Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

2019 AML Updates for Credit Unions

Background

On July 10th, 2019 the final amendments to Canada’s anti-money laundering (AML) regulations, were published in the Canada Gazette.  Many of the changes are based on requirements set out by the Financial Action Task Force (FATF), an inter-governmental body that sets out international standards for combating money laundering and terrorist financing, as well as from certain amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) made through the Economic Action Plan 2014 Act, No. 1 and the Budget Implementation Act, 2017, No. 1.

For those that prefer to see the updates in context, we have created unofficial red-lined versions of the regulations, which can be found here.

It is expected that all regulated entities will have to significantly revamp their AML compliance program due to the changes. There are three different “coming into force” dates that should be noted:

  • June 25, 2019: a wording change from “original” to “authentic” related to identification. This is welcomed news for digital identification.
  • June 1, 2020: changes related dealers in virtual currency (which do not directly apply to Credit Unions).
  • June 1, 2021: all other regulatory amendments.

Updated guidance from FINTRAC is expected to be seen ahead of the coming into force dates. Given the legislative changes, there will be adjustments to various FINTRAC policy interpretations so be sure to monitor closely and save any interpretations that you may have used for due diligence purposes.

Hefty Disclaimer

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you borrow content that we wrote and published publicly, we may think you’re a jerk but we’re not sending an army of lawyers).

What Does This Mean For Your Credit Union?

Changes to Canada’s AML regulations will have a direct impact on a Credit Union’s AML obligations, including the following:

  • Reporting;
  • Record keeping; and
  • Member identification.

Many changes will require adjustments in your IT systems to ensure that all necessary information is available to be included in FINTRAC reports, particularly those involving online transactions. If you’re not sure where to start please feel free to contact us. From a practical standpoint, while you do have some time to update your AML program, it is best to start budgeting and planning now.  It may also be prudent to discuss changes with your board of directors as well.

FINTRAC Reporting

This round of changes to AML regulations has a much greater focus on reporting including changes to the information that will need to be included in various reports. We have summarized the applicable changes below.

Certain reports will require information that was not originally included. These changes include information such as:

  • Purpose of transaction;
  • Source of cash or source of funds;
  • For online transactions:
    • Type of device used by person who makes request;
    • Number that identifies device;
    • Internet Protocol address used by device;
    • Person’s or entity’s user name; and
    • Date and time of when a person makes a request.

While most of these fields are mandatory, where fields are marked as optional, if an entity has the information (this may mean in the background of your IT systems), it is expected that it be included in the report. For full details on what has changed for FINTRAC report fields, we have created an unofficial redline which can be found here.

All changes related to reporting come into force on June 1, 2021.

STR Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction, or attempted transaction, is related to money laundering or terrorist financing, a report must be submitted to FINTRAC. The timeframe for submission was within 30 days of the date that a fact was discovered that caused the suspicion. The revised regulations amend this to “as soon as reasonably practicable after measures have been completed to establish that there are reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing.”

This means that a report will be due shortly after a reporting entity has conducted their analysis that established reasonable grounds for suspicion. It will be important to have detailed processes for unusual transaction investigations and this should include a step in the process that clearly identifies when a determination is made that establishes reasonable grounds to suspect the transaction is related to money laundering or terrorist financing. A defined time for what “as soon as reasonably practicable” means should be documented as well to ensure reports are completed and submitted on time. It will be interesting to see how FINTRAC looks at this obligation during examinations.

Terrorist Property Reporting

A very small change (or clarification), related to Terrorist Property Reports, has been made in the final regulations. The timing requirement for filing has changed from “without delay” to “immediately”. This means regulated entities need to report that they are in possession of terrorist property as soon as they become aware.

EFT Reporting

The definition of an EFT has changed with the amended regulations and reads as such:

An electronic funds transfer means the transmission by any electronic, magnetic or optical means of instructions for the transfer of funds, including a transmission of instructions that is initiated and finally received by the same person or entity. In the case of SWIFT messages, only SWIFT MT-103 messages and their equivalent are included. It does not include a transmission of instructions for the transfer of funds:

    1. that is carried out by means of a credit or debit card or a prepaid payment product if the beneficiary has an agreement with the payment service provider that permits payment by that means for the provision of goods and services;
    2. that involves the beneficiary withdrawing cash from their account;
    3. that is carried out by means of a direct deposit or a pre-authorized debit;
    4. that is carried out by cheque imaging and presentment;
    5. that is both initiated and finally received by persons or entities that are acting to clear or settle payment obligations between themselves; or
    6. that is initiated or finally received by a person or entity referred to in paragraphs 5(a) to (h.1) of the Act for the purpose of internal treasury management, including the management of their financial assets and liabilities, if one of the parties to the transaction is a subsidiary of the other or if they are subsidiaries of the same corporation.

