Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

2019 AML Changes for MSBs

Background

On July 10th, 2019, the highly anticipated final amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were published. This article is intended to give a high-level summary of the amendments as specific to MSBs. If you’re the type that likes to read original legislative text, you can find it here. We also created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

It is expected that all regulated entities will have to significantly revamp their AML compliance program due to the amount of changes. There are three different “coming into force” dates that should be noted.

  • June 25, 2019: a wording change from “original” to “authentic” related to identification. This is welcomed news for digital identification.
  • June 1, 2020: changes related dealers in virtual currency (which do not apply to MSBs).
  • June 1, 2021: all other regulatory amendments.

While this does give regulated entities some time to get their AML compliance programs updated and in order, we recommend that you start budgeting and planning now.

Guidance from FINTRAC, related to the changes in regulation, is expected to be seen ahead of coming into force dates. Given the legislative changes, there will be changes to FINTRAC policy interpretations as well so be sure to monitor closely and save any interpretations that you may have used for due diligence purposes.

Hefty Disclaimer

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Foreign MSBs

In the past, foreign MSBs only had to comply with Canadian AML requirements if they had a “real and substantial connection” to Canada. A “real and substantial connection” was defined in FINTRAC policy interpretations as having one or more of the following statements be true:

  • Is the business incorporated in Canada;
  • Does the business have agents in Canada;
  • Does the business have physical locations in Canada; and/ or
  • Does the business maintain a bank account or a server in Canada.

The final amendments create obligations for foreign businesses that direct and provide certain services to people located in Canada, via the Internet. If you are a foreign MSB, check out our blog on full requirements as they relate to a foreign MSB with dealings in Canada.

What Does This Mean For My Business?

Changes to Canada’s AML regulations will have a direct impact on MSB AML obligations, including the following:

  • Customer identification;
  • Reporting; and
  • Compliance Program requirements.

While there are quite a number of changes, only some will have more of an impact on MSBs. We’ve summarized the changes that will impact MSBs below.

Customer Identification

Currently, there is a requirement that when customers are identified, the document and/or data that you collect must be in its “original” format. This has been interpreted to mean that if the customer receives a utility bill in the mail, they must send you the original paper (not scanned or copied) document. The final regulations replace the word “original” with “authentic”, and state that a document used for verification of identity must be “authentic”, valid and current. This would allow for scanned copies of documentation, and/or for software that can authenticate a person’s identification documents.

Other changes to the identity verification requirements are as follows:

  • A customer’s identity must be verified if they are the beneficiary of an international EFT of CAD 1,000 or more;
  • For credit file verification (single source) the credit file information must now be derived from more than one source; and
  • For the dual source method, when relying on a credit report as part of a dual source, the credit file must have been in existence for at least six months. Additionally, the person or entity that is verifying the information cannot be a source.

In addition, there are provisions that allow reporting entities to rely on the identification conducted previously by other reporting entities. If this method is used to identify a customer, the reporting entity must immediately obtain the identification information from the other reporting entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification as soon as feasible.

FINTRAC Reporting

Reporting EFTs of CAD 10,000 or More

If you conduct international remittance transactions at the request of your customers, the requirement to report transactions of CAD 10,000 or more will now be your responsibility, not your financial services provider.

The final amendments removes the language commonly known as the “first in, last out” rule. This means that the first person/entity to ‘touch’ the funds for a transaction incoming to Canada, or the last person/entity to ‘touch’ the funds for a transaction outgoing from Canada, had the reporting obligation (as long as the prescribed information was provided to them). The update will change the reporting obligation to whoever maintains the customer relationship. So, if you initiate a transaction at your customer’s request (outgoing transaction), or provide final receipt of payment to your customer (incoming transaction), it will be your obligation to report that transaction to FINTRAC.

Virtual Currency Reporting

If you conduct transactions involving virtual currencies such as bitcoin, you will be required to report the receipt, or the sending, of amounts of CAD 10,000 or more in a virtual currency transaction to FINTRAC. These are basically the same as Large Cash Transaction reporting obligations, including making a determination of whether the person is acting on behalf of a third-party. There will also be the requirement for reporting entities to maintain a Large Virtual Currency Transaction record.

For more information on the full scope of updates specific to virtual currency, please check out our full article here.

The 24-Hour Rule

The final regulations clarify that multiple transactions performed by, or on behalf of, the same customer or entity, or are for the same beneficiary, within a 24-hour period, are to be considered as a single transaction for reporting purposes when they total CAD 10,000 or more. This would mean that only one report would need to be submitted to capture all transactions that aggregate to CAD 10,000 or more. If you use software to automatically detect these types of transactions, you should begin discussions with your IT department or software provider to determine the time and resources that will be required to update the detection process.

For example, currently, a Large Cash Transaction Report must be submitted either for single transactions of CAD 10,000 (or more), or for multiple transactions of less than CAD 10,000 each that add up to CAD 10,000 or more in a 24-hour period. This can result in situations where two reports are filed for transactions taking place in a 24-hour period.

