PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

New Year – New Regs. Final Amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and Regulations – January 2025

Background

On January 1, 2025 final amendments to regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act were published in the Canada Gazette (SOR 2024-266 and SOR 2024-267). The most noteworthy changes fall under the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations. The final amendments include changes or new requirements related to:

  • MSB registration framework;
  • Sanctioned property reporting;
  • White-label ATMs;
  • Real estate (title insurance and unrepresented third-parties); and
  • Casino disbursements.

The regulatory impact statement states that these amendments implement measures announced in previous budgets, the 2023 Fall Economic Statement, our Parliamentary Review and Cullen Commission report ahead of Canada’s upcoming mutual evaluation by the Financial Action Task Force (FATF).

To make reading these changes a little easier, as we always do, (thanks Rodney) a redlined version of the regulations, with new content showing as tracked changes, is attached here.

What’s Changing?

From the draft regulations published back in July 2024, there have not been significant changes to the final publication. Some changes were made to address potential gaps, inconsistencies, and business realities in the context of application, and to provide greater flexibility in the coming-into-force dates. The most notable change from the draft relates to obligations for title insurers.

Below is a summary of what we feel are the most noteworthy changes and incoming requirements:

MSB Registration Framework

Money Services Businesses (MSBs) must register with FINTRAC. As part of registration, it will now be required to submit the following documentation as part of the application.

If the applicant is a corporation:

  • a certificate of incorporation or the most recent version of any other record that confirms its existence as a corporation and contains its name and address and the names of its directors; and
  • a document that sets out the ownership, control and structure of the corporation.

If the applicant is an entity other than a corporation:

  • the partnership agreement, articles of association or the most recent version of any other record that confirms its existence and contains its name and address; and
  • a document that sets out the ownership, control and structure of the entity.

Additionally, domestic MSBs will have to submit criminal record checks covering the CEO, President and directors, as well as every person who owns or controls 20% or more of the MSB. These criminal record checks must also be updated every two years as part of the renewal process. Where an MSB uses an agent or mandatary, criminal record checks are also required on those individuals. It should be noted that the 20% threshold does not align with reporting entity requirements for beneficial owners, which is at 25%. While industry asked for these numbers to align, Finance did not accept the change.

Sanctioned Property Reporting

The final amendments expand the definition of a listed person or entity to capture individuals and entities listed under all Canadian sanctions legislation including Special Economic Measures Act, the United Nations Act and the Justice for Victims of Corrupt Foreign Officials Act.

These changes also result in a new sanctioned property report. The report includes information fields such as:

  • how the reporting entity came to know that property in question is owned, held or controlled by or on behalf of listed person or entity;
  • the name of any person or entity that owns, holds or controls property on behalf of listed person or entity;
  • the name of any person or entity that has an interest or right in or is authorized to deal with property; and
  • a description of transactions involving property within previous six months.

White-Label ATMs

Final amendments will require those that provide acquiring services to white-label ATMs (WLATMs) to register with FINTRAC as MSBs and implement a full AML compliance regime. Similar to that of other regulated entities, a compliance regime will have to be in place which includes the following:

  • Appointment of a Compliance Officer;
  • Development of a documented compliance program (policies, procedures, risk assessment, ongoing training);
  • Conducting compliance effectiveness reviews;
  • Reporting certain transactions;
  • Identifying customers;
  • Keeping records;
  • Risk ranking customers and business relationships;
  • Conducting transaction monitoring and watchlist screening;
  • Conducting enhanced due diligence and transaction monitoring for high-risk customers and business relationships; and
  • Follow Ministerial Directives, sanctions, and other relevant transaction restrictions.

In addition to the records that must be retained as an MSB, WLATM operators will need to keep the following records:

  • Information on who owns, leases or operates a private automated banking machine in respect of which they provide acquirer services;
  • Information on the source of the cash that is loaded into a private automated banking machine in respect of which they provide acquirer services;
  • Information on account holder of a settlement account for a private automated banking machine in respect of which they provide acquirer services; and
  • The source and method used to transport cash loaded into a private automated banking machine.

Real Estate – Title Insurance

Final amendments will make title insurers reporting entities under Canada’s AML/ATF Regime. Title insurers are defined as a person or entity that is engaged in the business of providing title insurance, as defined in the schedule to the Insurance Companies Act when they provide a title insurance policy to the purchaser of real property or an immovable.

Specifically, title insurers will be required to develop a compliance program, meet certain identity verification requirements, submit required reporting to FINTRAC, keep certain records, and follow application Ministerial Directives.

It should be noted that changes were made to remove certain record-keeping obligations noted in the draft regulations. Title insurers will only be required to keep records of information that is obtained for the sale of title insurance. The following are the specific records that must be kept for every title insurance policy provided to a purchaser of real property or an immovable:

  • the name and address of the purchaser and, in the case of a person, their date of birth;
  • the legal description and address of the real property or immovable;
  • the closing date of the purchase;
  • the purchase price;
  • the amount of any loan secured by a mortgage on the real property or a hypothec on the immovable and the name of the lender;
  • if known, the name of the vendor; and
  • any title information respecting the real property or immovable that is found in the land registry in which the title to the real property or immovable is recorded.

Given title insurers’ business model, wherein they do not have direct contact with the purchasers of title insurance, final amendments have been updated to remove beneficial ownership requirements as well as exempt third-party determination and PEP requirements for title insurers.

Real Estate – Unrepresented Parties

Final amendments will require real estate brokers and sales representatives to identify the party or parties (including third parties) not represented in real estate transactions. This is a change from the current requirement where real estate brokers and sales representatives are only required to take “reasonable measures” to identify unrepresented parties.

What Next?

The requirements summarized above come into force October 1, 2025. In the meantime, FINTRAC will have to issue guidance which has been promised before the noted in-force date.

While we await guidance, newly regulated entities should start working on developing their compliance program in anticipation of the respective in-force dates noted above. Other Reporting Entity types should take note of MSB framework changes and changes related to sanction property as it relates to their business model.

We’re Here To Help

If you would like assistance in understanding what these changes mean to your business, or if you need help in creating or updating your compliance program and processes, please get in touch.