The definition now includes instructions initiated and received by the same person or entity, which means certain internal transfer transactions may be caught.

Also related to EFT reporting, the final amendments removes the language commonly known as the “first in, last out” rule. This means that the first person/entity to ‘touch’ the funds for a transaction incoming to Canada, or the last person/entity to ‘touch’ the funds for a transaction outgoing from Canada, had the reporting obligation (as long as the prescribed information was provided to them). The update will change the reporting obligation to whoever maintains the customer relationship.

Large Virtual Currency Transaction Reporting

If you plan to conduct transactions involving virtual currencies such as bitcoin, you will be required to report the receipt or the sending of amounts of CAD 10,000 or more in a virtual currency to FINTRAC. These basically are the same as Large Cash Transaction reporting obligations, including making a determination if the person from whom the virtual currency is received is acting on behalf of a third party, and will require reporting entities to maintain a Large Virtual Currency Transaction Record.

Most of the recordkeeping requirements for virtual currency are very similar to Large Cash Transaction requirements.

The 24-Hour Rule

Multiple transactions performed by, or on behalf of, the same customer or entity, or are for the same beneficiary, within a 24-hour period are to be considered as a single transaction for reporting purposes when they total CAD 10,000 or more. This would mean that only one report would need to be submitted to capture all transactions that aggregate to CAD 10,000 or more. If you use software to automatically detect these types of transactions, you should begin discussions with your IT department or software provider to determine the time and resources that will be required to update the detection process.

For example, currently, a Large Cash Transaction Report must be submitted either for single transactions of CAD 10,000 (or more), or for multiple transactions of less than CAD 10,000 each that add up to CAD 10,000 or more in a 24-hour period. This can result in situations where two reports are filed for transactions taking place in a 24-hour period.

Cash deposit of CAD 12,000 – LCTR #1 for CAD 12,000
Cash deposits of CAD 5,000 and CAD 6,000 – LCTR #2 for CAD 11,000

Using the same example, under the new rules we would have:
Cash deposits of CAD 12,000, CAD 5,000 and CAD 6,000 – Single LCTR for CAD 23,000

We can expect to see guidance from FINTRAC ahead of the enforce date. If you have questions prior to this,  it is possible to write to FINTRAC to request a policy interpretation.

Compliance Program

In addition to the process changes, including reporting changes discussed above, there are some other changes that you will need to make to your compliance program.

Training

The amended regulations have introduced a new requirement to institute and document a plan for ongoing compliance training.  This differs from the current requirement to develop and maintain a written training program.

In practice, this means that in addition to documenting all of the training that has already been completed, you will need to clearly document future training plans. Be sure staff is receiving training on process changes that are applicable to their roles.

Risk Assessment

One of the deficiencies identified in the Financial Action Task Force (FATF) review of Canada was not having a requirement to assess new technologies before their launch. The final amendments require all reporting entities to assess the risk related to products and their delivery channels, as well as the risk associated with the use of new technologies, prior to public release.

This has been a best practice since the requirement to conduct a risk assessment came into force, but this change makes this a formal requirement. This will require strong communication and closer cooperation between compliance officers and teams involved in the development of new products or services.

Records of Reasonable Measures

The requirement to keep records related to reasonable measures to obtain certain information, has been removed with this round of changes. It is important to note that credit unions must still take reasonable measures and it is only the requirement to keep a record of the measures used that has been repealed. 

Identification

The range of identification methods that can be used will be broadened. This is good news, especially for credit unions that are using identification methods for members who are not physically present.

Prior to this round of changes, there was a requirement that when members are identified, the document and/or data that you collect must be in its “original” format. The final regulations replace the word “original” with “authentic”, and state that a document used for verification of identity must be “authentic”, valid and current. This would allow for scanned copies of documentation, and/or for software that can authenticate a person’s identification document. This change came into force on June 26, 2019.