Cash deposit of CAD 12,000 – LCTR #1 for CAD 12,000

Cash deposits of CAD 5,000 and CAD 6,000 – LCTR #2 for CAD 11,000

Using the same example, under the new rules we would have:

Cash deposits of CAD 12,000, CAD 5,000 and CAD 6,000 – Single LCTR for CAD 23,000

We can expect to see guidance from FINTRAC ahead of the enforce date. If you have questions prior to this,  it is possible to write to FINTRAC to request a policy interpretation.

Suspicious Transaction Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction, or attempted transaction, is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. The revised regulations amended this to “’as soon as reasonably practicable’ after measures have been completed to establish that there are reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing”.

This would require reports to be submitted to FINTRAC shortly after a reporting entity conducts an analysis that established reasonable grounds for suspicion. It will be important to have detailed processes for unusual transaction investigations. It will be interesting to see how FINTRAC looks at this obligation during examinations.

Terrorist Property Reporting

A very small change (or clarification), related to Terrorist Property Reports, has been made in the final regulations. The timing requirement for filing has changed from “without delay” to “immediately”. This means regulated entities need to report that they are in possession of terrorist property as soon as they become aware.

Information Included in Reports to FINTRAC

Certain information is required in reports to FINTRAC. The final regulations introduce changes to reporting schedules, requiring more detailed information to be filed with FINTRAC then previously was required. Even where information is marked as being optional, if a reporting entity has the information, it becomes mandatory to include it. Some of the additional data fields are:

  • every reference number that is connected to the transaction;
  • type of device used by person who makes request online;
  • number that identifies device;
  • internet protocol address (IP address) used by device;
  • person’s or entity’s user name; and
  • date and time of person’s online session in which request is made.

These fields may require significantly more data to be included in reports, especially for transactions that are conducted online. Such changes may mean working with your IT folks to ensure you are retaining the needed data in a format that will be easy to extract.

For full details on what has changed for FINTRAC report fields, we have created unofficial redline which can be found here.

Ongoing Compliance Training

The amended regulations have introduced a requirement to document a plan for ongoing compliance training. This differs from the current requirement to develop and maintain a written training program.

In practice, this means that in addition to documenting all of the training that has already been completed, you will need to clearly document future training plans.

Risk Assessment Obligations

With the last round of AML changes, we saw the addition of “New Technologies and Developments” as a newly added category to the Risk-Based Approach requirements. This round of changes makes the next logical progression, which is the obligation to assess the money laundering and terrorist financing risk of any product, delivery channel or new technology before implementation. Meaning, if you are looking to take your business online and are going to use this fancy, new ID software, you had better take careful inventory and document where your risks are, and be sure the appropriate controls have been put in place, before going live but many MSBs have already implemented this best practice.

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch using our online form on our website, by emailing info@outliercanada.com or by calling us toll-free at 1-844-919-1623.

Canada’s Proposed AML Changes for MSBs

What’s Old is New Again, Well Updated

On June 9th, 2018, draft amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations (there are five separate regulations that we’re going to collectively call regulations here for simplicity’s sake). This article is intended to give a high-level summary of the proposed amendments as they relate to Money Services Businesses (MSBs).

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Finally, we want to encourage the community to discuss the proposed changes and submit meaningful feedback for policy makers. The comment period for this draft is 90 days. After this, the Department of Finance takes the feedback to the bat cave and drafts a final version of the amendments. From the time that the final version is published, the draft indicates that there will be 12 months of transition to comply with the new requirements.

♬The Times Regulations Are Changing♬

Foreign MSBs

Currently, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has issued a policy interpretation (PI-5594) in August of 2013, which states that a “real and substantial connection” to Canada must be present for an entity to be required to register as an MSB with FINTRAC.  A “real and substantial connection” was defined in the interpretation as having one or more of the following:

  • Whether the business is incorporated in Canada;
  • Whether the business has agents in Canada;
  • Whether the business has physical locations in Canada; and/ or
  • Whether the business maintains a bank account or a server in Canada.

The draft amendments introduce a new definition, which is “Foreign Money Services Business” that means anyone serving Canadian customers or entities in Canada is now subject to all Canadian requirements no matter where they are located.  Throughout the proposed changes, where there is a reference to money services businesses, there is also a reference to foreign money services businesses.  This will be significant to MSBs who operate non-face-to-face in the online marketplace and do not reside in Canada.

Non-Face-To-Face Customer Identification

Currently, there is a requirement that when customers are identified using the dual process method, the document and/or data that you collect is in its “original” format. This has been interpreted to mean that if the customer receives a utility bill in the mail, they must send you the original paper (not scanned or copied) document. The word “original” will be replaced with “authentic” (meaning that so long as you believe that the utility bill is a real utility bill for that person, it doesn’t need to be the same piece of paper that they received in the mail).

In addition, there are provisions that would allow reporting entities to rely on the identification conducted previously by other reporting entities. If this method is used to identify a customer, the reporting entity must immediately obtain the identification information from the other reporting entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification within 3 days of the request.

