PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Suspicious Transaction Reporting in 2015

Preparing for a FINTRAC examination

At the Canadian Institute’s 14th Annual AML Forum, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) reviewed its expectations for suspicious transaction reporting. FINTRAC emphasized that suspicious transaction reports (STRs) are vital to the agency’s mandate as Canada’s financial intelligence unit (FIU) and ongoing collaboration with law enforcement agencies. While reporting entities (REs) in Canada have been required to report transactions for quite a few years, we’ve had many questions from REs about what FINTRAC expects and looks for in examinations. FINTRAC’s most recent guidance is useful in tuning your technology, enhancing your processes, and asking the right questions at industry association meetings.

What is FINTRAC Looking for in STRs?

When FINTRAC conducts compliance examinations, they will be applying three tests to STR data, including:

  1. Entity Practitioner: FINTRAC will look for transactions that are similar to those involved in STRs that you have reported. If there are similar transactions or transaction patterns that have not been reported to FINTRAC, there should be an explanation for the difference. Where possible, this explanation should be documented.
  2. Sector Practitioner: FINTRAC will compare the number and type of STRs submitted by similar entities. The size and type of business are taken into consideration.
  3. Reasonable Practitioner: FINTRAC will analyze a sample of reported STRs and unreported transactions against relevant guidance. In this case, relevant guidance means the suspicious transaction indicators from FINTRAC’s Guideline 2 that are applicable to your business.

These are terms that we’re likely to hear more about over the coming months, and there are compliance program adjustments (most of them relatively simple) that can be made to ensure that you’re meeting this standard.

Tune Your Technology

Amber looking at laptop FINTRAC screen

Most REs use software solutions to detect potentially suspicious transactions. Almost all transaction monitoring software uses some type of rules-based system to determine when alerts should be generated. These rules should, at minimum, reflect the indicators that are applicable to your business. Not all of the indicators from FINTRAC’s Guideline 2 will be applicable to your business. Where possible, you should document the decisions that you make about your transaction monitoring rules, including the rationale for those decisions.

The most sophisticated software platforms have machine learning functions. These can take the decisions that have been made about previous alerts and use this information to refine how the program works. For example, if a particular pattern of transactions was deemed to be suspicious, the program may look for similar patterns.

If you’re not using software that does this on its own, don’t panic. You can review the STRs that you’ve submitted to FINTRAC to determine whether your transaction monitoring rules are tuned to reflect the types of money laundering and terrorist financing threats that you’ve previously encountered. This should be done on a regular basis (for example, as part of your Risk Assessment updates). If you have an STR that is related to a pattern that you don’t have a rule to cover, you may want to do this sooner, rather than waiting for the next scheduled update.

Train Your Staff

Training

Over the years, I’ve heard many Compliance Officers express frustration about not knowing whether or not STR data has been useful to FINTRAC or law enforcement. To close this gap, I’ve looked for articles and speakers from FINTRAC and law enforcement that could provide meaningful information about the type of information that is most useful. The same principle applies to your staff.

You can use existing cases (you’ll want to remove any personal information for training purposes) to demonstrate the type of transactions that you want your staff to escalate to compliance for review. Existing cases from the media, and end to end cases provided by training companies like TAMLO, are also excellent resources. Keeping your annual training fresh is a challenge, and using your STRs as cases is one way to do that, while also meeting FINTRAC’s expectations.

Refine Your Audits & Effectiveness Reviews

AML Compliance Effectiveness Review

Are your auditors and/or reviewers using the same tests that FINTRAC is using to assess your compliance? If you’re not certain, ask.

If you perform self-assessment testing, you may want to include these tests as well.

As of 2015, all AML Compliance Effectiveness Reviews performed by Outlier will use these three key tests to assess STR data.

Ask Your Industry & Working Groups for More

Hanshake

Most REs have excellent industry associations and working groups such as the Canadian Banker’s Association (CBA), Canadian MSB Association (CMSBA) or the Canadian Jewellers Association (CJA). These groups are excellent resources and can help you understand STR trends across your industry. If you’re not a member, you may still be able to attend regular conferences or events.

Need A Hand?

We would love to hear from you. If there are topics that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Insights From the CMSBA Education Days

We were fortunate enough to be able to attend the Canadian MSB Association (CMSBA)’s Montreal and Toronto spring training days. For Money Services Businesses (and those affiliated with the industry), the CMSBA is an excellent resource for collaboration, information sharing and advocacy. For those that were not able to attend any of the spring training sessions, here’s a roundup of the topics covered.

FINTRAC & MSB Compliance Examinations

Canada’s federal regulator for anti-money laundering (AML), the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), provided in depth statistics related to compliance examinations, as well as common issues for MSBs. Despite what some highly publicized administrative monetary penalties (AMPs) may lead you to believe, MSBs are faring well as a sector in FINTRAC’s compliance examinations. It’s noteworthy that through a freedom of information request, Outlier obtained data on the number of MSBs that did not have any deficiencies in examinations. Between 2008 and the end of 2014, this amounted to approximately 25% of all MSBs examined. In most cases, MSBs were largely compliant, with some partial deficiencies.

Overview Big

For a complete breakdown of common issues noted in examinations, click here.

AMF, Respondents & Digital Currency

Québec’s provincial regulator, the Autorité des Marchés Financiers (AMF), provided clarification on its expectations for MSB respondents. For MSBs dealing with customers in Québec that do not have offices in the province, a respondent must be nominated to deal with the AMF on the MSB’s behalf. Among the requirements are that the respondent must:

  • Be over 18 years old;
  • Have an address in Québec (home address or business address); and
  • Not be under tutorship, curatorship or advisorship.

The AMF also addressed digital currency, noting that not all digital currency business models are covered by the Québec MSB Act, and that there must be an element of fiat currency involved in the transactions. Both the AMF’s press release from February 2015 and the current presentation confirmed that digital currency trading platforms (that include fiat currency transactions) and digital currency ATMs are considered in scope. As there are a myriad of other digital currency related business models, if you are unsure of where you fit, you can contact the AMF and receive a decision (we recommend that you request a decision in writing where possible).

