PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

First AML Compliance Effectiveness Review Timing

As a company that gets to work with a lot of startups, and existing companies entering the Canadian market, we get to help folks understand the regulatory landscape in Canada. One of the required elements of a Canadian compliance program is an AML Compliance Effectiveness Review. These reviews must be completed every two years at a minimum. You can think of it like an audit, but for compliance.

The purpose of an effectiveness review is to determine whether your AML compliance program has gaps or weaknesses that may prevent your business from effectively preventing, detecting and deterring money laundering and terrorist financing. Recently, we have seen an increased focus on Effectiveness Reviews during FINTRAC examinations. Specifically, on whether the review really tested the effectiveness of the compliance program as a whole (not just what you say you’re doing, but also what you’re actually doing). This has led to FINTRAC examiners requesting the working papers for completed effectiveness reviews where the report did not clearly describe how the effectiveness was tested and assessed. This is the main reason Outlier has started providing our working papers with the final report. This also provides a pretty good reference point for making sure you are meeting your regulatory expectations.

First Time for Everything

In previous engagements, Outlier has operated on the theory that the clock for when your first review was due stemmed from the MSB’s FINTRAC registration date. However, we were incorrect. It wasn’t until a recent conversation where the registration date preceded any customer transactions by six months, that really spurred on an official clarification from the regulator. The trigger for the 2-year clock to start ticking is not registration but “a registered MSB is required to create a compliance program once it engages in one or more of the MSB-related activities.” This means that the clock starts ticking after the MSB has conducted their first transaction.

Here is a PDF version of the policy interpretation we received from FINTRAC that you can keep for your records.

Potential Corrections

If we have completed a review for you in the past that has a commencement date prior to your first customer transaction, please feel free to reach out so we can amend your report to the proper date.

Upcoming Effectiveness Reviews

While this article talks about your first review, you must also be sure to initiate all subsequent reviews within 2 years of the start date of your previous review. Please note that this is based on the previous commencement date, not the date of completion or issuance of the final report.

Need a Hand?

If you are looking for an idea of pricing for an upcoming review or have questions about a review that is currently underway, please feel free to contact us.

Outlier Compliance Group welcomes Karene Lewis!

The Outlier Compliance Group team is thrilled to welcome our newest member, Karene Lewis!

Karene brings deep banking (including credit union) and money services business (MSB) experience.

Karene’s Bio

Karene joins the Outlier team with more than 15 years of experience in the financial services sector; over 10 years of experience working in the Credit Union sector; over eight years of working experience building relationships with MSBs and PSPs, and enhancing and managing compliance programs for a variety of regulated entities.

Her areas of knowledge and experience in regulatory compliance and risk management were gained through various roles throughout her career in the financial services sector; managing regulatory compliance and risk, contributing to the development and implementation of policies and procedures, conducting comprehensive internal compliance audits, effectiveness reviews, risk assessments and the training of team members, senior management and executives; with proven strengths in communication and building strong business relationships.

Karene got into compliance when in her role as Business Relationship Manager, she was tasked with managing the MSB and high-risk client program for the financial institution. In order to become more familiar with the industry that she was now going to be working so closely with, she attended a Canadian MSB conference, where she learned so much about these regulated entities, how they are typically formed out of a need to provide financial services to often underserved communities and as a way for families to send financial assistance to family members in need, in diasporas around the world. With this knowledge, she was hooked and wanted to find out how she could help bring a positive light to this much-needed service while ensuring adherence to all applicable regulatory compliance laws and regulations.

Karene supports Outlier’s mission statement, “good compliance can enable good business.” She is passionate about compliance and risk management and believes that businesses can be successful and compliant at the same time; sometimes all you need is a little help and some guidance to set you on the right path.

Please join us in welcoming Karene!

She’ll be attending the Futurist conference in Toronto as her first official Outlier event. Please say hello and welcome her to the team.

Effectiveness Reviews for Dealers in Virtual Currency

Effective June 1, 2020, dealers in Virtual Currency activities were considered as Money Services Businesses (MSBs) and as such, must comply with MSB obligations under amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). One obligation is to have an AML effectiveness review at least once every two years. MSBs must start their effectiveness review no later than two years from the start of their previous review or in the case of dealers in Virtual Currency, no later than June 1, 2022, the date they were considered to be MSBs under law.

