Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Amending the Amendments! 2020 AML Changes for Real Estate

Background

Back on July 10, 2019, the highly anticipated final version of the amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were published. However, on June 10, 2020, further amendments to those amended regulations were published in the Canada Gazette. To make reading these changes a little easier, we have created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

The purpose of this round of amendments is to better align measures with international standards and level the playing field across reporting entities by applying stronger customer due diligence requirements and beneficial ownership requirements to designated non-financial businesses and professions (DNFBPs). The amendments come into force on June 1, 2021.

We have summarized the changes that will have an impact on real estate developers, brokers, and sales representatives below.

Business Relationship

One of the most significant proposed changes for real estate developers, brokers, and sales representatives is related to the definition of a business relationship. Currently, a business relationship is defined as:

If a person or entity does not have an account with you, a business relationship is formed once you have conducted two transactions or activities for which you have to:

  • verify the identity of the individual; or
  • confirm the existence of the entity.

The amendments change the definition for real estate developers, brokers, and sales representatives to the first time that the person or entity is required to verify the identity of the client.

For business relationships, a reporting entity must:

  • keep a record of the purpose and intended nature of the business relationship;
  • conduct ongoing monitoring of your business relationship with your client to:
    • detect any transactions that need to be reported as suspicious;
    • keep client identification and beneficial ownership information, as well as the purpose and intended nature records, up-to-date;
    • reassess your client’s risk level based on their transactions and activities; and
    • determine if the transactions and activities are consistent with what you know about your client;
  • keep a record of the measures you take to monitor your business relationships and the information you obtain as a result.

 This change in definition also means that ongoing monitoring must be applied for the following purposes:

  1. detecting any transactions that are required to be reported;
  2. keeping client identification information and the information up to date;
  3. reassessing the level of risk associated with the client’s transactions/activities; and
  4. determining whether transactions or activities are consistent with the information obtained about their client, including the risk assessment of the client.

PEP

The amendments will require real estate developers, brokers, and sales representatives to make a Politically exposed persons (PEP) determination when they enter into a business relationship (as defined above) with a client.

In addition, they will also be required to take reasonable measures to determine whether a client from whom they receive an amount of CAD 100,000 or more is a PEP.

If a positive determination is made, the following records must be kept:

  1. the office or position, and the organization or institution, in respect of which the person is determined to be a politically exposed foreign person, a politically exposed domestic person or a head of an international organization, or a family member of, or a person who is closely associated with, one of those persons;
  2. the date of the determination; and
  3. the source, if known, of the person’s wealth.

Beneficial Ownership

The amendments will require real estate developers, brokers, and sales representatives to comply with existing beneficial ownership requirements that apply to other reporting entities.

This means when identifying an entity, a reporting entity needs to collect the following information for all Directors and individuals who own or control, directly or indirectly, 25% or more of the organization:

  • Their full legal name;
  • Their full home address; and
  • Information establishing the ownership, control, and structure of the entity.

A record of the reasonable measures to confirm the accuracy of the information, when it is first obtained and in the course of ongoing monitoring of business relationships, must be retained.

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch!

Regulations for Dealers in Virtual Currency – June 2020

Effective June 1, 2020, entities engaged in Virtual Currency activities are considered as Money Services Businesses (MSBs), and are required to register with FINTRAC and comply with MSB obligations under amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) that were released on July 19, 2019. Those amendments also require, as of June 1, 2021, reporting large virtual currency transactions. The Department of Finance has since made further amendments to those amended regulations, published in the Canada Gazette on June 10, 2020.

To make reading these changes a little easier, we have created a redlined version of the regulations, with the most recent changes showing as tracked changes, which can be found here.

Dealers in Virtual Currency

It’s important to start by understanding what’s being regulated. This is best done by considering some of the definitions that have been added to the regulation.

fiat currency means a currency that is issued by a country and is designated as legal tender in that country. (monnaie fiduciaire)

funds means

(a) cash and other fiat currencies, and securities, negotiable instruments or other financial instruments that indicate a title or right to or interest in them; or

(b) a private key of a cryptographic system that enables a person or entity to have access to a fiat currency other than cash.

For greater certainty, it does not include virtual currency. (fonds)

virtual currency means

(a) a digital representation of value that can be used for payment or investment purposes that is not a fiat currency and that can be readily exchanged for funds or for another virtual currency that can be readily exchanged for funds; or

(b) a private key of a cryptographic system that enables a person or entity to have access to a digital representation f value referred to in paragraph (a). (monnaie virtuelle)

virtual currency exchange transaction means an exchange, at the request of another person or entity, of virtual currency for funds, funds for virtual currency or one virtual currency for another. (opération de change en monnaie virtuelle)

In terms of who will be regulated, businesses (whether or not the business is incorporated) that conduct transactions on behalf of their customers, including:

  • Exchanging digital currencies for fiat currencies; and
  • Exchanging between virtual currencies.

Current Obligations

Client Identification:

Dealers in Virtual Currency must identify individuals and confirm the existence of entities when they:

  • Remit or transmit funds (see definition above) of $1,000 or more at the request of a customer;
  • Conduct a foreign exchange transaction of $3,000 or more;
  • Enter into an ongoing service agreement with a customer (conduct transactions for a customer that is an entity);
  • Conduct a large cash transaction; and
  • Must take reasonable measures to identify individuals who conduct or attempt to conduct a suspicious transaction.

As of June 2021, there will be an additional requirement to identify virtual currency exchange transactions valued at CAD 1,000. This will include exchanging fiat and virtual currency, as well as exchanges between virtual currencies.

Information on acceptable methods to identify clients can be found on FINTRAC’s website. 

Reporting:

For reporting, there are two important dates. By June 1, 2020, dealers in virtual currency will need to report the same types of transactions that MSBs are currently required to report. These are:

  • Electronic Funds Transfers: if you send or receive international electronic funds transfers (EFTs), including wires, valued at CAD 10,000 or more, by or on behalf of the same customer, it must be reported to FINTRAC within 5 working days.
  • Large Cash Transactions: if you receive cash (this means fiat in the form of bills and/or coins) valued at CAD 10,000 or more in the same 24-hour period, by or on behalf of the same customer, it must be reported to FINTRAC within 15 calendar days.
  • Suspicious Transactions: if there are “reasonable grounds to suspect” that a completed attempted transaction is related to money laundering or terrorist financing, it must be reported to FINTRAC “as soon as practicable” of the discovery of a fact that led you to determine that the transaction was suspicious.

FINTRAC defines “as soon as practicable” in its Glossary as follows:

A time period that falls in-between immediately and as soon as possible within which a suspicious transaction report (STR) be submitted to FINTRAC. In this context, the report must be completed promptly, taking into account the facts and circumstances of the situation. While some amount of delay is permitted, it must have a reasonable explanation. The completion and submission of the report should take priority over other tasks.

FINTRAC has released more specific guidance on what “measures” enable reporting entities to have “reasonable grounds to suspect”.

More information on suspicious transaction reporting can be found on FINTRAC’s website.

  • Terrorist Property: if you’re in possession of property (which includes funds and virtual currency) that belong to a terrorist or terrorist group, it must be reported without delay, and the property must be frozen. In addition to reporting to FINTRAC, these reports are also sent to the CSIS and RCMP – by fax. In order to know if customers fall into this category, it is important to screen against the United Nations Security Council consolidated list. We’ve worked with some friends on a tool to make this easier, which you can try here (use the code Free100 for a free trial).

If you are required to report transactions valued at CAD 10,000 or more in a 24-hour period, you must have a mechanism in place to detect reportable transactions which is described in your compliance documentation.

By June 1, 2021, a new report will be introduced:

  • Large Virtual Currency Transactions: if you receive virtual currency valued at CAD 10,000 or more in the same 24-hour period, by or on behalf of the same customer, it must be reported to FINTRAC within 5 working days.