Agency Agreements

I had the honour of speaking about MSB agency agreements (the agreements between MSBs and their agents) with Susan Han (previously of AUM Law). Like most things, agent agreements should be documented in writing and clearly spell out the terms of the agreement. MSBs that take on agents should understand that the MSB would bear most of the risk (financial, compliance and reputational). Agents should be aware that the client (and information about the client) “belongs” to the MSB rather than the agent (and this information should always be provided to the MSB when it is requested).

International Collaboration & De-Risking

The CMSBA has partnered with MSB associations worldwide to increase awareness of the negative ways in which de-risking (which CMSBA Director Ken Saul noted should be called de-banking) affects the financial system. As the de-risking issue has affected MSBs worldwide, and there does not appear to be any effective solutions under consideration, a whitepaper was developed and presented to the Financial Action Task Force (FATF). This whitepaper has received a positive reception. Stay tuned for more on the international efforts in this regard.

One of the few Canadian Financial Institutions that (openly) banks MSBs, Luminus Financial, was on hand to discuss factors that MSBs should consider when dealing with banking relationships. MSBs should be prepared to provide complete and transparent information about their business. In order to achieve success in both obtaining and maintaining banking relationships, MSBs should be able to demonstrate that they are compliant and present information in a way that is well organized and addresses all of the questions and requests that the bank has made. In some cases, this will be a higher standard than simply meeting the minimum compliance requirements set out in law and regulation.

Compliance Maturity Model

In looking proactively at issues related to de-risking and demonstrating compliance, the CMSBA is working to develop a compliance maturity model (CMM). Currently, CMSBA members can complete the first stage of this model by completing an attestation form online. The attestation states that the MSB is compliant with applicable legislation and not subject to administrative or criminal proceedings. Questions, comments or suggestions related to the CMM can be directed to cmsba-cmm@canadianmsb.org.

Need a Hand?

If you are an MSB that needs compliance assistance (or a bank that wants assistance in setting up and maintaining a compliance regime that effectively manages MSB related risk), please contact us.

 

Who Wins The De-Risking Shell Game?

BankRisk_2The volume of evidence, both empirical and anecdotal, grows every day. The story on the surface is simple enough: banks are making the decision to “de-risk” (a polite way to say close the account of) certain types of businesses including money service businesses (MSBs) and digital currency businesses that are considered “too risky” by traditional financial services providers. The unintended consequences have included strained remittance corridors and frustration for businesses struggling to get by without reliable banking services. While these consequences are well documented, there are other unintended consequences of the de-risking phenomenon that have been less widely discussed. These include a growing lack of transparency between some industries and their banking service providers and directly threatens our ability to effectively manage money laundering and terrorist financing risk at both the financial institution and national levels.

It’s a shell game of “hide the risk” – and we’re all losing.

Businesses Are Losing

By now, if you haven’t heard about businesses struggling to survive without access to banking facilities, you would have had to ignore financial media for the past two years. The global effects of de-risking have attracted the attention of the G-20, the Financial Action Task Force (FATF), Financial Crimes Enforcement Network (FinCEN), the World Bank, and many more. While it’s clear that there are issues in terms of access to banking, let’s be honest with one another: while some businesses will close up shop, many others will take a different track.

Whether it’s using alternative financial service providers, payment processors, personal bank accounts or merely opening accounts at other financial institutions without revealing the true nature of the underlying activity, businesses will find a way to carry on. I’ve spoken personally to businesses that have taken these approaches, and it has never been their first or most ideal choice. These aren’t criminals carrying on some nefarious business! They are entrepreneurs who would rather be able to provide their real business plan to their banks and explain their activity honestly, but they do not believe that this option is open to them.

Banks Are Losing

Consequently, a bank with a policy that prohibits these types of businesses from holding accounts will deal with businesses that have gone to great lengths to conceal the true nature of their activity. The banks are unaware of the true nature of the activity passing through their accounts, and therefore ill equipped to manage the risk related to these activities. The strain on banking resources must be phenomenal, as banks must constantly devise new ways to interpret patterns of customer activity to detect undeclared MSB or digital currency activity. While it isn’t easy to quantify these costs, I can only surmise that the cost of this detective work must be high, despite being ineffective.

To further muddy the waters, businesses who fail to provide transparent information to their banks for fear of de-risking may also conduct completely legal activities in a way that starts to look like criminal activity. For example, if you believe that your business banking relationship is not reliable, you may open many accounts (in some combination of personal and business names) and conduct fractions of your banking through each, transferring funds from one account to another as needed to meet your obligations. On the surface, it can seem much like “layering” or “structuring” activity (techniques used by money launderers to make funds more difficult to trace). This further adds to the banks’ burden by creating more activity that must be monitored and investigated.

Entire Nations Are Losing

It has been widely publicized that in some cases like Somalia, entire nations that are dependent on remittance payments from friends and family living and working abroad are experiencing increased difficulty. Reliable and cost-effective remittance payment providers are a shrinking pool. This seems absurd in a time when technology can facilitate a payment in seconds.

National Security Is Losing

It’s not just far-flung places dependent on remittance payments that are losing. Here at home, we have a national security system that is dependent on our financial intelligence units (FIUs) having access to reliable data. The reliability of that data is undermined at every level by the de-risking shell game:

  • Businesses do not declare the true nature of their activity – and there are no incentives for them to do so;
  • Banks do not understand the nature of their customers’ activities, making it difficult detect potentially criminal activity; and
  • There is likely to be an increase in “false positives”, where activity conducted by businesses that do not believe that they can reveal the true nature of their activity to their banks instead conduct business in a manner that resembles criminal money laundering techniques.

Taken together, this results in the likelihood that key information is not being reported to FIUs correctly. Consequently, it becomes more difficult for law enforcement and other national securities to rely on this data to perform their roles effectively.

Who Is Winning?

There are two potential winners in this game and much like the shell games that you see duping tourists on the streets of large cities, neither is without malevolent intent.

