PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

An Unwitting Accomplice to Money Laundering

Handcuffs 1

When many of us think of money laundering, it involves large well organised criminal organizations, like the mafia or large drug cartels. We think of elaborate schemes, with money funnelled through many layers and across international borders, numbered bank accounts off shore accounts hiding millions. While these things do happen, money laundering also happens on a much smaller scale with much less elaborate plots. Since money laundering is something that is done to hide the proceeds of crime, it can relate to any amount of money that someone do not want to be traceable back to them (because that money was obtained through illegal means). The more easily something is passed from person to person anonymously, the more easily it can be used for money laundering. High value items can be used to launder money, as they can be bought or sold on secondary markets. Because jewellery can have a high value and be passed from person, it is a potential vehicle for money laundering. Jewellers in Canada and in the USA are required to report certain transactions, and the consequences for failing to do so can be severe.

The Case

On January 14, 2014, Alan Kashi of Pittsburg, PA (USA) plead guilty to failing to file a report of currency received by non financial business. In the USA, this report is called ‘IRS form 8300 Report of Cash Payments over 10,000,’ is similar to the report that Canadian Dealers in Precious Metals and Stones (DPMSs) are required to file with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). In the Kashi case, an undercover agent purchased an expensive watch, claiming during his conversation with Alan Kashi that the money that he was using came from cocaine distribution. In addition to the charges and related press, Mr. Kashi was required to forfeit $933,075. Sentencing in the criminal case is still pending.1

Alan Kashi maintains that he was ignorant of the law and didn’t realize that he had to report large cash transactions. In order to educate others that may face the same situation, he made a YouTube video explaining what happened and as a warning to other jewellers. It can be viewed here: Filing Form 8300 Part 1 and Part 2.

An Ounce Of Prevention

Perhaps you may think that criminals would be more likely to use a large jeweller, maybe because they have such a high volume of sales going on, they might be less likely to notice something suspicious happening. However, many larger companies have high tech systems in place such as cash registers that automatically request certain information on specific types of transactions (such as large cash transactions) before the transaction can be completed. These systems are in place to make sure that they are following the law. They have many more employees and therefore likely have a well trained Compliance Officer on their staff whose specific duties are to implement and maintain compliance policies and procedures. Smaller companies may not have the money or ability to implement such technologies, making them easier targets for criminals. In the Kashi case, the owner was operating a single store; with no one working there (including him) that knew the law. Unfortunately for Mr. Kashi, being ignorant of the law is not an excuse for breaking it. Anyone running a business is responsible for knowing and abiding by any laws and regulations that apply to it. In Canada, the rules that apply to DPMSs are the same, regardless of a company’s size or sophistication. It is imperative that you know the rules that apply to you and your business.

While the example of Kashi may have happened in the USA, it is still pertinent to companies in Canada. The forms and regulators are different, but the underlying obligations are similar. . In Canada, FINTRAC requires that reporting entities such as DPMSs submit reports about any cash transactions valued at CAD 10,000 or more (within a 24-hour period) and any suspicious transactions, even if they are not over the $10,000 threshold (and whether or not the transaction was completed They require that every reporting entity has a program in place to ensure that they are in compliance. FINTRAC can also request a review of your compliance program at any time, which must be submitted within 30 days of the request. All of this may seem a bit overwhelming, especially when the financial and legal risks are so great. Fortunately, there are very basic and easy to follow steps listed below that will help you to protect your business.

What You Need To Know

All DPMSs in Canada need to have an up to date compliance program that includes:

  • A Compliance Officer,
  • Documented Policies & Procedures,
  • A Risk Assessments,
  • Training and
  • AML Compliance Effectiveness Reviews (every two years).

Your AML Program should describe the things that you are doing in order to prevent, detect and deter money laundering and terrorist financing including:

  • Identifying your customers under certain conditions and keeping customer information up to date,
  • Reporting certain transactions to FINTRAC,
  • Monitoring the transactions that take place to determine whether or not there are reportable suspicious transactions, and
  • Keeping your records (including your program documents) up to date.

