PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Sanctions This Week: March 21-27, 2016

Rodney_Money_Clothesline4OSFI

There were no updates released from OSFI this week.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released two updates last week, related to the Zimbabwe, Counter-Terrorism and Non-Proliferation Designation Lists.  A total of three individuals and six entities were added to the respective lists.  OFAC also released the publication of Iran-related General License I and related FAQs.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.  All of the additions mentioned above were related to aviation, the names added were either connected to an avionics regime, or were the entity under which they were operating.  As for the Iran-related updates, in order to allow for more efficient processing of applications under the Statement of Licensing Policy for Activities Related to the Export or Re-export to Iran of Commercial Passenger Aircraft and Related Parts and Services, OFAC has issued General License I: Authorizing Certain Transactions Related to the Negotiation of, and Entry into, Contingent Contracts for Activities Eligible for Authorization Under the Statement of Licensing Policy for Activities Related to the Export or Re-export to Iran of Commercial Passenger Aircraft and Related Parts and Services.  OFAC also updated the Frequently Asked Questions Relating to the Lifting of Certain U.S. Sanctions under JCPOA.

See the Zimbabwe update on OFAC’s website.

See the Counter-Terrorism and Non-Proliferation update on OFAC’s website.

See OFAC’s recent actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

 

Sanctions This Week: February 22-28, 2016

OSFI

On February 23rd, 2016, the Office of the Superintendent of Financial Institutions (OSFI) released the United Nations Security Council (UNSC) ISIL (Da’esh) and Al-Qaida Sanctions Committee’s update, underscoring recent information updates on five individuals.

The five individuals are subject to the assets freeze, travel ban and arms embargo set out in paragraph 2 of Security Council resolution 2253 (2015) adopted under Chapter VII of the Charter of the United Nations.  All of the updates relate to their most recent known location, 4 of which being, prison.  The final was a ‘last known address’ update for a Tunisian individual, though he was reported as ‘in detention’ in Tunsia, as at December 2009.

See the update on the United Nations (UN) website.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released two updates last week, but both related to settlement of alleged enforcement actions, or civil penalties related to alleged violations of the Cuban Assets Control Regulations (CACR).  The enforcement actions were on two entities, CGG Services S.A., formerly known as CGGVeritas S.A. (CGG France) and Halliburton Atlantic Limited (HAL) on behalf of itself and its affiliate, Halliburton Overseas Limited (HOL).

See OFAC’s recent actions page.

CGG France has agreed to pay $614,250 USD for numerous alleged violations of Cuban Sanctions, when they exported spare parts and other equipment from the United States to M/V Amadeus while the vessel operated in Cuba’s territorial waters.

See the update on OFAC’s website.

The enforcement actions against HAL were for alleged violations of Cuban Sanctions, by dealing in property in which Cuba, or a Cuban national, had an interest when they exported goods and services in support of oil and gas exploration and drilling activities within the Cabinda Onshore South Block oil concession in Angola. HAL knew, or should have known, they were dealing in property in which Cuba had an interest. HAL issued 19 invoices to the Consortium operator Cupet, a company with headquarters in Angola, related to these goods and services, and HAL primarily performed the services which were invoiced. OFAC determined that the alleged violations were voluntarily self-disclosed and constituted a non-egregious case. The total transaction value of the alleged violations was $1,189,752 USD. The statutory maximum civil monetary penalty for the alleged violations was $1,235,000 USD and the base penalty amount for the alleged violations was $423,202 USD.  HAL has agreed to pay $304,706 USD.

See the update on OFAC’s website.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Suspicious Transaction Reporting in 2015

Preparing for a FINTRAC examination

At the Canadian Institute’s 14th Annual AML Forum, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) reviewed its expectations for suspicious transaction reporting. FINTRAC emphasized that suspicious transaction reports (STRs) are vital to the agency’s mandate as Canada’s financial intelligence unit (FIU) and ongoing collaboration with law enforcement agencies. While reporting entities (REs) in Canada have been required to report transactions for quite a few years, we’ve had many questions from REs about what FINTRAC expects and looks for in examinations. FINTRAC’s most recent guidance is useful in tuning your technology, enhancing your processes, and asking the right questions at industry association meetings.

What is FINTRAC Looking for in STRs?

When FINTRAC conducts compliance examinations, they will be applying three tests to STR data, including:

  1. Entity Practitioner: FINTRAC will look for transactions that are similar to those involved in STRs that you have reported. If there are similar transactions or transaction patterns that have not been reported to FINTRAC, there should be an explanation for the difference. Where possible, this explanation should be documented.
  2. Sector Practitioner: FINTRAC will compare the number and type of STRs submitted by similar entities. The size and type of business are taken into consideration.
  3. Reasonable Practitioner: FINTRAC will analyze a sample of reported STRs and unreported transactions against relevant guidance. In this case, relevant guidance means the suspicious transaction indicators from FINTRAC’s Guideline 2 that are applicable to your business.

These are terms that we’re likely to hear more about over the coming months, and there are compliance program adjustments (most of them relatively simple) that can be made to ensure that you’re meeting this standard.

Tune Your Technology

Amber looking at laptop FINTRAC screen

Most REs use software solutions to detect potentially suspicious transactions. Almost all transaction monitoring software uses some type of rules-based system to determine when alerts should be generated. These rules should, at minimum, reflect the indicators that are applicable to your business. Not all of the indicators from FINTRAC’s Guideline 2 will be applicable to your business. Where possible, you should document the decisions that you make about your transaction monitoring rules, including the rationale for those decisions.

The most sophisticated software platforms have machine learning functions. These can take the decisions that have been made about previous alerts and use this information to refine how the program works. For example, if a particular pattern of transactions was deemed to be suspicious, the program may look for similar patterns.

If you’re not using software that does this on its own, don’t panic. You can review the STRs that you’ve submitted to FINTRAC to determine whether your transaction monitoring rules are tuned to reflect the types of money laundering and terrorist financing threats that you’ve previously encountered. This should be done on a regular basis (for example, as part of your Risk Assessment updates). If you have an STR that is related to a pattern that you don’t have a rule to cover, you may want to do this sooner, rather than waiting for the next scheduled update.

Train Your Staff

Training

Over the years, I’ve heard many Compliance Officers express frustration about not knowing whether or not STR data has been useful to FINTRAC or law enforcement. To close this gap, I’ve looked for articles and speakers from FINTRAC and law enforcement that could provide meaningful information about the type of information that is most useful. The same principle applies to your staff.

You can use existing cases (you’ll want to remove any personal information for training purposes) to demonstrate the type of transactions that you want your staff to escalate to compliance for review. Existing cases from the media, and end to end cases provided by training companies like TAMLO, are also excellent resources. Keeping your annual training fresh is a challenge, and using your STRs as cases is one way to do that, while also meeting FINTRAC’s expectations.