Such reviews must test your compliance program and effectiveness of your operations. Our reviews follow a similar format to examinations conducted by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), which you can read more about in a previous Blog Post.

We’re Here To Help

If you have not yet engaged or commenced your review, there are still a couple of weeks to be compliant. If you would like to engage Outlier to conduct your AML Compliance Effectiveness Review or have questions regarding this obligation, please get in touch.

Amendments To The Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations – 2022

Background

On April 27, 2022 amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations were published in the Canada Gazette. To make reading these changes a little easier, we (thanks Rodney) have created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

The Regulatory Impact Statement for these changes state the following:

Crowdfunding platforms and some payment service providers are not currently covered by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the Act) and therefore have no money laundering and terrorist financing obligations under federal statute. This lack of oversight presents a serious and immediate risk to the security of Canadians and to the Canadian economy. This risk was highlighted in early 2022, when illegal blockades took place across Canada that were financed, in part, through crowdfunding platforms and payment service providers. Allowing these gaps to continue represents a risk to the integrity and stability of the financial sector and the broader economy, as well as a reputational risk for Canada.

Amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations, and consequential amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations, will help prevent the financing of illegal activities through these types of financial services.

What’s Changed?

The changes are substantial and sudden. They will affect many companies that have not been previously under the purview of AML regulation in Canada. These changes are effective immediately and there is no comment period, which is not the norm for such changes.

To help digest these changes, we have summarized what we feel are the most important changes below:

The definition for an electronic funds transfer has been removed and the corresponding section within the body of the regulations was amended. Previous exemptions related to remitting or transmitting from one person or entity to another by Credit or Debit Card, or Prepaid Payment Product if the beneficiary has an agreement with the payment service provider that permits payment for the provision of goods and services, has been revoked for money services businesses, which as we mentioned now includes Payment Service Providers.

The definitions section was amended by adding the following:

  • crowdfunding platform means a website or an application or other software that is used to raise funds or virtual currency through donations. (plateforme de sociofinancement)
  • crowdfunding platform services means the provision and maintenance of a crowdfunding platform for use by other persons or entities to raise funds or virtual currency for themselves or for persons or entities specified by them.

With these changes, crowdfunding platforms and payment service providers will now be subject to existing money services businesses requirements. These obligations include:

  • Registration with FINTRAC;
  • Developing a compliance program;
  • Customer identification and due diligence;
  • Transaction monitoring and customer risk scoring;
  • Reporting certain transactions to regulators and government agencies;
  • Complying with Ministerial Directives; and
  • Keeping records.

Specific to record keeping, crowdfunding platforms that provide services to persons or entities in Canada where a person donates an amount of CAD 1,000 or more in funds or virtual currency will need to:

(a) keep an information record in respect of the person or entity to which they provide those services;

(b) keep a record of the purpose for which the funds or virtual currency are being raised; and

(c) if the person or entity for which the funds or virtual currency are being raised is different from the person or entity referred to in paragraph (a),

      1. keep a record of their name, and
      2. take reasonable measures to obtain their address, the nature of their principal business or their occupation and, in the case of a person, their date of birth, and keep a record of the information obtained.

What Next?

Due to these changes, FINTRAC will need to revise its interpretation of existing requirements to include crowdfunding platforms and payment service providers. There is no set date for when we can expect guidance from FINTRAC. Additionally, various FINTRAC policy interpretations will no longer be able to be relied upon (i.e. policy interpretations related to merchant services as well as payment processing for utility bills, mortgage and rent, payroll, and tuition being exempt from AML obligations). The hope is FINTRAC will issue new policy interpretations, but for now the industry is left with many questions.

We’re Here To Help

If you would like assistance in understanding what these changes mean to your business, or if you need help in creating or updating your compliance program and processes, please get in touch.