Proposed 2025 AML Changes: New Import/Export Declarations, Information Sharing, Beneficial Ownership Transparency and New Reporting Entities

Background

On November 30, 2025 draft amendments to the regulations under the Proceeds of Crime Money Laundering and Terrorist Financing Act (PCMLTFA) were published in the Canada Gazette.

In the interest of time, we have published this blog summarizing what we feel to be the most noteworthy amendments but will follow up with a redlined version of the regulations, with new content showing as tracked changes, at a later date.

The noted changes are meant to improve Canada’s anti-money laundering (AML) and Counter Terrorist Financing (CTF) regime and implement measures announced in Budget 2022, Budget 2023, Budget 2024, the 2023 Fall Economic Statement and Canada’s last Parliamentary Review. This is addressed through six separate measures including the introduction of new regulated entities.

Measure 1: Trade Based Money Laundering (TBML)

The draft amendments include a new Proceeds of Crime (Money Laundering) and Terrorist Financing Reporting of Goods Regulation.

Currently, the Canada Border Services Agency (CBSA) can require receipts and invoices for the purposes of determining compliance with import laws, but they cannot request these documents for the purposes of detecting money laundering or terrorist financing.

 Under the proposed regulations, anyone who is importing or exporting goods into or out of Canada needs to file a declaration with the CBSA as follows:

  • whether the goods are proceeds of crime as defined by subsection 462.3(1) of the Criminal Code or are goods related to money laundering, to the financing of terrorist activities or to sanctions evasion; and
  • that the goods are actually being imported or exported, as the case may be.

The latter is meant to address “phantom shipments” that are used in trade-based money laundering (TBML) which was identified as a primary money laundering concern in Canada’s last Financial Action Task Force (FATF) evaluation.

The new regulations also bring about substantial record keeping requirements which include information such as the origin, marking, purchase, importation, costs and value of the goods, and records relating to payment for the goods. It’s noteworthy that FINTRAC’s 2023-24 Annual Report lists customs and excise related offences as being in the top five predicate offences related to case disclosures during the period.

Measure 2: Information Sharing

Information sharing between private entities has been recognized by the FATF as an important tool for disrupting money laundering and terrorist financing. Budget 2024 introduced legislative amendments to the Criminal Code and the PCMLTFA to enhance the ability of reporting entities to share information with each other as it relates to the detection of money laundering and terrorist financing.

The draft amendments introduce measures to allow for reporting entities to share information with each other to detect and deter money laundering, terrorist financing, and sanctions evasion, while maintaining privacy protections for personal information.

Reporting entities that wish to share information (it’s voluntary) would be required to establish and implement a code of practice for disclosing, collecting and using personal information without consent. The code must:

  • describe the purposes for which an individual’s personal information may be disclosed, collected or used without their knowledge or consent;
  • describe the manner in which an individual’s personal information may be disclosed, collected or used without their knowledge or consent;
  • describe the measures to be taken to ensure the protection of personal information, including measures concerning the retention of such information and the keeping of records;
  • include information demonstrating that the code complies with the requirements of the Act.

The Code must be provided to the Office of the Privacy Commissioner of Canada (OPC) for approval and to FINTRAC for comment in advance of use. The OPC would have a prescribed period of 90 days to approve a Code. The proposed amendments also include procedures for reporting entities to modify the Code, which would need the OPC’s approval if the changes are material. Reporting entities would be required to resubmit their Codes every five years regardless of changes or not.

Measure 3: Discrepancy Reporting

The draft amendments will require reporting entities who are dealing with a Canada Business Corporations Act (CBCA) corporation to report any material discrepancy it finds as part of obtaining and verify the accuracy of beneficial ownership information under current AML requirements. The reporting requirement will not apply if the material discrepancy is resolved within 15 days after the day on which it is identified. Currently, what is deemed to be material is not well defined (outside of missing beneficial owners).

The Information with respect to the discrepancy includes:

  • Name of reported company and identifying number on its certificate of incorporation, amalgamation or continuance,
  • Date on which discrepancy was identified, and
  • Description of discrepancy.

In case you missed it, the federal government launched a public, searchable beneficial ownership registry of federal corporations in early 2024.

Measure 4, 5 and 6: New Reporting Entities

The draft amendments outline the inclusion of three new regulated entities which were announced in Budget 2024 and where noted as concerns during Canada’s last FATF mutual evaluation: factoring companies (referred to as “factors”), cheque cashing companies, and financing and leasing companies.

Similar to that of other regulated entities, a compliance regime will have to be in place which includes the following:

  • Appointment of a Compliance Officer;
  • Development of a documented compliance program (policies, procedures, risk assessment, ongoing training);
  • Conducting compliance effectiveness reviews;
  • Reporting certain transactions;
  • Identifying customers;
  • Keeping records;
  • Risk ranking customers and business relationships;
  • Conducting transaction monitoring and watchlist screening;
  • Conducting enhanced due diligence and transaction monitoring for high-risk customers and business relationships; and
  • Follow Ministerial Directives, sanctions, and other relevant transaction restrictions.

4. Factoring Companies

Factoring companies supply liquidity to a customer in exchange for the cash value of a certain amount of the customer’s accounts receivable (i.e. invoices) to be collected later by the factoring company. A factor is defined as a person or entity that is engaged in the business of factoring, with or without recourse against the assignor.

The draft amendments require factoring companies to keep certain records which include:

  • an information record in respect of the person or entity with whom it enters into the agreement;
  • if the information record is in respect of an entity, a record of the name, address and date of birth of every person who enters into the agreement on behalf of the entity and the nature of the person’s principal business or their occupation;
  • if the information record is in respect of a corporation, a copy of the part of official corporate records that contains any provision relating to the power to bind the corporation in respect of transactions with the factor;
  • a record of the financial capacity of the person or entity with which it enters into the agreement and the terms of the agreement;
  • for any payment it makes, a record of:
    • the date of the payment,
    • if the payment is in funds, the type and amount of each type of funds involved,
    • if the payment is not in funds, the type of payment and its value,
    • the method by which the payment is made,
    • the name of every person or entity involved in the payment, and
    • every account number or other equivalent reference number connected to the payment; and
  • a receipt of funds record in respect of every amount of $3,000 or more that it receives, unless the amount is received from a financial entity or public body or from a person who is acting on behalf of a client that is a financial entity or public body.