Refine Your Audits & Effectiveness Reviews

AML Compliance Effectiveness Review

Are your auditors and/or reviewers using the same tests that FINTRAC is using to assess your compliance? If you’re not certain, ask.

If you perform self-assessment testing, you may want to include these tests as well.

As of 2015, all AML Compliance Effectiveness Reviews performed by Outlier will use these three key tests to assess STR data.

Ask Your Industry & Working Groups for More

Hanshake

Most REs have excellent industry associations and working groups such as the Canadian Banker’s Association (CBA), Canadian MSB Association (CMSBA) or the Canadian Jewellers Association (CJA). These groups are excellent resources and can help you understand STR trends across your industry. If you’re not a member, you may still be able to attend regular conferences or events.

Need A Hand?

We would love to hear from you. If there are topics that you would like to know more about, or if you need assistance with your compliance program, please contact us.

FINTRAC Examination Results for MSBs

The Canadian Money Services Business Association (CMSBA) recently held their Spring Training events in Montreal, Vancouver and Toronto.  The list of speakers included MSB industry professionals, as well as representatives from regulators including the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).  For a full synopsis of the Montreal and Toronto events, click here.  FINTRAC presented excellent statistical data about how MSBs have fared in examinations conducted between April 2011 and July 2014.  So how are MSBs faring?  Very well overall. 

ZDE FINTRAC 2008-2013

Data obtained through a freedom of information request indicates that almost 25% of MSBs examined between 2008 and 2013 have not had any deficiencies.

How Does FINTRAC Decide Who Is Examined?

FINTRAC considers several factors when deciding which reporting entities (REs) will be examined.

  • Concurrent Examinations: examinations conducted in tandem with the Office of the Superintendent of Financial Institutions (OSFI). This is applicable to federally regulated financial entities (FRFEs) like banks.
  • Market Share: The largest reporting entities in Canada (because the larger an organization is, the more critical the risk of non-compliance will be);
  • Cyclical: Coverage of a whole industry (this seemed to apply most to Casinos).
  • Follow-Up: Subsequent examinations based, with an emphasis on the resolution of deficiencies found in previous examination(s) to ensure remediation. FINTRAC noted that although it is no longer a requirement to submit a formal action plan to FINTRAC, it is a best practice for REs to document (and update) an action plan internally.
  • Risk: FINTRAC’s evaluation of the RE’s risk, based on a broad selection criteria, such as money laundering and terrorist financing vulnerabilities, the likelihood of non-compliance and industry trends.
  • Theme-Based: Related to specific intelligence about a RE or type of business that indicates there may be an elevated risk of non-compliance, money laundering vulnerability or terrorist financing vulnerability.

Methodology & Analysis

FINTRAC’s statistical analysis of MSB adherence to the requirements laid out in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its regulations is broken down by percentage, the results of the exams conducted that were fully compliant, partially compliant and non-compliant.  These are colour coded:

  • Green: fully compliant (no deficiencies were observed),
  • Yellow: partially compliant (there was something in place, but the MSB missed something), and
  • Red: non-compliant (in most cases, there was nothing in place or a reporting timeframe was missed).

Overall examination results have been positive.

Overview

It’s noteworthy that if FINTRAC has, as of 2014, found something during an examination that is considered ‘immaterial’, it’s not cited.  For example, in a large sample, if there are two client addresses that appear to be PO boxes, but all other client addresses were complete and in acceptable formats, there may not be a citation.  In these cases, FINTRAC may inform the RE verbally, but it will not be part of the formal ‘findings’ letter.

Compliance Officer

MSBs are required to have a Compliance Officer (a person that is responsible for overseeing the AML & ATF compliance program).  The appointment of the Compliance Officer must be documented in writing.  FINTRAC staff chided that this is likely the easiest area to achieve a fully compliant result in examinations.  MSB examination results certainly reflected this.

CO Chart

From a total of 612 MSB examinations considered, 608 MSBs were fully compliant.

Only four MSBs were deemed to be non-compliant.  It was noted that these were generally new market entrants that did not appear to understand Canadian AML & ATF compliance requirements.

Policies and Procedures

MSBs are required to have policies and procedures.  Policies describe the MSB’s regulatory obligations, while procedures describe what the MSB is doing to meet those requirements.  These must be documented, in writing, and the procedures must cover both staff and agents (if the MSB has agents).

PP Chart

From a total of 765 MSB examinations considered, 477 MSBs were fully compliant.

In 230 examinations, MSBs were deemed to be partially compliant.  Common errors included:

  • The omission of the 24-hour rule (specific descriptions of how the MSB determined whether or not reportable transactions had occurred over a 24 hour period),
  • Third party determinations (specific descriptions of when an MSB must determine if there is a third party involved, as well as what information needs to be collected and recorded), and
  • Politically exposed foreign person (PEFP) determinations (specific descriptions of when an MSB must determine if their client is a PEFP, and if so, what information needs to be collected/recorded. There is also a requirement that senior management signoff on the account within 30 days of the determination).

A total of 55 MSBs did not have any documented policies or procedures. In some cases, FINTRAC noted that there appeared to be processes in place, but that these were not documented in writing.

Training

MSBs are required to have an ongoing training program. The training program must be documented (who, what, where, when and how) and delivered to all staff and agents on an annual basis, at minimum.

Training Chart

From a total of 487 MSB examinations considered, 346 were fully compliant.

In 63 examinations, MSBs were deemed to be partially compliant.  Common errors included:

  • Interviews conducted with staff during an examination that evidenced a misunderstanding of the requirements (during an exam, FINTRAC will interview random staff members related to regulatory requirements to ensure training effectiveness)

In 78 examinations, MSBs did not have any training in place, or if they did, it was not documented.

Among the training options available to MSBs, we’re most excited about a relatively new offering from TAMLO that includes fast paced and visually stunning video content, as well as testing and tracking tools for Compliance Officers.

AML Compliance Effectiveness Review

MSBs are required to complete an AML Compliance Effectiveness Review once every two years.  The review must cover all policy and procedure documentation, as well as operational testing to ensure procedures are being properly followed.

2YR Chart

From a total of 722 MSB examinations considered, 412 were fully compliant.

In 101 examinations, MSBs were deemed to be partially compliant.  Where MSBs missed the mark was typically because they did not respect the two year cycle.  Other common errors included:

  • Only reviewing the policy documents with no operational testing of whether they are being followed (the policy document tells staff and agents what to do. Procedures tell them how to do it.  MSBs must be sure they are testing whether staff and agents are adhering to the procedures).

In 209 examinations, MSBs had not conducted an effectiveness review or could not provide evidence of one taking place.

Risk Assessment

MSBs are required to assess the risk that their business could be used for money laundering or terrorist financing.  The risk assessment must include four key components:

  • Products, services and delivery channels;
  • Geography;
  • Customers; and
  • Any other relevant factors.

Risk must be assessed and scored, and mitigated by appropriate controls.