Reporting EFTs of $10,000 or More

If you conduct international remittance transactions at the request of your customers, the requirement to report transactions of $10,000 or more will now be your responsibility, not your financial services provider.

The proposed change removes the language commonly known as the “first in, last out” rule.  This means that the first person/entity to ‘touch’ the funds for transactions incoming to Canada or the last person/entity to ‘touch’ the funds for a transaction outgoing from Canada had the reporting obligation (as long as the prescribed information was provided to them).

The update will change the reporting obligation to whoever maintains the customer relationship. So if you initiate a transaction at your customer’s request (outgoing transaction) or provide final receipt of payment to your customer (incoming transaction), it will be your obligation to report that transaction to FINTRAC.

For example, if the flow of the instructions for payment were as follows:

Currently, the reporting obligation of the outgoing EFT would fall to the bank in Canada.  With the draft updates, the reporting obligation would now fall to the MSB in Canada, because they have the relationship with the customer initiating the transaction.

 

Third Party Determination

Currently, the obligation to determine whether a third party is involved in a transaction relates to Large Cash Transactions.  The proposed changes would include the obligation to make a third party determination for all EFTs of $10,000 or more.  This would also require similar record keeping obligations as a third party determination under the current Large Cash Transaction records.

Suspicious Transaction Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. This change appeared in the last round of amendments that came into force last year, and the proposed new wording would be another significant change:

The person or entity shall send the report to the Centre within three days after the day on which measures taken by them enable them to establish that there are reasonable grounds to suspect that the transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist activity financing offence.

This means that a report would be due three days after the reporting entity conducts an investigation or does something that allows them to reach the conclusion that there are reasonable grounds to suspect.

Information Included In Reports to FINTRAC

Certain information is required in reports to FINTRAC. Even where information is marked as being optional, if a reporting entity has the information, it becomes mandatory to include it. Some of the additional proposed data fields are:

  • every reference number that is connected to the transaction,
  • type of device used by person who makes request online,
  • number that identifies device,
  • internet protocol address (IP address) used by device,
  • person’s user name, and
  • date and time of person’s online session in which request is made.

These fields may require significantly more data to be included in reports, especially for transactions that are conducted online.

Ongoing Compliance Training

Currently, there are five required elements of a Canadian AML compliance program, but there is soon to be a sixth.  Before you get too worried, it’s not that major.  The change is specific to your ongoing compliance training obligations, which says you must institute and document a plan for your ongoing compliance training program and the delivery of the training.  Basically, in your AML compliance program documentation, you need to provide a description of your training program for at least the next year and how the training will be delivered. Many MSBs have already implemented this best practice.

Risk Assessment Obligations

With the recent addition of the “New Technologies and Developments” category to the Risk-Based Approach requirements, the next logical progression has be added.  The updates include the obligation to assess the money laundering and terrorist financing risk of any new technology before implementation.  Meaning, if you are looking to take your business online and are going to use this fancy, new non-face-to-face ID system, you had better take careful inventory of where your risks are and be sure the appropriate controls have been put in place before going live. Much like the training plan, many MSBs have already implemented this best practice.

Virtual Currency

The draft updates also include major changes related to virtual currency. “Dealers in virtual currencies’ would be regulated as MSBs. New record keeping and reporting obligations would apply to all reporting entities that accept payment in virtual currency, or send virtual currency on behalf of their customers.

For more information on updates specific to virtual currency, please check out our full article.

What Next

If you’ve read this far, congratulations and thank you!

We hope that you will contribute your thoughts and comments. You can do this by contacting the Department of Finance directly. Their representative on this file is:

Lynn Hemmings

Acting Director General

Financial Systems Division

Financial Sector Policy Branch

Department of Finance

90 Elgin Street

Ottawa, Ontario

K1A 0G5

Email: fin.fc-cf.fin@canada.ca

If you would like assistance drafting a submission, or have questions that you would like Outlier to answer, please get in touch!

If you are interested in sharing your comments with the Canadian MSB Association (and we highly encourage you to do so) please email luisa@global-currency.com. She will have more information on the industry group’s submission and consultation process.

Sanctions This Week: April 18th-24th, 2016

Outlier3_036

OSFI

On April 20th, 2016, the Office of the Superintendent of Financial Institutions (OSFI) released the United Nations Security Council’s (UNSC’s) Al-Qaida and Taliban regulations update to the sanctions list, adding five individuals.

The individuals are subject to the assets freeze, travel ban and arms embargo set out in paragraph 2 of Security Council resolution 2253 (2015) adopted under Chapter VII of the Charter of the United Nations.  He individuals listed hold the following titles:

  • Head of religious compliance police and a recruiter of foreign terrorist fighters for Islamic State in Iraq and the Levant (ISIL);
  • lead oil and gas division official of Islamic State in Iraq and the Levant (ISIL);
  • Leader of an Indonesia-based organization that has publicly sworn allegiance to Islamic State in Iraq and the Levant (ISIL);
  • Leader and armed groups in Gaza using money to build an ISIL presence in Gaza; and
  • Served as the acting emir of Jemmah Anshorut Tauhid (JAT) since 2014 and has supported Islamic State in Iraq and the Levant (ISIL).