5. Cheque Cashing

Cheque cashing is a financial service that offers clients the ability to cash a cheque immediately and hold free, for a fee.

Cheque cashing where cheques are not payable to a named person or entity is not currently captured under the PCMLTFA, but draft amendments would introduce such as regulated activity.

In addition to current money services business (MSB) requirements, the draft amendments require keeping certain records in respect to where an MSB cashes a cheque for more than CAD 3,000, including:

  • the date when each cheque is cashed,
  • the person’s or entity’s name and address, the nature of their principal business or their occupation and, in the case of a person, their date of birth,
  • the total amount of the cheque or cheques,
  • the name of the issuer of each cheque,
  • the number of every account that is affected by the cashing of the cheque or cheques, the type of account and the name of each account holder,
  • every reference number that is connected to the cashing of the cheque or cheques and that has a function equivalent to that of an account number, and
  • if the cashing of the cheque or cheques involves virtual currency, every transaction identifier, including the sending and receiving addresses.

 6. Finance and Leasing Entities

The draft amendments define a financing or leasing entity as a person or entity that is engaged in the business of financing or leasing of:

  • property, other than real property or immovables, for business purposes;
  • passenger vehicles in Canada; or
  • property, other than real property or immovables, that is valued at $100,000 or more. (entité de financement ou de bail)

The draft amendments require financing or leasing entities to keep certain records in respect of every financing or leasing arrangement which include:

  • an information record in respect of the person or entity with which it enters into the arrangement;
  • if the information record is in respect of an entity, a record of the name, address and date of birth of every person who enters into the arrangement on behalf of the entity and the nature of the person’s principal business or their occupation;
  • if the information record is in respect of a corporation, a copy of the part of official corporate records that contains any provision relating to the power to bind the corporation in respect of transactions with the financial leasing entity;
  • a record of the financial capacity of the person or entity with which it enters into the arrangement and the terms of the arrangement; and
  • in respect of every payment that it receives under the arrangement, other than a payment received from a financial entity or public body or from a person who is acting on behalf of a client that is a financial entity or public body, a record of
    • the date of the payment,
    • the name of the person or entity that makes the payment,
    • the amount of the payment and of any part of it that is made in cash, and
    • the method by which the payment is made.

What Next?

The proposed changes related to measures 1, 3, 4, 5 and 6 would come into force on October 1, 2025, and the proposed amendments related to information sharing would come into force immediately on final publication in the Canada Gazette.

There is a 30 day comment period ending December 30, 2024 for the proposed regulations. It is strongly recommended that industry, and potentially impacted companies, review carefully and provide feedback. Comments can be submitted online via the commenting feature after each section of the proposed changes, or via email directly to Erin Hunt, Director General, Financial Crimes and Security Division, Financial Sector Policy Branch, Department of Finance, 90 Elgin Street, Ottawa, Ontario, K1A 0G5.

We’re Here To Help

If you have questions related to the proposed changes, or need help starting to plan, you can get in touch using the online form on our website, by emailing us directly at info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Are You BOC Registration Ready?

By now, you have likely heard of the Retail Payment Activities Act (RPAA) and associated incoming requirements, which includes the requirement to register with the Bank of Canada (BOC). To help make this a bit easier, Outlier has put together a spreadsheet that will help if you are an organization that needs to register. The RPAA (including registration) generally applies to PSPs that perform any of the following five payment functions: 

  • the provision or maintenance of a payment account;
  • the holding of end-user funds until withdrawn by the end user or transferred to another individual or entity;
  • the initiation of a payment at the request of an end user;
  • the authorization of an electronic funds transfer, transmission, reception, or facilitation of a payment message; or
  • clearing or settlement.

The requirements apply to businesses with payment activities with a place of business in Canada, or those that provide services to end users in Canada. This includes activities that many Money Services Businesses (MSBs) provide. The BOC has provided a tool to determine if an organization must register with the BOC. For organizations that do register, the registration provisions of the RPAA will take place between November 1, 2024 to November 15, 2024. It should be noted that this is different from your MSB registration under AML requirements.

The registration application itself consists of 18 sections and comprises over 200 questions. While a substantial amount of information and data is needed, the majority of information relates to business and corporate information. This includes: 

  • Ownership structure and financial information;
  • Information related to your product services and flow of funds;
  • Information related users;
  • Value/volumes related to transactions;
  • Geographic perimeter; and
  • Information related to 3rd party vendors.

It is not a requirement to provide your operational risk management and incident response framework (policy and procedures) as part of the application process.

To help aid in the registration process, we have put together a spreadsheet that will allow you to keep needed data and information organized. It will also allow you to determine if you need  assistance with sections of the registration, or understanding what these changes mean to your business. The spreadsheet is a tool to assist with registration and not meant to replace the registration guidance the BOC has published. 

Note: requirements that introduce prescribed operational risk management standards under this new regime come into force at a later date on September 8, 2025.

Outlier is here to help, so please get in touch.

Regulated Entities Now Covering the Bill For FINTRAC Compliance Costs

Written with Heidi Unrau

 

We have recently become aware that some reporting entities may not be up to speed on a new piece of regulation that came into force earlier this year. If your business has received an invoice from The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), you will want to read this article.

As of April 1, 2024, FINTRAC officially transferred the cost of its compliance activity from taxpayers to the businesses it regulates, referred to as reporting entities (RE). The move comes four years after the government announced its intention to cut the purse strings in its 2020 Fall Economic Statement. This change allows FINTRAC to start recovering costs from the 2024-2025 fiscal year.

Why the Change?

FINTRAC, Canada’s financial intelligence agency, was previously bankrolled by the taxpayer through the federal budget. The purpose of the new funding model is to align the costs of compliance with those responsible for adhering to anti-money laundering regulations. Simply put, the businesses that are legally required to comply should be the ones funding the oversight needed to ensure compliance. The move aligns with other regulatory agencies that have already established funding models allowing them to recover the costs of their supervisory functions.