The first are unregistered/unlicensed MSB businesses. These are businesses that have ignored regulatory requirements and carried on business without any FIU reporting. In some cases, these businesses will even minimize their interaction with the local financial system by using foreign bank accounts (and point of sale terminals) to collect customer funds. While the risk of penalty is high, the reward for these businesses (in particular where they are able to complete transactions that pose a challenge for their compliant counterparts) can also be high.

The second is criminal organizations. When legitimate businesses are performing transactions that look like money laundering, detecting true criminal activity becomes exponentially more difficult. I can only assume that the criminals are laughing all the way to the bank.

Shutting Down The Shell Game

De-risking is a complex problem with complex outcomes, but the solution need not be complicated. It does, however, involve the cooperation of all levels of the financial services community: regulators, banking service providers and businesses.

The costs and benefits of de-risking need to be reassessed. Where banking service providers are capable of accepting and managing accounts for businesses considered to be “higher risk”, they should do so, with their regulator’s blessing. Rather than perpetuating the shell game, regulators should encourage banking service providers to manage risk (and provide solid guidance with reference to how this should be done). Finally, there should be open communication between banking service providers, regulators and business banking customers. The lines of communication closed by de-risking must be opened, allowing banks to have honest conversations that will provide real insight into their customers’ business and lead to effective long-term risk management.

Quebec MSB Respondents

Since Quebec’s MSB Act came into force in 2012, there have been many questions about whether or not the law applied to entities that don’t have a physical presence in Quebec (the answer is yes, if you’re serving customers located in Quebec at the time of the transaction). Most recently, the Authorité des Marchés Financiers (AMF), Quebec’s provincial regulator, has announced that the law applies to digital currency ATMs and exchanges. One of the challenges for businesses that don’t have a physical presence in Quebec is designating a respondent within the province. While Outlier doesn’t have Quebec offices either, we’ve put together some resources to help you navigate the process.

Hefty Disclaimers

We’re not lawyers, and nothing in this article should be considered legal advice. While we’ve put together some resources that we hope will be helpful, you will need to decide on the right course of action for you and your business.

What Does A Respondent Do?

A respondent is a person or company that acts as your point of contact with the AMF. While this seems relatively simple on the surface, the respondent must pass relevant communications to you and pass information from you to the AMF, the requirements are actually more complex than this (see below for the full text from the MSB Act on respondents). A respondent must have premises in Quebec and be approved by the AMF. The AMF has taken the position that those involved in financial services (including respondents) must demonstrate “integrity and good moral character” (this is broadly defined) and the AMF can reject MSBs, agents and respondents that do not meet this criteria.

The MSB Act goes on to state that a respondent must be “able to properly exercise a respondent’s functions with the Authority.” This means that the respondent will need to understand how to communicate with the AMF (and while French language isn’t a requirement, it is definitely a benefit here). The respondent will also need significant access to information about your business and operations, both to assist in the application process and to communicate with the AMF.

Finally, there is some debate about the liability that the respondent bears in acting in this capacity for an MSB. We’ve reached out to the AMF for their position on respondent liability.  The regulator’s position is that a respondent bears little if any liability, provided that they are acting “in good faith.”  This means that the respondent is expected to have done some degree of due diligence regarding their MSB client, and that the respondent believes that the information that they are providing to the AMF is complete and accurate.

There is also a risk to MSBs. The respondent will act as your point of contact with the AMF. This means that the regulator will most often be communicating with your respondent, rather than with you directly.

What Should I Look For in a Respondent?

As the voice of your business with the AMF, you’ll want a respondent that has certain characteristics:

GOOD COMMUNICATION – Your respondent should be someone that the AMF can reach when they have information requests, and the respondent should be able to quickly pass these requests to you. If your respondent’s contact information changes, they’ll need to update this information with the AMF to avoid missing any information requests or other regulatory communication.

RELIABLE – Like most regulatory requests, when the AMF asks for information or clarification, there are generally strict timelines. Your respondent should be someone who understands this and will ensure that your responses are submitted on time.

INTEGRITY – Your respondent will need to pass a background check (this is required under the MSB Act) and deal with your confidential business information. It is vital that the respondent be someone that you can trust.

EXPERIENCE – The ideal respondent understands their role, your business and has experience dealing with the AMF. The respondent, in some cases, may also act as an advisor, helping you to devise the best strategy for your business.

PRICE TRANSPARENCY – The respondent is likely to be doing much more than passing messages between you and the AMF. You should have a clear understanding of the fees that you will pay and the work that you’ve authorized the respondent to complete on your behalf. Your agreement with your respondent should be spelled out in formal contracts.

What Do I Need to Do for the Respondent?

You should expect to provide the respondent with due diligence information. This will include information about your business and its beneficial owners and directors. This includes information that is required under the MSB Act as well as additional information that the respondent requires based on their own internal processes.

MSBs should be prepared to provide at least the following information early on in discussions with respondents:

  • The name and ID of all those employees involved in the MSB activity;
  • A list containing the name, date of birth, if applicable, domiciliary address and telephone number of each of its mandataries and of each of the officers of its mandataries who are responsible for the money services offered on behalf of the money-services business;
  • A list of the financial institutions with which it deals;
  • The MSB’s business plan; and
  • The MSB’s financial statements for the last fiscal year.

If you are uncomfortable providing this type of information before you have a signed agreement in place, you can always ask the respondent to sign a confidentiality agreement.

Respondent Contacts

The contacts below are people that we know and have spoken to personally about the respondent services that they provide. While we can’t guarantee anything that another person or company does, they’ve got our vote of confidence.

Respondents are listed in alphabetical order by first name.

Jean-François Lefebvre

Phone: (514) 608-0684

Email: jeanfrancoislefebvre9@gmail.com

Relevant specializations and experience: Jean-François has experience in advising MSBs and financial institutions, both as a regulator and as a consultant. He is a former FINTRAC senior representative and has dealt with the AMF in several instances in his career.