Amendments to the Amendments

The amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) that were published in the Canada Gazette on June 10, 2020 create the following obligations for dealers in Virtual Currency:

Travel Rule

One of the most significant changes that will impact Virtual Currency Dealers as MSBs relates to a new requirement for records to be kept on all virtual currency transfers of CAD 1,000 or more.

The record must contain the following:

  1. include with the transfer, the name, address and, if any, the account number or other reference number of both the person or entity that requested the transfer and the beneficiary; and
  2. take reasonable measures to ensure that any transfer received includes the information referred to in paragraph (a) above.

Where the information required was not obtained, MSBs must have written risk-based policies and procedures for determining if the transaction should be suspended, rejected, or if another follow-up measure should be taken.

PEP

In addition to the existing requirement for MSBs to take reasonable measures to determine whether a client from whom they receive an amount of CAD 100,000 or more is a Politically exposed person (PEP), the amendments will require MSBs to make a PEP determination when they establish a business relationship with a client.

A reminder that a business relationship is defined as:

If a person or entity does not have an account with you, a business relationship is formed once you have conducted two transactions or activities for which you have to:

  • verify the identity of the individual; or
  • confirm the existence of the entity.

MSBs will also periodically need to take reasonable measures to determine whether a person with whom they have a business relationship is a PEP. We will have to await guidance from FINTRAC on this, but our guess is the frequency for determination will align to the frequency for customer information and identification updates.

Given the definition of a business relationship, we do not expect this requirement to be overly burdensome. If you currently conduct list screening, PEP screening could easily be added to that process. You are also able to ask the customer directly, while presenting the definition of a PEP, and record their response.

If a positive determination is made, the following records must be kept:

  1. the office or position, and the organization or institution, in respect of which the person is determined to be a politically exposed foreign person, a politically exposed domestic person or a head of an international organization, or a family member of, or a person who is closely associated with, one of those persons;
  2. the date of the determination
  3. the source, if known, of the person’s wealth;
  4. the risk rating; and
  5. the name of the member of senior management who reviewed the client, and the date the client was approved.

Other Relevant Blog Posts for Dealers in Virtual Currency

What’s happening in the VC community? 

Messaging Standard Overview

In October 2018, the Financial Action Task Force (FATF) adopted changes to its Recommendations to explicitly clarify that they apply to financial activities involving virtual assets (VA), effectively expanding the scope of the Recommendations to apply to virtual asset service providers (VASPs) and other obliged entities that engage in or provide covered VA activities.

“There exists a need for VASPs to adopt uniform approaches and establish common standards to enable them to meet their obligations resulting from the FATF Recommendations as they apply to affected entities”.

The implementation of obligations such as the travel rule for virtual currency transactions, in the majority of cases, would require an accompanying technology. To tackle issues such as this, a cross-industry, cross-sectoral joint working group of technical experts was formed in December 2019 and a new technical standard developed by the group.  The Joint Working Group on interVASP Messaging Standards (JWG) was established  by three leading international industry associations representing VASPs:
Chamber of Digital Commerce
Global Digital Finance
International Digital Asset Exchange Association 

We will have to wait for FINTRAC guidance to see if such a standard is provided as an example.

More information on the working group can be found here.

To download a copy of the standard anonymously, use this link:

DOWNLOAD THE STANDARD

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch!

Amending the Amendments! 2020 AML Changes for MSBs

Background

Back on July 10, 2019, the highly anticipated final version of the amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were published. However, on June 10, 2020, further amendments to those amended regulations were published in the Canada Gazette. To make reading these changes a little easier, we have created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

The purpose of this round of amendments is to better align measures with international standards and level the playing field across reporting entities by applying stronger customer due diligence requirements and beneficial ownership requirements to designated non-financial businesses and professions (DNFBPs). The amendments come into force on June 1, 2021.

We have summarized the changes that will have an impact on Money Services Businesses (MSB)s below.

Travel Rule

One of the most significant changes that will impact MSBs and Foreign Money Services Businesses (FMSB)s relates to a new requirement for records to be kept on all virtual currency transfers of CAD 1,000 or more.

The record must contain the following:

  1. include with the transfer, the name, address and, if any, the account number or other reference number of both the person or entity that requested the transfer and the beneficiary; and
  2. take reasonable measures to ensure that any transfer received includes the information referred to in paragraph (a) above.

Where the information required was not obtained, MSBs and FMSBs must have written risk-based policies and procedures for determining if the transaction should be suspended, rejected or if another follow-up measure should be taken.

PEP

In addition to the existing requirement for MSBs and FMSBs to take reasonable measures to determine whether a client from whom they receive an amount of CAD 100,000 or more is a Politically exposed person (PEP), the amendments will require MSBs and FMSBs to make a PEP determination when they establish a business relationship with a client.

A reminder that a business relationship is defined as:

If a person or entity does not have an account with you, a business relationship is formed once you have conducted two transactions or activities for which you have to:

  • verify the identity of the individual; or
  • confirm the existence of the entity.

MSBs and FMSBs will also periodically need to take reasonable measures to determine whether a person with whom they have a business relationship is a PEP. We will have to await guidance from FINTRAC on this, but our guess is the frequency for determination will align to the frequency for customer information and identification updates.

Given the definition of a business relationship, we do not expect this requirement to be overly burdensome. If you currently conduct list screening, PEP screening could easily be added to that process. You are also able to ask the customer directly, while presenting the definition of a PEP, and record their response.

If a positive determination is made, the following records must be kept:

  1. the office or position, and the organization or institution, in respect of which the person is determined to be a politically exposed foreign person, a politically exposed domestic person or a head of an international organization, or a family member of, or a person who is closely associated with, one of those persons;
  2. the date of the determination; and
  3. the source, if known, of the person’s wealth.

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch!

Amending the Amendments! 2020 AML Changes for Jewellers

Background

Back on July 10, 2019, the highly anticipated final version of the amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were published. However, on June 10, 2020, further amendments to those amended regulations were published in the Canada Gazette. To make reading these changes a little easier, we have created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

The purpose of this round of amendments is to better align measures with international standards and level the playing field across reporting entities by applying stronger customer due diligence requirements and beneficial ownership requirements to designated non-financial businesses and professions (DNFBPs). The amendments come into force on June 1, 2021.

We have summarized the changes that will have an impact on Dealers in Precious Metals and Stones (DPMS) below.

PEP

The amendments will require DPMSs to make a Politically exposed persons (PEP) determination when they enter into a business relationship with a client. In addition, they will also be required to take reasonable measures to determine whether a client from whom they receive an amount of CAD 100,000 or more is a PEP.

A reminder that a business relationship is defined as:

If a person or entity does not have an account with you, a business relationship is formed once you have conducted two transactions or activities for which you have to:

  • verify the identity of the individual; or
  • confirm the existence of the entity.

Given the definition of a business relationship, we do not expect this requirement to be overly burdensome. If you currently conduct list screening, PEP screening could easily be added to that process.

If a positive determination is made, the following records must be kept:

  1. the office or position, and the organization or institution, in respect of which the person is determined to be a politically exposed foreign person, a politically exposed domestic person or a head of an international organization, or a family member of, or a person who is closely associated with, one of those persons;
  2. the date of the determination; and
  3. the source, if known, of the person’s wealth.

Beneficial Ownership

The amendments will require DPMSs to comply with existing beneficial ownership requirements that apply to other reporting entities.

This means when identifying an entity, a reporting entity needs to collect the following information for all Directors and individuals who own or control, directly or indirectly, 25% or more of the organization:

  • Their full legal name;
  • Their full home address; and
  • Information establishing the ownership, control, and structure of the entity.