All of these individuals are of different nationalities, but all have connections to ISIL and have been designated as such.

See the update on the United Nations (UN) website.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released two updates last week.  One update was related to the addition of an individual to the Libya Sanctions list.  The second update was the publication of new Cuba-related Frequently Asked Questions (FAQ), related to the recent changes made to the sanctions that had previously been placed on Cuba.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.  The changes to the Libya sanctions list included the addition of the Prime Minister and Defense Minister of the National Salvation Government, who has been added due to contributions to the situation in Libya.

See the Cuba-related FAQ update on OFAC’s website.

See the Libya sanction list update on OFAC’s website.

See OFAC’s recent actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

FINTRAC Examination Results for MSBs

The Canadian Money Services Business Association (CMSBA) recently held their Spring Training events in Montreal, Vancouver and Toronto.  The list of speakers included MSB industry professionals, as well as representatives from regulators including the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).  For a full synopsis of the Montreal and Toronto events, click here.  FINTRAC presented excellent statistical data about how MSBs have fared in examinations conducted between April 2011 and July 2014.  So how are MSBs faring?  Very well overall. 

ZDE FINTRAC 2008-2013

Data obtained through a freedom of information request indicates that almost 25% of MSBs examined between 2008 and 2013 have not had any deficiencies.

How Does FINTRAC Decide Who Is Examined?

FINTRAC considers several factors when deciding which reporting entities (REs) will be examined.

  • Concurrent Examinations: examinations conducted in tandem with the Office of the Superintendent of Financial Institutions (OSFI). This is applicable to federally regulated financial entities (FRFEs) like banks.
  • Market Share: The largest reporting entities in Canada (because the larger an organization is, the more critical the risk of non-compliance will be);
  • Cyclical: Coverage of a whole industry (this seemed to apply most to Casinos).
  • Follow-Up: Subsequent examinations based, with an emphasis on the resolution of deficiencies found in previous examination(s) to ensure remediation. FINTRAC noted that although it is no longer a requirement to submit a formal action plan to FINTRAC, it is a best practice for REs to document (and update) an action plan internally.
  • Risk: FINTRAC’s evaluation of the RE’s risk, based on a broad selection criteria, such as money laundering and terrorist financing vulnerabilities, the likelihood of non-compliance and industry trends.
  • Theme-Based: Related to specific intelligence about a RE or type of business that indicates there may be an elevated risk of non-compliance, money laundering vulnerability or terrorist financing vulnerability.

Methodology & Analysis

FINTRAC’s statistical analysis of MSB adherence to the requirements laid out in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its regulations is broken down by percentage, the results of the exams conducted that were fully compliant, partially compliant and non-compliant.  These are colour coded:

  • Green: fully compliant (no deficiencies were observed),
  • Yellow: partially compliant (there was something in place, but the MSB missed something), and
  • Red: non-compliant (in most cases, there was nothing in place or a reporting timeframe was missed).

Overall examination results have been positive.

Overview

It’s noteworthy that if FINTRAC has, as of 2014, found something during an examination that is considered ‘immaterial’, it’s not cited.  For example, in a large sample, if there are two client addresses that appear to be PO boxes, but all other client addresses were complete and in acceptable formats, there may not be a citation.  In these cases, FINTRAC may inform the RE verbally, but it will not be part of the formal ‘findings’ letter.

Compliance Officer

MSBs are required to have a Compliance Officer (a person that is responsible for overseeing the AML & CTF compliance program).  The appointment of the Compliance Officer must be documented in writing.  FINTRAC staff chided that this is likely the easiest area to achieve a fully compliant result in examinations.  MSB examination results certainly reflected this.

CO Chart

From a total of 612 MSB examinations considered, 608 MSBs were fully compliant.

Only four MSBs were deemed to be non-compliant.  It was noted that these were generally new market entrants that did not appear to understand Canadian AML & CTF compliance requirements.

Policies and Procedures

MSBs are required to have policies and procedures.  Policies describe the MSB’s regulatory obligations, while procedures describe what the MSB is doing to meet those requirements.  These must be documented, in writing, and the procedures must cover both staff and agents (if the MSB has agents).

PP Chart

From a total of 765 MSB examinations considered, 477 MSBs were fully compliant.

In 230 examinations, MSBs were deemed to be partially compliant.  Common errors included:

  • The omission of the 24-hour rule (specific descriptions of how the MSB determined whether or not reportable transactions had occurred over a 24 hour period),
  • Third party determinations (specific descriptions of when an MSB must determine if there is a third party involved, as well as what information needs to be collected and recorded), and
  • Politically exposed foreign person (PEFP) determinations (specific descriptions of when an MSB must determine if their client is a PEFP, and if so, what information needs to be collected/recorded. There is also a requirement that senior management signoff on the account within 30 days of the determination).

A total of 55 MSBs did not have any documented policies or procedures. In some cases, FINTRAC noted that there appeared to be processes in place, but that these were not documented in writing.