Outlier Solutions Inc. Offering Compliance Services to the Metaverse in Decentraland

February 23, 2022 Toronto — Outlier Solutions Inc. doing business as Outlier Compliance Group, a consultancy specializing in compliance solutions for reporting entities ranging from banks to dealers in virtual currencies (like bitcoin) to real estate firms, is one of the first to offer compliance services in the metaverse. Outlier will be joining as one of the professional service providers setting up shop in conjunction with Grinhaus Law Firm, a leading Canadian law firm in Blockchain regulatory advisory, and DGM Financial Group, a prominent Trust and corporate services office which helps structure crypto businesses internationally, in Decentraland, to service clients globally and through the metaverse.

Visitors to Decentraland will now be able to visit Outlier’s office, and book meetings with one of the team members. Visitors can discuss their Canadian compliance needs on topics such as Canadian anti-money laundering (AML), counter terrorist financing (CTF), privacy, and regulatory compliance management. Virtual spaces include traditional offices and a fountain (and of course, meetings can also be requested in person and via more traditional virtual meeting software). The Decentraland office is located at -39, 121, in the same neighbourhood as Decentraland University.

“The world, actual and virtual, is evolving rapidly” said Outlier’s Founder and CEO, Amber D. Scott. “It’s important to understand what shape that evolution is taking, and no better way to learn than to be involved directly.” She adds, “It just makes sense that in order to be good advisors to companies operating in the metaverse, we would be there too.”

Scott’s avatar in Decentraland checks out the new virtual office space.

Founder of Grinhaus Law Firm, Aaron Grinhaus, stated, “we are pleased to welcome Outlier Solutions Inc. and complement our line up of professional services to help people and businesses navigate the ‘gray areas’ and legitimize the existence of the metaverse.”

Decentraland, with its 800,000+ residents and $54B in transactions, is also home to a wide array of companies and institutions from academia to crypto companies to fashion. This represents an opportunity to strategically grow Outlier’s presence as well as participate in the booming growth and creation in the metaverse.

Please direct media inquiries to decentraland@outliercanada.com.

About Outlier Solutions Inc.
Outlier Solutions Inc. dba Outlier Compliance Group is a Canadian consulting firm, founded in August of 2013, which is focused on developing compliance solutions for reporting entities. Outlier’s areas of expertise include anti-money laundering (AML), counter terrorist financing (CTF), privacy, and regulatory compliance.

For further information please visit https://www.outliercanada.com

About Grinhaus Law Firm
Grinhaus Law Firm was established in 2012 and is a business, tax and regulatory focused firm with a niche expertise in Blockchain and Smart Contract law.

For further information please visit https://grinhauslaw.ca

About DGM Financial Group
DGM Financial Group is a global financial services firm that provides Trust Administration, Corporate Services, Management Services to insurance and non-insurance companies, Family Office, Director Services, and is a Listing Sponsor on the Barbados Stock Exchange.

For further information please visit https://dgmfinancialgroup.com/

About Decentraland
Decentraland is the first fully decentralized virtual world. Powered by DAO, which owns the most important smart contracts and assets of Decentraland. Decentraland is a software running on Ethereum that seeks to incentivize a global network of users to operate a shared virtual world. Decentraland users can buy and sell digital real estate, while exploring, interacting and playing games within this virtual world.

For further information please visit https://decentraland.org

Proliferation Financing

 

 

 

 

What is it, and why should AML compliance professionals be paying attention?

If you’ve looked at the Financial Action Task Force (FATF)’s recommendations recently, you’ve no doubt noticed that there are now three big topics on the covering page:

  • Money laundering,
  • Terrorist financing, and
  • Proliferation.

The last of these has received considerably less attention until recently, and in many cases, it may not be explicitly included in either jurisdiction-specific legislation or compliance programs. While some elements of proliferation are generally included (for instance, it is rare to see a compliance program that does not address sanctions-related list screening), there is often little if any consideration given to risks such as sanctions evasion or the non-implementation of sanctions.

According to the FATF, weapons of mass destruction (WMD) proliferation refers to the manufacture, acquisition, possession, development, export, trans-shipment, brokering, transport, transfer, stockpiling or use of nuclear, chemical or biological weapons and their means of delivery and related materials (including both dual-use technologies and dual use goods used for non-legitimate purposes). The financing of proliferation refers to the risk of raising, moving, or making available funds, other assets or other economic resources, or financing, in whole or in part, to persons or entities for purposes of WMD proliferation, including the proliferation of their means of delivery or related materials (including both dual-use technologies and dual-use goods for non-legitimate purposes). There are targeted financial sanctions intended to prevent specific jurisdictions, organizations, and persons from participating in any proliferation-related activities.