Each year, FINTRAC will forecast the total cost of the program for the next three fiscal years. This will determine the amount charged to reporting entities for the upcoming year. They must aso communicate how funds were spent against plans and priorities during the previous fiscal year. This information is included in FINTRAC’s Departmental Results Report.

How the Funding Model Works

Federally regulated financial institutions such as banks, trust and loan companies, and insurance companies are always required to contribute a minimum base amount. All other entities only pay if they submit 500 or more threshold transaction reports to FINTRAC in a fiscal year (i.e. large cash transaction reports [LCTRs], large virtual currency transaction reports [LVCTRs], electronic funds transfer reports [EFTRs], and casino disbursement reports [CDRs]). These ‘other entities’ include but are not limited to:

  • Money Services Businesses
  • Dealers in Precious Metals and Stones
  • Real Estate Brokerages
  • Securities Dealers
  • Casinos
  • Etc.

The Cost Formula

FINTRAC calculates how much reporting entities need to pay based on four key factors:

  1. Type of Entity: Federally regulated entities are charged differently from non-federally regulated entities. These include banks, trust and loan companies, and insurance companies. Federally regulated entities are subject to a base amount, whereas non-federally regulated entities are not subject to this particular fee.
  2. Base Amount: This is the minimum starting fee based on the total value of assets controlled by a federally regulated entity, excluding the assets of their subsidiaries. Base amounts are tiered based on asset value in Canadian dollars. There are nine asset value ranges, from $1 to $1 trillion, with corresponding base amounts ranging from $5,000 to $250,000.
    Range of asset values Corresponding base amount
    $1,000,000,000,000 or more $250,000
    Between $500,000,000,000 and $999,999,999,999 $200,000
    Between $100,000,000,000 and $499,999,999,999 $150,000
    Between $10,000,000,000 and $99,999,999,999 $100,000
    Between $1,000,000,000 and $9,999,999,999 $75,000
    Between $500,000,000 and $999,999,999 $50,000
    Between $100,000,000 and $499,999,999 $25,000
    Between $10,000,000 and $99,999,999 $10,000
    Between $1 and $9,999,999 $5,000

    Source: FINTRAC

  3. Remaining Compliance Cost: This is the leftover cost after collecting the base amounts, divided among all types of reporting entities.
  4. Transaction Volume: Businesses that report over 500 large transactions to FINTRAC pay an additional fee on top of the base amount. Federally regulated banks are not subject to this reporting threshold.

Therefore, the more assets you have and transactions reported to FINTRAC, the higher your final bill will be. Each type of business has its own formula for calculating their share of the cost:

Type of Entity (Business) How Charges Are Calculated
Federally Regulated Banks Base Fee + extra charges based on the value of Canadian Assets.
Trust & Loan Companies, Life Insurance Companies Fewer than 500 reports: Base Fee only.

500 or more reports: Base Fee + extra charges based on value of Canadian assets and volume of large transactions reported.

All Other Entities Over 500 reports: Charges based on volume of large transactions reported compared to others in the same category.

Case Study: How Much Will They Pay?

A small, family-owned currency exchange kiosk in Winnipeg, Manitoba, operates from a single location and is not part of a chain. FINTRAC regulates this type of business as a Money Services Business (MSB). The store typically submits roughly 700 large cash transaction reports each year. Since they exceed the 500 reports threshold, FINTRAC calculates their charges like this (based on industry averages):

Calculation

  1. Base Amount: Not applicable because it is not a federally regulated financial institution (FI).
  2. Remaining Compliance Cost: Total compliance cost to be divided is $33,110,000. This is the sum of all base amounts subtracted from the annual cost of FINTRAC’s compliance program.
  3. Total Reports Submitted by All Entities: 35,000,000 transaction reports were submitted to FINTRAC for the year by all reporting entities, including banks.
  4. Total Reports Submitted by Only Non-Bank Entities: 3,500,000 transactions were submitted to FINTRAC by non-bank entities only, regardless of the transaction reporting threshold amount.
  5. Total Reports Submitted Over the Threshold by Non-Bank Entities: 3,425,000 transactions were submitted to FINTRAC by non-bank entities exceeding the 500-transaction reporting threshold.
  6. Number of Reports Submitted by The Currency Exchange Kiosk: This is the total number of transactions reported to FINTRAC by the currency exchange kiosk in Winnipeg, MB.

Final Charge

Using FINTRAC’s formula: $33,110,000 x (3,500,000 ÷ 35,000,000) x (700 ÷ 3,425,000) = $676.70

Result

The currency exchange kiosk’s total charge for the year would be approximately $676.70. Based on their reporting activity, the bill reflects their share of FINTRAC’s overall compliance costs. Because the kiosk is not a federally regulated bank, trust, loan, or insurance company, the base amount does not apply.

FINTRAC will notify the business via email with an invoice for the cost assessment. The total amount owed is final, conclusive, binding, and due in full upon receipt of the invoice.

Impact on Your Business

The additional financial burden is not ideal, especially for small businesses, but there are ways you can prepare for it. First, you’ll need to budget effectively to avoid surprise charges. Visit the FINTRAC website for a detailed breakdown of the formula used for your type of business, known as ‘Type of Entity’.

Exact charges will vary from year to year depending on the value of your Canadian assets (if applicable), the number of large transactions reported (more or less than 500), and FINTRAC’s compliance cost analysis.

Next, and most importantly, you need an effective and efficient anti-money laundering program to avoid the cost of non-compliance. Violations can result in reputational damage that negatively impacts your business as well as potentially expensive fines, known as administrative monetary penalties (AMPs). FINTRAC has recently levied record-breaking fines for serious violations by repeat offenders. These penalties are preventable and well within your control.

Need a Hand?

If you have any questions or concerns about the new funding model, reach out to us today. We’re here to help you every step of the way, from understanding your new financial obligation, to building, reviewing, or fine-tuning your AML program.