A record of the reasonable measures to confirm the accuracy of the information, when it is first obtained and in the course of ongoing monitoring of business relationships, must be retained.

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch!

2019 AML Changes for MSBs

Background

On July 10th, 2019, the highly anticipated final amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were published. This article is intended to give a high-level summary of the amendments as specific to MSBs. If you’re the type that likes to read original legislative text, you can find it here. We also created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

It is expected that all regulated entities will have to significantly revamp their AML compliance program due to the amount of changes. There are three different “coming into force” dates that should be noted.

  • June 25, 2019: a wording change from “original” to “authentic” related to identification. This is welcomed news for digital identification.
  • June 1, 2020: changes related dealers in virtual currency (which do not apply to MSBs).
  • June 1, 2021: all other regulatory amendments.

While this does give regulated entities some time to get their AML compliance programs updated and in order, we recommend that you start budgeting and planning now.

Guidance from FINTRAC, related to the changes in regulation, is expected to be seen ahead of coming into force dates. Given the legislative changes, there will be changes to FINTRAC policy interpretations as well so be sure to monitor closely and save any interpretations that you may have used for due diligence purposes.

Hefty Disclaimer

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Foreign MSBs

In the past, foreign MSBs only had to comply with Canadian AML requirements if they had a “real and substantial connection” to Canada. A “real and substantial connection” was defined in FINTRAC policy interpretations as having one or more of the following statements be true:

  • Is the business incorporated in Canada;
  • Does the business have agents in Canada;
  • Does the business have physical locations in Canada; and/ or
  • Does the business maintain a bank account or a server in Canada.

The final amendments create obligations for foreign businesses that direct and provide certain services to people located in Canada, via the Internet. If you are a foreign MSB, check out our blog on full requirements as they relate to a foreign MSB with dealings in Canada.

What Does This Mean For My Business?

Changes to Canada’s AML regulations will have a direct impact on MSB AML obligations, including the following:

  • Customer identification;
  • Reporting; and
  • Compliance Program requirements.

While there are quite a number of changes, only some will have more of an impact on MSBs. We’ve summarized the changes that will impact MSBs below.

Customer Identification

Currently, there is a requirement that when customers are identified, the document and/or data that you collect must be in its “original” format. This has been interpreted to mean that if the customer receives a utility bill in the mail, they must send you the original paper (not scanned or copied) document. The final regulations replace the word “original” with “authentic”, and state that a document used for verification of identity must be “authentic”, valid and current. This would allow for scanned copies of documentation, and/or for software that can authenticate a person’s identification documents.

Other changes to the identity verification requirements are as follows:

  • A customer’s identity must be verified if they are the beneficiary of an international EFT of CAD 1,000 or more;
  • For credit file verification (single source) the credit file information must now be derived from more than one source; and
  • For the dual source method, when relying on a credit report as part of a dual source, the credit file must have been in existence for at least six months. Additionally, the person or entity that is verifying the information cannot be a source.

In addition, there are provisions that allow reporting entities to rely on the identification conducted previously by other reporting entities. If this method is used to identify a customer, the reporting entity must immediately obtain the identification information from the other reporting entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification as soon as feasible.

FINTRAC Reporting

Reporting EFTs of CAD 10,000 or More

If you conduct international remittance transactions at the request of your customers, the requirement to report transactions of CAD 10,000 or more will now be your responsibility, not your financial services provider.

The final amendments removes the language commonly known as the “first in, last out” rule. This means that the first person/entity to ‘touch’ the funds for a transaction incoming to Canada, or the last person/entity to ‘touch’ the funds for a transaction outgoing from Canada, had the reporting obligation (as long as the prescribed information was provided to them). The update will change the reporting obligation to whoever maintains the customer relationship. So, if you initiate a transaction at your customer’s request (outgoing transaction), or provide final receipt of payment to your customer (incoming transaction), it will be your obligation to report that transaction to FINTRAC.

Virtual Currency Reporting

If you conduct transactions involving virtual currencies such as bitcoin, you will be required to report the receipt, or the sending, of amounts of CAD 10,000 or more in a virtual currency transaction to FINTRAC. These are basically the same as Large Cash Transaction reporting obligations, including making a determination of whether the person is acting on behalf of a third-party. There will also be the requirement for reporting entities to maintain a Large Virtual Currency Transaction record.

For more information on the full scope of updates specific to virtual currency, please check out our full article here.

The 24-Hour Rule

The final regulations clarify that multiple transactions performed by, or on behalf of, the same customer or entity, or are for the same beneficiary, within a 24-hour period, are to be considered as a single transaction for reporting purposes when they total CAD 10,000 or more. This would mean that only one report would need to be submitted to capture all transactions that aggregate to CAD 10,000 or more. If you use software to automatically detect these types of transactions, you should begin discussions with your IT department or software provider to determine the time and resources that will be required to update the detection process.

For example, currently, a Large Cash Transaction Report must be submitted either for single transactions of CAD 10,000 (or more), or for multiple transactions of less than CAD 10,000 each that add up to CAD 10,000 or more in a 24-hour period. This can result in situations where two reports are filed for transactions taking place in a 24-hour period.

Cash deposit of CAD 12,000 – LCTR #1 for CAD 12,000

Cash deposits of CAD 5,000 and CAD 6,000 – LCTR #2 for CAD 11,000

Using the same example, under the new rules we would have:

Cash deposits of CAD 12,000, CAD 5,000 and CAD 6,000 – Single LCTR for CAD 23,000

We can expect to see guidance from FINTRAC ahead of the enforce date. If you have questions prior to this,  it is possible to write to FINTRAC to request a policy interpretation.

Suspicious Transaction Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction, or attempted transaction, is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. The revised regulations amended this to “’as soon as reasonably practicable’ after measures have been completed to establish that there are reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing”.

This would require reports to be submitted to FINTRAC shortly after a reporting entity conducts an analysis that established reasonable grounds for suspicion. It will be important to have detailed processes for unusual transaction investigations. It will be interesting to see how FINTRAC looks at this obligation during examinations.

Terrorist Property Reporting

A very small change (or clarification), related to Terrorist Property Reports, has been made in the final regulations. The timing requirement for filing has changed from “without delay” to “immediately”. This means regulated entities need to report that they are in possession of terrorist property as soon as they become aware.

Information Included in Reports to FINTRAC

Certain information is required in reports to FINTRAC. The final regulations introduce changes to reporting schedules, requiring more detailed information to be filed with FINTRAC then previously was required. Even where information is marked as being optional, if a reporting entity has the information, it becomes mandatory to include it. Some of the additional data fields are:

  • every reference number that is connected to the transaction;
  • type of device used by person who makes request online;
  • number that identifies device;
  • internet protocol address (IP address) used by device;
  • person’s or entity’s user name; and
  • date and time of person’s online session in which request is made.

These fields may require significantly more data to be included in reports, especially for transactions that are conducted online. Such changes may mean working with your IT folks to ensure you are retaining the needed data in a format that will be easy to extract.

For full details on what has changed for FINTRAC report fields, we have created unofficial redline which can be found here.

Ongoing Compliance Training

The amended regulations have introduced a requirement to document a plan for ongoing compliance training. This differs from the current requirement to develop and maintain a written training program.

In practice, this means that in addition to documenting all of the training that has already been completed, you will need to clearly document future training plans.

Risk Assessment Obligations

With the last round of AML changes, we saw the addition of “New Technologies and Developments” as a newly added category to the Risk-Based Approach requirements. This round of changes makes the next logical progression, which is the obligation to assess the money laundering and terrorist financing risk of any product, delivery channel or new technology before implementation. Meaning, if you are looking to take your business online and are going to use this fancy, new ID software, you had better take careful inventory and document where your risks are, and be sure the appropriate controls have been put in place, before going live but many MSBs have already implemented this best practice.