Other changes to the identity verification requirements are as follows:

  • For credit file verification (single source), the credit file information must now be derived from more than one source (i.e. cannot contain only one trade line on the credit file);
  • For the dual source method, when relying on a credit report as part of a dual source, the credit file must have been in existence for at least six months. Additionally, the person or entity that is verifying the information cannot be a source (i.e. you cannot be a tradeline of the credit file).

In addition, there are provisions that allow a credit union to rely on the identification conducted previously by other reporting entities. If this method is used to identify a member, the credit union must immediately obtain the identification information from the other reporting entity, and have a written agreement in place requiring the entity doing the identification to provide the identification verification as soon as feasible.

If you have members that are publicly traded trusts, credit unions will be required to obtain names and addresses of all persons who own or control, directly or indirectly, 25% or more of the units of the trust.

Politically Exposed Persons (PEPs)

The amended regulations add some new requirements related to PEPs, which are as follows:

  • You must obtain the “source of wealth” of a PEP; and
  • If a PEP is a head of an international organization, the person will continue to be treated as a PEP for five years after they have held the position.

This change comes into force on June 1, 2021, and will likely result in IT system changes related to record keeping and monitoring.

Prepaid Products

If you offer Prepaid Payment Products, the amended regulations now include new obligations for prepaid cards that are issued by financial entities. The obligations are similar to those that apply to regular member accounts, and comes into force on June 1, 2021.

The regulations apply to any prepaid payment product that is tied to an account, that permits funds or virtual currency that total CAD 1,000 or more to be added to the account within a 24-hour period, or where a balance of CAD 1,000 or more will be maintained.

Records that will have to be maintained are as follows:

  • a record of the name and address of each holder of a prepaid payment product account and each authorized user, the nature of their principal business or their occupation and, in the case of a person, their date of birth;
  • if an account holder is a corporation, a copy of the part of its official corporate records that contains any provision relating to the power to bind the corporation in respect of the prepaid payment product account or the transaction;
  • a record of every application in respect of the prepaid payment product account;
  • a prepaid payment product slip in respect of every payment that is made to the prepaid payment product account;
  • every debit and credit memo that it creates or receives in respect of the prepaid payment product account;
  •  a copy of every account statement that it sends to a holder of the prepaid payment product account; and
  • a foreign currency exchange transaction ticket in respect of every foreign currency exchange transaction that is connected to the prepaid payment product account.

There are also record keeping obligations where an international electronic funds transfer of CAD 1,000 or more has been conducted through the prepaid product. Additionally, a prepaid payment product slip, similar to a deposit slip, must be maintained.

Similar to member accounts, you will also have to keep account applications and any foreign currency transaction information related to the prepaid product. A PEP determination is to be made when the prepaid product account is opened, and when a payment of CAD 100,000 or more is made to a prepaid product account.

We’re Here To Help

If you would like assistance in updating your compliance program and/or processes, or have any questions related to the changes, you can get in touch using our online form on our website, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Proposed AML Updates for Credit Unions (2018)

Today’s guest blogger is Jonathan Krumins, Vice-President, AML Risk & Compliance, at vCAMLO Solutions Inc. vCAMLO provides anti money laundering (AML) and counter terrorist financing (CTF) support to Canadian credit unions. You can learn more about vCAMLO at www.vcamlo.ca.

Background

On June 9, 2018, draft amendments to Canada’s AML regulations, including the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) were published in the Canada Gazette.

These changes are not yet in force, and are open to public comment until September 9, 2018.

They will come into effect 12 months after the finalized amendments are published (date to be determined).

The proposed changes are based on requirements set out by the Financial Action Task Force (FATF), an inter-governmental body that sets out international standards for combating money laundering and terrorist financing, as well as from certain amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) made through the Economic Action Plan 2014 Act, No. 1 and the Budget Implementation Act, 2017, No. 1.

From a practical standpoint, you should consider what changes will be required to your record keeping, reporting processes, and IT systems once the amendments come into effect, and what resources would be required. It would be prudent to discuss this with your board of directors as well. While it can be useful to start allocating resources (particularly if your IT systems need to be updated), it makes sense to wait until the final version of the changes has been published.

If you have thoughts on the proposed changes, you should consider submitting these either directly to the Ministry of Finance, or through your Credit Union Central.

Why Do These Changes Matter to Credit Unions?