Red Flags

In the Kashi case, there were many red flags that should have warned him that something was amiss. For those familiar with Canadian legislation, it may be obvious that both a suspicious transactions report and a large cash transaction report should have been filed. Would it have been obvious to the members of your staff that deal with your customers every day? It’s important to keep your training program up to date and include examples of reportable transactions, including suspicious transactions. Here are some of the red flags that you should be aware of:

  • A customer that mentions involvement in criminal activities;
  • A customer that pays a large sum in cash in a way that is unusual;
  • A customer that asks about identification requirements and changes the transaction or payment method to avoid being identified;
  • A customer that refuses to be identified and refuses to complete a transaction rather than allowing you to see their identification documents;
  • A customer that pays for a high value item in cash, then returns the item and asks for a cheque or draft.

There are many more indicators in FINTRAC’s Guideline 2: Suspicious Transactions. If you are a Compliance Officer or business owner, you should read these indicators and train your staff to be aware of the indicators that apply to your business model.

Outlier has developed compliance resources for DPMSs. You can buy and customize program components online through our website or contact us if you need immediate assistance. If you are a member of the Canadian Jeweller’s Association or Jewellers Vigilance Canada, discounts apply to you, including free resources.

1 The United States Attorney’s Office, Western District of Pennsylvania, 01/15/14. http://www.justice.gov/usao/paw/news/2014/2014_january/2014_01_15_03.html

AML Compliance Effectiveness Reviews

AML Compliance Effectiveness Review

Canadian reporting entities are required to conduct and document an effectiveness review at least every two years.  This review must consider the completeness and effectiveness of the anti money laundering (AML) and anti-terrorist financing (ATF) compliance program and include operational testing (testing what the organization is actually doing).  For larger institutions, this is generally done as part of audit related testing.  For federally regulated financial institutions (banks, trust companies, insurance companies, etc.) there is a requirement for the testing to be independent.  For smaller companies that aren’t designated as federally regulated financial institutions, effectiveness reviews may be performed by staff members, consultants or by another organization.  Deciding who should perform the review and what to spend can be challenging.  No matter which option you choose for your business, your reviewer should be qualified and the final report should be comprehensive and signed-off by your management team within 30 days of the date that you receive the final version.

What Should The Report Look Like?

A comprehensive report means that the report tests both your documented program (policies, procedures, risk assessment and training).  This means that the reviewer must read your documentation and comment on whether or not it meets the requirements for your business.  Your operations (what you actually do) must also be tested.  This should include customer identification, recordkeeping and FINTRAC reporting.  The report should be specific about what testing was completed and how testing was conducted.  The reviewer should be someone that understands Canadian AML and ATF requirements.

The report should be focused on facts; namely whether or not you’ve met the requirements.  If requirements are not met, the report should be specific about what is missing.  The final report should be a formal document that provides complete information to the reader.  Your management team’s sign-off on the contents of the report must be documented.  This can be in meeting minutes or in a simple document like this one.

Choosing A Reviewer

The reviewer that you choose will depend on your resources that you have, including your budget.  It’s important to remember that no matter how much or how little you spend or the size of your business, the requirements are exactly the same.  The reviewer should be someone that understands Canadian AML compliance requirements for your reporting entity type.  If possible, it should not be a person that is directly involved in your compliance or operations.

Accountants and Consultants

There are a number of accounting and consulting firms (including Outlier) that can complete reviews.  The price ranges will generally vary depending on the size of your business, the complexity of your business model, the size of the firm and the experience of the reviewer.  If you are hiring a consultant to conduct your review, check out our guide to negotiating consulting agreements.  You should ask the reviewers that you are considering:

  • If they have conducted reviews for your reporting entity type before?
  • If FINTRAC or any other regulator has had negative findings related to any of the reviews that have been conducted?
  • Who will be working on your review?
  • What references (especially from similar business types) the reviewer can provide?
  • What the review process looks like?  (Here you’re checking to be certain that the reviewer will be testing both your program and operations.)

Pros:  You have a choice of reviewers (including reviewers with experience conducting reviews) and the ability to hire independent firms (not involved in your compliance program design or operations).

Cons:  This is likely to be the most expensive option.