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch using our online form on our website, by emailing info@outliercanada.com or by calling us toll-free at 1-844-919-1623.

Foreign Money Services Business in Canada

Background

On July 10, 2019 the highly anticipated final amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were released in the Canada Gazette. With this round of changes, Foreign Money Services Businesses (MSBs) will be subject to Canadian AML obligations.  This article is intended to give a high-level summary of the requirements as they relate to Foreign MSBs.

While foreign MSBs will have until June 1, 2020 to become compliant with Canadian requirements, it is highly recommended that you start budgeting and planning from now. It is expected that our regulator, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), will allow foreign MSBs to register ahead of this date.

Note this article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

What Is A Money Services Business?

MSBs are considered reporting entities under the law in Canada.  This means that they must comply with certain requirements and answer to their regulator.  You are a money services business (MSB) in Canada if your business offers any of the following services to the public:

  • Foreign exchange dealing;
  • Remitting or transmitting funds;
  • Issuing or redeeming money orders, traveller’s cheques and other negotiable instruments;
  • Dealing in virtual currencies.

In the past, foreign MSBs only had to comply with Canadian AML requirements if they had a “real and substantial connection” to Canada. A “real and substantial connection” was defined in FINTRAC policy interpretations as having one or more of the following statements be true:

  • Is the business incorporated in Canada;
  • Does the business have agents in Canada;
  • Does the business have physical locations in Canada; and/ or
  • Does the business maintain a bank account or a server in Canada.

As part of the recent AML amendments, foreign businesses that conduct any of the above transactions, and your services are directed to persons in Canada, Canadian AML obligations will apply.  You will need to be aware of the requirements under Canadian law as they apply to their Canadian customers.

Compliance Program

Under regulation, you will be required to have an anti-money laundering (AML) and counter terrorist financing (CTF) program that consists of these five elements:

  • Written policies and procedures: these list your responsibilities under Canadian law, and what you are doing to meet them.
  • A documented Risk Assessment: a document that describes and assesses the risk that your business could be used to launder money or finance terrorism.
  • The appointment of a Compliance Officer: the person who is ultimately responsible to develop and maintain your Canadian AML and CTF compliance program. Note the person appointed does not have to be located in Canada.
  • AML Compliance Effectiveness Reviews: testing and reporting completed at least every two years that assesses how well your compliance program is working.
  • Training: A documented training plan, and conducting, at least annually, testing to ensure that staff understands their roles and responsibilities as it relates to Canadian law.

Operational Compliance

In addition to a documented program, you will need to ensure you operate in a compliant manner with various requirements as it relates to your Canadian customers. This includes:

  • Collecting and recording client identification information;
  • Know your customer (KYC) information;
  • Reporting certain types of transactions to regulators and government agencies;
  • Maintaining appropriate registration and licensing; and
  • Keeping records.

Client Identification

As an MSB, you will be required to identify Canadian customers in accordance with Canadian law. You must verify the identity of a person who requests the following:

  • requests that they issue or redeem money orders, traveller’s cheques or similar negotiable instruments in an amount of CAD 3,000 or more;
  • requests that they initiate an electronic funds transfer of CAD 1,000 or more;
  • requests that they exchange an amount of CAD 3,000 or more in a foreign currency exchange transaction;
  • requests that they transfer an amount of CAD 1,000 or more in virtual currency;
  • requests that they exchange an amount of CAD 1,000 or more in a virtual currency exchange transaction; or
  • is a beneficiary of an international electronic funds transfer of CAD 1,000 or more, or of a transfer of an amount of CAD 1,000 or more in virtual currency, to whom they make the remittance.

As part of the recent AML changes, the identification methods that can be used to verify identification have been updated and modernized. Previously, a document used to verify identity was required to be “original, valid and current”. You can now confirm the identity of a customer by relying on an identity document where it is “authentic, valid, and current”, meaning you can confirm identification using acceptable documents, presented in an electronic means, so long as it can be authenticated.

There are other methods to verify a customer’s identity, which include referring to their Canadian credit file (Equifax or TransUnion), provided it has been in existence for at least three years, or a dual process method which involves referring to information from two reliable and independent sources.

If the customer is an entity (a company, partnership, trust, etc.), then measures must be taken to confirm the entity’s existence and beneficial ownership. This means certain details must be collected for directors, trustees, beneficiaries of trusts, and anyone that owns or controls 25% or more of an entity.

Registration

You must register as a Foreign MSB with FINTRAC before June 1, 2020. The process itself is relatively straightforward and begins with a pre-registration form. As part of this process, you must provide FINTRAC with complete information about your business, including:

  • Bank account information;
  • Information about your compliance officer;
  • Number of employees;
  • Incorporation information (if your business type is a corporation);
  • Information about your MSB’s owners and senior management, such as their name and date of birth;
  • Certain information about the directors of the company and every person who owns or controls 20% or more.
  • An estimate of the expected total dollar amount of transactions per year for each MSB service you provide;
  • Detailed information about every branch; and
  • Detailed information about every Canadian MSB agent.

Once registered, the registration must be maintained, and you must:

  • Keep information up to date;
  • Respond to requests for, or to clarify, information in the prescribed form and manner, within 30 days;
  • Renew your registration before it expires; and
  • Let FINTRAC know if you stop offering MSB services to Canadians.

SCAM ALERT: There is no cost to register an MSB with FINTRAC – although we’ve heard of several scams claiming that there is a fee. Please ensure that you are only registering through valid FINTRAC sites, which will contain “fintrac-canafe.gc.ca” in the URL. If you have received a phishing email or other request to pay FINTRAC registration fees, we recommend reporting this to both the Canadian Anti-Fraud Centre and to FINTRAC directly.

Reporting

Foreign MSBs are required to report certain transactions to FINTRAC where Canadians are involved, regardless if the funds or the instructions to transfer funds involve Canada. Foreign MSBs will be required to report to FINTRAC the following transactions:

  • The receipt, from a person or entity in Canada, of CAD 10,000 or more in cash;
  • The initiation, at the request of a person or entity in Canada, of an EFT of CAD 10,000 or more, if the EFT is sent or is to be sent from one country to another;
  • The final receipt of an EFT of CAD 10,000 or more, if the EFT was sent from one country to another and the beneficiary is in Canada;
  • The receipt from a person or entity in Canada of CAD 10,000 or more in virtual currency;
  • Any suspicious or attempted suspicious transactions; and
  • Any terrorist property.

We’re Here To Help

If you are a foreign MSB that deals in virtual currency, please check out our blog. If you have any questions related to your compliance obligations in Canada, or need assistance in developing your Canadian AML compliance program, please get in touch!

2019 AML Changes For DPMSs

Background

On July 10th, 2019, the highly anticipated final amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were published. This article is intended to give a high-level summary of the amendments as specific to DPMSs. If you’re the type that likes to read original legislative text, you can find it here. We also created a red-lined version of the regulations, with new content showing as tracked changes, which can be found here.

It is expected that all regulated entities will have to significantly revamp their AML compliance program due to the amount of changes. There are three different “coming into force” dates that should be noted:

  • June 25, 2019: a wording change from “original” to “authentic” related to identification. This is welcomed news for digital identification.
  • June 1, 2020: changes related dealers in virtual currency (which do not apply to DPMSs).
  • June 1, 2021: all other regulatory amendments.

This does give regulated entities some time to get their AML compliance programs updated and in order, but we recommend that you start budgeting and planning now.

Updated guidance from FINTRAC is expected to be seen ahead of the coming into force dates. Given the legislative changes, there will be changes to FINTRAC policy interpretations as well so be sure to monitor closely and save any interpretations that you may have used for due diligence purposes.

Hefty Disclaimer

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

What Does This Mean For My Business?