From the new CEO, David Vijan

Firstly, I want to thank Amber for all the work she has done as Outlier Compliance Group’s CEO for the past 11 years. Outlier Compliance Group is different from other consulting firms which is a testament to her leadership over the years. Amber may be taking time to enjoy other things in life but she will remain with the Outlier team as Chairperson and Strategic Advisor.

This part of the transition delights me to no end. Although I bring almost 20 years of my own compliance and leadership experience, growing, scaling, and professionalizing compliance teams, I truly believe that you only get to the next horizon by collaborating and having the support of the people who got you this far. Knowing that Amber will continue to be a part of the Outlier family is a great comfort.

For our clients, I want to assure you that not much will change. Outlier Compliance Group will continue to be the company where our core staff members have at least 10,000 hours (and often more than a decade) of in-house compliance experience, and we will still be the company that believes good compliance is good business. I may be stepping into the role of CEO but our services are and will remain a team effort. As always, we are committed to providing you with top tier compliance support and we appreciate your business.

As the Canadian regulatory environment becomes more complicated, we will continue to help companies in both established and emerging sectors navigate increasingly complex Canadian regulatory requirements. Our clients range from startups just beginning their compliance journey to large firms looking to elevate their compliance systems to meet an evolving regulatory landscape. As such, we will be looking to offer expanded services, some of which will be formed via strategic partnerships, where it makes sense for our clients’ needs. Stay-tuned for more on that front in the near future. 

I look forward to working with you on your compliance journey and welcome any questions or concerns. Feel free to reach out directly via email to info@outliercanada.com

From the outgoing CEO and incoming Chairperson, Amber D. Scott

When Outlier Solutions Inc. (Outlier Compliance Group) launched in 2013, the business model was relatively novel: a consulting firm made up exclusively of highly-experienced compliance professionals with deep in-house compliance experience. The firm took its name from Malcolm Gladwell’s Book, “Outliers, the Story of Success,” which espoused the notion that to be truly proficient in a skill, 10,000 hours of practice is required. 

That was the bar that was set, met, and most often exceeded by every compliance professional that joined our team over the years. I am very fortunate to have in David Vijan a co-founder and colleague with experience in growing, scaling, and professionalising compliance teams. As of today, David will be officially taking over as CEO of Outlier Solutions Inc.

I cannot imagine anyone more qualified than David to take the business and the team forward. While I will be stepping back from most day-to-day functions, I will remain a strategic advisor to Outlier, and the Chairperson of the Board.  

As I transition into my new role, I can’t help but reflect on the Outlier journey that started over a decade ago. At the beginning, the goal was nothing short of changing the face of consulting. 

I was frustrated with the “leverage model”. This model is used by the big accounting and consulting firms that throw bodies, often junior with little in-house experience, at a problem in the hopes of resolving it, thereby “leveraging” the team members for this purpose. I wanted to do something that was different, not only in terms of the skills of their consultants, but in every aspect of corporate life: from compensation to leadership.

This was not simply hubris on my part, though I’m sure there was a healthy dash of that as well. I wanted to build the types of services that I wished I had access to when I was a Compliance Officer working in-house. 

A wide range of concepts fell under this umbrella, from practical advice on operational compliance, to true fixed-fee services (because no one likes surprise invoices!) It also includes online tools accessible to small businesses that may not be able to pay for consulting services but still have compliance obligations to meet. 

The goal was always to build solutions that would provide excellent value to Canadian businesses, large and small, from coast to coast to coast. My experience at Outlier has exceeded my wildest expectations. If I could go back in time and give a piece of advice to myself as a new entrepreneur, I would tell myself to think bigger!

The week that Outlier was formed, one of my mentors, Michelle McCarthy, asked me if I had thought about what my exit would look like. I hadn’t, and didn’t want to pay that much mind, as I was hyper focussed on solving more immediate problems. 

I told her that I wanted to create something that would not only function but excel without me. I wanted a team of professionals with skills that exceed my own and who would carry the work forward in ways that had not yet occurred to me. I wasn’t thinking about it at the time, but I am now reminded of how one of my favourite business books, Good to Great, emphasises the importance of having the right people in place and the success of internally promoted CEOs. 

My eternal support for and commitment to David, the Outlier team, our clients, and strategic partners is unwaveringly strong. I can say that there is not a doubt in my mind that the Outlier team is the best compliance consulting team in Canada, and I am excited to see how the vision that began over a decade ago continues to grow and expand.

Preparing For An iGaming AML Compliance Effectiveness Review

Written with Heidi Unrau

 

iGaming Ontario is celebrating two years in the province. But before your online gaming (iGaming) business can launch, you must register with the Alcohol and Gaming Commission of Ontario (AGCO). This government body regulates gaming activities in Ontario to ensure the industry operates above board and does not become a breeding ground for illicit activity. iGaming refers to casino-like games that are played over the internet such as Blackjack, Roulette, Poker, and Slot Machines.

As part of the registration process, you must establish an anti-money laundering (AML) program that complies with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and passes a gap analysis, also known as an effectiveness test. If your AGCO registration is successful, your compliance responsibilities don’t stop there.

You must then sign a non-disclosure agreement (NDA) and enter into an operating agreement with Internet Gaming Ontario (iGO). This watchdog organization oversees registered iGaming operators to make sure they consistently fulfill all regulatory obligations, including AML compliance. Here’s what to know about the role of AML in the iGaming registration process and how to set yourself up for long-term success.

Know Your AML Obligations For Registration

Anti-money laundering regulations are designed to prevent money laundering, terrorist financing, and other illegal activity, hence the name. If you plan to operate an iGaming business in Ontario, the AGCO requires you to comply with the Registrar’s Standards for Internet Gaming. These standards include specific AML responsibilities to minimize illegal activity. They typically include, at a high level, but are not limited to:

  • Having documented policies & procedures
  • Designating a Compliance Officer
  • Establishing a training program for all relevant employees
  • Conducting audits & reviews
  • Identifying & verifying customers
  • Risk ranking customers
  • Monitoring transactions
  • Transaction reporting
  • Record keeping

Your AML program must pass a gap review, which is essentially an effectiveness test. This test is a mandatory part of your AGCO registration process to demonstrate that your AML compliance program meets regulatory standards and can function effectively once your platform is live.

