determine whether a third party is involved in a transaction relates to Large Cash Transactions.  The proposed changes would include the obligation to make a third party determination for all EFTs of $10,000 or more.  This would also require similar record keeping obligations as a third party determination under the current Large Cash Transaction records.

Suspicious Transaction Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. This change appeared in the last round of amendments that came into force last year, and the proposed new wording would be another significant change:

The person or entity shall send the report to the Centre within three days after the day on which measures taken by them enable them to establish that there are reasonable grounds to suspect that the transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist activity financing offence.

This means that a report would be due three days after the reporting entity conducts an investigation or does something that allows them to reach the conclusion that there are reasonable grounds to suspect.

Information Included In Reports to FINTRAC

Certain information is required in reports to FINTRAC. Even where information is marked as being optional, if a reporting entity has the information, it becomes mandatory to include it. Some of the additional proposed data fields are:

  • every reference number that is connected to the transaction,
  • type of device used by person who makes request online,
  • number that identifies device,
  • internet protocol address (IP address) used by device,
  • person’s user name, and
  • date and time of person’s online session in which request is made.

These fields may require significantly more data to be included in reports, especially for transactions that are conducted online.

Ongoing Compliance Training

Currently, there are five required elements of a Canadian AML compliance program, but there is soon to be a sixth.  Before you get too worried, it’s not that major.  The change is specific to your ongoing compliance training obligations, which says you must institute and document a plan for your ongoing compliance training program and the delivery of the training.  Basically, in your AML compliance program documentation, you need to provide a description of your training program for at least the next year and how the training will be delivered. Many MSBs have already implemented this best practice.

Risk Assessment Obligations

With the recent addition of the “New Technologies and Developments” category to the Risk-Based Approach requirements, the next logical progression has be added.  The updates include the obligation to assess the money laundering and terrorist financing risk of any new technology before implementation.  Meaning, if you are looking to take your business online and are going to use this fancy, new non-face-to-face ID system, you had better take careful inventory of where your risks are and be sure the appropriate controls have been put in place before going live. Much like the training plan, many MSBs have already implemented this best practice.

Virtual Currency

The draft updates also include major changes related to virtual currency. “Dealers in virtual currencies’ would be regulated as MSBs. New record keeping and reporting obligations would apply to all reporting entities that accept payment in virtual currency, or send virtual currency on behalf of their customers.

For more information on updates specific to virtual currency, please check out our full article.

What Next

If you’ve read this far, congratulations and thank you!

We hope that you will contribute your thoughts and comments. You can do this by contacting the Department of Finance directly. Their representative on this file is:

Lynn Hemmings

Acting Director General

Financial Systems Division

Financial Sector Policy Branch

Department of Finance

90 Elgin Street

Ottawa, Ontario

K1A 0G5

Email: fin.fc-cf.fin@canada.ca

If you would like assistance drafting a submission, or have questions that you would like Outlier to answer, please get in touch!

If you are interested in sharing your comments with the Canadian MSB Association (and we highly encourage you to do so) please email luisa@global-currency.com. She will have more information on the industry group’s submission and consultation process.

Return to Blog Listing


PROCESSING...