RA Chart

From a total of 720 MSB examinations considered, 432 were fully compliant.

In 158 examinations, MSBs were deemed to be partially compliant.  The main issue was failing to include one of the four required elements. In some cases, a risk assessment was in place, but the documentation was not sufficient in assessing the MSB’s risk and controls.

In 129 examinations, MSBs had no evidence of a risk assessment.

FINTRAC noted that additional industry-specific risk assessment guidance is expected to be published later this year.

MSB Registration

MSBs are required to register with FINTRAC, as well as update their information within 30 days if there are any changes to business activities, banking or agent information.

MSB Reg Chart

From a total of 591 MSB examinations considered, 230 were fully compliant.

In this category, no partially compliant ratings were provided (the MSB registration was either complete, accurate and up to date, or it was deemed to be non-compliant).

In 361 examinations, MSBs were deemed to be non-compliant.  Most issues were due to a failure to update information when something within the business had changed or a failure to list all business activities. For example, the MSB registration may indicate that an MSB only performed foreign exchange in a case where remittance services were also provided.

Client Identification

MSBs are required to identify their clients in certain situations.  There are prescribed methods for completing this both in person and non-face-to-face (NF2F), and the identification document (ID) information must be recorded.

Client ID Chart

From a total of 796 MSB examinations considered, 621 were fully compliant.

In 64 examinations, MSBs were deemed to be partially compliant.  Common errors included:

  • Unacceptable ID (such as health card in Ontario);
  • Accepting ID that was expired at the time of the transaction (identification documents must be valid, or not expired, at the time they are reviewed);
  • Failing to record the prescribed details of the ID used (when reviewing a client’s ID, MSBs must keep a record of certain prescribed information); and
  • In Non-Face-To-Face Identification situations, only using one method, or using an unacceptable combination of methods (when identifying a customer who is not physically present, there are prescribed methods of how this is to be accomplished).

In 111 examinations, MSBs were non-compliant with client identification requirements.

Record Keeping

MSBs are required to keep certain records related to transactions and client identification.  These records must be stored in a manner that they can be accessed in the event they are requested, and must be maintained for at least five years.

RK Chart

From a total of 811 MSB examinations considered, 470 were fully compliant.

In 300 examinations MSBs were deemed to be partially compliant.  In these cases, record keeping was taking place but elements of the record keeping requirements were being overlooked.  Common issues included:

  • Missing telephone numbers;
  • Vague occupation information (for example “manager” or “worker”);
  • PO boxes recorded as customer addresses;
  • Missing postal codes;
  • Third party determinations that were incomplete; and
  • Payment methods for incoming and outgoing payments.

In 41 examinations, MSBs were non-compliant with record keeping requirements.

Third Party Determinations

MSBs are required to make a third party determination in certain prescribed circumstances, as well as collect and record certain information (name, address, date of birth, occupation and relationship to your client) about the third party.

TPD Chart

The total number of MSBs included in the review was not provided, with the statement: “there was not enough information available to conduct reasonable analysis”.  However, the total number of non-compliant MSBs was 6, indicating that approximately 600 MSB examinations were considered in this sample.

FINTRAC Reporting

When FINTRAC assesses reporting obligations, it uses the internal acronym “QTV”, which stands for quality, timing and volume.  Quality refers to the information in the report, specifically, if the report has all the required information.  Timing simply means, was the report filed within the designated timeframe.  Volume is slightly more complicated, but mainly refers to the amount of reports you have filed compared to your previous submissions.  It was noted that typically, where MSBs were deemed partially compliant, it was due to the quality.  Where non-compliance was related to the timing.

Electronic Fund Transfers Reports

MSBs are required to submit electronic funds transfer (EFT) reports to FINTRAC within 5 business days from the date the transaction took place.  An EFT includes the international transfer of CAD 10,000 or more, either in a single transaction, or multiple transactions within a 24-hour period.

EFT Chart

From a total of 434 MSB examinations considered, 165 were fully compliant.

In 87 examinations, MSBs were deemed to be partially compliant. MSBs were typically failing to include all required information, such as:

  • Phone number;
  • Date of birth; or
  • Postal code.

It is noteworthy that while not all fields are marked as required in F2R, all fields must be filled in if the MSB has recorded the information.

In 182 examinations, MSBs were deemed non-compliant, with most not reporting the EFTs within the specified time frame, and a small portion missing EFT reports.

Large Cash Transaction Reports

MSBs are required to submit large cash transaction (LCT) reports to FINTRAC within 15 calendar days from the date of the transaction, if the transaction was CAD 10,000 or more in cash, either in a single transaction, or multiple transactions within a 24-hour period.

LCTR Chart

From a total of 428 MSB examinations considered, 232 were fully compliant.

In 104 examinations, MSBs were deemed to be partially compliant.  MSBs were typically failing to include all required information, such as:

  • Occupation;
  • Date of birth;
  • Postal code; or
  • Type of ID used to identify the client.

In 92 examinations, MSBs were non-compliant, with most not reporting the LCTs within the specified time frame, and a small portion missing LCT reports.

Suspicious Transaction Reports

MSBs are required to submit suspicious transaction reports (STRs) and attempted suspicious transaction reports (ASTRs) to FINTRAC within 30 calendar days from the date the transaction is deemed suspicious by the Compliance Officer.

STR Chart

From a total of 285 MSB examinations considered, 262 were fully compliant.

In 14 examinations, MSBs were deemed to be partially compliant.  In these cases, MSBs were typically failing to include all required information.

In 9 examinations, MSBs were non-compliant.  Failing to file STRs carries relatively sever penalties, as the Canadian intelligence community relies on this type of reporting to build cases.  Where items are escalated as being potentially suspicious (either by staff or a transaction monitoring system), MSBs should always document the reason that these items are deemed not to be suspicious if no STR or ASTR reporting is completed.

Need a Hand?

If you are an MSB that needs compliance assistance (or a bank that wants assistance in setting up and maintaining a compliance regime that effectively manages MSB related risk), please contact us.

 

 

 

Insights From the CMSBA Education Days

We were fortunate enough to be able to attend the Canadian MSB Association (CMSBA)’s Montreal and Toronto spring training days. For Money Services Businesses (and those affiliated with the industry), the CMSBA is an excellent resource for collaboration, information sharing and advocacy. For those that were not able to attend any of the spring training sessions, here’s a roundup of the topics covered.

FINTRAC & MSB Compliance Examinations

Canada’s federal regulator for anti-money laundering (AML), the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), provided in depth statistics related to compliance examinations, as well as common issues for MSBs. Despite what some highly publicized administrative monetary penalties (AMPs) may lead you to believe, MSBs are faring well as a sector in FINTRAC’s compliance examinations. It’s noteworthy that through a freedom of information request, Outlier obtained data on the number of MSBs that did not have any deficiencies in examinations. Between 2008 and the end of 2014, this amounted to approximately 25% of all MSBs examined. In most cases, MSBs were largely compliant, with some partial deficiencies.