Marc Lemieux, Principal, Lemieux Legal Services

Phone: (514)-987-1117

Email: marc@marclemieux.com

Website: marclemieux.com

Relevant specializations and experience: Marc is a bilingual lawyer with experience in banking, payments, and MSBs. He currently serves as a member of the Board of Directors of the Canadian MSB Association.

Michael Garellek, Associate, Gowlings LLP

Phone:   514-392-9421

Email: Michael.Garellek@gowlings.com

Website: www.gowlings.com

Relevant specializations and experience: Michael’s experience includes working directly with the AMF, as well as, dealing with the AMF on behalf of his financial services clients.

Need A Hand

If you’re not sure if the MSB Act applies to you, or need assistance in finding a respondent, please contact us.

The MSB Act on Respondents (Full Text From the MSB Act)

5.  A licence application must be filed together with the fee determined by regulation and filed by a person acting as the business’s respondent for the purposes of this Act.

The respondent must

(0.1) be a director, officer or partner of the money-services business;

(1) be 18 years of age or over;

(2) not be under tutorship, curatorship or advisership;

(3) be domiciled in Québec or have a place of business or a place of work in Québec; and

(4) meet any other condition set by regulation.

The money-services business must give the respondent access, at the business’s head office and in all its establishments, to the information and documents needed to exercise the respondent’s functions.

The respondent for a money-services business that is not constituted under the laws of Québec and does not have its head office or an establishment in Québec need not be a director, officer or partner of the business but must be able to properly exercise a respondent’s functions with the Authority.

Micro Deposits & Micro Withdrawals

The Big DisclaimerAmber looking at laptop blank screen

We’re not lawyers and nothing that we write should be considered a legal opinion. Whether or not a solution will be acceptable to your regulators will always depend on your implementation and documentation – please contact us if you need help with either.

Background

There are a limited number of ways for Canadian reporting entities to identify individuals without meeting face to face. Previously, we have sought opinions from the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) on whether or not micro deposits and micro withdrawals could be used to confirm a customer’s identity. Until recently, the answer had been no. We reached out to FINTRAC again on the issue after learning that technology had evolved in a way that could meet the requirements. We’re pleased to share with you that FINTRAC is of the opinion that – given the right technology conditions – micro deposits and micro withdrawals can indeed be used to confirm a customer’s identity.

Confirmation Of A Deposit Account

The methods that can be used to confirm a customer’s identity are listed in Schedule 7 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR). (Since this post was written, Schedule 7 has been repealed and replaced by FINTRAC’s Methods to Identify Individuals). The “Confirmation of a Deposit Account Method” involves confirming that the person has a deposit account (this means a chequing or savings type of account) with a Canadian financial entity (this means a bank, credit union or caisse populaire). To use this method, reporting entities must keep a record of the name of the financial entity where the account is held, the account number and the date of the confirmation.

The key elements of this method involve determining that the account belongs to the person that you are trying to identify and determining that the account is indeed a chequing or savings type of account.

Micro Deposits and Micro Withdrawals

Previously, micro deposits and micro withdrawals were viewed as failing on both of these key elements. Confirming the amount of a micro transaction proved that a person had access to the account, but not that they owned the account. It was also viewed as impossible to determine the type of account (for instance the account may have been a line of credit that had a similar account number structure).

Fortunately, technology has advanced and some payment processors are able to conduct name matching (in some cases, payments are even stopped if there isn’t a match) as well as the type of account. Not all payment processors may have the capabilities, but if you’re looking for a way to automate some of your non face-to-face customer identification, this could be an option.

Implementation Checklist

We’ve broken down the implementation into seven key questions. If you’re able to answer yes in each case, you’re likely to be ready to implement micro deposits or micro withdrawals as an identification method.

  1. Does my payment processor conduct name matching (our client’s name against the account being debited or credited) and what confirmation do we receive of a match?
  2. Is our system set up to keep a record that demonstrates that the name was matched?
  3. Does my payment processor have access to the account type when an account is being debited or credited and can they pass that information to us and/or confirm for us that the account is a deposit account?
  4. Is our system set up to keep a record of the type of account or confirmation that the account is a deposit account?
  5. Is our system set up to keep a record of the name of the financial entity where the account is held?
  6. Is our system set up to keep a record of the account number?
  7. Is our system set up to keep a record of the date of the confirmation?

In addition to this list, you should also give some thought to what happens when identification fails (for example if the name doesn’t match or the account isn’t the right type). You’ll need to consider an alternative way to identify your client, and you probably don’t want their account stuck in limbo.

Need a Hand?

If you want to be certain that you’re meeting the standard described in this blog, or just someone to chat with to make sure that you’re on the right track please contact us.

Full Text Response

Good afternoon Ms. Scott,

Thank you for contacting the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canada’s independent agency responsible for the collection, analysis, assessment and disclosure of information in order to assist in the detection, prevention, and deterrence of money laundering and financing of terrorist activities in Canada and abroad.

You indicated, “some payment providers have the capacity to match the customer’s name to the name on the account (and will not process transactions if there is not a match) and return information about the type of account to which the transaction was pushed.”

In light of this, you have asked whether micro-withdrawals and/or micro-deposits would be acceptable for use as confirmation of a deposit account provided that:

(a) there was a confirmed name match; and

(b) the account type was confirmed as a deposit account.

Subparagraph 64(1)(b)(ii) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) states that non-face-to-face identification can be done by using a combination of identification methods as set out in Part A of Schedule 7, the confirmation of deposit account method being one. This method of ascertaining a person’s identity consists of confirming that the person has a deposit account with a financial entity, other than an account referred to in section 62 of the PCMLTFR. For the deposit account method, paragraph 67(c) of the PCMLTFR requires that the client name, the deposit account number, the financial entity name, and the date of the confirmation be recorded. Therefore, if the payment provider confirms the client name, the deposit account number, the financial entity name, and the date of the confirmation, then yes, the micro-withdrawals and/or micro-deposits is an acceptable means to confirm a deposit account with a financial entity as per Part A of Schedule 7 of the PCMLTFR, and would satisfy one of the two combination methods required.

Please note that FINTRAC does not endorse nor advertise any products, companies, or providers of consumer information.