In Canada, reporting entities have strict obligations to comply with sanctions requirements.

Similarly, terrorists and terrorist groups are often subject to financial sanctions and prohibitions. All accounts and transactions are scanned against listed persons and entities. In the case that we have property (including money and investments) in our possession that belongs to a listed person or entity, it must be frozen and reported immediately.

Recommendation 1 requires countries and private sector entities to identify, assess, and understand “proliferation financing risks”. In the context of Recommendation 1, “proliferation financing risk” refers strictly and only to the potential breach, non-implementation or evasion of the targeted financial obligations referred to in Recommendation 7. These R.7 obligations apply to two country-specific regimes for the Democratic People’s Republic of Korea (DPRK) and Iran, require countries to freeze without delay the funds or other assets of, and to ensure that no funds and other assets are made available, directly or indirectly to or for the benefit of (a) any person or entity designated by the United Nations (UN), (b) persons and entities acting on their behalf or at their direction, (c) those owned or controlled by them. The full text of Recommendations 1 and 7 is set out at Annex A.

Canadian reporting entities will be familiar with Ministerial Directives related to North Korea and Iran that impose additional requirements, as well as providing indicators of activity related to these jurisdictions. While we may not be used to thinking about these requirements as being controls related to proliferation financing risk, this is exactly what they are. We may also fail to consider how they fit into our overall compliance regimes.

Proliferation Financing Trends and Typologies

It is not enough to simply say that your business does not deal with these jurisdictions directly. In many cases, funds are not actually repatriated to these jurisdictions but are held in other countries. For instance, identified state-sponsored North Korean hacking groups have moved stolen funds and virtual currencies through the Philippines, Macau, and China. In addition, actors intending to circumvent sanctions are known to be relatively proficient in using false and manufactured identities, as well as well as organizational structures intended to obfuscate true beneficial ownership. In the FATF’s webinar on proliferation financing, the global watchdog noted that proliferation financing may be one of the most challenging threats to detect in action, due to its complex nature.

Helpful Resources

Late in 2021, the FATF conducted an excellent webinar on proliferation financing risk assessment and mitigation, which has now been posted publicly. This presentation includes an excellent high-level overview, as well as detailed discussions of the trends and typologies that are relevant today.

It can be useful to review the aspects of the FATF’s recommendations that refer to proliferation.

There is additional guidance from the FATF on proliferation financing risk assessment and mitigation. This is a detailed document focused entirely on proliferation financing, and the FATF’s expectations.

The UK has conducted a national level assessment of proliferation financing risk. This includes a number of relevant case studies and typologies. If you want the sense of it, but are short on time, our friend Dev Odedra has published a summary.

Manchester CF has launched a proliferation financing training module as part of the Financial Intelligence Specialist (FIS) designation, offered in conjunction with the University of Newhaven.

Need a Hand?

If you want to get ahead of the curve by having a conversation about proliferation financing risk and potential impacts to your compliance program, please contact us.

FINTRAC Examinations for the Real Estate Sector

We often hear friends and clients in the real estate sector say they are unsure what to expect if (and when) the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) notifies them of an examination. This article is meant to provide guidance on what to expect and how to ensure a smooth review.

Background

In 2019–20, FINTRAC conducted 399 compliance examinations, of which 146 were focused on the real estate sector [1]. The real estate sector has been the main focus for FINTRAC examinations since 2017 due to the growing concern of money laundering taking place in the Vancouver, Toronto and Montreal real estate market.

For the purpose of assessing compliance, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act gives FINTRAC the authority to inquire into the business of any regulated entity.

FINTRAC examinations are reviews of your compliance program (what you say you are doing to stay in compliance) and your operations (what you’re actually doing to stay in compliance). These exams can take place at any time and should not be confused with your obligation to have an AML Effectiveness Review at least once every two years. FINTRAC examinations can take place in-person onsite at your office, at a FINTRAC office, or over the phone. FINTRAC will provide advance notice of an examination, which is scheduled by telephone and confirmed by letter [2]. Note, due to the COVID-19 pandemic, FINTRAC is not currently conducting onsite examinations [3].