Colleagues & Competitors

You may choose to have a review conducted by a colleague or competitor.  This option can work well if the companies have good relationships and are not concerned about sharing information that includes customer information.  It is relatively common in some industries for Compliance Officers to have reciprocal agreements that allow them to perform reviews for one another.  If you choose to have a review conducted by a colleague or competitor, you will want to consider:

  • The confidentiality of your information, including customer information.  Your agreement should contain a clause that states that this information will only be used for the purpose of the review and will not be shared within the colleague or competitor’s company.
  • The experience of the reviewer (in particular if they have not previously conducted a review).
  • Whether the reviewer’s company will allow them to conduct a review for a colleague or competitor.
  • Who will be compensated for the review (you don’t want to get in a dispute with your reviewer and their employer over who should be paid and how).

Pros:  The reviewer is likely to be familiar with the business processes and requirements that apply to your reporting entity types and there is the potential to conduct reviews for one another (reciprocal agreements) at little to no cost.

Cons:  The reviewer may have less experience in conducting reviews and you may be reluctant to share business and customer information (required to complete testing) with a competitor.

You & Your Staff

You may choose to conduct a review internally, either on your own or with assistance from other staff members.  This will require you to take a step back from your day-to-day work and consider it from a fresh perspective, which can be challenging.  The larger your company is, the more likely it is that regulators and banking service providers will expect your review to be independent.  However, as the least costly option, it can be worth considering if you are squeezed from a budget perspective and have the right experience to conduct the review and reporting on your own.

Pros:  You know your company’s business model and requirements well and this option is likely the least costly.

Cons: You are directly involved in the company’s compliance program and operations, which may be viewed by a regulator or banking service provider as having the potential to bias your findings.

After Your Review

Your review should serve as a guide to help you improve your AML and ATF compliance program.  It can be helpful to keep records of each finding, and the changes that you’ve made after the review.  It’s important to remember that the review is a snapshot of your compliance at a particular point in time.  Your reviewer cannot go back and change their findings based on changes that you’ve made after the review is complete.  If you’ve made significant changes to your program or operations following a review, it can be useful to have a follow up review conducted (or to conduct your own internal testing) to demonstrate that the changes that you’ve made are working as expected.

Need a Hand?

Outlier has developed on-demand model documents for reporting entities.  Our AML Compliance Review documents include:

  • Working papers to record the testing as it takes place
  • A report template to help you summarize your findings
  • A guide for the reviewer that explains how to use the documents

You can buy these documents on this website under each reporting entity type.  If the documents are not available for your reporting entity type yet, or you are looking for a consultant to conduct your review, please contact us.

 

Negotiate Your Consulting Contracts Like a Pro

Hanshake copy

Having worked for a couple of consulting firms, it occurs to me that there are things that everyone should consider while negotiating a consulting contract.  The hefty disclaimer:  I’m not a lawyer, and this shouldn’t be construed as legal advice.  Outlier is a consulting company, but I’ve worked to build a model that’s different from the status quo.  I’m not saying that we’re perfect, or that it doesn’t pay to shop around (in fact, I encourage it and will happily provide names and contact information for other companies that do the same type of work that we do).  I am saying that it pays to be informed, and to ask the right questions before you sign an agreement.  This is my “top 10 list” to help you negotiate your consulting agreements.

1. Can the contract include fixed fees for deliverables instead of hourly rates?

Negotiating fixed-fee contracts is something that big companies, like banks, do on a regular basis.  The irony is that small businesses can benefit just as much, if not more, from using this strategy.  Fixed-fee contracts benefit you by forcing the consultant to be extremely clear about the deliverables (what you are getting) and to be mindful about the scope of the work they’re doing and the time that it will take.  In essence, with a fixed-fee contract you’re agreeing to pay for a clearly defined product or service rather than for someone’s time.

The vast majority of Outlier’s contracts are fixed-fee, because I believe that this will benefit our clients the most.  As a business owner, I understand the value of knowing what you are paying for and how much you will pay before you get started.

2.  Who will be staffing the project?  What are their qualifications (and rates)?

Some firms have a tendency to advertise the experience of top tier professionals, when in reality junior staff (with little or no experience) complete most work.  If your project requires specialized skill sets, the firm that you are hiring should be able to tell you exactly who will be working on your project, what experience they have and what rates you’ll be paying.