Training

MSBs are required to have an ongoing training program. The training program must be documented (who, what, where, when and how) and delivered to all staff and agents on an annual basis, at minimum.

Training Chart

From a total of 487 MSB examinations considered, 346 were fully compliant.

In 63 examinations, MSBs were deemed to be partially compliant.  Common errors included:

  • Interviews conducted with staff during an examination that evidenced a misunderstanding of the requirements (during an exam, FINTRAC will interview random staff members related to regulatory requirements to ensure training effectiveness)

In 78 examinations, MSBs did not have any training in place, or if they did, it was not documented.

Among the training options available to MSBs, we’re most excited about a relatively new offering from TAMLO that includes fast paced and visually stunning video content, as well as testing and tracking tools for Compliance Officers.

AML Compliance Effectiveness Review

MSBs are required to complete an AML Compliance Effectiveness Review once every two years.  The review must cover all policy and procedure documentation, as well as operational testing to ensure procedures are being properly followed.

2YR Chart

From a total of 722 MSB examinations considered, 412 were fully compliant.

In 101 examinations, MSBs were deemed to be partially compliant.  Where MSBs missed the mark was typically because they did not respect the two year cycle.  Other common errors included:

  • Only reviewing the policy documents with no operational testing of whether they are being followed (the policy document tells staff and agents what to do. Procedures tell them how to do it.  MSBs must be sure they are testing whether staff and agents are adhering to the procedures).

In 209 examinations, MSBs had not conducted an effectiveness review or could not provide evidence of one taking place.

Risk Assessment

MSBs are required to assess the risk that their business could be used for money laundering or terrorist financing.  The risk assessment must include four key components:

  • Products, services and delivery channels;
  • Geography;
  • Customers; and
  • Any other relevant factors.

Risk must be assessed and scored, and mitigated by appropriate controls.

RA Chart

From a total of 720 MSB examinations considered, 432 were fully compliant.

In 158 examinations, MSBs were deemed to be partially compliant.  The main issue was failing to include one of the four required elements. In some cases, a risk assessment was in place, but the documentation was not sufficient in assessing the MSB’s risk and controls.

In 129 examinations, MSBs had no evidence of a risk assessment.

FINTRAC noted that additional industry-specific risk assessment guidance is expected to be published later this year.

MSB Registration

MSBs are required to register with FINTRAC, as well as update their information within 30 days if there are any changes to business activities, banking or agent information.

MSB Reg Chart

From a total of 591 MSB examinations considered, 230 were fully compliant.

In this category, no partially compliant ratings were provided (the MSB registration was either complete, accurate and up to date, or it was deemed to be non-compliant).

In 361 examinations, MSBs were deemed to be non-compliant.  Most issues were due to a failure to update information when something within the business had changed or a failure to list all business activities. For example, the MSB registration may indicate that an MSB only performed foreign exchange in a case where remittance services were also provided.

Client Identification

MSBs are required to identify their clients in certain situations.  There are prescribed methods for completing this both in person and non-face-to-face (NF2F), and the identification document (ID) information must be recorded.

Client ID Chart

From a total of 796 MSB examinations considered, 621 were fully compliant.

In 64 examinations, MSBs were deemed to be partially compliant.  Common errors included:

  • Unacceptable ID (such as health card in Ontario);
  • Accepting ID that was expired at the time of the transaction (identification documents must be valid, or not expired, at the time they are reviewed);
  • Failing to record the prescribed details of the ID used (when reviewing a client’s ID, MSBs must keep a record of certain prescribed information); and
  • In Non-Face-To-Face Identification situations, only using one method, or using an unacceptable combination of methods (when identifying a customer who is not physically present, there are prescribed methods of how this is to be accomplished).

In 111 examinations, MSBs were non-compliant with client identification requirements.

Record Keeping

MSBs are required to keep certain records related to transactions and client identification.  These records must be stored in a manner that they can be accessed in the event they are requested, and must be maintained for at least five years.

RK Chart

From a total of 811 MSB examinations considered, 470 were fully compliant.

In 300 examinations MSBs were deemed to be partially compliant.  In these cases, record keeping was taking place but elements of the record keeping requirements were being overlooked.  Common issues included:

  • Missing telephone numbers;
  • Vague occupation information (for example “manager” or “worker”);
  • PO boxes recorded as customer addresses;
  • Missing postal codes;
  • Third party determinations that were incomplete; and
  • Payment methods for incoming and outgoing payments.

In 41 examinations, MSBs were non-compliant with record keeping requirements.

Third Party Determinations

MSBs are required to make a third party determination in certain prescribed circumstances, as well as collect and record certain information (name, address, date of birth, occupation and relationship to your client) about the third party.

TPD Chart

The total number of MSBs included in the review was not provided, with the statement: “there was not enough information available to conduct reasonable analysis”.  However, the total number of non-compliant MSBs was 6, indicating that approximately 600 MSB examinations were considered in this sample.