I Have Received Notice of an Exam. Now What?

FINTRAC will request documentation, including your compliance policies and procedures, assessment of risks of money laundering and terrorist financing, measures to mitigate high risks, samples of transaction documentation, and other documents be summitted to them. Based on FINTRAC’s areas of review, the below is a sample list of what you can expect to provide. We have also created a more detailed version of the list which you can find here.

  • Most recent version of compliance policies and procedures;
  • Most recent version of your documented risk assessment;
  • Copy of the last two documented internal and/or external reviews of your compliance program (this may include the reviewer’s working papers as well);
  • Training program and records;
  • Organizational Chart;
  • Financial Statements;
  • Number of full-time and part-time employees/sales representative;
  • All suspicious and attempted suspicious transaction records;
  • A list of all closed deals related to the sale/purchase of real estate;
  • In-Trust bank account records; and
  • Large cash transaction records.

You will generally have 30 days to provide all requested documentation to FINTRAC. It’s a good idea to read through the request carefully before you begin your preparation.

Whether you are submitting your materials on paper or in electronic format, it is a good idea to create folders or cover pages for each item that FINTRAC has requested. This creates separate sections for each item and helps you to stay organized. A missed item usually can’t be submitted once the deadline has passed, and can result in deficiencies. We’ve created a sample format for your submission package that you can download for free here.

The Exam

Whether the FINTRAC exam is in-person, at their office or over the phone, they follow very similar formats. The key difference is the regulator’s ability to request additional operational data during onsite examinations.

It is ok for you to take notes throughout the examination process (and we recommend that you do). You are permitted to have a lawyer, consultant or other representative with you (if you do, FINTRAC will request that you complete the Authorized Representative Form in advance). While your representative cannot generally answer questions on your behalf, they can prompt you if you are nervous or stuck, and help you to understand what is being asked of you if it is not clear.

The Introduction

The examiner will provide a brief overview of the examination process as a formal opening to the examination. At the end of this introduction, the examiner will ask if you have any questions. At this point, it can be useful to provide a very brief (five minutes maximum) overview of your business.

Your introduction should reflect the materials that you have already submitted to FINTRAC (which ideally included an opening letter that described anything about the business that would not be readily apparent to the examiner, or anything that you believe could be misunderstood). Key facts about your business include:

  • Your corporate structure and ownership;
  • The types of products and services that are offered/types of transactions that are conducted;
  • Where your offices, agents and customers are located;
  • How you connect with your customers; and
  • Anything significant that has changed since your last FINTRAC examination.

This overview should be simple and brief.  At this point, the examination will then begin. At the end of each section, the examiner will ask if you have any questions and let you know whether there are any deficiencies.

Compliance Policies & Procedures

During this part, FINTRAC will ask questions about the policy and procedure documents that you have provided in advance of the examination. There are a few standard questions that are generally asked:

  • Who wrote the policies and procedures?
  • Were the versions submitted to FINTRAC the most recent versions?
  • When were they last updated?
  • When and how do you identify your customers?
  • How do you ensure that identification is up to date?
  • How do you monitor transactions?
  • How do you recognize, document and monitor “business relationships” (note: this is any time that you have either an ongoing service agreement with a customer and/or your customer has performed two or more transactions that require identification [4]).
  • What are indicators of a suspicious transaction?
  • The examiner will also ask a number of questions based on the documents that you have submitted, including questions about compliance-related processes.

Risk Assessment

During this part, FINTRAC will focus on your Risk Based Approach, asking specific questions about the Risk Assessment and related documents that you have provided in advance of your examination. Again, there are some common questions that are asked:

  • Do you have any high risk customers or business relationships?
  • What factors do you consider in determining that a customer or business relationship is high risk?
  • How are customer due diligence and enhanced due diligence different (both generally, and in your processes and documentation)?

Most additional questions will be related to risk management processes. For example, it has been common in the last few months for examiners to ask if a customer or transaction could be rejected (“Yes, if it was outside of our risk tolerance”).