Overview Big

For a complete breakdown of common issues noted in examinations, click here.

AMF, Respondents & Digital Currency

Québec’s provincial regulator, the Autorité des Marchés Financiers (AMF), provided clarification on its expectations for MSB respondents. For MSBs dealing with customers in Québec that do not have offices in the province, a respondent must be nominated to deal with the AMF on the MSB’s behalf. Among the requirements are that the respondent must:

  • Be over 18 years old;
  • Have an address in Québec (home address or business address); and
  • Not be under tutorship, curatorship or advisorship.

The AMF also addressed digital currency, noting that not all digital currency business models are covered by the Québec MSB Act, and that there must be an element of fiat currency involved in the transactions. Both the AMF’s press release from February 2015 and the current presentation confirmed that digital currency trading platforms (that include fiat currency transactions) and digital currency ATMs are considered in scope. As there are a myriad of other digital currency related business models, if you are unsure of where you fit, you can contact the AMF and receive a decision (we recommend that you request a decision in writing where possible).

Agency Agreements

I had the honour of speaking about MSB agency agreements (the agreements between MSBs and their agents) with Susan Han (previously of AUM Law). Like most things, agent agreements should be documented in writing and clearly spell out the terms of the agreement. MSBs that take on agents should understand that the MSB would bear most of the risk (financial, compliance and reputational). Agents should be aware that the client (and information about the client) “belongs” to the MSB rather than the agent (and this information should always be provided to the MSB when it is requested).

International Collaboration & De-Risking

The CMSBA has partnered with MSB associations worldwide to increase awareness of the negative ways in which de-risking (which CMSBA Director Ken Saul noted should be called de-banking) affects the financial system. As the de-risking issue has affected MSBs worldwide, and there does not appear to be any effective solutions under consideration, a whitepaper was developed and presented to the Financial Action Task Force (FATF). This whitepaper has received a positive reception. Stay tuned for more on the international efforts in this regard.

One of the few Canadian Financial Institutions that (openly) banks MSBs, Luminus Financial, was on hand to discuss factors that MSBs should consider when dealing with banking relationships. MSBs should be prepared to provide complete and transparent information about their business. In order to achieve success in both obtaining and maintaining banking relationships, MSBs should be able to demonstrate that they are compliant and present information in a way that is well organized and addresses all of the questions and requests that the bank has made. In some cases, this will be a higher standard than simply meeting the minimum compliance requirements set out in law and regulation.

Compliance Maturity Model

In looking proactively at issues related to de-risking and demonstrating compliance, the CMSBA is working to develop a compliance maturity model (CMM). Currently, CMSBA members can complete the first stage of this model by completing an attestation form online. The attestation states that the MSB is compliant with applicable legislation and not subject to administrative or criminal proceedings. Questions, comments or suggestions related to the CMM can be directed to cmsba-cmm@canadianmsb.org.

Need a Hand?

If you are an MSB that needs compliance assistance (or a bank that wants assistance in setting up and maintaining a compliance regime that effectively manages MSB related risk), please contact us.

 

Implementing 2014 AML & ATF Regulatory Changes

We’ve done many AML Compliance Effectiveness Reviews of late, and my first question to clients is always the same: have you implemented the changes that came into effect in February of this year? The answers have varied from a confident “Yes, of course!” to “What changes?” We have a simple guideline for blogs at Outlier. If we receive a question more than three times, we write about it, and we make as much useful information as possible free. We do this because we believe that knowledge is power – and that everyone should have access to it. In the spirit of making knowledge free and available, we’ve decided to share the most significant changes related to updates to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) that came into effect earlier this year, and the solutions that we’ve implemented with our clients.

The Big Disclaimer

This blog was not written by a lawyer and shouldn’t be considered legal advice.

While our solutions have been reviewed by:

  • Outlier;
  • Our clients who have implemented these solutions; and
  • The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) (in the form of examinations conducted with our clients who have implemented these solutions),

this doesn’t guarantee that these solutions will be a perfect fit for your business. They will need to be edited and customized to suit your business model – but we think that they will point you in the right direction.

2014 PCMLTFR Changes In Brief

The most recent changes to the PCMLTFR came into effect in February of this year. Among the most significant changes were:

  • The addition of business relationships;
  • The addition of customer information updates (with more frequent updates for higher risk customers);
  • The addition of delivery channels to the risk assessment (bundled with products and services); and
  • The addition of enhanced transaction monitoring for higher risk customers.

Each of these changes has an impact on your anti-money laundering (AML) and anti-terrorist financing (ATF) program. They should be incorporated into your program documents (your policies, procedures and training) and have an impact on your operations (what you’re doing to meet these obligations).

Business Relationships

Reporting entities have a business relationship when a customer has performed any combination of transactions that requires identification and/or confirming the existence of an entity more than twice. This includes suspicious transactions and attempted suspicious transactions. When you have a business relationship with your customer, you must keep a record of the “purpose and intended nature of the business relationship.” In its simplest form, this means asking the customer the purpose of their business with you, and keeping a record of the response. This information is also useful in transaction monitoring, as it allows you to look for activity that isn’t consistent with the answer that the customer has provided.

This is something that you can ask your customer verbally (by phone is fine), by email, via a web form, by fax, or in any other way that makes sense for your business. You don’t need the customer to sign anything, but you do need to document the response. There is also flexibility in how you keep a record of the customer’s response.

If you have flexible information technology (IT) development, you can add a business relationship indicator to your system, as well as a field for the purpose and intended nature of the business relationship. Ideally, the system would detect business relationships automatically, and prompt your staff to collect information about the purpose and intended nature of the business relationship. If your business is relatively straightforward, you may even be able to develop a dropdown menu.

If your IT systems are less flexible, you’ll need to find another way to record this information. This can range from notes in the customer profile section of your client management system to an excel spreadsheet. Whichever method you use, you’ll need to think of a way to make sure that you know about all of the business relationships that exist.

You’ll also need to add a section to your program documentation that explains:

  • What a business relationship is;
  • How you know when you have a business relationship with your customer; and
  • What you do when there is a business relationship.

Your staff and agent training should also be updated to include a definition of business relationships, and your processes where you have a business relationship with your customer.

Here’s some sample language:

Business Relationships

We have a business relationship with anyone that has conducted two or more transactions that require identification (for individuals) or confirmation of the existence of an entity (for organizations). When we have a business relationship with our customer, we need to keep a record of the purpose and intended nature of their business relationship with us. Although this may seem self-evident, it is something that needs to be recorded.

Our system has been updated to prompt all staff to enter the purpose and intended nature of business relationships. This field is not optional; it must be completed whenever we have a business relationship with our customers.

We must also monitor business relationships that and keep information up to date (including customer identification, if the customer is active with us). The Compliance Officer will determine whether or not information about our customers and/or businesses relationships is up to date may contact staff for additional information.