The proposed changes will have a direct impact on a Credit Union’s AML obligations, including reporting, record keeping, and member identification. They will require additional training of staff, changes to record keeping and Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) reporting processes. They will likely require changes in your IT systems to ensure that all necessary information is available to be included in FINTRAC reports, particularly those involving online transactions.

FINTRAC Reporting

This round of changes to AML regulations has a much greater focus on reporting, including shorter a deadline for reporting STRs, changes to the contents of the reports themselves changes to calculation of 24 hour large cash reports, and the introduction of new reporting requirements for transactions involving virtual currencies such as bitcoin.

STR Filing

The proposed changes will shorten considerably the filing period for a Suspicious Transaction Report. The current filing deadline for STRs is within 30 days:

“after the day on which the person or entity or any of their employees or officers detects a fact respecting a financial transaction or an attempted financial transaction that constitutes reasonable grounds to suspect that the transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist activity financing offence.”

This will be changed to a new standard of 3 days:

“3 days after the day on which the reporting entity completes the analysis that establishes that there are reasonable grounds to suspect that the transaction was related to the commission of a money laundering or terrorist activity financing offence”

Report Contents

Many additional pieces of information will be required to be collected and submitted to FINTRAC. You should begin to evaluate where this information is stored (ex: banking system, other databases such as lending software, reports provided by your banking system provider or Credit Union Central, or paper file).

A comparison of current and proposed FINTRAC report fields can be found here: Download Table

These changes include information that was not previously required to be collected by credit unions, such as:

  • “Purpose of transaction” (for LCTRs),
  • “Purpose of electronic funds transfer” (for EFTRs), and
  • Source of cash or source of funds.

For transactions that are performed online, additional fields will be required in EFTRs and STRs:

  • Type of device used by person who makes request online,
  • Number that identifies device,
  • Internet Protocol address used by device [mandatory field],
  • Person’s user name, and
  • Date and time of person’s online session in which request is made [mandatory field].

Additional “Know Your Client” information will be required in all reports (if on file). A selection follows:

  • Personal accounts: reports will include fields for alias, e-mail address, and name, address and phone number for the member’s employer.
  • Business accounts: reports will include fields for type and number of document or information used to identify an entity, information respecting ownership, control and structure of the entity, name of each beneficial owner, name, address, e-mail address and phone number for each director.
  • Trust accounts: reports will include fields for name, address, e-mail address and phone number of each trustee, name and address of each settlor of trust, name, address, e-mail address, and telephone number of each beneficiary of trust.

The 24-Hour Rule

The formula for calculating 24 hour reports for Large Cash Transaction Reports is being changed. If you use software to automatically detect these types of transactions, you should begin discussions with your IT department or software provider to determine the time and resources that would be required to update the detection process.

Currently, a Large Cash Transaction Report must be submitted either for single transactions of $10,000 (or more) or for multiple transactions of less than $10,000 each that add up to $10,000 or more in a 24 hour period. This can result in situations where 2 reports are filed for transactions taking place in a 24 hour period.

For example:

 

Cash deposit of $12,000 cash – LCTR #1 for $12,000

Cash deposits of $5,000 and $6,000 cash – LCTR #2 for $11,000

The new calculation will consider all cash deposits that add up to $10,000 or more in a 24 hour period to be included in a single report.

 

Using the same example above, under the new rules we would have:

Cash deposits of $12,000, $5,000 and $6,000 – Single LCTR for $23,000

Virtual Currency Reporting

If you offer (or plan to offer) accounts that hold virtual currencies such as bitcoin, you will be required to report the receipt or the sending of amounts of $10,000 or more in a virtual currency to FINTRAC in two new report types; “Report with Respect to Receipt of Virtual Currency” and “Report with Respect to Transfer of Virtual Currency.”

Third Party Determinations

Similar to the existing requirement to conduct a Third Party Determination during an LCTR, you will need to make a similar determination when you are required to report an incoming Electronic Funds Transfer or Receipt of Virtual Currency.

If you have separate fraud and AML teams, it may be worth considering whether or not the AML team should alert the fraud team to third parties, particularly where these don’t make sense, or where it appears that your member may be a victim of fraud.

Training Program

The amended regulations have introduced a requirement to institute and document a plan for ongoing compliance training. This differs from the current requirement to develop and maintain a written training program.

In practice, this means that in addition to documenting all of the training that has already been completed, you will need to clearly document future training plans.