This may also lead to questions about whether or not an Attempted Suspicious Transaction Report (ASTR) or Suspicious Transaction Report (STR) was filed. If there were reasonable grounds to suspect money laundering or terrorist financing, the answer should be yes. If not, you should explicitly say “There were not reasonable grounds to believe that this event was related to money laundering or terrorist financing”, then provide an explanation.

Operational Compliance & Reporting

During this part, the examiner will ask questions about specific transactions/deals. Some of the cases that you must be ready to explain are:

  • A transaction matches an indicator of potentially suspicious activity (if there were reasonable grounds to suspect money laundering or terrorist financing, the answer should be that you filed an STR, if not, you should explicitly say that “there were not reasonable grounds to believe that this event was related to money laundering or terrorist financing”, then provide an explanation);
  • Questions related to receipt of funds and large cash transactions; and
  • Business relationships and ongoing monitoring (in particular, if this did not occur earlier in the examination).

During a desk examination, the examiners typically do not request additional materials.

During onsite examinations, it has become commonplace for examiners to request additional materials. These are generally related to:

  • Business relationships;
  • Ongoing monitoring (including the monitoring of business relationships);
  • High risk customers;
  • Enhanced due diligence; and
  • Other risk-based processes.

Be clear with the examiner about what can be extracted easily from your IT systems, and in the case that data cannot be extracted easily, be prepared to show the examiner an example (or several). If your system has an “auditor access” feature (generally read-only access with search capability), it can be useful to set this up in advance of the onsite visit.

Exit Interview

Congratulations – you’ve made it to the finish line!

At this point, the examiner will sum up the findings (if there are any), and read a standard disclosure statement. For most of us, the disclosure statement is terrifying, as it talks about penalties. This is standard process – do not be alarmed. When the examiner has finished, you may ask if a penalty is being recommended (if you’re a worrier, please do this). Not all FINTRAC examiners will provide guidance at this stage, but it doesn’t hurt to ask.

After the Exit Interview

After the examination and exit interview, generally within 30 days, you will receive a formal letter that details FINTRAC’s findings. The letter will state either of these possibilities:

  • No further compliance or enforcement action;
  • Possible follow-up compliance action; or
  • A recommendation for an enforcement action, such as an administrative monetary penalty (AMP).

In the case that there is an AMP imposed, we recommend taking action as soon as possible. In most cases, FINTRAC does not require real estate brokers and sales representatives to submit an action plan.

We’re Here To Help

If you need assistance preparing for a FINTRAC exam or have any compliance questions in general, please contact us.

 

 

[1] https://www.fintrac-canafe.gc.ca/publications/ar/2020/1-eng

[2] FINTRAC considers the date on which you are advised of an examination, which is typically done by phone, to be the start of the compliance examination process.

[3] https://www.fintrac-canafe.gc.ca/covid19/covid-2020-07-27-eng

[4] Effective June 1, 2021 a business relationship will be defined as either entering into an ongoing service agreement with a customer and/or your customer has performed one or more transactions that require identification.

Changes to PIPEDA, Canada’s Private-Sector Privacy Law

Background

On November 17, 2020, Bill C-11, the Digital Charter Implementation Act, 2020 was introduced. If passed, the proposed Act would repeal part 1 of the Personal Information Protection and Electronic Documents Act (PIPEDA) and a new Consumer Privacy Protection Act (CPPA) would regulate the way in which personal information is collected, used and disclosed by private sector organizations in the course of their commercial activity.

The bill would also create an administrative tribunal to hear appeals of decisions made by the Privacy Commissioner of Canada and impose penalties. Currently, such appeals are heard in federal court.

As technology continues to evolve, the proposed Act is meant to protect Canadians by creating and enhancing current obligations, including:

  • Increasing control and transparency when Canadians’ personal information is handled by companies;
  • Giving Canadians the freedom to move their personal information from one organization to another;
  • Ensuring that Canadians have the ability to request that their personal information be destroyed;
  • Providing the Privacy Commissioner with broad order-making powers, including the ability to force an organization to comply; and
  • Fines of up to 5% of revenue or $25 million.

What Will Change?