Changes to Canada’s AML regulations will have a direct impact on DPMS AML obligations, including the following:

  • Reporting;
  • Customer identification; and
  • Compliance Program requirements.

While there are quite a number of changes, only some will have more of an impact on DPMSs. We’ve summarized the changes that will impact DPMSs below.

Defining a DPMS

The recent amendments has changed the definition of a DPMS slightly to read:

(1) A dealer in precious metals and precious stones, other than a department or an agent of Her Majesty in right of Canada or an agent or mandatary of Her Majesty in right of a province, that buys or sells precious metals, precious stones or jewellery, for an amount of $10,000 or more is engaged in an activity for the purposes of paragraph 5(i) of the Act. A department or an agent of Her Majesty in right of Canada or an agent or mandatary of Her Majesty in right of a province carries out an activity for the purposes of paragraph 5(l) of the Act when they sell precious metals to the public for an amount of $10,000 or more.

(2) The activities referred to in subsection (1) do not include a purchase or sale that is carried out in the course of or in connection with manufacturing a product that contains precious metals or precious stones, extracting precious metals or precious stones from a mine or polishing or cutting precious stones.

(3) For greater certainty, the activities referred to in subsection (1) include the sale of precious metals, precious stones or jewellery that are left on consignment with a dealer in precious metals and precious stones. Goods left with an auctioneer for sale at auction are not considered to be left on consignment.

Neither the PCMLTFA, nor the Regulations, define consignment. As understanding of the term can vary, we hope to see this defined in upcoming FINTRAC guidance.

Certain activities that were already exempt from the DPMS designation, including manufacturing jewellery, extracting precious metals or precious stones from a mine, and cutting or polishing precious stones, has been expanded to capture other types of manufacturing processes that may also involve the use or consumption of precious metals and stones (e.g. diamonds used to manufacture drill bits). This is described as being consistent with the original policy intent.

FINTRAC Reporting

Large Virtual Currency Transaction Reporting

If you accept, or plan on accepting, payments using virtual currencies like bitcoin, these will be treated similar to cash payments. For any payments valued at CAD 10,000 or more, made by or on behalf of the same person or entity within a 24-hour period, you will need to identify the customer, and submit a report to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).

24-hour Rule

The final regulations clarify that multiple transactions performed by, or on behalf of, the same customer or entity within a 24-hour period are to be considered as a single transaction for reporting purposes when they total CAD 10,000 or more. Only one report would need to be submitted to capture all transactions that aggregate to CAD 10,000 or more. For DPMSs, this would apply to recipients of CAD 10,000 or more in cash or virtual currency.

Suspicious Transaction Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction, or requested transaction, is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. The revised regulations amended this to “’as soon as reasonably practicable’ after measures have been completed to establish that there are reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing”.

This means that a report will be due shortly after a reporting entity conducts an analysis that established reasonable grounds for suspicion. It will be important to have detailed processes for unusual transaction investigations. It will be interesting to see how FINTRAC looks at this obligation during examinations.

Terrorist Property Reporting

A very small change related to Terrorist Property Reports has been made in the final regulations. The timing requirement for filing has changed from “without delay” to “immediately”. This means regulated entities need to report that they are in possession of terrorist property as soon as they become aware.

Information Included in Reports to FINTRAC

Certain information is required in reports to FINTRAC. The final regulations introduce changes to reporting schedules, requiring more detailed information to be filed with FINTRAC then previously was required. Even where information is marked as being optional, if a reporting entity has the information, it becomes mandatory to include it. Some of the additional data fields are:

  • every reference number that is connected to the transaction;
  • type of device used by person who makes request online;
  • number that identifies device;
  • internet protocol address (IP address) used by device;
  • person’s or entity’s user name; and
  • date and time of person’s online session in which request is made.

These fields require significantly more data to be included in reports, especially for transactions that are conducted online. Such changes may mean working with your IT folks to ensure you are retaining the necessary data in a format that will be easy to extract.

For full details on what has changed for FINTRAC report fields, we have created unofficial redline which can be found here.

Customer Identification

Currently, there is a requirement that when customers are identified, the document and/or data that you collect must be in its “original” format. The final regulations replace the word “original” with “authentic”, and state that a document used for verification of identity must be “authentic”, valid and current. This would allow for scanned copies of identification documents, so long as authentication of the identification documents takes place.

In addition, there are provisions that allow reporting entities to rely on the identification conducted previously by other reporting entities. If this method is used to identify a customer, the reporting entity must immediately obtain the identification information from the other reporting entity, and have a written agreement in place requiring the entity doing the identification to provide the identification verification as soon as feasible.

Reasonable Measures

In cases where DPMSs were required to keep records related to reasonable measures to obtain certain information (such as third-party determinations for large cash transactions), the requirement has been removed with this round of changes. It is important to note that you must still take reasonable measures where necessary, and it is only the requirement to keep a record of the measures used that has been repealed.

New Products & Technology Channels

One of the deficiencies identified in the Financial Action Task Force (FATF) review of Canada was not having a requirement to assess new technologies before their launch. With this round of changes, all reporting entities will be required to assess the risk related to their products and delivery channels, as well as the risk associated with the use of new technologies, prior to release.

This has been a best practice since the requirement to conduct a risk assessment came into force but this change makes this a formal requirement.

Training Program

While training is a current obligation, the current revisions introduce an additional requirement, for all regulated entities, in which there must be a documented plan for the ongoing compliance training program, and delivery of that training. In practice, this means that in addition to documenting the training that has been completed, you will need to clearly document future training plans.

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch using our online form on our website, by emailing info@outliercanada.com or by calling us toll-free at 1-844-919-1623.

2019 AML Changes For The Real Estate Sector

Background

On July 10, 2019 the highly anticipated final amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), and its enacted regulations, were published. This article is intended to give a high-level summary of changes as they relate to the real estate industry. If you’re the type that likes to read original legislative text, you can find it here. We also created a red-lined version of the regulations, with new content showing as tracked changes, which can be found here.

It is expected that all regulated entities will have to significantly revamp their AML compliance program due to the amount of changes. There are three different “coming into force” dates that should be noted.

 

  • June 25, 2019: a wording change from “original” to “authentic” related to identification. This is welcomed news for digital identification.
  • June 1, 2020: changes related to dealers in virtual currency (which do not apply to the Real Estate sector).
  • June 1, 2021: all other regulatory amendments.

While this does give regulated entities some time to get their AML compliance programs updated, we recommend that you start budgeting and planning from now.

Updated guidance from FINTRAC is expected to be seen ahead of coming into force dates. Given the legislative changes, there will be changes to FINTRAC policy interpretations as well, so be sure to monitor closely and save any interpretations that you may have used for due diligence purposes.

Hefty Disclaimer

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

What Does This Mean For My Business?

As stated above, there are quite a number of changes, but only some have an impact on real estate developers, brokers, and sales representatives. We’ve summarized the changes that will impact the real estate sector below.

Identification

The final regulations replace the word “original” with “authentic”, and state that a document used for verification of identity must be “authentic, valid and current”. This means you can confirm identification, using acceptable documents presented by way of electronic means, so long as it can be authenticated. This will be helpful to real estate developers, brokers, and sales representatives that identify clients in a non-face-to-face manner. This change came into force on June 25, 2019.

Other changes to the identity verification requirements are as follows:

  • For credit file verification (single source), the credit file information must now be derived from more than one source.
  • For the dual source method, when relying on a credit report as part of a dual source, the credit file must have been in existence for at least six months. Additionally, the person or entity that is verifying the information cannot be a source.

FINTRAC Reporting

Virtual Currency

For real estate brokers, sales representatives and developers that conduct transactions that involve virtual currency, the final regulations introduce new reporting requirements for the receipt of CAD 10,000 or more of virtual currency. These basically are the same as large cash reporting obligations, including making a determination if the person from whom the virtual currency is received is acting on behalf of a third party, and will require reporting entities to maintain a large virtual currency transaction record.