Your iGO Operating Agreement

After successfully registering with AGCO, the next step is to execute an operating agreement with its subsidiary, iGO. This organization is responsible for overseeing and managing how private iGaming operators conduct themselves within the province of Ontario.

The iGO registration process requires you to provide a package of documents, templates, and confirmations related to your anti-money laundering and counter-terrorist financing responsibilities. You’ll be teaming up with iGO’s AML department for this part and the entire process takes approximately two weeks.

Your iGO registration is very similar to the AML component of your AGCO registration. iGO requires you to document your AML policies and procedures as part of the registration process. This documentation should outline measures for preventing and detecting money laundering and terrorist financing activities on your iGaming platform.

You will also need to demonstrate compliance with Canadian AML regulations established by regulatory authorities and iGO as the conduct managing entity.

iGO & Compliance Effectiveness Reviews

Once your iGaming platform is live, you are required to submit to an AML effectiveness review by an independent third party every two years as part of your iGO compliance obligations. The purpose of a regular, recurring review is to assess how well your AML program is working, identify weaknesses, and determine whether your business meets requirements. It is also a test to see if your business is doing what it says it’s doing.

A good effectiveness review should mimic a full-scope FINTRAC examination. As Canada’s financial intelligence unit, FINTRAC has the right to audit regulated entities at any time. In this case, iGO would be the direct subject of the examination and they would contact individual operators for specific documentation if necessary.

An effectiveness review not only ensures you remain compliant in your day-to-day operations, it also ensures you’re prepared in the event iGO is examined by FINTRAC.

Scope of the Review

Ongoing effectiveness reviews can include, but are not limited to:

  • Interview staff handling transactions to assess their understanding of policies, procedures, and reporting requirements.
  • Review a sample of records to check compliance with client identification policies.
  • Examine agreements with agents/vendors and review sample information they use for client identification.
  • Check if suspicious transactions were reported to FINTRAC within the required timeframe.
  • Verify application of risk assessment in client records.
  • Assess adequacy and consistency of ongoing monitoring in client records.
  • Confirm implementation of enhanced measures for high-risk clients.
  • Ensure adherence to proper record-keeping procedures.
  • Review and update risk assessment to align with current operations.
  • Update policies and procedures to comply with legislative requirements and reflect current business practices.

After a Review

Once an effectiveness review is complete, the results must be presented to senior management for sign-off. It should include a summary of the findings, a remediation plan, and the status of required changes.

Choosing an AML Program Reviewer

The right AML program reviewer is foundational to the integrity and effectiveness of your compliance program. They should have a deep understanding of the Canadian anti-money laundering and counter-terrorist financing requirements as well as the specific risks unique to the iGaming industry.

Your chosen reviewer needs to provide a comprehensive and objective assessment of the effectiveness of your AML program, with a final report that identifies deficiencies and includes an action plan for improvement. Therefore, you want a reviewer with relevant experience conducting AML reviews for similar businesses.

Need a Hand?

If you would like to engage Outlier to conduct your AML Compliance Effectiveness Review, have questions about your obligation, or need help creating, reviewing, or updating your AML program, reach out to us today.

The FINTRAC Outage: Guide for AML Reporting Agencies

Written with Heidi Unrau

 

On March 2, 2024, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) experienced a major cyber incident. As a security precaution, FINTRAC has taken most of its reporting systems offline, including MSB registration. Canadian reporting entities remain responsible for all anti-money laundering (AML) requirements during the outage.

Application programming interfaces (APIs) are available for some reports, including large cash transaction reports (LCTRs), large virtual currency transaction reports (LVCTRs), and suspicious transaction reports (STRs), as of April 8, 2024.

Reporting entities that are not able to submit reports via API must do so once other systems are back online. In the interim, special processes for priority STR submission and other notifications have been established.

Watch for Official Guidance

It’s essential that you follow FINTRAC’s official communications regarding the outage. Outlier’s insights are meant to complement this directive, not replace it. The official word from FINTRAC remains the final authority on these matters.

It is recommended that all Canadian AML Compliance Officers sign up for FINTRAC’s mailing list to get the latest news from the regulator (if you are not signed up already).

Accessing FINTRAC’s APIs

As of April 8, 2024, FINTRAC APIs are currently available for:

  • LCTRs
  • LVCTRs
  • STRs

An API is a way for different computer programs to communicate with each other. To use FINTRAC’s APIs, reporting entities must first apply to register and be granted access by FINTRAC. The implementation of APIs for reporting will require the support of your technical team or software provider. Reporting via API is different from batch reporting (for those that use it) as the API provides a secure exchange of information that does not require the installation of batch-transmitting software.

For reporting entities that have not implemented API functionality, additional guidance has been provided by FINTRAC.

Priority STRs

For priority STRs with national security or other dangerous implications, FINTRAC has provided a dedicated email address and telephone number to help you with this (see below).

Please note that the CSIS and RCMP systems for Terrorist Property Reporting (TPR) are unaffected by the outage and remain operational.

Priority STR Submission Contact Info:

  • Email: STR-DOD@fintrac-canafe.gc.ca
  • Call Centre: 1-866-346-8722 (toll free)

Reporting entities that are unsure of whether or not an STR is considered a priority may first contact FINTRAC using the information above to determine whether this submission method should be used. It is expected that STRs submitted via this method will also be re-submitted once systems are back online.

No Late Reporting Penalties

FINTRAC has indicated that the regulator understands that late reporting is an inevitable consequence of the outage. Therefore, FINTRAC has indicated that reporting entities will not be penalized for late reporting (within reason). It is expected that reporting entities will submit reports promptly once systems are back online.

Fulfilling Reporting Obligations

During the outage, reporting entities are required to track all reportable transactions. Keep detailed records of transactions that could not be reported during the outage. This will ensure that all required transaction reports are accurately and efficiently submitted once systems are restored.