The proposed Act brings about many changes. Highlighted below are what we feel are some of the most significant:

Privacy Program: Organizations would be required to maintain a privacy management program setting out policies and procedures the organization takes to protect and deal with personal information. The Office of the Privacy Commissioner (OPC) could request these procedures at any time.

Consent: The Act adopts elements of the OPCGuidelines for obtaining meaningful consent, creating transparency requirements.

Exceptions: The Act defines a list of “business activities” for which an organization can process personal information without consent.

Transfers to Service Providers: The Act would establish that consent is not required to transfer personal information to a service provider.

Automated Decision-MakingIf an organization uses an “automated decision system”, under the Act, they must ensure how a prediction, recommendation or decision about a person is made is documented.

Data Mobility: The Act would allow that on the request of an individual, an organization must, as soon as feasible, disclose the personal information it has on file of the individual to another organization if those organizations are subject to a “data mobility framework”.

Disposal of PI: The Act would provide individuals with an explicit right to request the deletion of their personal information.

Revised OPC powers: The OPC would have the authority to issue enforcement orders and recommend penalties. Currently, the OPC only has the power to recommend measures after an investigation.

Private Right of Action: The Act would allow individuals to sue companies within two years following a regulatory investigation. The individual would have to prove loss in order to recover damages.

Codes of practice and certification: The Act would allow for the creation of codes of practice and certification programs to facilitate compliance with the Act, which would be subject to approval by the OPC.

What Do We Do?

For now, we wait but plan for changes to your privacy program in the years ahead. If the bill is passed, the draft legislation will be open for a comment period in which you are encouraged to submit comments. The OPC released a statement on November 19, 2020 related to the bill. Our guess is we will see amendments based on the OPCs statement.

We’re Here To Help

If you have questions related to this or privacy legislation in general, please contact us.

The Iran Ministerial Directive’s Impact

Quick Overview

On July 25, 2020, a new Ministerial Directive (MD) was published in the Canada Gazette by the Minister of Finance on financial transactions associated with the Islamic Republic of Iran.  On July 27, 2020, FINTRAC issued guidance on how to incorporate the MD into your anti-money laundering (AML) program, along with some indicators for determining if a transaction is associated with Iran. This MD requires that every transaction originating from or bound for Iran be treated as high risk, regardless of the amount. This includes identifying every client, performing customer due diligence, and recording certain information. It is vital that your AML compliance program documentation contains internal processes related to MDs, even if you do not conduct transactions with Iran (or North Korea, based on the previous MD issued December 9, 2017).

What is a Ministerial Directive?

MDs are specific requirements imposed by the Minister of Finance that are meant to mitigate risks associated with activities that pose elevated risk and safeguard the integrity of Canada’s financial system. To date, these areas of elevated risk have been identified by the Financial Action Task Force (FATF) as posing strategic deficiencies with regards to international standards for anti-money laundering and counter terrorist financing.

What does this Ministerial Directive require?

The guidance from FINTRAC states that every bank, credit union, financial services cooperative, caisse populaire, authorized foreign bank and Money Services Business (MSB) must:

  • Treat every financial transaction originating from or bound for Iran, regardless of its amount, as a high-risk transaction;
  • Verify the identity of any client (person or entity) requesting or benefiting from such a transaction;
  • Exercise customer due diligence, including ascertaining the source of funds in any such transaction, the purpose of the transaction and, where appropriate, the beneficial ownership or control of any entity requesting or benefiting from the transaction;
  • Keep and retain a record of any such transaction;
  • Determine whether there are reasonable grounds to suspect the commission or attempted commission of a money laundering or terrorist financing offence and report all suspicious transactions to FINTRAC;
  • Reporting all other reportable transactions (if applicable).

To be clear, this MD does not apply to transactions where there is no suspicion or explicit connection with Iran and there is no evidence of the transaction originating from or being bound for Iran. A couple of examples were provided in the FINTRAC Guidance:

  • A client who has previously sent funds to Iran requests an outgoing EFT, where the transaction details do not suggest that this transaction is bound for Iran and you are unable to obtain further details about the transaction destination; or
  • The client’s identification information is the only suggestion of a connection to Iran (for example, a transaction where the conductor’s identification document is an Iranian passport).