I trust this information will be of assistance.

FINTRAC Releases Policy Positions

Amber looking at laptop FINTRAC screenFrom the time that we launched, we at Outlier have believed strongly that information should be free.   When we have received information from regulators or other government agencies that we believe could be useful to our friends and clients, we’ve posted that information on our blog, making the information accessible without cost. This has lead us to make inquiries with agencies including the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). Most recently, we’ve requested access to all of the policy positions that FINTRAC has provided from 2008 to the present date. As a consequence of this request, FINTRAC will be releasing this data to the public in the near future.

You can read FINTRAC’s confirmation letter here.

00047 – signed reply letter

The Big Disclaimer

The information that follows is based on our requests and conversations with FINTRAC. We are not lawyers and do not present any of our content as legal advice. If you feel that we’ve missed something vital, or misrepresented an important point, please feel free to contact us and we’ll do our best to correct it.

FINTRAC Has Gone Public

Policy positions are statements that FINTRAC has made about how the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations (Regulations) should be applied. These are the “opinion” or “position” of the regulator (similar to the guidelines released by FINTRAC), intended to assist reporting entities in complying with the law. Like guidelines, they are subject to change and do not carry the force of law – but do have the ability to be powerful tools for reporting entities.

We applaud FINTRAC’s decision to make this information available to the public and look forward to reviewing the publications!

You can see the initial publication here (scroll down to the FINTRAC Policy Interpretations section).

What It Means For Your Business

Reporting entities should review the policy positions when they are released and look for guidance that can be applied in refining their anti money laundering (AML) and anti-terrorist financing (ATF) compliance programs.  FINTRAC has confirmed that “sanitized, non-repetitive, versions” of the policy interpretations positions will be made public on an ongoing basis.  Historical policy interpretations (from 2008 to the present date) are expected to be published via FINTRAC’s website in December this year.

Obsolete Policy Positions

We have received as part of our initial information request a list of policy positions that FINTRAC considers to be obsolete (no longer accurate or relevant). While these are less useful to most reporting entities than current policy positions, it may be useful for reporting entities to review this content to determine whether they are relying on information that FINTRAC no longer holds true. You can access this information using the link below.

Obsolete Policy Positions

Need a Hand?

If you have questions about AML or ATF compliance, including what a policy position might mean for your business, please contact us for more information.

Insights From the 2014 CMSBA Conference

CMSBA

We were honoured to present at this year’s Canadian MSB Association (CMSBA) conference in Toronto. Speakers included representatives from the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the Canadian Federation of Independent Businesses (CFIB), money service businesses (MSBs), consultants, lawyers and technology service providers. Priced between CAD 200 and 250 (depending on membership status and the timing of the registration), the price of this annual event, which includes breakfast, lunch, a post event reception, an annual CMSBA membership and a training certificate is likely one of the most informative and reasonably priced resources for MSBs. We would like to thank the CMSBA for providing a top quality event.

The Big Disclaimer

The information that follows is based on our experience attending the conference, and the information that we feel will help our friends and clients the most. While there were many excellent sessions, we weren’t able to enjoy them all. If you feel that we’ve missed something vital, or misrepresented an important point, please feel free to contact us and we’ll do our best to correct it.

FINTRAC Exams Are Changing

Lisa Douglas of FINTRAC tackled an update on the regulators expectations with candor, diplomacy and even a sense of humour on occasion. Among the most important points for reporting entities was the implementation of the regulatory changes that came into effect in February of 2014, and changes to the types of testing that FINTRAC will be performing in examination:

  • Business Relationships: has the nature and purpose of the business relationship been documented? Has the customer been identified where there is a business relationship (and if not, are efforts to identify the customer documented)? Is ongoing monitoring in place?
  • Suspicious Activity: Do the policies and procedures reflect the right indicators for the business model (see FINTRAC’s Guideline 2 for a full list)? Is there activity that seems to be suspicious that was not reported? If so, are you able to explain objectively why the activity was not considered to be suspicious (and is the explanation backed up by documentation)?
  • Ongoing Monitoring: Are monitoring efforts documented? Is the monitoring for high-risk customers and business relationships different (in nature and frequency)?
  • Beneficial Ownership: Is there documentation that confirms beneficial ownership? If not, has Senior Officer been identified and is the customer classified as high risk?
  • Customer Information Updates: Is customer information being updated on a regular schedule according to the customer’s risk?
  • Quality Reporting: Are the reports that FINTRAC receives complete and accurate? Are all fields (including fields that aren’t mandatory) completed if you have the information on file?

Ms. Douglas received the most questions about applying an ‘objective standard’ to deciding whether or not there are reasonable grounds to suspect money laundering or terrorist financing activity, and stressed that it is not enough to know that the activity is consistent for a customer over time if the activity could be indicative of money laundering or terrorist financing. This theme was echoed by Paul Burak of MNP LLP in his discussion of customer due diligence. In his illustrative example, Mr. Burak described a hotel that made large cash deposits with few credit card or debit card payments, in volumes that were out of synch with local tourist traffic. While the pattern of activity was consistent for the client over time, it did not make sense when an objective standard was applied.

There are Many More MSBs with ‘Zero Deficiencies’ Than MSBs with Penalties

Although there are several published administrative monetary penalties that have been published for MSBs, approximately 25% of MSBs examined between 2008 and 2014 have passed examinations with zero deficiencies.   While this isn’t likely to reduce the stress that comes with preparing for an examination, the information (obtained from a recent access to information request that Outlier filed with FINTRAC) is important in understanding that the MSB industry has historically been more compliant than the headlines would have us believe. That said it’s always vital to take the time to prepare for your examination and ensure that all of the materials requested by FINTRAC are assembled and delivered on time. We’ve put together some free resources to help reporting entities get organized, available here.

We were fortunate enough to co-present on this topic with two very experienced lawyers, J. Bruce McMeekin and Tushar K. Pain. Both emphasized the importance of reaching out to a legal professional early if you may be facing an administrative monetary penalty, as well as the value of regular compliance testing (not just limited to the effectiveness reviews required every two years) to assess compliance and fix anything that may be offside.