The requirements for reporting and recordkeeping for virtual currency are very similar to cash reporting requirements.

24-hour rule

The final regulations clarify that multiple transactions performed by, or on behalf of, the same customer or entity within a 24-hour period are to be considered as a single transaction for reporting purposes when they total CAD 10,000 or more. Only one report would need to be submitted to capture all transactions that aggregate to CAD 10,000 or more. For real estate developers, brokers, and sales representatives, this would apply to recipients of CAD 10,000 or more in cash or virtual currency.

Suspicious Transaction Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction, or attempted transaction, is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. The revised regulations amended this to “as soon as reasonably practicable” after measures have been completed to establish that there are reasonable grounds to suspect that a transaction, or attempted transaction, is related to money laundering or terrorist financing.

This would require reports to be submitted to FINTRAC fairly soon after a reporting entity conducts an analysis that established reasonable grounds for suspicion. It will be important to have detailed processes for unusual transaction investigations. It will be interesting to see how FINTRAC looks at this obligation during examinations.

Terrorist Property Reporting

A very small change (or clarification), related to Terrorist Property Reports, has been made in the final regulations. The timing requirement for filing has changed from “without delay” to “immediately”. This means regulated entities need to report that they are in possession of terrorist property as soon as they become aware.

Schedules

The final regulations introduce changes to reporting schedules, requiring more detailed information to be filed with FINTRAC then previously was required. Even where information is marked as being optional, if a reporting entity has the information, it becomes mandatory to include it. As it relates to real estate developers, brokers, and sales representatives, these changes will impact attempted suspicious and suspicious transaction reporting, terrorist property reporting, large cash reporting, and large virtual currency reporting. Examples of the new data fields are as follows:

  • every reference number that is connected to the transaction (including the sending and receiving addresses for virtual currency transactions);
  • type of device used by person who makes request online;
  • number that identifies device;
  • internet protocol address (IP address) used by device;
  • person’s user name; and
  • date and time of person’s online session in which request is made.

Such changes may mean working with your IT folks to ensure you are retaining the needed data in a format that will be easy to extract.

For more details on what has changed for reporting fields, a comparison of current and proposed FINTRAC report fields can be found here.

Compliance Program

Risk Assessment

One of the deficiencies identified in the Financial Action Task Force (FATF) review of Canada was not having a requirement to assess new technologies before their launch. The final amendments require all reporting entities to assess the risk related to products and their delivery channels, as well as the risk associated with the use of new technologies, prior to release.

This has been a best practice since the requirement to conduct a risk assessment came into force, but this change makes this a formal requirement. This will require strong communication and closer cooperation between compliance officers and teams involved in the development of new services or technology changes.

Training

Under current regulation, if real estate developers, brokers, and sales representatives use agents, mandataries or other persons to act on their behalf, they must develop and maintain a written, ongoing compliance training program for those agents, mandataries or other persons. The final regulations introduce an additional requirement, in which there must be a documented plan for the ongoing compliance training program and delivery of the training.

Records

There are some changes to the details that must be recorded in records that real estate brokers or sales representatives must maintain. In addition to new information that is required for reporting purposes (see the schedules section below), the final regulations add the requirement that information records must contain details of every person or entity for which they act as an agent or mandatary in respect of the purchase or sale of real property or immovables. Under the previous regulations, only information related to the person or entity purchasing real estate was required.

In cases where real estate brokers, sales representatives and developers were required to keep records related to reasonable measures to obtain certain information, the requirement has been removed with this round of changes. It is important to note that you must still take reasonable measures where necessary, and it is only the requirement to keep a record of the measures used that has been repealed.

We’re Here To Help

If you would like assistance in updating your compliance program and/or processes, or have any questions related to the changes, you can get in touch using our online form on our website, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

2019 AML Updates for Credit Unions

Background

On July 10th, 2019 the final amendments to Canada’s anti-money laundering (AML) regulations, were published in the Canada Gazette.  Many of the changes are based on requirements set out by the Financial Action Task Force (FATF), an inter-governmental body that sets out international standards for combating money laundering and terrorist financing, as well as from certain amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) made through the Economic Action Plan 2014 Act, No. 1 and the Budget Implementation Act, 2017, No. 1.

For those that prefer to see the updates in context, we have created unofficial red-lined versions of the regulations, which can be found here.

It is expected that all regulated entities will have to significantly revamp their AML compliance program due to the changes. There are three different “coming into force” dates that should be noted:

  • June 25, 2019: a wording change from “original” to “authentic” related to identification. This is welcomed news for digital identification.
  • June 1, 2020: changes related dealers in virtual currency (which do not directly apply to Credit Unions).
  • June 1, 2021: all other regulatory amendments.

Updated guidance from FINTRAC is expected to be seen ahead of the coming into force dates. Given the legislative changes, there will be adjustments to various FINTRAC policy interpretations so be sure to monitor closely and save any interpretations that you may have used for due diligence purposes.

Hefty Disclaimer

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you borrow content that we wrote and published publicly, we may think you’re a jerk but we’re not sending an army of lawyers).

What Does This Mean For Your Credit Union?

Changes to Canada’s AML regulations will have a direct impact on a Credit Union’s AML obligations, including the following:

  • Reporting;
  • Record keeping; and
  • Member identification.

Many changes will require adjustments in your IT systems to ensure that all necessary information is available to be included in FINTRAC reports, particularly those involving online transactions. If you’re not sure where to start please feel free to contact us. From a practical standpoint, while you do have some time to update your AML program, it is best to start budgeting and planning now.  It may also be prudent to discuss changes with your board of directors as well.

FINTRAC Reporting

This round of changes to AML regulations has a much greater focus on reporting including changes to the information that will need to be included in various reports. We have summarized the applicable changes below.

Certain reports will require information that was not originally included. These changes include information such as:

  • Purpose of transaction;
  • Source of cash or source of funds;
  • For online transactions:
    • Type of device used by person who makes request;
    • Number that identifies device;
    • Internet Protocol address used by device;
    • Person’s or entity’s user name; and
    • Date and time of when a person makes a request.

While most of these fields are mandatory, where fields are marked as optional, if an entity has the information (this may mean in the background of your IT systems), it is expected that it be included in the report. For full details on what has changed for FINTRAC report fields, we have created an unofficial redline which can be found here.

All changes related to reporting come into force on June 1, 2021.

STR Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction, or attempted transaction, is related to money laundering or terrorist financing, a report must be submitted to FINTRAC. The timeframe for submission was within 30 days of the date that a fact was discovered that caused the suspicion. The revised regulations amend this to “as soon as reasonably practicable after measures have been completed to establish that there are reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing.”

This means that a report will be due shortly after a reporting entity has conducted their analysis that established reasonable grounds for suspicion. It will be important to have detailed processes for unusual transaction investigations and this should include a step in the process that clearly identifies when a determination is made that establishes reasonable grounds to suspect the transaction is related to money laundering or terrorist financing. A defined time for what “as soon as reasonably practicable” means should be documented as well to ensure reports are completed and submitted on time. It will be interesting to see how FINTRAC looks at this obligation during examinations.

Terrorist Property Reporting

A very small change (or clarification), related to Terrorist Property Reports, has been made in the final regulations. The timing requirement for filing has changed from “without delay” to “immediately”. This means regulated entities need to report that they are in possession of terrorist property as soon as they become aware.