Information Updates

Reporting entities must also keep customer information up to date. Updates should be more frequent for high-risk customers, although the PCMLTFR does not specifically prescribe how often these updates should take place. Depending on your business model and how frequently you interact with your customers, there may be significant differences in how often you perform updates.

Customer information updates refer to the customer’s name, address, email address, telephone number and occupation or principal business. Customers that are organizations are also required to confirm the organization’s beneficial ownership and director information.   This doesn’t mean that you need to collect the articles of incorporation (or other documentation that you’ve already got on file) a second time, but rather than you’re confirming with the customer that this information has not changed, or updating your records if there were any changes.

Once again, if your IT systems are flexible, you can add automatic prompts to ensure that this is completed. Anyone that uses online banking will be familiar with this the type of updates that have occurred this year. When you log into your account, you’re asked to confirm your personal details before proceeding to the banking site.

You’ll also need to add a section to your program documentation that explains:

  • What information must be updated;
  • How frequently this information is updated; and
  • How you update this information;

Your staff and agent training should also be updated to include information updates as well.

Here’s some sample language:

Customer Information Updates

Customer information updates refer to the customer’s name, address, email address, telephone number and occupation or principal business.

Customers that are organizations are also required to confirm the organization’s beneficial ownership and director information.

Inactive Customers

Inactive customers are re-identified in order to re-activate an account and conduct transactions that require identification.

Inactive customers that are required to be re-identified are also required to update their customer information.

Low & Medium-Risk Customers

Low and medium-risk customers that were identified face to face are required to update their customer information at the point that the identification document has expired.

In the case that there is no expiry date for the identification document initially provided, customer information is updated every five years.

In the case that the customer has been identified using non-face-to-face methods, customer information is updated every five years.

Low and medium-risk customers that are not recognized visually or by voice must be re-identified using either face to face or non face to face methods when they request transactions that require identification.

High-Risk Customers

High-risk customers are required to update their customer information every two years.

High-risk customers that are not recognized visually or by voice must be re-identified using either face-to-face or non face-to-face methods when they request transactions that require identification.

If the reason that a customer has been considered high-risk relates to doubts about the veracity of any of the information or identification provided, additional identification or confirmation of customer identification may be required at the Compliance Officer’s discretion.

Risk Assessment: Delivery Channels

Your Risk Assessment (that document that describes the risk that your business could be used to launder money or finance terrorism) already describes the risk related to your products and services (what you sell). This has been updated to include delivery channels (how you deliver your products and services to your customers). This should include all of the methods that you use to interact with your customers (whether they’re sales and service or service only), and a description of the risk associated with those methods. Generally speaking, high-touch delivery methods (anything that allows you to interact directly with the customer) provide more opportunities to detect potential money laundering or terrorist financing activities. This doesn’t mean that low-touch options like online ordering are bad, but it does mean that you need to have good controls in place to prevent money laundering and terrorist financing.

Your Risk Assessment should be updated to describe your “Products, Services and Delivery Channels” (rather than simply “Products and Services”). It should clearly explain how your products and services are delivered, and the risks associated with your delivery methods. The delivery methods should include all of your touch points with your customers (including things that may not be advertised, that you only do for existing customers).

Here’s some sample language:

Delivery Channels

We complete the sales process with our customers:

  • In person (at our retail/commercial locations);
  • In person (at locations other than our own premises);
  • Via mail;
  • Via phone;
  • Via fax;
  • Via internet.

In addition, we provide servicing to our customers:

  • In person
  • Via social media sites;
  • Via email; and
  • Via phone.

Our delivery channels include a mix of “high-touch” and “low-touch” options. High touch options provide us with greater opportunities to interact with our customers, observe customer behavior and ask questions. Low-touch options do not afford the same opportunities to observe behaviours. In these cases, we are more reliant on transaction monitoring and transaction review to detect unusual activity. In the case of low-touch options, we are generally able to contact the customer via our servicing channels to request additional details where the transaction is not consistent with what we know about the customer.

Enhanced Transaction Monitoring

Reporting entities are required to monitor transactions in order to identify patterns that may indicate that money laundering or terrorist financing is taking place. For higher risk customers, there must be some form of enhanced transaction monitoring. Enhanced means that it is different from the transaction monitoring that takes place for all customers. It can be different either in quality (what you do to monitor transactions) or quantity (how frequently monitoring takes place, or how unusual a transaction must be in order to generate an alert).

If you have an IT system that automatically monitors transactions and generates alerts, and there is flexibility in programming this system, you can make changes to the monitoring activities that take place based on customer risk level. If you’re monitoring transactions manually, you can incorporate enhanced transaction monitoring into the enhanced due diligence that you conduct for your high-risk customers. This can be as simple as reviewing the last two years of high-risk customer activity. Regardless of the method that you use to conduct enhanced transaction monitoring, you’ll need to update your program documentation to describe what you’re doing and what records you’re keeping.

Where transactions are monitored by an IT system, the language in your program documents should reflect the parameters set in your system. If you are monitoring transactions manually, here’s some sample language:

Enhanced Transaction Monitoring

For high-risk customers, enhanced transaction monitoring is conducted. The Compliance Officer (or a delegate) reviews the information that is on file about the customer, as well as records of the customer’s activity for the past two years. If there is activity that appears to be related to money laundering or terrorist financing, appropriate reports are filed with FINTRAC (and in the case of terrorist property, with CSIS and the RCMP).

High-risk customer accounts are reviewed at least annually, and more frequently where triggered by customer activity (for example where there is an internal report submitted to the Compliance Officer). The Compliance Officer will maintain complete records of the reviews and maintain these records for at least five years

Keeping Up To Date

Remember to document the fact that you’ve reviewed and updated your program. This can be done in a simple spreadsheet, or within the program documents. The record should include what updates were completed, when the updates were completed, and by whom the updates were approved.

Need A Hand?

If you need assistance reviewing your program, implementing the updates described in this blog, or just someone to chat with to make sure that you’re on the right track please contact us.

Canadian Digital Currency Regulation

BitcoinAcceptedHereLate last week, Canadian Bill C-31 received royal assent (meaning that it has been approved and will become Canadian law).  The bill covered many areas, one of which was anti money laundering (AML) and anti-terrorist financing (ATF) requirements for Canadian businesses.  This included adding “dealers in digital currency” to the definition of money services businesses (MSBs).

It’s not yet clear when these changes will come into force, but we expect that there will be a period of at least six months before businesses need to be compliant.   You can read the final version of the bill here. In the mean time, we expect to see a consultation paper and draft regulations before final regulations are released.  The law will not come into effect until final regulations are released, and the regulations will clarify exactly what dealers in digital currency need to do to comply.

For businesses that operate in Canada or have Canadian customers (customers that are served in Canada – including via the web), this will mean registering with government agencies as an MSB, maintaining an AML and ATF compliance program, being compliant with the laws (which includes keeping records and identifying customers and reporting certain types of transactions), answering to the regulators and disclosing certain information to financial service providers.