In addition to information about reportable transactions, reporting entities should keep detailed records of:

  • The outage timing (provides useful context that may factor into future audit and examination-related data analysis)
  • All late reports submitted
  • Time required to clear the backlog once systems become operational

At this time, FINTRAC has not indicated that reporting entities should submit a voluntary self-declaration of non-compliance (VSDONC) related to late reporting due to the current outage. However, if there is a reporting backlog that will take significant time to clear, this may be considered once the outage has been resolved.

No Paper Submissions!

FINTRAC has explicitly advised against submitting paper copies of reports during the outage. Once the issue has been resolved, electronic reporting through the appropriate channels will resume.

MSB Registration & Inquiries

In a recent update on May 17, 2024, FINTRAC introduced a new web form specifically for existing Money Services Businesses (MSBs). This form allows currently registered MSBs to renew, update, or cancel their registration easily. You can access the form here:

It does not appear that new MSB registrations can be completed at this time. MSB registration inquiries can be directed to:

Be Prepared & Stay Alert

Stay up to date on the latest FINTRAC communications to ensure compliance should directives change.

For critical reporting and MSB registration needs, use the designated emails and phone numbers provided by FINTRAC. Keep all communications clear, concise, and accurate with all the necessary information.

Key FINTRAC Contact Information

Issue Email Phone
New MSB Registration Inquiries MSBRegistration@fintrac-canafe.gc.ca n/a
Existing MSB Registration Renewals, Updates, or Cancellations https://forms-formulaires.alpha.canada.ca/en/id/clwtp4i5j031kx883je15qc78? n/a
Priority STR Reporting STR-DOD@fintrac-canafe.gc.ca 1-866-346-8722
General Inquiries guidelines-lignesdirectrices@fintrac-canafe.gc.ca n/a
API Support tech@fintrac-canafe.gc.ca n/a

Additional Resources

Below, you’ll find a slide deck presentation and a YouTube video with the same information in this article. You are welcome to use and distribute these resources:

Need a Hand?

If you have any questions or concerns, the team at Outlier Solutions are here to help. Please contact us.

Interview with SafetyDetectives: A Deep Dive into AML and Data Privacy

In a candid interview with SafetyDetectives, Amber Scott and David Vijan, co-founders of Outlier Compliance Group, delve into the intricacies of anti-money laundering (AML) and data privacy in the evolving landscape of financial regulation. With backgrounds as former bankers turned compliance experts, Amber and David offer a unique perspective on the challenges and innovations shaping AML strategies today.

Can you please introduce yourself and talk about your role at Outlier?

Amber: Hi, I’m Amber Scott, the co-founder and CEO at Outlier Compliance Group. David and I were both previously bankers, working in the compliance space. For me, the idea for Outlier started once I left banking and started working in the consulting space. I saw how the leverage model worked, which was the idea that, essentially, if you throw enough smart folks at a problem, you can solve it. This was really different from the approach that Malcolm Gladwell espoused in his book Outliers, which is the idea that to be terribly good at something, you have to practice it a lot, roughly 10,000 hours.

When Outlier was founded, the idea was really that everyone on the team would have at least 10,000 hours of in-house compliance experience, so that people would understand compliance, how organizations work, and how operationalizing those concepts really worked in the long term.

David: Hi, I am David Vijan. I am a co-founder and CRO here at Outlier. We are an AML consulting firm, a compliance consulting firm, that specializes in AML, privacy, and other regulatory compliance consulting matters.

With financial crime tactics becoming more sophisticated, what sets your AML solution apart from others in detecting these threats?

Amber: I think it’s important to preface that our solutions are really consulting services, as opposed to software. When it comes to software, I won’t say that we’re exactly software agnostic, because we do recommend solutions and we always look for those solutions to be a good fit for our clients. However, in theory, we could work with any software solution.

I think that there are always two really important considerations.

  1. Does the software in question meet the regulatory requirements? Meaning, is it up to the regulator’s expectations in terms of what needs to be implemented.
  2. Does it manage the risk effectively?

Ideally, both of those conditions are met.

How does artificial intelligence and machine learning play a role in your solution’s detection and reporting capabilities?

David: As Amber mentioned, our wheelhouse is not in software related solutions per se. AI in general is great. We do have to remember the rule of garbage in, garbage out. That’s definitely something that we have to keep in mind here. AI really has to be understood by compliance staff.

We’ve seen compliance teams play around with AI, and they’re trying to develop policies and procedures using it. And while it does spit out something, it doesn’t have the level of detail that would meet the expectations of the regulator. It wouldn’t pass muster.

That’s a very important piece to the process, as it needs to be explainable to the regulator, but also meet their requirements and expectations. Because at the end of the day, it’s the regulator’s expectations that we’re really trying to satisfy.

Also, with AI, the rationale for decisions needs to be able to be translated into human-readable language. If you present something to someone, and they’re not able to recreate or understand it, it doesn’t really meet the needs of our regulatory obligations or the capabilities of what we need it to do.

Amber: This is incredibly important in an examination context with your regulator. If you’re an in-house compliance person, and you’re going to be called upon to explain how you came to a certain decision. The answer can’t be “I did what the robot told me to do”, “it came out of a black box”, or “we don’t understand the rationale for a decision”. It has to be something that you can translate to human-readable, human-understandable language, and that needs to be part of your documentation all the way down.

How do you approach data privacy and security, especially when dealing with sensitive financial data?

Amber: Amber: I think it’s important to acknowledge that there’s a natural tension between anti-money laundering (AML) and privacy. For us, at Outlier as a service firm, we consider it to be very important to minimize the amount of data and personal information that we ingest, particularly when we’re talking about our customer’s customer.

However, that’s not always practical or even possible for our clients who have very different requirements. From their perspective, it’s always important to understand:

  • Where the data lives across various systems
  • How you are using that data
  • How different systems are communicating with one another, both your own internal systems and your vendor systems, that you’re going to be using to do various functions.

Having a solid mapping of where that personal information, or PI, lives, and how that PI is used, is incredibly important and to keep that updated on a regular basis.

At the other end, not just knowing what’s happening during that lifecycle, but you need to have a plan to be able to anonymize or purge PI that’s no longer required, or no longer in use.