EFT Reporting

The definition of an EFT has changed with the amended regulations and reads as such:

An electronic funds transfer means the transmission by any electronic, magnetic or optical means of instructions for the transfer of funds, including a transmission of instructions that is initiated and finally received by the same person or entity. In the case of SWIFT messages, only SWIFT MT-103 messages and their equivalent are included. It does not include a transmission of instructions for the transfer of funds:

    1. that is carried out by means of a credit or debit card or a prepaid payment product if the beneficiary has an agreement with the payment service provider that permits payment by that means for the provision of goods and services;
    2. that involves the beneficiary withdrawing cash from their account;
    3. that is carried out by means of a direct deposit or a pre-authorized debit;
    4. that is carried out by cheque imaging and presentment;
    5. that is both initiated and finally received by persons or entities that are acting to clear or settle payment obligations between themselves; or
    6. that is initiated or finally received by a person or entity referred to in paragraphs 5(a) to (h.1) of the Act for the purpose of internal treasury management, including the management of their financial assets and liabilities, if one of the parties to the transaction is a subsidiary of the other or if they are subsidiaries of the same corporation.

The definition now includes instructions initiated and received by the same person or entity, which means certain internal transfer transactions may be caught.

Also related to EFT reporting, the final amendments removes the language commonly known as the “first in, last out” rule. This means that the first person/entity to ‘touch’ the funds for a transaction incoming to Canada, or the last person/entity to ‘touch’ the funds for a transaction outgoing from Canada, had the reporting obligation (as long as the prescribed information was provided to them). The update will change the reporting obligation to whoever maintains the customer relationship.

Large Virtual Currency Transaction Reporting

If you plan to conduct transactions involving virtual currencies such as bitcoin, you will be required to report the receipt or the sending of amounts of CAD 10,000 or more in a virtual currency to FINTRAC. These basically are the same as Large Cash Transaction reporting obligations, including making a determination if the person from whom the virtual currency is received is acting on behalf of a third party, and will require reporting entities to maintain a Large Virtual Currency Transaction Record.

Most of the recordkeeping requirements for virtual currency are very similar to Large Cash Transaction requirements.

The 24-Hour Rule

Multiple transactions performed by, or on behalf of, the same customer or entity, or are for the same beneficiary, within a 24-hour period are to be considered as a single transaction for reporting purposes when they total CAD 10,000 or more. This would mean that only one report would need to be submitted to capture all transactions that aggregate to CAD 10,000 or more. If you use software to automatically detect these types of transactions, you should begin discussions with your IT department or software provider to determine the time and resources that will be required to update the detection process.

For example, currently, a Large Cash Transaction Report must be submitted either for single transactions of CAD 10,000 (or more), or for multiple transactions of less than CAD 10,000 each that add up to CAD 10,000 or more in a 24-hour period. This can result in situations where two reports are filed for transactions taking place in a 24-hour period.

Cash deposit of CAD 12,000 – LCTR #1 for CAD 12,000
Cash deposits of CAD 5,000 and CAD 6,000 – LCTR #2 for CAD 11,000

Using the same example, under the new rules we would have:
Cash deposits of CAD 12,000, CAD 5,000 and CAD 6,000 – Single LCTR for CAD 23,000

We can expect to see guidance from FINTRAC ahead of the enforce date. If you have questions prior to this,  it is possible to write to FINTRAC to request a policy interpretation.

Compliance Program

In addition to the process changes, including reporting changes discussed above, there are some other changes that you will need to make to your compliance program.

Training

The amended regulations have introduced a new requirement to institute and document a plan for ongoing compliance training.  This differs from the current requirement to develop and maintain a written training program.

In practice, this means that in addition to documenting all of the training that has already been completed, you will need to clearly document future training plans. Be sure staff is receiving training on process changes that are applicable to their roles.

Risk Assessment

One of the deficiencies identified in the Financial Action Task Force (FATF) review of Canada was not having a requirement to assess new technologies before their launch. The final amendments require all reporting entities to assess the risk related to products and their delivery channels, as well as the risk associated with the use of new technologies, prior to public release.

This has been a best practice since the requirement to conduct a risk assessment came into force, but this change makes this a formal requirement. This will require strong communication and closer cooperation between compliance officers and teams involved in the development of new products or services.

Records of Reasonable Measures

The requirement to keep records related to reasonable measures to obtain certain information, has been removed with this round of changes. It is important to note that credit unions must still take reasonable measures and it is only the requirement to keep a record of the measures used that has been repealed. 

Identification

The range of identification methods that can be used will be broadened. This is good news, especially for credit unions that are using identification methods for members who are not physically present.

Prior to this round of changes, there was a requirement that when members are identified, the document and/or data that you collect must be in its “original” format. The final regulations replace the word “original” with “authentic”, and state that a document used for verification of identity must be “authentic”, valid and current. This would allow for scanned copies of documentation, and/or for software that can authenticate a person’s identification document. This change came into force on June 26, 2019.

Other changes to the identity verification requirements are as follows:

  • For credit file verification (single source), the credit file information must now be derived from more than one source (i.e. cannot contain only one trade line on the credit file);
  • For the dual source method, when relying on a credit report as part of a dual source, the credit file must have been in existence for at least six months. Additionally, the person or entity that is verifying the information cannot be a source (i.e. you cannot be a tradeline of the credit file).

In addition, there are provisions that allow a credit union to rely on the identification conducted previously by other reporting entities. If this method is used to identify a member, the credit union must immediately obtain the identification information from the other reporting entity, and have a written agreement in place requiring the entity doing the identification to provide the identification verification as soon as feasible.

If you have members that are publicly traded trusts, credit unions will be required to obtain names and addresses of all persons who own or control, directly or indirectly, 25% or more of the units of the trust.

Politically Exposed Persons (PEPs)

The amended regulations add some new requirements related to PEPs, which are as follows:

  • You must obtain the “source of wealth” of a PEP; and
  • If a PEP is a head of an international organization, the person will continue to be treated as a PEP for five years after they have held the position.

This change comes into force on June 1, 2021, and will likely result in IT system changes related to record keeping and monitoring.

Prepaid Products

If you offer Prepaid Payment Products, the amended regulations now include new obligations for prepaid cards that are issued by financial entities. The obligations are similar to those that apply to regular member accounts, and comes into force on June 1, 2021.

The regulations apply to any prepaid payment product that is tied to an account, that permits funds or virtual currency that total CAD 1,000 or more to be added to the account within a 24-hour period, or where a balance of CAD 1,000 or more will be maintained.

Records that will have to be maintained are as follows:

  • a record of the name and address of each holder of a prepaid payment product account and each authorized user, the nature of their principal business or their occupation and, in the case of a person, their date of birth;
  • if an account holder is a corporation, a copy of the part of its official corporate records that contains any provision relating to the power to bind the corporation in respect of the prepaid payment product account or the transaction;
  • a record of every application in respect of the prepaid payment product account;
  • a prepaid payment product slip in respect of every payment that is made to the prepaid payment product account;
  • every debit and credit memo that it creates or receives in respect of the prepaid payment product account;
  •  a copy of every account statement that it sends to a holder of the prepaid payment product account; and
  • a foreign currency exchange transaction ticket in respect of every foreign currency exchange transaction that is connected to the prepaid payment product account.

There are also record keeping obligations where an international electronic funds transfer of CAD 1,000 or more has been conducted through the prepaid product. Additionally, a prepaid payment product slip, similar to a deposit slip, must be maintained.

Similar to member accounts, you will also have to keep account applications and any foreign currency transaction information related to the prepaid product. A PEP determination is to be made when the prepaid product account is opened, and when a payment of CAD 100,000 or more is made to a prepaid product account.

We’re Here To Help

If you would like assistance in updating your compliance program and/or processes, or have any questions related to the changes, you can get in touch using our online form on our website, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Is Your MSB Ready for a FINTRAC Exam?

Rodney_MSB2
We get a lot of questions about examinations conducted by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). While we’re happy to be able to help our customers in their examinations (you can check out our free resources for FINTRAC exams here), the responsibility during the examination will rest with the money services business (MSB), mainly with the MSB’s Compliance Officer.