Banking Remains an Issue for MSBs

Robert Osbourne of Grant & Thornton provided excellent insights on maintaining banking relationships, including requesting and account manager, and maintaining regular contact (rather than simply responding to issues or information requests). Despite recent public policy positions from the Financial Action Task Force (FATF) and Financial Crimes Enforcement Network (FinCEN) warning against wholesale de-risking, few Canadian banks are currently accepting MSBs. Among those that we are aware are taking on MSB customers:

  • Royal Bank of Canada (RBC)
  • Bank of Montreal (BMO)
  • DirectCash Bank (DC)

There are additional financial institutions, including credit unions that offer accounts to MSBs, however many of these are not currently taking on new MSB customers. Access to banking is one of the issues that we’re likely to hear more about from both the CMSBA and the CFIB in the coming months.

Tools and Technology

The importance of tools and technology for recordkeeping and compliance management cannot be understated. The Canadian market is served by a number of great providers, and more solutions are being added on a regular basis. The solutions that are implemented should be well aligned with your business model and Risk Assessment. They should also be secure, in particular where sensitive or personal information (PI) is stored. Garry Clement of Clement Advisory Group emphasized how vulnerable the industry may be to cyber threats, and steps that MSBs can take to recognize threats and protect their data.

Digital Currency

Jillian Friedman of the Bitcoin Embassy (formerly, now she can be found at montrealtechlawyer.com) and Susan Han of Miller Thompson provided an overview of digital currency. While it was clear that many MSBs are interested in the potential that bitcoin and other digital currencies can offer, the same barriers to banking faced by MSBs are faced by digital currency companies in Canada. MSBs that deal in digital currency may face additional de-risking concerns with their banks. Zach Ramsay of CoinCulture, though not presenting, was on hand to offer clarification about the digital currency related services that may interest MSBs including bitcoin teller machines (BTMs) and bitcoin payment processing.

Need a Hand?

If you would like more information about the CMSA, including information about how to become a member, you can contact them here.

If you have questions about AML or ATF compliance, please contact us for more information.

Why bitcoin?

BitcoinAcceptedHereI’ve been asked the question enough times that I probably should have blogged about it a year ago, but the kicker for me was coming across an article that seemed to have no purpose but to question why an AML consulting firm would speak at the Bitcoin Expo.   The truth is that a few years ago, I may have approached the situation with the same type of skepticism. In those years, I’ve worked with excellent companies that are working hard to manage their risk (some of them in the absence of any law that would compel them to do so). I’ve not only come to believe that working with companies in the digital currency space is well-aligned with Outlier’s core mission (helping Canadian businesses to succeed), I’ve become enthusiastic about digital currency in general.

The First Bit

A longtime friend and client approached me about the digital currency aspects of his business. While I won’t go into great detail about the specifics (client confidentiality is important to me – and my clients), I will admit that my understanding of the space was rudimentary at best. If the request had come from someone that I knew and trusted less I may have taken a different approach to learning, but given the circumstances I wanted to know as much as I could as quickly as I could. I thought that the best way to learn would be to ask to be paid in bitcoin. This meant that I had to figure out how to set up a wallet, secure it, receive bitcoin and of course spend the bitcoin. What became clear to me very quickly were the advantages: bitcoin transactions were fast, cheap, traceable (by way of the blockchain’s public ledger) and irreversible.

Being a self-proclaimed AML nerd, I was surprised to see that I didn’t need to provide personal information to set up a wallet, though it was also clear to me that the idea of complete anonymity wasn’t accurate either. I hadn’t worked with any digital currency exchanges or brokerages yet, and I wasn’t quite sure what to do with my bitcoin, so I held it in my wallet and checked the price every few days. I was lucky at the time, the price shot up. I started exploring reputable vendors that accepted bitcoin (the list was a lot smaller at the time), settling on a tablet for my husband from a UK-based vendor as my first bitcoin purchase.

The transaction was fast, efficient, and reminded me that bitcoin was not as anonymous as the headlines would have had me believe. The vendor required relatively comprehensive information in order to deliver the tablet, and noted on the site that identification would be required by the delivery company in order to release the package. The cost of the tablet was less than the cost of the bitcoin that I received, but I decided to hold off on looking for things to spend it on right away. From that point, I’ve always held bitcoin (and later on a few other alt coins as well).

Brokerages, Exchanges and BTMs

Since that first transaction, I’ve worked with bitcoin exchanges, brokerages and BTM companies (as well as a few other wonderfully innovative business models that I can’t describe here) in Canada and in the United States. What I’ve experienced with these companies has been remarkably similar to traditional financial companies in many ways.

There is a real desire to understand the legislation and to do what’s needful.

There is a real desire to implement compliance without stifling innovation (especially when it comes to the customer’s experience).

There is a real desire to be part of the conversation with the people that write the laws, and the regulators that enforce it.

While I’ll admit that my sample is very biased (criminals are unlikely to hire a firm like mine), my experience in the digital currency community has been overwhelmingly positive.

Our Bit

I see the role of Outlier, and other professionals like us, as threefold. Our first task is to understand. Our next task is to provide valuable services and our final task is to act as advocates. These are sequential – the final two tasks cannot be done with any degree of competency without the first. Recently I’ve been approached by a number of very large firms asking how they can provide services to digital currency companies. I ask them the same question that 100% of the bitcoiners that I’ve worked with have asked me “Do you have bitcoin?” There is no teaching tool like experience, and right now digital currency is something that almost anyone with a computer and Internet access can experience.

This understanding translates into being able to truly add value for digital currency companies, but a point in time understanding won’t be enough. There are incredible innovations developing every day. I wasn’t involved deeply in the evolution of the Internet in the 1990s, but I imagine that it must have felt something like working in digital currency today. Ideas that add value for digital currency companies must support business innovation while teaching the traditions of compliance and sound risk management practices. As an AML professional, there is nothing more rewarding than working with clients that are pushing the boundaries of the possible, and helping them to do that without ending up on the wrong side of the law. The projects are exciting and more often than not, the aim is to benefit society as a whole.