3.  What work will a partner be doing on the project?

In many large firms, partners “sell” work, but aren’t actively involved in the management or execution of the project (doing the work).  Sadly, in some cases this doesn’t stop partners from billing clients for their time (including the time that they spend selling).  Since these are the people with the highest hourly rates, it helps to understand what their role will be early on.

In some cases, there may be a requirement for one or two partners to review documents before they are shared with you.  If this is the case, get an estimate of the time that this will take and the rates that will apply (or negotiate a fixed fee contract).  If you think that you may have been billed for something that doesn’t make sense, ask for detailed records that include a description of the work that was done, when and by whom.  In some cases, asking for this alone may reduce the size of your bill.

4.  Who will be managing the project (the point person)?  When and how should they be contacted?

We’ve already covered the fact that the person that is “selling” the work may not be the same person that is actually “doing” the work.  Aside from knowing who will be working on your project, you should know who is coordinating the consulting firm’s efforts.  If this person can be in the room when you’re setting out terms like timing, it’s nice, but that isn’t always possible.  At the very least, you should know who this person is, and how you can reach them.  You’ll want to connect with them early on to make sure that your expectations are clear (especially if this is not the same person that was “selling” consulting services).

5.  Will subcontractors be used?  If so, who, how many and from what companies?

Even big consulting firms will use subcontractors (either independent consultants or consultants from other firms) when there is a need for very specialized skill sets.  This isn’t a bad thing, but comes back to knowing who is working on your project and what background they have.  This can also be relevant if the subcontractors haven’t had the same types of background checks as other employees.

6.  What happens if a key staff member leaves the firm while the project is underway?

This isn’t something that can be easily predicted and it does happen.  The consulting firm should solve for this at their expense, not yours.  This means that if new staff need training in order to work on your project, this is not time that should be billed to you (if you are paying hourly rates).  In some cases, a more senior person may need to step in to cover some of the work, and if this happens, you can ask to continue paying the (lower) rate that you would have paid for the more junior team member (don’t worry, the consulting firm will still be making money; they’ll also be a lot more careful about the amount of time that they bill to your project).

7.  Is there any part of the work that your staff can do internally?

I would always rather work with internal staff members as part of my project team when I can.  It means that I’ll be in a better position to understand your organization and it’s culture.  It can also save you money if you have people on your payroll already that can do some of the work.  In these cases, the roles and responsibilities for each person should be clear.

8.  Are you paying for travel time?

Travel time has been a contentious issue, especially when firms charge a full hourly rate.  Charging for travel time makes sense if the person traveling is also working, but can get a bit dicey when they aren’t.  I’ve had the not so heartwarming experience of being ordered by a partner to bill a client for time that I was sleeping on an airplane at my full rate.  It was a debate that I fought on the client’s behalf, because it seemed absurd to me that anyone would want to pay several hundred dollars an hour for me to sleep.  Ultimately, the partner in question chose to bill the client, and I decided that firm was not a great fit for me ethically.

So it pays to ask, under what circumstances will you be required to pay for a consultant’s travel time?  How much (what rate) will you pay under each applicable circumstance?

Bonus tip:  You can also set per diems (daily limits) on travel related expenses like food and lodging.  I encourage my clients to apply the same standards to my expenses that they would apply to their own staff, including the submission of all receipts.

9.  What additional work are you paying for?

Any additional work that you will be billed for should be approved before it is conducted.  This is true especially if you are paying for services on an hourly basis.  Here’s the situation that I’ve seen time and time again:

Client:  Asks a question.

Consultant:  Offers to research the answer and create a memo; does this and bills the client for the time.

Client:  Is unhappy to receive an invoice for the time spent researching and creating the memo.

Consultant:  Reminds the client that he or she was following the client’s instructions.

There’s a balance that’s often missed here.  The client wants to be fair and compensate the consultant for their work, but feels that the price isn’t justified (or is something that should have been discussed in advance).  The consultant feels like they were following the client’s instructions.  They shouldn’t be at cross-purposes here, but it can feel that way.