FINTRAC’s expectations have changed dramatically, since MSB’s were first required to comply with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations. In 2015, we noticed that there was a dramatic shift in focus of MSB examinations. FINTRAC’s examiners were much more interested in detailed procedures (documents that describe how MSBs are complying with the PCMLTFA and regulations), and the Risk Based Approach.

One of the most important things that MSBs can do to ensure that their AML compliance programs are up to date, and at the same time, prepare for FINTRAC examinations, is to read FINTRAC’s published guidance. Two important guidance topics published in 2015 are, the Risk-Based Approach Guide (this guide describes what is the risk-based approach) and the Risk-Based Approach Workbook for MSBs (this workbook is for MSBs looking to implement a risk-based approach). While guidance published by FINTRAC doesn’t carry the weight of law or regulation, it does provide valuable insight about FINTRAC’s expectations.

Another excellent source of information is FINTRAC’s published Policy Interpretations. These are FINTRAC’s official answers to questions asked by MSBs and other reporting entities.

In Person & Desk Examinations

Whether the FINTRAC exam is in person or desk (conducted by phone) examinations, they follow very similar formats. The key difference is the regulator’s ability to request additional operational data during onsite examinations.

It is ok for you to take notes throughout the examination process (and we recommend that you do). You are permitted to have a lawyer, consultant or other representative with you (if you do, FINTRAC will request that you complete the Authorized Representative Form in advance). While your representative cannot generally answer questions on your behalf, they can prompt you if you are nervous or stuck, and help you to understand what is being asked of you, if it is not clear.

If you do not speak English and/or French fluently, we highly recommend that you have a person present who can translate questions and responses for you.

If you are not certain what the examiner is asking for, you should always ask for clarification before answering.

For in person examinations, do not invite the examiner to have a pint, lunch or even a coffee. FINTRAC has very strict policies around bribery, to the extent that if I am out socially with an acquaintance who works for FINTRAC, I cannot pay for their tea. It may feel a little bit “over the top”, not to be able to extend these courtesies, but don’t be offended – it’s not you, it’s policy.

The Introduction

The examiner will provide a brief overview of the examination process as a formal opening to the examination. At the end of this introduction, the examiner will ask if you have any questions. At this point, it can be useful to provide a very brief (five minutes maximum) overview of your business.

Your introduction should reflect the materials that you have already submitted to FINTRAC (which ideally included an opening letter that described anything about the business that would not be readily apparent to the examiner, or anything that you believe could be misunderstood). Key facts about your business include:

  • Your corporate structure and ownership;
  • The types of products and services that are offered / types of transactions that are conducted;
  • Where your offices, agents and customers are located;
  • How you connect with and your customers; and
  • Anything significant that has changed since your last FINTRAC examination.

This synopsis must be very brief. If there is anything that is complex, it should be included as an explanation in your initial package (preferably in a simplified chart form – for example an ownership structure chart).

The examination will then begin. At the end of each section, the examiner will ask if you have any questions and let you know whether there are any deficiencies.

Part 1 – FINTRAC MSB Registration

In this part, FINTRAC will go through your MSB registration field by field and confirm that the information is accurate. The most common errors that we have seen are:

  • Not listing a trade name/operating name;
  • Not listing all relevant locations;
  • Listing bank accounts that are inactive or not listing bank accounts that are active;
  • Not including MSB or agent relationships (either buying from or selling to another MSB);
  • Incomplete ownership information; and
  • Senior Management and/or Compliance Officer information, that is out of date.

Although it is not technically part of the registration, some examiners will ask about the Compliance Officer’s responsibilities/duties at this stage.

Failure to update the MSB registration in the “prescribed form and manner” is the single most common deficiency for MSBs from 2008 to the present, accounting for deficiencies in 61% of examinations (according to FINTRAC data released in 2015).

Part 2 – Compliance Policies & Procedures

In this part, FINTRAC will ask questions about the policy and procedure documents that you have provided in advance of the examination. There are a few standard questions that are generally asked:

  • Who wrote the policies and procedures?
  • Were the versions submitted to FINTRAC the most recent versions?
  • When were they updated?
  • When and how do you identify your customers?
  • How do you ensure that identification is up to date?
  • How do you monitor transactions?
  • How do you recognize, document and monitor “business relationships” (note: this is any time that you have either an ongoing service agreement with a customer and/or your customer has performed two or more transactions that require identification).
  • What are indicators of a suspicious transaction?

The examiner will also ask a number of questions based on the documents that you have submitted, including questions about compliance-related processes.

Part 3 – Risk Assessment

In this part, FINTRAC will focus on your Risk Based Approach, asking specific questions about the Risk Assessment and related documents that you have provided in advance of your examination. Again, there are some common questions that are asked:

  • Do you have any high-risk customers or business relationships?
  • What factors do you consider in determining that a customer or business relationship is high risk?
  • How are customer due diligence and enhanced due diligence different (both generally, and in your processes and documentation)?

Most additional questions will be related to risk management processes. For example, it has been common in the last few months for examiners to ask if a customer or transaction could be rejected (“Yes, if it was outside of our risk tolerance.”)

This may also lead to questions about whether or not an Attempted Suspicious Transaction Report (ASTR) or Suspicious Transaction Report (STR) was filed. If there were reasonable grounds to suspect money laundering or terrorist financing, the answer should be yes, if not, you should explicitly say, “There were not reasonable grounds to believe that this event was related to money laundering or terrorist financing” then provide an explanation.

Part 4 – Operational Compliance & Reporting

In this part, the examiner will ask questions about specific transactions. Some of the cases that you must be ready to explain are:

  • A reportable transaction (generally an electronic funds transfer or EFT) was reported by another reporting entity;
  • A transaction matches an indicator of potentially suspicious activity (if there were reasonable grounds to suspect money laundering or terrorist financing, the answer should be yes, if not, you should explicitly say that “there were not reasonable grounds to believe that this event was related to money laundering or terrorist financing” then provide an explanation); and
  • Business relationships and ongoing monitoring (in particular, if this did not occur earlier in the examination).

During a desk examination, the examiners do not request additional materials.

During onsite examinations, it has become commonplace for examiners to request additional materials. These are generally related to:

  • Business relationships;
  • Ongoing monitoring (including the monitoring of business relationships),
  • High risk customers;
  • Enhanced due diligence; and
  • Other risk-based processes.

Be clear with the examiner about what can be extracted easily from your IT systems, and in the case that data cannot be extracted easily, be prepared to show the examiner an example (or several). If your system has an “auditor access” feature (generally read only access with search capability), it can be useful to set this up in advance of the onsite visit.

Exit Interview

Congratulations – you’ve made it to the finish line!

At this point, the examiner will sum up the findings (if there are any), and read a standard disclosure statement. For most of us, the disclosure statement is terrifying, as it talks about penalties. This is standard process – do not be alarmed. When the examiner has finished, you may ask if a penalty is being recommended (if you’re a worrier, please do this). Not all FINTRAC examiners will provide guidance at this stage, but it doesn’t hurt to ask.

The examiner will let you know when to expect a formal letter (generally within 30 days of the end of an examination).

After the Examination

You will receive a formal letter that details FINTRAC’s findings, as well as whether or not an Administrative Monetary penalty (AMP) is being recommended. In the case that there is a potential penalty, we recommend taking action as soon as possible). In most cases, FINTRAC does not require MSBs to submit an action plan (but your bank might still require that you do this, and it’s a good idea to keep a record of the actions that you’ve taken to correct any deficiencies).

Need a Hand?

If you are an MSB that needs compliance assistance preparing for an FINTRAC exam, remediating findings, or setting up an AML compliance program, please contact us.

Return to Blog Listing


PROCESSING...