It’s that excitement and those lofty goals that will make you an advocate. For Outlier, and for me personally, advocacy and education have been a labour of love. We speak at conferences, to merchants and traditional financial institutions, and we do what we can to connect policy makers to experts. We do all of this free of charge, because we believe that digital currency has great potential to do good. Like anything with value, it can be used to launder money, even though it’s not nearly as anonymous as some may believe it to be.  We’re not ignoring this, nor do we believe that it’s the whole story. Digital currencies like bitcoin can also be used to transfer funds quickly, efficiently (and in many cases without fees) to the people that need it most and to allow individuals more complete control over their funds in oppressive and corrupt regimes.

The Last Bit

Since that first payment, Outlier has always accepted payment in bitcoin, but conversations are always free. If you have questions, please feel free to contact us.

Outlier BTC Tipping AddressTipping QR Code

Why We Believe In The Right To Business Banking

I remember my first thoughts on money services businesses (MSBs) very distinctly.   Years ago, when I moved from being a banker to being a consultant, I thought of MSBs as being predatory and fly by night. I didn’t know much about MSBs, and I was hesitant to work with them as clients. Fortunately, a colleague determined to change my point of view, brought me to a meeting with one of her clients, a remittance company that served a particular ethnic community.

My colleague asked her client to walk me through the business model, and as the discussion progressed, I quickly understood that the MSB was offering many services that the banks were not – some of them free of charge. Not only was the MSB providing services in their customers’ native language, the fees were low and there were a slew of additional services like lawyer and employment agency referrals (all services in the customers’ native language). The office space was a bright and clean retail location and all of the staff seemed genuinely excited to be there. It was clear that I had misjudged MSBs (or at the very least, this MSB).

Over the years I’ve worked with many MSB clients and have come to understand that this was not a unique situation. In Canada we have many great MSBs that are providing services in nimble and efficient ways that truly meet the needs of their communities. My team and I have been able to help MSBs build compliance programs, risk assessments, training and complete effectiveness reviews, but the most common request that we’ve received is something that we’re simply not able to do: open a bank account.

From startups to MSB businesses that have been in existence for many years, opening a bank account (and keeping it open) is more difficult than staying in compliance with the law, or running a profitable business. Recently, we’ve also been approached by companies that deal in digital currencies like bitcoin with the same type of request. While we can certainly provide advice on how to approach the problem (see our blog on keeping your bank happy), we aren’t a bank and don’t have the power to compel banks to open accounts for our customers, or to keep them open. The lack of available banking facilities is deeply troubling to me, both as a Canadian entrepreneur and as a compliance expert.

Stifling Innovation

Recently, the Canadian Senate Committee on Banking, Trade and Commerce held sessions related to digital currency. One of the messages that was clear in all sessions was the disconnect between the traditional financial system (represented primarily by banks) and the emerging digital currency markets. While digital currency has come a long way, companies have difficulty operating using digital currency alone. Unfortunately, many of these companies are currently unbanked (including companies that have a history of profitability and companies that accept payment in digital currency – but do not sell digital currency to the public). While Canada is, in many ways, recognized as a hotbed of digital currency innovation, banking challenges are daunting to companies considering a Canadian presence.

While some laud the regulation of digital currencies expected to come into play following the Royal Assent of Bill C-31 earlier this year, it is noteworthy that this is unlikely to solve the existing banking issues faced by these companies. ‘Dealers in digital currency’ (a term that has yet to be fully defined) will be regulated as MSBs, and MSBs face very similar banking challenges despite being regulated entities. New MSB startups (including MSBs that aren’t dealing in digital currency) have great difficulty in obtaining and maintaining basic banking facilities.

The Risk of ‘De-Risking’

As an entrepreneur, it troubles me that companies that have followed all of the rules are denied the opportunity to innovate because they don’t have access to banking services. As a compliance professional, I’m equally troubled by the workarounds that I’ve seen in action. These have ranged from misrepresenting the nature of a company’s business to incorporating multiple companies that settle transactions between one another (or access banking services on one another’s behalf) to the use of personal bank accounts to operate businesses. In essence, accessing banking in a way that banking service providers don’t understand because providing accurate information is seen as putting the business at risk.

Banks and other banking service providers are heavily regulated, and their requirements include knowing their customers and understanding their customers’ transactions. MSBs and digital currency businesses are generally (effectively always) seen as being higher risk and requiring enhanced due diligence (EDD). There are few motivations for banking service providers to take on higher risk customers, in particular if the banking service provider cannot be certain that the account will be profitable. To this end, some banks have openly stated that they will not deal with MSBs or digital currency companies at all. Others charge screening fees (which can range up to several thousand dollars) required as part of the account application process, with no guarantee of an account. Most banks that offer accounts to these types of businesses charge fees (in addition to regular banking fees) in order to maintain accounts.

Even when an MSB or digital currency company opens a bank account, there is the possibility that the banking service provider will close the account (referred to in the banking community as “de-marketing” or “de-risking”) with very little notice. Consequently, there is very little incentive for MSBs or digital currency companies to be transparent with their banking service providers. These businesses need bank accounts in order to thrive, and they don’t perceive themselves as being able to access banking services by being open and transparent. This creates a situation wherein many companies operate “under the radar,” accessing banking services without providing a fulsome understanding of their business or transactions.

In these situations, banking service providers are not meeting their regulatory obligations as they don’t truly know their customer, nor understand their transactions. Many financial institutions have mechanisms in place to detect undeclared MSB activity and /or digital currency related activity. While it’s not possible to say with certainty how effective these controls are, my experience would suggest that the number of financial institutions that are dealing with MSBs and digital currency businesses is close to 100% (regardless of the policies or controls in place). In other words, de-risking MSBs today is about as effective as the prohibition of alcohol in the USA in the 1920s

Not Just A Canadian Issue

Businesses across the globe are facing similar issues, and international groups such as the World Bank have become more vocal in proposing solutions.  In their 2013 Special-Purpose Note titled “Barriers to Access to Payment Systems in Sending Countries and Proposed Solutions,” the World Bank’s  Global Remittances Working Group (GRWG) suggest five solutions, including the creation of banks focussed on serving money transfer businesses.  The issue was raised again during Global Payments Week in New York, where it was noted that it has been brought to the attention of the G20 Ministers of Finance.  While the issue is not uniquely Canadian, we believe that Canada could become a world leader in implementing a solution.