One way to avoid this is to get pricing for any extra work (anything that isn’t specified in the original agreement) in advance and in writing (via email is often fine for this purpose).  Again, it can be useful to ask for fixed fees here.

10.  What are the consequences if you don’t get your deliverables?  What if you don’t get them on time?

Most agreements have some sort of timing included, but what happens if you don’t get what you paid for on time (or at all)?  If you have deadlines that you need to meet, it makes sense that you should have assurances that your consulting firm is able to help you meet those deadlines on time.  You can ask for penalties to be built into the contract if you don’t receive your deliverables on time (or bonuses if they are).  Remember that these should be fair and that in many cases your consultant’s ability to deliver on time is based on inputs that come from you (so you need to stick to the schedule as well if you’re putting this type of agreement in place).

There’s also the worst-case scenario:  what if you don’t get a deliverable?  In general, you shouldn’t pay in full before you see the final product.  You can structure your agreements so that your final payment is due when you receive your deliverables.  If it is a long project with more than one deliverable, the contract can be structured so that there are payments when each deliverable is complete.

Finally, when you’re hiring a consultant or consulting firm, you should have a clear idea of what you want before you sign a contract.  It’s up to you to know what you need, and what you’re willing to pay for it.  Make sure that your agreement clearly sets out the deliverables and timing.

If you’re feeling ready to hire a consultant and want to test your new negotiating superpowers, please feel free to contact us.

Keeping Your Bank Happy

For many reporting entities, a growing concern has become obtaining and maintaining banking relationships.  Most, if not all, businesses need a banking relationship to survive and prosper.  If you are an individual in Canada, you are entitled to basic banking services, but it is not so for businesses.  Banks and other financial service providers choose the business customers that they will serve.  This means that the stakes can be very high for businesses shopping for a banking relationship.

As reporting entities themselves, banks and other financial services companies have similar obligations to other reporting entities.  They must understand their customers and their customer’s transactions.  There is mounting pressure for banks to conduct due diligence that includes reviewing the compliance programs of clients that are reporting entities.  As a business owner, your best defence against losing your banking relationship is making your banker’s work easier.

This isn’t something that most business owners have spent a lot of time thinking about, but a few hours every year can go a long way towards ensuring that your banking relationships keep operating smoothly.  Based on my clients (and my own) experiences, I’ve summed up a five-step plan to help you on your way, which includes links to free resources to help you get started.

Step 1:  Have A Compliance Program (and Keep It Up To Date)

All reporting entities need to have an anti money laundering (AML) and anti-terrorist financing (ATF) compliance program in place, that includes these five elements:

  1. Appoint A Compliance Officer (this is the person that is responsible for the compliance program; they should be fairly senior within your company and their appointment should be documented);
  2. Document Your Policies And Procedures (your documentation should be detailed enough to describe what you actually do, and be updated at least once a year);
  3. Create A Risk Assessment (this is a document that describes the risk that your business could be used to launder money or finance terrorism, and the controls that you have in place to prevent that from happening);
  4. Train Your Staff (this should happen at least once a year and all training sessions should be documented); and
  5. Have An AML Compliance Effectiveness Review (this is like an audit of your AML program and operations; it must be done at least every two years).

When you are creating and updating your documentation, remember that you and your staff are not the only people that will see it.  Your regulators, bankers and other people that don’t know your business the way that you do will also need to rely on your documentation.  This means that you need to write as if your reader doesn’t know your business.  Take the time to explain everything clearly.

If you need help creating a compliance program, please have a look at our resources pages for your reporting entity type or contact us.

Step 2:  Have a business plan

Your business plan should describe what you do, how you make money and include historical business volumes (for existing businesses) and predicted business volumes (for new and existing businesses).  This document should explain your business simply and clearly (to someone outside of your industry).  To make things easier for your banking service provider, you should explain the types of transactions that will go through your bank account and the estimated volumes.

Many business owners are hesitant to describe their transactions and marketing strategies in any type of document that will leave their hands.  This type of thinking can seriously harm banking relationships, especially if the bank perceives you as being secretive or evasive.  Remember that the bank needs to understand your business in order to keep you as a customer, and the easier that you can make it for them to understand, the better off you’ll be.