FINTRAC Reporting

When FINTRAC assesses reporting obligations, it uses the internal acronym “QTV”, which stands for quality, timing and volume.  Quality refers to the information in the report, specifically, if the report has all the required information.  Timing simply means, was the report filed within the designated timeframe.  Volume is slightly more complicated, but mainly refers to the amount of reports you have filed compared to your previous submissions.  It was noted that typically, where MSBs were deemed partially compliant, it was due to the quality.  Where non-compliance was related to the timing.

Electronic Fund Transfers Reports

MSBs are required to submit electronic funds transfer (EFT) reports to FINTRAC within 5 business days from the date the transaction took place.  An EFT includes the international transfer of CAD 10,000 or more, either in a single transaction, or multiple transactions within a 24-hour period.

EFT Chart

From a total of 434 MSB examinations considered, 165 were fully compliant.

In 87 examinations, MSBs were deemed to be partially compliant. MSBs were typically failing to include all required information, such as:

  • Phone number;
  • Date of birth; or
  • Postal code.

It is noteworthy that while not all fields are marked as required in F2R, all fields must be filled in if the MSB has recorded the information.

In 182 examinations, MSBs were deemed non-compliant, with most not reporting the EFTs within the specified time frame, and a small portion missing EFT reports.

Large Cash Transaction Reports

MSBs are required to submit large cash transaction (LCT) reports to FINTRAC within 15 calendar days from the date of the transaction, if the transaction was CAD 10,000 or more in cash, either in a single transaction, or multiple transactions within a 24-hour period.

LCTR Chart

From a total of 428 MSB examinations considered, 232 were fully compliant.

In 104 examinations, MSBs were deemed to be partially compliant.  MSBs were typically failing to include all required information, such as:

  • Occupation;
  • Date of birth;
  • Postal code; or
  • Type of ID used to identify the client.

In 92 examinations, MSBs were non-compliant, with most not reporting the LCTs within the specified time frame, and a small portion missing LCT reports.

Suspicious Transaction Reports

MSBs are required to submit suspicious transaction reports (STRs) and attempted suspicious transaction reports (ASTRs) to FINTRAC within 30 calendar days from the date the transaction is deemed suspicious by the Compliance Officer.

STR Chart

From a total of 285 MSB examinations considered, 262 were fully compliant.

In 14 examinations, MSBs were deemed to be partially compliant.  In these cases, MSBs were typically failing to include all required information.

In 9 examinations, MSBs were non-compliant.  Failing to file STRs carries relatively sever penalties, as the Canadian intelligence community relies on this type of reporting to build cases.  Where items are escalated as being potentially suspicious (either by staff or a transaction monitoring system), MSBs should always document the reason that these items are deemed not to be suspicious if no STR or ASTR reporting is completed.

Need a Hand?

If you are an MSB that needs compliance assistance (or a bank that wants assistance in setting up and maintaining a compliance regime that effectively manages MSB related risk), please contact us.

 

 

 

Insights From the CMSBA Education Days

We were fortunate enough to be able to attend the Canadian MSB Association (CMSBA)’s Montreal and Toronto spring training days. For Money Services Businesses (and those affiliated with the industry), the CMSBA is an excellent resource for collaboration, information sharing and advocacy. For those that were not able to attend any of the spring training sessions, here’s a roundup of the topics covered.

FINTRAC & MSB Compliance Examinations

Canada’s federal regulator for anti-money laundering (AML), the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), provided in depth statistics related to compliance examinations, as well as common issues for MSBs. Despite what some highly publicized administrative monetary penalties (AMPs) may lead you to believe, MSBs are faring well as a sector in FINTRAC’s compliance examinations. It’s noteworthy that through a freedom of information request, Outlier obtained data on the number of MSBs that did not have any deficiencies in examinations. Between 2008 and the end of 2014, this amounted to approximately 25% of all MSBs examined. In most cases, MSBs were largely compliant, with some partial deficiencies.

Overview Big

For a complete breakdown of common issues noted in examinations, click here.

AMF, Respondents & Digital Currency

Québec’s provincial regulator, the Autorité des Marchés Financiers (AMF), provided clarification on its expectations for MSB respondents. For MSBs dealing with customers in Québec that do not have offices in the province, a respondent must be nominated to deal with the AMF on the MSB’s behalf. Among the requirements are that the respondent must:

  • Be over 18 years old;
  • Have an address in Québec (home address or business address); and
  • Not be under tutorship, curatorship or advisorship.

The AMF also addressed digital currency, noting that not all digital currency business models are covered by the Québec MSB Act, and that there must be an element of fiat currency involved in the transactions. Both the AMF’s press release from February 2015 and the current presentation confirmed that digital currency trading platforms (that include fiat currency transactions) and digital currency ATMs are considered in scope. As there are a myriad of other digital currency related business models, if you are unsure of where you fit, you can contact the AMF and receive a decision (we recommend that you request a decision in writing where possible).

Agency Agreements

I had the honour of speaking about MSB agency agreements (the agreements between MSBs and their agents) with Susan Han (previously of AUM Law). Like most things, agent agreements should be documented in writing and clearly spell out the terms of the agreement. MSBs that take on agents should understand that the MSB would bear most of the risk (financial, compliance and reputational). Agents should be aware that the client (and information about the client) “belongs” to the MSB rather than the agent (and this information should always be provided to the MSB when it is requested).