What does it mean to you?

It is important to understand that even if your business does not facilitate transactions involving Iran, it is expected that you have a process in place for adhering to MDs, including how the Compliance Officer stays up to date. Within your AML compliance program documentation, you need to have a section that talks about MDs generally, plus specific procedures related to handling the current MDs (transactions involving Iran and North Korea). In the FINTRAC guidance related to this MD, it states that during an examination, FINTRAC will assess your compliance with MDs and failures to do so are considered very serious and may result in a penalty.

What now?

In order to ensure familiarity for anyone who interacts with customers and their transactions, the list of FINTRAC’s indicators should be communicated immediately.  Furthermore, the indicators should also be included in your procedure manuals and annual AML compliance training topics, allowing easy access to the information. Documenting the information and related processes for MDs is very important so you can demonstrate to FINTRAC your adherence to the requirements during an examination.

Need a hand?

We’ve made it easier for you to integrate this content into your program by putting the information into a Word document for you. If you aren’t sure what to do with this information and would like some assistance, please feel free to contact us.

Information Should Be Free!

Outlier has produced an open-source AML and CTF, and Privacy repositories of definitions, acronyms, and terminology that is free for whoever wants it.

Please feel free to provide contributions and/or feedback, as it would be greatly appreciated. We have already had three contributors!

Discombobulated

About a year ago, we had a client who was interacting with the world of Anti-Money Laundering (AML) and Counter Terrorist Financing (CTF) for the first time. They were aggravated by the amount of jargon, acronyms, and uncommon uses of certain commonly understood terms. An example is, a business relationship. Those of you that are relatively familiar with the AML space know a business relationship doesn’t mean what the rest of the world thinks it means. In Canada, in the AML context, it means something very different.

A Helping Hand

At the time, they wished for a simple reference point where they could easily find the meaning for different terms. Unfortunately, this entails combing multiple locations, including FINTRAC’s website, plus the Act and Regulations themselves. To make a long story short, there is no easy way. Fed up, they (not so) gently suggested that we (Outlier) fix this. Their idea was creating a GitHub repository.

For those unfamiliar with GitHub, it is a web-based hosting service for version control. It is mostly used for computer code, but has also been used to write and edit books. It offers access control and several collaboration features. A GitHub repository is where the code and/or information is maintained for a specific project. This process is fairly simple to someone who is a coder with years of experience working with GitHub. For myself, this was not so simple. A year later, almost to the day, the repository is created, open and available to the public. There is no need to be scared, you are able to comment and make suggestions without knowing how to code at all. If you can’t figure out how to provide commentary in GitHub, send it to use via email at info@outliercanada.com with the subject line “GitHub Feedback.”

The Power of Collaboration

The (not so) gentle nudge meshed well with one of Outlier’s core beliefs: that information should be free. By collecting the information, housing it in GitHub, and making it available to anyone, we are able to provide free information to everyone who wants it. By making information free and public, it gives others the opportunity to make suggestions, add content, and improve the quality of the information.

What Happens When We Work Together?

By sharing this open-source project with the world, we are looking to empower anyone willing to be empowered. From the client who is interacting with the world of AML for the first time. To the seasoned-veteran who is looking for helpful resources. To the person who wants to provide their customer with a helpful resource. Take the information and do what you wish with it. If you would like to attribute Outlier, awesome! If not, that’s ok too. Our only request is this should never be provided for a fee.

Have a Question?

If you looked at the resource and are curious about how to make a contribution, please feel free to contact us anytime. Contributions can include anything from corrections and suggestions, to the addition of different jurisdictional definitions, specifically the European perspective.

This is not a solicitation (but we do get this request often), should you want to provide a tip in BTC or ETH, our addresses are listed below.

To open a channel with our Lightning Node, our address is: 03acb418d5b88c0009cf07d31ec53d0486814bc77917c352bd7e952520edf7bf3c@99.236.76.38:9735

or you can use Tippin.Me.

bitcoin ethereum
3AqYJQhfKYCde7syKKqTJJPdLs6M5CbWkR 0x03CDF23a2Eb070F2c79De5B2E6FB90671D3c70fE
Outlier BTC Tipping Address

Return to Blog Listing