Who Is a Dealer In Digital Currency?

Bill C-31 did not define dealers in digital currency.  Instead, the bill states that the definition will be included in the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (Regulations).  Generally speaking, being a dealer in any type of good or service implies that you are selling something for profit.  The proposed definition is likely to appear in the initial consultation paper (expected this summer) as well as the draft version of the regulations.

It’s important to note that if you are dealing in digital currency today, but not engaging in any other MSB activities, you’re still not considered an MSB and you don’t have compliance obligations (yet).

MSB Registration

Dealers in digital currency will need to register as MSBs.  Anyone dealing with customers in Canada will need to register as an MSB with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).  The process involves contacting FINTRAC to provide initial information and gaining access to the MSB registration site.  There will be a number of questions about the owners of the business, senior officers, banking relationships and projected revenues.  While the process is not costly, it can take time (in particular if the regulator requires clarification).

MSBs serving customers in the province of Quebec are also required to be licensed with the Authorite des Marches Financiers (AMF).  Licensing related fees range from about CAD 607 to CAD 2428, excluding additional fees of CAD 202 per automated teller machine (ATM) operated in Quebec.  You can learn more about the Quebec licensing process here.

Dealers in digital currency will not be able to register as MSBs at this time, but should expect to do so once the final regulations have been issued.  The registration processes can take time, and it’s useful for businesses to start the process as early as possible in order to avoid being off side with the law.

Compliance Programs

AML and ATF Compliance Programs generally have five elements:

  • A Compliance Officer (the person who oversees compliance for the organization),
  • Policies and Procedures (documents that describe what you’re doing to comply),
  • A Risk Assessment (a document that describes the risk that your business could be used to launder money or finance terrorism, and the controls that you have in place to prevent this from happening),
  • Training (this is delivered at least annually to all staff that deal with customers or transactions), and
  • Effectiveness Reviews (like an audit for compliance, these are completed at least every two years).

Some dealers in digital currency may already have voluntary compliance programs in place.  These programs will most likely need to be updated when the final regulations are published.

Operational Compliance

In addition to having a documented AML & ATF compliance program, there are certain things that MSBs need to do in order to comply with the law.  Currently, these include identifying customers when the MSB:

  • receives the equivalent of CAD 10,000 or more in cash,
  • sells or cashes $3,000 or more of traveller’s cheques, money orders, or anything similar instruments,
  • exchanges currency of $3,000 or more for another currency,
  • sends or receives international money transfers of $1,000 or more, and/or
  • suspects that a transaction, or an attempted transaction, of any amount, is related to a money laundering offence or a terrorist financing offence.

Identification in this case is tightly defined as either the MSB or it’s representative looking at an original, valid (not expired) piece of government issued identification in person (via Skype or webcam doesn’t count) or using specific methods described in the Regulations.

MSBs are also required to keep specific types of records for at least five years, including customer and transactions records.  All records must be stored in such a way that they can be quickly retrieved if the regulator requires them (generally within 30 days of the date that the regulator makes the request).  In addition, MSBs are required to report certain transactions to FINTRAC and other agencies within set timeframes.

Like having a compliance program in place, these requirements don’t apply to dealers in digital currency yet, but it’s helpful for business owners to start thinking about the types of changes that may need to be made to IT systems and processes once regulations are released.

Penalties

The penalties for non-compliance can be significant, and may include either civil penalties, criminal penalties or both.  For instance, failure to report suspicious transactions can result in penalties up to CAD 2 million and/or 5 years imprisonment.

In addition, FINTRAC may publish penalties on its website.  While monetary penalties can be substantial, it is the publication of these penalties that can ultimately be more damaging to businesses.  Few banks or other financial service providers are willing to work with organizations that have published violations for non-compliance.

What’s Next For You?

If your business is likely to be considered a dealer in digital currencies, you will have an opportunity later this year to comment on the consultation papers and draft regulations.  It is unlikely that the sector will remain unregulated in Canada for long, but you will have an opportunity to voice your opinion about the proposed changes.

In the mean time, it’s time to start thinking about what you’ll need to do in order to be compliant.  Who will your Compliance Officer be?  What changes will you need to make to your documents, systems and processes?  Although there are certain things that you won’t be able to do quite yet, you can organize your resources to be ready later this year.

If you’re concerned about the next steps and need a hand, please feel free to contact us anytime.  Conversation are always free, and if you choose to hire us for a project, we do accept payment in bitcoin.

Outlier BTC Tipping AddressTipping QR Code

Foreign Exchange Transactions May Be Derivatives

There are new regulatory requirements that will soon impact MSBs dealing in foreign exchange (“FX”).  Securities are regulated by the provinces and territories, and the dates for implementation and regulators will differ, however, the intent of the law and the basic premise is expected to be the same Canada wide.  All FX transactions that settle in a period longer than two days will be required to be reported.  In some provinces, these requirements will come into force sooner for registered derivatives dealers dealing in FX, and later for FX dealers not registered as derivatives dealers.

If you are a securities dealer providing derivatives to your clients, you will most likely already be aware that these changes are on the horizon.  If you are an MSB providing FX services, these changes may have been less foreseen.  The comments below are intended to help FX shops, who are not currently registered securities dealers, to understand derivatives reporting.

You may also be asking; “what is a derivative?” Simply, a derivative is a financial instrument whose value is based on that of an underlying entity, which could be an asset, currency or interest rate.

The new rule is meant to collect data in Canada on the economic ecosystem of the use of derivatives for financial speculation. So FX dealers who facilitate clients who speculate for financial gain using FX trading will be impacted by this rule.  If you are an FX dealer, the first thing that you will need to know is whether or not your transactions are considered to be derivatives.

Are My FX Transactions Derivatives?

To determine whether or not your FX transactions should be considered derivatives, consider the longest time that it takes to settle a transaction.  In this context, to settle the FX transaction means that you have delivered the currency to your client, or on your client’s behalf. A day, in this context, refers to business days (any days that your business is open and accepting or processing transactions).

For Example:

Screen Shot 2014-05-19 at 2.27.45 PM

There is an exception provided in the case that there is an event that prevents the delivery of the currency (but this is expected to be rare).

If you provide FX transactions that either include a rollover provision (something that allows you to extend the contract) or are intended as speculative investments (whether or not the trade actually settles over two business days) you will also need to meet the same requirements.  If you are conducting these types of transactions, you will need to take steps to be prepared by the time that the laws come into force in the province(s) and/or territories in which you do business.

My Transaction Are Derivatives – Now What?