International Collaboration & De-Risking

The CMSBA has partnered with MSB associations worldwide to increase awareness of the negative ways in which de-risking (which CMSBA Director Ken Saul noted should be called de-banking) affects the financial system. As the de-risking issue has affected MSBs worldwide, and there does not appear to be any effective solutions under consideration, a whitepaper was developed and presented to the Financial Action Task Force (FATF). This whitepaper has received a positive reception. Stay tuned for more on the international efforts in this regard.

One of the few Canadian Financial Institutions that (openly) banks MSBs, Luminus Financial, was on hand to discuss factors that MSBs should consider when dealing with banking relationships. MSBs should be prepared to provide complete and transparent information about their business. In order to achieve success in both obtaining and maintaining banking relationships, MSBs should be able to demonstrate that they are compliant and present information in a way that is well organized and addresses all of the questions and requests that the bank has made. In some cases, this will be a higher standard than simply meeting the minimum compliance requirements set out in law and regulation.

Compliance Maturity Model

In looking proactively at issues related to de-risking and demonstrating compliance, the CMSBA is working to develop a compliance maturity model (CMM). Currently, CMSBA members can complete the first stage of this model by completing an attestation form online. The attestation states that the MSB is compliant with applicable legislation and not subject to administrative or criminal proceedings. Questions, comments or suggestions related to the CMM can be directed to cmsba-cmm@canadianmsb.org.

Need a Hand?

If you are an MSB that needs compliance assistance (or a bank that wants assistance in setting up and maintaining a compliance regime that effectively manages MSB related risk), please contact us.

 

Fixed Fee AML Reviews For MSBs

One of the first blog posts that we published was “How to Negotiate Your Consulting Contracts Like A Pro.” We’ve been working closely with the Canadian MSB Association (CMSBA) and we’re happy to announce two things that we think will help small and mid sized MSBs do just that.

Outlier offers no hassle, fixed-fee pricing for MSB reviews, and 10% off throughout for CMSBA members (proof of membership is required). The pricing listed on this page is guaranteed to Canadian MSBs through December 2019.

No Hassle, Fixed Fee AML Compliance Effectiveness Review Pricing

All MSBs are required to have AML Compliance Effectiveness Reviews at least every two years. These reviews involve a review and assessment of your compliance program and operational testing. MSBs receive a formal review report, and Senior Management must provide signoff on the final report within 30 days of the day it’s issued. While Canadian legislation permits MSBs to conduct self-reviews, most banking service providers require their MSB clients to use an external reviewer.

To make things easier for Canadian businesses, we’re introducing no hassle pricing. To calculate where you fall on the chart, just add up the number of employees and agents.

Number of Employees & Agents* AML Compliance Effectiveness Review Price CMSBA Member Special Pricing**
1 – 5 7,000 6,300
6 – 10 8,000 7,200
11 – 20 9,000 8,100
21 – 30 10,000 9,000
31 + 11,000 9,900

All prices are subject to applicable taxes. Additional fees apply for staff travel and administration related to the sorting of paper documents (where applicable).

*If you have part-time or seasonal employees, count two part-time employees as one employee. Include business owners who are active in running the business as employees. Count each agent location as one employee. If you’re not sure about the calculation, feel free to contact us.

**Proof of membership is required.

CMSBA Member Savings

If you’re not a member of the CMSBA yet, but like saving money you can learn more and become a member at canadianmsb.org.

Coast to Coast to Coast

Our Canadian team is here to serve MSBs in all parts of Canada. If we don’t have a consultant near you, we will keep costs low by conducting your review remotely. To do this, we will review electronic copies of your compliance program and data. You’ll even be able to see us face to face on Skype calls.

Disclaimers

Outlier cannot be considered an “external reviewer” if we have designed your compliance program or conducted annual training with your staff. Most banking service providers require that you have an external reviewer. Some banking service providers also have specific lists of reviewers whose work they will accept. Please check with your banking service provider to ensure that our review will be acceptable for their purposes.

Need a Hand?

If you’re ready to schedule a review or would like more information please contact us.

Insights From the 2014 CMSBA Conference

CMSBA

We were honoured to present at this year’s Canadian MSB Association (CMSBA) conference in Toronto. Speakers included representatives from the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the Canadian Federation of Independent Businesses (CFIB), money service businesses (MSBs), consultants, lawyers and technology service providers. Priced between CAD 200 and 250 (depending on membership status and the timing of the registration), the price of this annual event, which includes breakfast, lunch, a post event reception, an annual CMSBA membership and a training certificate is likely one of the most informative and reasonably priced resources for MSBs. We would like to thank the CMSBA for providing a top quality event.

The Big Disclaimer

The information that follows is based on our experience attending the conference, and the information that we feel will help our friends and clients the most. While there were many excellent sessions, we weren’t able to enjoy them all. If you feel that we’ve missed something vital, or misrepresented an important point, please feel free to contact us and we’ll do our best to correct it.