I’ve worked with consulting firms that charge high rates for business planning, but there is no real need to spend a lot of money creating a business plan.  There are many free resources available for Canadian businesses.  Here are some of my favourites:

Not surprisingly, the banks themselves offer many of these resources!

Step 3:  Have Contracts In Place

Any third party that is involved in your business (vendors, agents, etc) should have contracts in place, and your bankers may ask to see these agreements.  The contracts should spell out what the third party is obligated to do on your behalf and the copies of the agreements that you provide to your banker should be signed and dated by all parties.  Don’t provide original documents to your bank unless you are required to do so (often banks want copies only, as they will not be returned to you).

Many existing businesses have long-term business relationships that may never have had a formal agreement in place.  In these cases, especially if the third party is doing something like identifying customers on your behalf, you will need to get written agreements.  These don’t need to be overly complicated.  The agreement should state what all parties are required to do and when.  It can be a plain language document that you draft yourself, or something more complicated that you work on with the advice of a lawyer.  The important thing is that you have agreements in place and that they’re clear enough to allow the reader to understand how the parties are related.

Step 4:  Take The Time to Build Alliances

You don’t usually get to speak directly with your bank’s compliance department. The sales representative or branch manager is your liaison. They need to be your advocate.  In this type of scenario, a person becomes your advocate not because you’re cute or gave a nice gift but because they know, understand and can explain your business. This takes patience and time.  Remember you need them as much as they need you. Make it a no brainer for them to want you as a customer (profitable, low risk, low effort).

Your representative at the branch is your point of contact and can act as a sounding board for your documentation.  For instance, if they have requested your business plan, ask if you can walk through it with them and get their advice before it is submitted to the bank’s head office or compliance department.  Remember that they can’t write documentation for you, but they can provide excellent insights about what the bank expects to see.

Step 5:  Consider Having Audited Financial Statements Completed

In some cases, your financial service provider may require audited financial statements. Only a licensed accounting professional or firm (specifically someone with a CA or CPA) can issue this type of report in Canada.  The process involves an independent evaluation of your company’s financial statements and other documents.  The auditor expresses an opinion about your company’s financial statements, based on the audit work performed, to state if they feel that the financials are free from material errors.  This is not specific to anti-money laundering.  The audit report refers to the company’s financial risk and fraud risk, among many other topics, to give your financial service provider more comfort over the financials they are reviewing to help lower your risk profile.  While we at Outlier aren’t accountants, and don’t perform this type of work, we’re happy to recommend accounting firms that have experience with audited financial statements, including our friends at Helen Loukatos Chartered Accountant, who’ve generously given us permission to link to this Money Service Businesses Audit FAQ.

Stepping It Up

All of this is relatively simple, but it takes time.  Consider it an investment in your business.  If you need a hand getting started, please feel free to contact us.

I’m a Compliance Officer! Now What?!?

Compliance Officer

I’ve met a lot of Compliance Officers from around the world, and not one of them has ever told me that as a child they wanted to be a Compliance Officer.  This isn’t to say that the job isn’t interesting (or even an awful lot of fun sometimes), but that we get here in different ways.  One of my favourites (who will remain nameless here) is a gentleman who missed a senior management meeting and was nominated as the organization’s Compliance Officer while he was absent.  When we first met, he was feeling overwhelmed and was looking for a review of his company’s compliance program (and assurances that he wouldn’t wind up in an orange jumpsuit if he made a mistake).

While it seems like an extreme case, many Compliance Officer’s feel this way at least once during their careers.  It’s a big responsibility that doesn’t often come with the budget to match.  Whether you’re new to the world of anti-money laundering (AML) or just looking for a quick “sanity check” to make sure that things are going the way that they should be, this “cheat sheet” is for you.

Your Compliance Program

You need to have a Compliance Program in place with these 5 elements:

  1. Appoint A Compliance Officer (hey that’s you!);
  2. Document Your Policies And Procedures;
  3. A Risk Assessment;
  4. Training; and
  5. An AML Compliance Effectiveness Review.