Risk Assessment Updates

One of the deficiencies identified in the Financial Action Task Force (FATF) review of Canada was not having a requirement to assess new technologies before their launch. A proposed amendment would require credit unions to assess the risk related to assess the risk of products and their delivery channels, as well as the risk associated with the use of new technologies, prior to their launch.

This has been a best practice since the requirement to conduct a risk assessment came into force, but this change would make this a formal requirement. This may require closer cooperation between compliance officers and other teams involved in the development of new products or services.

Identification Methods

The range of identification methods that can be used will be broadened. This is good news, especially for credit unions that are using non-face-to-face identification methods.

Currently, there is a requirement that when members are identified using the dual process method, the document and/or data that you collect is in its “original” format. This has been interpreted to mean that if the member receives a utility bill in the mail, they must send you the original paper (not scanned or copied) document. The word “original” will be replaced with “authentic” (meaning that so long as you believe that the utility bill is a real utility bill for that person, it doesn’t need to be the same piece of paper that they received in the mail).

In addition, there are provisions that would allow a credit union to rely on the identification conducted previously by other reporting entities. If this method is used to identify a member, the credit union must immediately obtain the identification information from the other reporting entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification within 3 days of the request.

Public Comments

Public comments about the proposed changes will be accepted by the Ministry of Finance until September 9, 2018. They must be submitted in writing, as follows:

Attention: Lisa Pezzack

Director General, Financial Systems Division

Department of Finance

90 Elgin Street

Ottawa, Ontario, K1A 0G5

Email: fin.fc-cf.fin@canada.ca

If you have thoughts on the proposed changes, you should consider submitting these either directly to the Ministry of Finance, or through your Credit Union Central.

Need a Hand?

If you would like someone to look over your submission before you make comments to the Department of Finance, you can get in touch with us free of charge. We will look over your submission and make suggestions, without any cost to you. If you need a hand, please feel free to contact vCAMLO or Outlier.

 

Proposed AML Amendments & Credit Unions

Jon 1Today’s guest blogger is Jonathan Krumins, Vice-President, AML Risk & Compliance, at vCAMLO Solutions Inc. vCAMLO provides anti-money laundering (AML) and counter terrorist financing (CTF) support to Canadian credit unions. You can learn more about vCAMLO at www.vcamlo.ca.

Background

On July 4, 2015, draft amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) were published in the Canada Gazette. These changes are not yet in force, and are open to public comment until September 4, 2015. The proposed changes are based on requirements set out by the Financial Action Task Force (FATF), an inter-governmental body that sets out international standards for combating money laundering and terrorist financing. For this reason, we expect the final version of these amendments to be similar to the draft text.

2015 Proposed PCMLTFR Amendments and Credit Union Specific Analysis (Line By Line)

Why Do These Changes Matter to Credit Unions?

The proposed changes will have a direct impact on a Credit Union’s AML obligations, including record keeping, member identification and ongoing monitoring requirements. Some of the more significant changes include new member identification methods, expanded definitions (and requirements) for Politically Exposed Persons, and new record keeping requirements for “reasonable measures” taken.

New Member Identification Methods          

IdentificationThe draft regulations will require identification documents to contain a member’s name and photograph. This will exclude SIN cards and birth certificates as acceptable identification documents, and may pose an issue when identifying seniors whose passport or driver’s license has long since expired.

The amendments also provide a number of new identification methods that can be used to identify members both face-to-face and non-face to face. These new methods are an improvement on existing rules, which are currently more restrictive.

For example, a Canadian credit file meeting certain criteria could now be used to identify a member. Many credit unions perform credit checks as part of their account opening process, so this could be used in place of government-issued identification in certain circumstances, or would allow simple non-face to face identification.

Also added is the ability to rely on information from “a reliable source” (yet to be determined, but likely online databases and other web-based resources), and information confirming that an individual has a deposit account, credit card or other loan account with another credit union, bank or caisse populaire. A credit union will also be able to accept identification performed by another credit union.

Politically Exposed Persons

PEFP silhouette 1The proposed regulations have added new categories of Politically Exposed Persons (PEPs), as follows:

  • Close associates of Politically Exposed Foreign Persons (PEFPs)
  • Politically Exposed Domestic Persons (PEDPs), their family members and close associates
  • Heads of International Organizations (HIOs), their family members and close associates

Given that the list (contained in bill C-31) of qualifying positions for PEDPs includes mayors, it is likely that many if not most credit unions will have members classified as PEDPs. The draft regulations mitigate this somewhat by adding a prescribed period of 20 years to the definition of a PEDP.