As an FX dealer, you will have a choice:  you can either change your practices to settle all of your transactions by the end of the next business day; or you can complete additional steps to ensure that you are compliant.  For FX dealers that want to continue to settle transactions that are considered to be derivatives, there are 3 steps that must be completed before June 30, 2015:

  1. Obtain a Legal Entity Identifier (“LEI”)
  2. Set up Unique Product Identifiers (“UPIs”)
  3. Set up Unique Transaction Identifiers (“UTIs”) for applicable transactions (if your IT system doesn’t already do this)

After June 30, 2015, you will also need to keep certain records and report all applicable FX trades that are not settled within two business days.

Legal Entity Identifier

FX dealers to whom the new requirements apply will need to ensure that they obtain a Legal Entity Identifier (“LEI”), from a Local Operating Unit of an accredited Trade Repository (“TR”).  A list off TRs is available at leiroc.org.  This is expected to cost approximately $200-300 and the application process is expected to take 1-3 weeks.

Unique Product Identifiers

You will need to create Unique Product Identifiers UPI for all applicable product types you offer to clients.  For most FX dealers, this means that you will need to create a code to identify transactions that are settling over more than two days.  A list of the types of transaction identifiers can be found at isda.org under OTC taxonomies in the foreign exchange tabs of the downloadable document in Microsoft Excel.

Unique Transaction Identifiers

You will need to create a system that generates or attributes Unique Transaction Identifiers (“UTI”) for every applicable transaction.

Record Keeping And Reporting

Once you’re registered and you have all of your identifier numbers in place, you will need to report applicable transactions to the TR in “real time” (as soon as possible after the transaction has settled).  This means that you will need to have a system in place that keeps track of applicable transactions and a process to stay on top of reporting.

The information that you will need to report for each applicable transaction includes:

  • Your LEI (and the LEIs for any other applicable parties to the transaction);
  • The UPI;
  • The UTI; and
  • Transaction information.

This information is sent to the local TR

Keeping Up To Date

We’ve assembled some quick resources to help you stay up to date.  You can use the links below to connect to the regulators’ websites and other resources for your province or territory.

 

Province or Territory Regulatory Agency Website Is There a Law? Links
Alberta Alberta Securities Commission www.albertasecurities.com Yes http://www.assembly.ab.ca/ISYS/LADDAR_files/docs/bills/bill/legislature_28/session_2/20140303_bill-003.pdf
British Columbia British Columbia Securities Commission www.bcsc.bc.ca Not yet N/A
Manitoba Manitoba Securities Commission www.msc.gov.mb.ca Yes https://web2.gov.mb.ca/laws/statutes/ccsm/s050e.php
New Brunswick Financial and Consumer Services Commission (New Brunswick) www.fcnb.ca Yes http://www.gnb.ca/legis/bill/pdf/57/4/Bill-9.pdf
Newfoundland & Labrador Office of the Superintendent of SecuritiesService Newfoundland and Labrador www.gov.nl.ca/gs Not yet N/A
Nova Scotia Nova Scotia Securities Commission http://nssc.novascotia.ca/ Yes http://nslegislature.ca/legc/bills/62nd_1st/1st_read/b060.htm
North West Territories Northwest Territories Securities Office www.justice.gov.nt.ca/ Not yet N/A
Nunavut Nunavut Securities Office http://nunavutlegalregistries.ca/sr_index_en.shtml Not yet N/A
Ontario Ontario Securities Commission osc.gov.on.ca Yes http://www.canlii.org/en/on/laws/stat/rso-1990-c-s5/latest/rso-1990-c-s5.html
Prince Edward Island Office of the Superintendent of Securities www.gov.pe.ca/securities Not yet N/A
Quebec Autorité des marchés financiers www.lautorite.qc.ca Yes https://lautorite.qc.ca/fileadmin/lautorite/reglementation/instruments-derives/avis-autorite/2017oct05-avis-regl-modif-rid-en.pdf
Financial and Consumer Affairs Authorityof Saskatchewan www.fcaa.gov.sk.ca Not yet N/A

Need A Hand?

We’re not securities lawyers, but fortunately we know someone who happens to be just that. For assistance registering as a derivatives dealer, resolving potential disputes, and securities law questions, contact Susan Han at AUM Law.

If you require assistance reviewing your business for triggering activities, amending your policies, procedures and risk assessment, as well as,  setting up a reporting regime, please contact us.

 

Does Québec MSB Licensing Apply to Me?

We recently sought clarification from the Autorité des marchés financiers (AMF), Québec’s provincial regulator, on when money services businesses (MSBs) need to be licensed in Québec.  The Québec licensing process is completely separate from the federal MSB registration with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).  The full text of the response that we received appears below this blog entry.

Are You Required To Be Licensed in Québec?

To determine whether or not you need to be licensed in Québec, we’ve developed a chart:

Screen Shot 2014-05-19 at 2.08.51 PM

If you are offering any of the defined MSB services to people of organizations in Québec (including via the web) you are expected to be licensed as an MSB in that province.

The AMF has announced that digital currency exchanges and ATMs are also regulated under the MSB Act.

How Can You Become Licensed And What Does It Cost?

Before you apply for an MSB license, you must obtain a Québec Enterprise Number from the Enterprise Registrar.  This is a unique numeric identifier that you will use when dealing with Québec government agencies and business partners.  The registration process will cost approximately CAD 34.00 and will require you to provide documents such as your articles of incorporation.  We recommend that you speak with your tax professional about the implications of registering as an enterprise in Québec, as it is likely that you will need to consider this in future tax filings.  You can access the registration site here.

Next, you’ll need to apply for your Québec MSB license.  The AMF has developed a user guide that explains the process in plain language.  You must have a respondent (someone acting on your behalf) in the province of Québec.  If you do not have any physical operations in Québec, the respondent  can be a third party that you trust, such as a lawyer, paralegal, accountant, consultant  or other professional that will act on your behalf.  A licensing fee of CAD 650.00 applies to each category of product or service that you offer (except for ATMs).  This means that the total fee for this stage will range from CAD 650.00 to CAD 2600.00.

In addition, MSBs that operate ATMs will be required to pay a fee of CAD 216.00 per ATM machine (located in the province of Québec) later in the process.

In addition to these fees, specific security clearance fees are required.  These include CAD 121.00 for the enterprise and each of the following (that apply to your business):

  • The Respondent;
  • Officers;
  • Directors;
  • Partners;
  • Branch managers;
  • Any person or entity who directly or indirectly owns or controls the money-services business;
  • Employees working in Québec (unless they are not involved in any of the MSB business);
  • Mandataries (who are responsible for the money services offered on behalf of the MSB);
  • Officers of the mandataries;
  • Any lender that is not a financial institution; and
  • For any lender that is not a financial institution or a natural person, lender is not a natural person, its officers, directors or partners.

You must obtain consent and information from each of these individuals in order to complete the security clearance process.  You must also assemble and submit corporate documents for your MSB, including:

  • Business plan and description of business activities;
  • Financial statements;
  • Document showing legal structure of the business;
  • Document confirming appointment of respondent; and
  • Document showing corporate structure of the business.