Solving The Problem

We believe that the solution to mitigating the risk related to MSB and digital currency transactions is not de-risking. This strategy only penalizes honest companies and creates an environment of mistrust. We believe that all Canadian businesses should have a right to basic banking services, in the same way that individuals are entitled to these services. In order for this to be true, businesses would need to be included in the rules set out in the Access to Basic Banking Services Regulations under the Bank Act, or similar legislation.

The risk posed by MSBs and digital currency businesses should be assessed and managed. This can only occur where these companies understand that revealing the nature of their business will not lead to “de-risking,” provided that the business is operating within the parameters set out by Canadian law (including the requirement for MSBs to be registered with FINTRAC in Canada and licensed by the AMF in Quebec). While the cost of managing related risks and performing enhanced due diligence exist, the fees related to MSB and digital currency accounts should not be so unreasonably high as to prevent access for smaller companies.

We’re Not Lobbyists, But…

Canada’s 2014 Economic Action Plan mentions “universal banking.” The website reads: “Universal access to basic banking is a cornerstone of Canada’s financial sector in which Canadians can take pride.” We’re working with industry groups to spread the message. We believe that universal banking should apply not only to individuals, but to the Canadian organizations that are innovating and helping to make Canada great.

What You Can Do

If you believe in the right to business banking, as we do, we encourage you to contact your Member of Parliament to share your thoughts.

If you own a business in Canada, you can also contact the Canadian Federation of Independent Businesses (CFIB) to request action on this initiative.  CFIB has been a powerful lobbying force for Canadian businesses in the past, and we have discussed these issues with them.  Action is most likely when it is clearly supported by their membership.

MSBs and those that work with MSBs may also consider contacting the Canadian MSB Association (CMSBA) to learn about their current initiatives.  The CMSBA represents the interests of Canadian MSBs, in addition to providing training and conferences (the next of which takes place November 18th in Toronto).

Contact Us

You can contact Outlier at any time using our online form or contact the author directly by emailing amber@outliercanada.com.

EFT Reporting Clarification – Field Limitations

Guest Blog

Our guest blogger this week is Jonathan Krumins, Vice-President, AML Risk & Compliance, at vCAMLO Solutions Inc. vCAMLO provides anti money laundering (AML) and anti-terrorist financing (ATF) support to Canadian credit unions. You can learn more about vCAMLO at www.vcamlo.ca.

Background

Over the past year, we have a noticed a change in how Electronic Fund Transfer Reports (EFTRs) are interpreted by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).  For entities that are required to report EFTs, any amount valued at CAD 10,000 or more that is sent out of Canada or received from outside of Canada on behalf of a customer is reportable to FINTRAC within 5 business days. During recent exams, FINTRAC has been paying much closer attention to the details of each report, reviewing each field for missing or invalid information. Due to restrictions in how much information can be included in a report, an EFTR can be considered incomplete by FINTRAC, even if all information has been entered by the reporting entity.

Reports that are filed to FINTRAC electronically must meet FINTRAC’s batch reporting specifications, which includes character limits for each field in the report. For example, fields such as “Individual’s Occupation” or “Street Address” are limited to 30 characters. This presents two risks for reporting entities:

  • Descriptions that are longer than the field character limits, and
  • Limitations of third party software.

We have sought additional clarification about these scenarios, and how they may affect your FINTRAC reporting.

Information Longer than the Field Character Limit

Certain information, such as a foreign bank’s street address, can easily be longer than the 30 character limit. We recommend shortening the address as much as possible by using abbreviations, and by trying to ensure that only the bank’s civic address is included in the report.

For example:

If the complete address is: The Example Bank Building, 123 George Washington Street, P.O. Box 456 (69 characters with spaces), the address must be shortened to meet the field limits.

One option for shortening the address is: 123 George Washington St.

Limitations in Third Party Reporting Software

Some third party FINTRAC reporting software does not enforce a field cut off (and the end user may not be notified that some information was cut off). This can result in information that appears to be present in a report, but is actually cut off as it is sent to FINTRAC.

Using the same example, if only the first 30 characters are sent to FINTRAC, the address in the report would read: The Example Bank Building, 123.

Some third party reporting software provides a report “Preview” function, which can show you how the report will actually appear to FINTRAC. If this option is available, be sure to review the “Previewed” report to ensure that all necessary information is contained in the report, and that nothing is cut off.

If your third party reporting software has this limitation, we would recommend contacting the software provider to request that field limits be put in place to match FINTRAC’s reporting specifications.

Need a Hand?

vCAMLO: If you are a credit union or MSB, and have any questions related to EFTR, LCTR or STR reporting, or if you are interested in AML Support Services, please contact us for a complimentary 30 minute compliance discussion.

Outlier: If you need assistance reviewing your technology solution or FINTRAC reporting to be certain that you’re meeting the standard described in this blog, or just someone to chat with to make sure that you’re on the right track please contact us.

Full Text Response

Good afternoon Mr. Krumins,

Thank you for your follow-up inquiry.

As previously stated, the reporting entity is required to include the relevant information to identify the destination or sending institution. It is for the reporting entity to determine the relevant information as this is a question of fact.

For an international or foreign address, there is no specific formula since every country has its own conventions. If no numerical address exists, the reporting entity should take reasonable measures to include the relevant information to help identify the destination or sending institution. When the reporting entity is reporting non-SWIFT Electronic Funds Transfers, and the institution’s information exceeds the character capacity in the given address field, then the reporting entity should consider ways to abbreviate names or words, without deteriorating the quality of the information, as necessary.

Best Regards,

Return to Blog Listing