Additionally, required measures for PEPs such as determining the source of funds, obtaining senior management authorization to keep an account open, and performing enhanced monitoring will only apply to PEDPs and HIOs (and their family members and close associates) who have been determined to be high risk. Despite these exceptions, identifying and documenting these new categories of PEP will add to credit unions’ compliance obligations.

Reasonable Measures

Many AML record keeping, reporting and determination requirements rely on “reasonable measures” to be taken by financial institutions. For example, in a Large Cash Transaction Report, certain information about the conductor of the transaction, such as their country of residence, their home and business telephone numbers are not mandatory, but reasonable efforts must be made to obtain the information, and if you have it on file, it must be included in the report. The proposed changes will mean that whenever you take “reasonable measures”, and the measures taken are unsuccessful, you will then need to keep a record describing what the measures were and the reason they were unsuccessful. This will require additional work and record keeping for categories such as FINTRAC reporting, PEP determinations and correspondent banking relationships, among others.

Public Comments

Public comments about the proposed changes will be accepted by the Ministry of Finance until September 4, 2015. They must be submitted in writing, as follows:

Mail       Attention: Lisa Pezzack

Director, Financial Systems Division

Department of Finance

90 Elgin Street

Ottawa, Ontario, K1A 0G5

Email: fcs-scf@fin.gc.ca

Need a Hand?

If you would like someone to look over your submission before you make comments to the Department of Finance, you can get in touch with us free of charge. We will look over your submission and make suggestions, without any cost to you. If you need a hand, please feel free to contact vCAMLO or Outlier.

Unpublished FINTRAC Penalties

Jonathan Krumins, Vice President, vCAMLO

Today’s guest blogger is Jonathan Krumins, Vice-President, AML Risk & Compliance, at vCAMLO Solutions Inc. vCAMLO provides anti-money laundering (AML) and counter terrorist financing (CTF) support to Canadian credit unions. You can learn more about vCAMLO at www.vcamlo.ca.

Background

Reporting entities (REs) often ask us about penalties, in particular when they are published publicly. Since 2009, The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has issued Administrative Monetary Penalties (AMPs) against persons and entities that were found to have violated the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, and its associated Regulations. In many cases up to 2013, FINTRAC has published details on its website about each penalty, including the name of the person or entity, the dollar amount of the AMP, as well as the cited deficiencies. The AMP area of their website has two sections – a list of all published penalties, as well as a running total of AMPs imposed since December 30, 2008, divided by sector.

As of June 26, 2013, FINTRAC changed its policy regarding public notice of AMPs, so that they would be published if one or more of the following criteria are met:

  • The person or entity has committed a very serious violation; or
  • The base penalty amount is equal to or greater than $250,000, before adjustments are made in consideration of the person or entity’s compliance history and ability to pay; or
  • Repeat significant non-compliance on the part of the person or entity.

AMPs can only be published once the appeals process is exhausted, which can take years to complete. This process can include an appeal to FINTRAC’s director, and a subsequent appeal to the Canadian Federal court.

Understanding this context is vital for RE Compliance Officers. While trend information related to published and unpublished penalties is not likely of interest to frontline staff, understanding these patterns is useful in fielding questions from Senior Management and the Board of Directors.

We have conducted an analysis of data published on the FINTRAC’s website which shows a trend of an increasing number of unpublished AMPs since 2013. These unpublished AMPs were primarily imposed on the Credit Union/Caisse Populaire and Money Service Business (MSB) sectors.

Methodology

We have made all calculations using information available as of April 20, 2015. We examined publicly available information on FINTRAC’s webpage, using the running total of AMPs by sector and the list of public AMPs. We also examined a summary of AMPs as of October 2014 obtained by Outlier through an Access to Information request. Our analysis focuses only on the sectors that have received AMPs, either published or unpublished: Credit Unions (including Caisses Populaires), MSBs, Real Estate Brokers, Securities Dealers and Casinos.

In addition, we accessed “cached” versions of FINTRAC’s website to review past versions in order to include six public AMPs that were issued between August 19, 2009 and April 26, 2010. In accordance with FINTRAC policy, these were removed from FINTRAC’s website after the five year public notice period had expired. We have included this historical data in order to provide a full view of the penalties issued. It is noteworthy that there are likely additional penalties in the process of being appealed (this information cannot be made available until the appeals process is complete).