FINTRAC Exams Are Changing

Lisa Douglas of FINTRAC tackled an update on the regulators expectations with candor, diplomacy and even a sense of humour on occasion. Among the most important points for reporting entities was the implementation of the regulatory changes that came into effect in February of 2014, and changes to the types of testing that FINTRAC will be performing in examination:

  • Business Relationships: has the nature and purpose of the business relationship been documented? Has the customer been identified where there is a business relationship (and if not, are efforts to identify the customer documented)? Is ongoing monitoring in place?
  • Suspicious Activity: Do the policies and procedures reflect the right indicators for the business model (see FINTRAC’s Guideline 2 for a full list)? Is there activity that seems to be suspicious that was not reported? If so, are you able to explain objectively why the activity was not considered to be suspicious (and is the explanation backed up by documentation)?
  • Ongoing Monitoring: Are monitoring efforts documented? Is the monitoring for high-risk customers and business relationships different (in nature and frequency)?
  • Beneficial Ownership: Is there documentation that confirms beneficial ownership? If not, has Senior Officer been identified and is the customer classified as high risk?
  • Customer Information Updates: Is customer information being updated on a regular schedule according to the customer’s risk?
  • Quality Reporting: Are the reports that FINTRAC receives complete and accurate? Are all fields (including fields that aren’t mandatory) completed if you have the information on file?

Ms. Douglas received the most questions about applying an ‘objective standard’ to deciding whether or not there are reasonable grounds to suspect money laundering or terrorist financing activity, and stressed that it is not enough to know that the activity is consistent for a customer over time if the activity could be indicative of money laundering or terrorist financing. This theme was echoed by Paul Burak of MNP LLP in his discussion of customer due diligence. In his illustrative example, Mr. Burak described a hotel that made large cash deposits with few credit card or debit card payments, in volumes that were out of synch with local tourist traffic. While the pattern of activity was consistent for the client over time, it did not make sense when an objective standard was applied.

There are Many More MSBs with ‘Zero Deficiencies’ Than MSBs with Penalties

Although there are several published administrative monetary penalties that have been published for MSBs, approximately 25% of MSBs examined between 2008 and 2014 have passed examinations with zero deficiencies.   While this isn’t likely to reduce the stress that comes with preparing for an examination, the information (obtained from a recent access to information request that Outlier filed with FINTRAC) is important in understanding that the MSB industry has historically been more compliant than the headlines would have us believe. That said it’s always vital to take the time to prepare for your examination and ensure that all of the materials requested by FINTRAC are assembled and delivered on time. We’ve put together some free resources to help reporting entities get organized, available here.

We were fortunate enough to co-present on this topic with two very experienced lawyers, J. Bruce McMeekin and Tushar K. Pain. Both emphasized the importance of reaching out to a legal professional early if you may be facing an administrative monetary penalty, as well as the value of regular compliance testing (not just limited to the effectiveness reviews required every two years) to assess compliance and fix anything that may be offside.

Banking Remains an Issue for MSBs

Robert Osbourne of Grant & Thornton provided excellent insights on maintaining banking relationships, including requesting and account manager, and maintaining regular contact (rather than simply responding to issues or information requests). Despite recent public policy positions from the Financial Action Task Force (FATF) and Financial Crimes Enforcement Network (FinCEN) warning against wholesale de-risking, few Canadian banks are currently accepting MSBs. Among those that we are aware are taking on MSB customers:

  • Royal Bank of Canada (RBC)
  • Bank of Montreal (BMO)
  • DirectCash Bank (DC)

There are additional financial institutions, including credit unions that offer accounts to MSBs, however many of these are not currently taking on new MSB customers. Access to banking is one of the issues that we’re likely to hear more about from both the CMSBA and the CFIB in the coming months.

Tools and Technology

The importance of tools and technology for recordkeeping and compliance management cannot be understated. The Canadian market is served by a number of great providers, and more solutions are being added on a regular basis. The solutions that are implemented should be well aligned with your business model and Risk Assessment. They should also be secure, in particular where sensitive or personal information (PI) is stored. Garry Clement of Clement Advisory Group emphasized how vulnerable the industry may be to cyber threats, and steps that MSBs can take to recognize threats and protect their data.

Digital Currency

Jillian Friedman of the Bitcoin Embassy (formerly, now she can be found at montrealtechlawyer.com) and Susan Han of Miller Thompson provided an overview of digital currency. While it was clear that many MSBs are interested in the potential that bitcoin and other digital currencies can offer, the same barriers to banking faced by MSBs are faced by digital currency companies in Canada. MSBs that deal in digital currency may face additional de-risking concerns with their banks. Zach Ramsay of CoinCulture, though not presenting, was on hand to offer clarification about the digital currency related services that may interest MSBs including bitcoin teller machines (BTMs) and bitcoin payment processing.

Need a Hand?

If you would like more information about the CMSA, including information about how to become a member, you can contact them here.

If you have questions about AML or CTF compliance, please contact us for more information.

Return to Blog Listing


PROCESSING...