If your organization is a money service business (MSB) you will also need to register with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).  If your organization is an MSB operating in Quebec, you also need to register with the Autorité des marchés financiers (AMF).  The definition of an MSB in Quebec is a bit broader than the Canadian federal definition; some companies may only be required to register with the AMF.

The first thing that you should do is review your documentation to make sure that it’s up to date.  Here’s a quick checklist to get you started – answer each of the questions with ‘Yes’ or ‘No’.

Program Component

Questions You Should Ask
Compliance Officer Is my appointment documented? This can be in the form of meeting minutes or a formal document, but it must be in writing.
Policies and Procedures Do they describe what we’re doing to meet our obligations? The descriptions should be clearly written so that someone that doesn’t know your business could understand them.
Have they been updated in the last year?
Risk Assessment Does the Risk Assessment describe the risk that your business could be used for money laundering or terrorist financing?
Are there risk ratings?
Are your controls (what you do to prevent your business from being used for money laundering or terrorist financing) describe?
Do your controls make sense given your risk level?
Training Have your staff been trained in the last year?
Does your training cover all of the obligations that apply to your business?
AML Compliance Effectiveness Review Has an AML Compliance Effectiveness Review been completed in the last two years?
Was there a formal report that described the methodology and findings?
Did management sign-off on the final report within 30 days?

If you answered yes to all of these questions, you’re off to a good start.  If the answer to any of these questions is no, you have some work to do.  If that’s the case, consider letting your management team know right away.  It’s easier to get their support when they know what you’re working on.

FINTRAC Reporting

Other than terrorist property reports, FINTRAC reports can be filed electronically using a system called F2R.  If your organization is not already using this system, you can enroll by contacting FINTRAC.  Filing your reporting electronically can make it easier to keep track of the reports that you’ve filed (remember to save copies of the PDF reports on your network) and let you know more quickly whether or not FINTRAC has accepted your reports.

FINTRAC has published guides to help you with your reporting.  Each report type in the chart is hyperlinked to FINTRAC’s guidance.  The types of reports that you will submit will depend on the type of reporting entity you belong to.  However, all reports have set time limits.

Report Type

Timing
Suspicious Transaction Reports (STRs) and Attempted Suspicious Transaction Reports (ASTRs) As soon as practicable
Large Cash Transaction Reports (LCTRs) 15 calendar days from the date that the transaction takes place
Electronic Funds Transfer Reports (EFTRs) 5 working days from the date that the transaction takes place
Large Virtual Currency Transaction Reports (LVCRTs) 5 working days from the date that the transaction takes place
Casino Disbursement Reports (CDRs) 15 calendar days from the date that the transaction takes place
Terrorist Property Reports (TPRs) As soon as possible (Immediately)

Training Your Staff

All staff should be trained at least once a year (including part-time, temporary and contract staff).  Your training records should include:

  • Who was trained?
  • When did training take place?
  • How was training delivered (in person, webinar, etc…)
  • What topics were covered?

This can be done in a simple spreadsheet.  You don’t need to collect signatures to prove that training took place, but you do need to be sure that your records are accurate.

There are very few instances when staff members do not need to be trained.  Generally, these would be staff members that are not involved in any way with customers or customer transactions.  If there are staff members that are not trained, you should document who they are, their roles, and the reason that they are exempt from training.

AML Compliance Effectiveness Reviews & FINTRAC Exams

I’ve put together some detailed guidance on preparing for reviews and exams.  It’s important to remember to get all of your documentation in order in advance.  Make sure that you’ve read the request and understand what you are being asked for.  If you have questions about what you should include, it’s fine to call the reviewer or examiner to ask.

Information requests are time-sensitive.  For FINTRAC exams, you generally have 30 days from the date that the request was mailed to assemble your submission.  This seems like a long time, but you may need some extra help pulling everything together.  It’s a good idea to let your management team know as soon as you receive a request from the regulator, especially if you need extra resources to stay on top of the request and everyday compliance tasks.

Need a Hand?

If you’re feeling like your AML program needs work, and you’re not sure what to do next or you need extra hands to put together or look over your FINTRAC package, please contact us.

Return to Blog Listing