Published AMPs vs. Unpublished AMPs

By analyzing the list of published penalties, compared to the running total of AMPs, it appears that there have been a significant number of unpublished penalties:

FINTRAC AMPs

Credit Unions

Credit Unions have received the largest number of unpublished penalties, both in terms of number and dollar amount. Credit unions have received 3 published AMPs, totalling $246,690. They have also received an additional 11 unpublished AMPs, totalling $405,855.

Trend analysis: This appears to be a significant increase in overall enforcement action by FINTRAC in the Credit Union sector. The total number of penalties against Credit Unions have increased sharply to 14, which means that Credit Unions now have the second largest number of listed AMPs (published and unpublished), behind MSBs. All penalties against Credit Unions since 2013 were unpublished. This data can also be interpreted to mean that FINTRAC’s enforcement efforts against Credit Unions have increased since 2013, however it is important to remember that AMPs are listed on FINTRAC’s website after they are finalized, which can mean a significant gap between when an AMP was issued and when it is listed, especially if there is an appeal involved.

Money Service Businesses (MSBs)

MSBs have received 22 published penalties, totalling $527,510. They also have received eight unpublished penalties, totalling $68,520. Interestingly, a $12,880 penalty that was published against an MSB on July 11, 2013 no longer appears on FINTRAC’s website.

Trend analysis: MSBs continue to be the leading sector in terms of receiving AMPs, although similar to the other sectors examined, the majority of AMPs that were against MSBs from late 2013 through to 2015 were unpublished.

Real Estate Brokers

Real Estate Brokers have received three published penalties totalling $40,520 compared to three unpublished penalties totalling $25,960.

Trend Analysis: Real Estate Brokers have received relatively few published and unpublished penalties in comparison to the Credit Union and MSB sectors. The number of unpublished penalties (compared to the number of published penalties) is consistent with trends across all sectors.

Securities Dealers

Securities Dealers have received four published penalties totalling $565,180 compared to one unpublished penalty of $21,480.

Trend Analysis: Securities Dealers have received relatively few published and unpublished penalties in comparison to the Credit Union and MSB sectors.

Casinos

Casinos have never received a published AMP, however FINTRAC’s website shows an unpublished AMP of $56,700 issued against a casino. This may be surprising to anyone that has read about BC Lottery Corporation, however, AMPs are not part of these records until the appeals process has been exhausted (and there have been successful appeals).

Trend analysis: It is difficult to establish a trend based on a single data point, however this unpublished AMP shows that the Casino sector is no longer unaffected by FINTRAC penalties.

What Does This All Mean?

Screen Shot 2015-05-06 at 11.58.01 AM

Note: The dates on the above graph represent when FINTRAC’s website was analyzed to calculate the total number of penalties, with the exception of October 2014, which is the “as of” date of an AMP listing received in a Freedom of Information request. Data for unpublished AMPs is only available since 2013.

As of June 2013, FINTRAC began to apply the updated standard for publicly listing AMPs. Since this change, unpublished penalties comprise approximately 42% of all issued AMPs by amount and 43% by number. While this is excellent news for REs that are concerned with the negative media and other reputational risk related to published penalties, it will make it more difficult to assess the reasons that REs are receiving penalties. The specific violations that led to a penalty are only made public by FINTRAC when the AMP is published. In order to ensure that our Credit Union clients are well-informed about industry trends related to penalties, vCAMLO will be requesting additional information and performing trend analysis. Stay tuned!

Your Best Defence

To avoid AMPs, it is essential to constantly test for weaknesses in your compliance regime. Conduct rigorous effectiveness testing (this is required at least every two years), and consider more frequent testing. Finally, ensure that immediate steps are taken to remediate deficiencies received in FINTRAC exams. Deficiencies that re-appear in follow-up exams are taken seriously by FINTRAC, and can lead to penalties, published or not.

Need a Hand?

vCAMLO: If you are a credit union or MSB, and have any questions related to financial compliance, or if you are interested in AML Support Services, please contact us for a complimentary 30 minute compliance discussion.

Outlier: If you need assistance reviewing your technology solution or FINTRAC reporting to be certain that you’re meeting the standard described in this blog, or just someone to chat with to make sure that you’re on the right track, please contact us.

 

 

 

Return to Blog Listing


PROCESSING...