You should expect the application process to take six to eight weeks if all of the forms are filled out completely and correctly.  It can take significantly longer if your applications are missing information or signatures.  We recommend looking over all of your documents carefully before you submit them and reaching out proactively to the AMF if you have questions about how to complete the application forms.

Need A Hand?

Many MSBs have successfully gone through this process on their own (you don’t need to hire a lawyer or consultant), but if you want a hand assembling your package and communicating with the AMF we’re happy to assist – please contact us.

Full Text Of AMF Response

As discussed earlier, any entity who executes from Québec or makes available the following money services for the people of Québec has to submit an application in order to have the Autorité des marchés financiers release a Money services business (MSB) licence:

  • Currency exchange;
  • Funds transfer (over the counter or internet);
  • Issue / redemption of traveller’s cheque, money order, bank drafts.
  • Cheque cashing
  • Operation of ATM

A corporation does not have to have an establishment, an address, a post office box or even a telephone line in Québec for it to be considered as carrying an activity in Québec as long as it conducts business for a profit. It is often the case for corporations acting in the funds transfer category.

 The first step towards registration for a MSB should first be registration as a corporate entity with the Registraire des entreprises (http://www.registreentreprises.gouv.qc.ca/). This will provide a corporation number (NEQ) to the registrant that will be required for application purposes.

 Afterwards will come the submission of the E-services access form by its appointed respondent (see section 5 of the MSB Act) along with a payment of 614$ for each money services category to appear on the licence.

 All info and documentation is available on our website (www.lautorite.qc.ca).

An Unwitting Accomplice to Money Laundering

Handcuffs 1

When many of us think of money laundering, it involves large well organised criminal organizations, like the mafia or large drug cartels. We think of elaborate schemes, with money funnelled through many layers and across international borders, numbered bank accounts off shore accounts hiding millions. While these things do happen, money laundering also happens on a much smaller scale with much less elaborate plots. Since money laundering is something that is done to hide the proceeds of crime, it can relate to any amount of money that someone do not want to be traceable back to them (because that money was obtained through illegal means). The more easily something is passed from person to person anonymously, the more easily it can be used for money laundering. High value items can be used to launder money, as they can be bought or sold on secondary markets. Because jewellery can have a high value and be passed from person, it is a potential vehicle for money laundering. Jewellers in Canada and in the USA are required to report certain transactions, and the consequences for failing to do so can be severe.

The Case

On January 14, 2014, Alan Kashi of Pittsburg, PA (USA) plead guilty to failing to file a report of currency received by non financial business. In the USA, this report is called ‘IRS form 8300 Report of Cash Payments over 10,000,’ is similar to the report that Canadian Dealers in Precious Metals and Stones (DPMSs) are required to file with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). In the Kashi case, an undercover agent purchased an expensive watch, claiming during his conversation with Alan Kashi that the money that he was using came from cocaine distribution. In addition to the charges and related press, Mr. Kashi was required to forfeit $933,075. Sentencing in the criminal case is still pending.1

Alan Kashi maintains that he was ignorant of the law and didn’t realize that he had to report large cash transactions. In order to educate others that may face the same situation, he made a YouTube video explaining what happened and as a warning to other jewellers. It can be viewed here: Filing Form 8300 Part 1 and Part 2.

An Ounce Of Prevention

Perhaps you may think that criminals would be more likely to use a large jeweller, maybe because they have such a high volume of sales going on, they might be less likely to notice something suspicious happening. However, many larger companies have high tech systems in place such as cash registers that automatically request certain information on specific types of transactions (such as large cash transactions) before the transaction can be completed. These systems are in place to make sure that they are following the law. They have many more employees and therefore likely have a well trained Compliance Officer on their staff whose specific duties are to implement and maintain compliance policies and procedures. Smaller companies may not have the money or ability to implement such technologies, making them easier targets for criminals. In the Kashi case, the owner was operating a single store; with no one working there (including him) that knew the law. Unfortunately for Mr. Kashi, being ignorant of the law is not an excuse for breaking it. Anyone running a business is responsible for knowing and abiding by any laws and regulations that apply to it. In Canada, the rules that apply to DPMSs are the same, regardless of a company’s size or sophistication. It is imperative that you know the rules that apply to you and your business.

While the example of Kashi may have happened in the USA, it is still pertinent to companies in Canada. The forms and regulators are different, but the underlying obligations are similar. . In Canada, FINTRAC requires that reporting entities such as DPMSs submit reports about any cash transactions valued at CAD 10,000 or more (within a 24-hour period) and any suspicious transactions, even if they are not over the $10,000 threshold (and whether or not the transaction was completed They require that every reporting entity has a program in place to ensure that they are in compliance. FINTRAC can also request a review of your compliance program at any time, which must be submitted within 30 days of the request. All of this may seem a bit overwhelming, especially when the financial and legal risks are so great. Fortunately, there are very basic and easy to follow steps listed below that will help you to protect your business.

What You Need To Know

All DPMSs in Canada need to have an up to date compliance program that includes:

  • A Compliance Officer,
  • Documented Policies & Procedures,
  • A Risk Assessments,
  • Training and
  • AML Compliance Effectiveness Reviews (every two years).

Your AML Program should describe the things that you are doing in order to prevent, detect and deter money laundering and terrorist financing including:

  • Identifying your customers under certain conditions and keeping customer information up to date,
  • Reporting certain transactions to FINTRAC,
  • Monitoring the transactions that take place to determine whether or not there are reportable suspicious transactions, and
  • Keeping your records (including your program documents) up to date.

Red Flags

In the Kashi case, there were many red flags that should have warned him that something was amiss. For those familiar with Canadian legislation, it may be obvious that both a suspicious transactions report and a large cash transaction report should have been filed. Would it have been obvious to the members of your staff that deal with your customers every day? It’s important to keep your training program up to date and include examples of reportable transactions, including suspicious transactions. Here are some of the red flags that you should be aware of:

  • A customer that mentions involvement in criminal activities;
  • A customer that pays a large sum in cash in a way that is unusual;
  • A customer that asks about identification requirements and changes the transaction or payment method to avoid being identified;
  • A customer that refuses to be identified and refuses to complete a transaction rather than allowing you to see their identification documents;
  • A customer that pays for a high value item in cash, then returns the item and asks for a cheque or draft.

There are many more indicators in FINTRAC’s Guideline 2: Suspicious Transactions. If you are a Compliance Officer or business owner, you should read these indicators and train your staff to be aware of the indicators that apply to your business model.

Outlier has developed compliance resources for DPMSs. You can buy and customize program components online through our website or contact us if you need immediate assistance. If you are a member of the Canadian Jeweller’s Association or Jewellers Vigilance Canada, discounts apply to you, including free resources.

1 The United States Attorney’s Office, Western District of Pennsylvania, 01/15/14. http://www.justice.gov/usao/paw/news/2014/2014_january/2014_01_15_03.html

Return to Blog Listing