There’s this funny thing about data that when we’re holding on to personal information or sensitive information, the risk associated with that data never goes away. It can actually increase over time where the usefulness of that data decreases over time. So you have something that just stays risky but doesn’t stay useful to you. That alone needs to be a motivator to start to look at how we age off this data and how we move away from just retaining data forever. That doesn’t necessarily have a use for us. And that isn’t something that we could justify having if it were problematic.

David: Those are very important pieces. In our consulting services, we often see clients that don’t know where the data lives. It’s really important to understand where it’s mapped. Under privacy legislation, and we’re not really going to get into that, there are principles and one of them is limited use. Consent is given for a certain piece and sometimes we hear the business say, “Oh, well, we’ll use the data for something else later.” Well, there’s a whole other consent requirement you have to go back to. To Amber’s point, is there really a reason to hang on to data as it ages? Yes, in some cases, there are regulatory requirements, but we’ve seen data that goes back 10 – 20 years still in organizations systems. Is there a reason it’s still there and what is the risk? It’s probably not worth hanging on to it that long.

Can you discuss the significance of real-time monitoring versus batch processing in AML detection and reporting?

David: There definitely is value in having both approaches, and often you need both. Real-time is going to help with certain things such as fraud in progress, things that need to be captured right away. An example of that is listed person or sanctions. Those are transactions that you want to stop and that’s where real-time is going to really be important.

But sometimes batch reporting is needed because it actually learns. There are longer transaction patterns that it’s detecting, that will actually help you with different types of alerts. It’s important to look over those patterns over time and for those parameters to be changed. So that the system adapts over time and patterns become normal.

Amber: Absolutely. Nothing stays the same, except for the idea that things will change eventually.

That segues nicely to our next questions. How do you see the future of AML evolving, especially with the advent of new payment methods and financial technologies?

I think it’s important to say that monitoring at scale is impossible without technology solutions. We still, from time to time, see things where people are saying all of our monitoring is manual. I think we’re coming into a space where that’s not going to be the expectations of regulators at all. And it’s important to note that. There is an expectation that we’re using some kind of technology solution, and those solutions are going to continue to evolve.

The best solutions, in my opinion, consider the whole scope of a customer’s activity. This means their activity across different products and services. For example, if a customer has a mortgage, checking account, and credit card with us, we’re not looking at the risks of each of those products in isolation. We’re seeing the scope of the activity across all the products and services that the customer is using with us.

We’re also looking at the changes in patterns over time. We’re bringing in open-source intelligence or OSINT. So, what do we know about that customer from different potential sources? Where there’s virtual currency, we’re also looking at the risks that can be incurred from on-chain activity. If we know that a certain wallet is associated with that customer, we’re look at the risk of that wallet, not just in the transactions that are happening with our institution, but we’re able to monitor the general level of that wallet over time and what that wallet is interacting with.

Similarly, we can see connections between customers, so groups of people and entities that transact with each other, people that may own companies or entities together, sit on boards together, those types of things where you have multiple touchpoints between individuals. I think, in particular, if there’s one of those individuals that suddenly becomes high risk, that’s something that can trigger us to take a look at the other individuals to see if they may be involved in similar activity that would also change their risk ratings.

I think one of the biggest challenges is still data across various regions and across various languages. As we move more towards open banking and open data, I think this becomes very interesting because there are a number of external data points that we’ll be able to pull in and use in terms of monitoring and risk in very novel ways that we don’t necessarily see today.

 

Final Amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations – October 2023

Background

On October 11, 2023, final amendments to regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act were published in the Canada Gazette. The most noteworthy changes fall under the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations and the addition of a new regulation. This round of anticipated changes introduces the compliance requirements for armoured car companies and mortgage lending entities. Additionally, FINTRAC will now be able to charge businesses and individuals for the annual cost of its compliance program as part of its assessment of expenses funding model.

Other changes include the new requirements for correspondent banking relationships, and additional requirements related to the Money Services Business (MSB) registration.

To make reading these changes a little easier, we (thanks Rodney) have created a redlined version of the regulations, with new content showing as tracked changes, which can be found in a combined document here.

What’s Changed?

From the draft regulations published back in February of this year, there have not been significant changes to the final publication. As expected, entities that collect currency, money orders, traveller’s cheques, or other similar negotiable instruments (except for cheques payable to a named person or entity) will be treated as a new category of MSB. With these changes, such providers will be subject to existing money services businesses requirements.

With respect to mortgage lenders (brokers responsible for mortgage origination, lenders responsible for underwriting the loan or supplying the funds, and administrators responsible for servicing the loan), they will now have to comply with AML compliance requirements imposed on reporting entities. Note the definition of a mortgage lender was changed slightly from the draft regulations, narrowing the scope of who is captured.

As part of the assessment of expenses funding model, the new Financial Transactions and Reports Analysis Centre of Canada Assessment of Expenses Regulations will allow FINTRAC to pass on expenses, to reporting entities, that it incurs in the administration of the PCMLTFA. Note there have been some changes to the formula that will be used for assessment amounts. The base assessment amount for federally regulated banks, trust and loan companies, and life insurance companies will be based on their value of consolidated Canadian assets that excludes its subsidiary’s reported value of Canadian assets. Guidance related to how reporting entities will be charged has been issued and can be found here.

Please refer to our previous blog post that outlines details on the changes and the exact requirements that will come into force.

What Next?

Requirements for armoured car companies come into force on July 1, 2024, and October 1, 2024 for mortgage lending entities. Effective April 1, 2024, FINTRAC will commence recovering costs from the 2024–25 fiscal year.

In the meantime, FINTRAC will have to issue guidance related to cash transport and mortgage lending. Additionally, there may be FINTRAC policy interpretations that will no longer be able to be relied upon, as it relates to cash transport and mortgage lending.

While we await guidance, armoured car and mortgage lending entities should start working on developing their compliance program in anticipation of the respective in-force dates noted above.

We’re Here To Help

If you would like assistance in understanding what these changes mean to your business, or if you need help in creating or updating your compliance program and processes, please get in touch.

Return to Blog Listing