Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

The Secret Project: 2017

Thank you to the Canadian MSB Association for allowing us to present our research findings at the 2017 Fall Conference.

Money Services Business (MSB) and bitcoin business banking in Canada is the most significant barrier to entry. We set out to prove that the derisking crisis is real. In a first world country, this is absurd. We hope that this research facilitates an open and honest dialogue, that includes those with the power to improve the situation.

For those that have asked, here are our slides:

The Secret Project- MSB Banking (PDF)

The Secret Project- MSB Banking (PowerPoint)

Raw data: use it as you see fit. Seriously. We believe in open source. Information wants to be free.

Google Drive Access

A video of the presentation will follow.


Insights From the 2014 CMSBA Conference


We were honoured to present at this year’s Canadian MSB Association (CMSBA) conference in Toronto. Speakers included representatives from the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the Canadian Federation of Independent Businesses (CFIB), money service businesses (MSBs), consultants, lawyers and technology service providers. Priced between CAD 200 and 250 (depending on membership status and the timing of the registration), the price of this annual event, which includes breakfast, lunch, a post event reception, an annual CMSBA membership and a training certificate is likely one of the most informative and reasonably priced resources for MSBs. We would like to thank the CMSBA for providing a top quality event.

The Big Disclaimer

The information that follows is based on our experience attending the conference, and the information that we feel will help our friends and clients the most. While there were many excellent sessions, we weren’t able to enjoy them all. If you feel that we’ve missed something vital, or misrepresented an important point, please feel free to contact us and we’ll do our best to correct it.

FINTRAC Exams Are Changing

Lisa Douglas of FINTRAC tackled an update on the regulators expectations with candor, diplomacy and even a sense of humour on occasion. Among the most important points for reporting entities was the implementation of the regulatory changes that came into effect in February of 2014, and changes to the types of testing that FINTRAC will be performing in examination:

  • Business Relationships: has the nature and purpose of the business relationship been documented? Has the customer been identified where there is a business relationship (and if not, are efforts to identify the customer documented)? Is ongoing monitoring in place?
  • Suspicious Activity: Do the policies and procedures reflect the right indicators for the business model (see FINTRAC’s Guideline 2 for a full list)? Is there activity that seems to be suspicious that was not reported? If so, are you able to explain objectively why the activity was not considered to be suspicious (and is the explanation backed up by documentation)?
  • Ongoing Monitoring: Are monitoring efforts documented? Is the monitoring for high-risk customers and business relationships different (in nature and frequency)?
  • Beneficial Ownership: Is there documentation that confirms beneficial ownership? If not, has Senior Officer been identified and is the customer classified as high risk?
  • Customer Information Updates: Is customer information being updated on a regular schedule according to the customer’s risk?
  • Quality Reporting: Are the reports that FINTRAC receives complete and accurate? Are all fields (including fields that aren’t mandatory) completed if you have the information on file?

Ms. Douglas received the most questions about applying an ‘objective standard’ to deciding whether or not there are reasonable grounds to suspect money laundering or terrorist financing activity, and stressed that it is not enough to know that the activity is consistent for a customer over time if the activity could be indicative of money laundering or terrorist financing. This theme was echoed by Paul Burak of MNP LLP in his discussion of customer due diligence. In his illustrative example, Mr. Burak described a hotel that made large cash deposits with few credit card or debit card payments, in volumes that were out of synch with local tourist traffic. While the pattern of activity was consistent for the client over time, it did not make sense when an objective standard was applied.

There are Many More MSBs with ‘Zero Deficiencies’ Than MSBs with Penalties

Although there are several published administrative monetary penalties that have been published for MSBs, approximately 25% of MSBs examined between 2008 and 2014 have passed examinations with zero deficiencies.   While this isn’t likely to reduce the stress that comes with preparing for an examination, the information (obtained from a recent access to information request that Outlier filed with FINTRAC) is important in understanding that the MSB industry has historically been more compliant than the headlines would have us believe. That said it’s always vital to take the time to prepare for your examination and ensure that all of the materials requested by FINTRAC are assembled and delivered on time. We’ve put together some free resources to help reporting entities get organized, available here.

We were fortunate enough to co-present on this topic with two very experienced lawyers, J. Bruce McMeekin and Tushar K. Pain. Both emphasized the importance of reaching out to a legal professional early if you may be facing an administrative monetary penalty, as well as the value of regular compliance testing (not just limited to the effectiveness reviews required every two years) to assess compliance and fix anything that may be offside.

Banking Remains an Issue for MSBs

Robert Osbourne of Grant & Thornton provided excellent insights on maintaining banking relationships, including requesting and account manager, and maintaining regular contact (rather than simply responding to issues or information requests). Despite recent public policy positions from the Financial Action Task Force (FATF) and Financial Crimes Enforcement Network (FinCEN) warning against wholesale de-risking, few Canadian banks are currently accepting MSBs. Among those that we are aware are taking on MSB customers:

  • Royal Bank of Canada (RBC)
  • Bank of Montreal (BMO)
  • DirectCash Bank (DC)

There are additional financial institutions, including credit unions that offer accounts to MSBs, however many of these are not currently taking on new MSB customers. Access to banking is one of the issues that we’re likely to hear more about from both the CMSBA and the CFIB in the coming months.

Tools and Technology

The importance of tools and technology for recordkeeping and compliance management cannot be understated. The Canadian market is served by a number of great providers, and more solutions are being added on a regular basis. The solutions that are implemented should be well aligned with your business model and Risk Assessment. They should also be secure, in particular where sensitive or personal information (PI) is stored. Garry Clement of Clement Advisory Group emphasized how vulnerable the industry may be to cyber threats, and steps that MSBs can take to recognize threats and protect their data.

Digital Currency

Jillian Friedman of the Bitcoin Embassy (formerly, now she can be found at and Susan Han of Miller Thompson provided an overview of digital currency. While it was clear that many MSBs are interested in the potential that bitcoin and other digital currencies can offer, the same barriers to banking faced by MSBs are faced by digital currency companies in Canada. MSBs that deal in digital currency may face additional de-risking concerns with their banks. Zach Ramsay of CoinCulture, though not presenting, was on hand to offer clarification about the digital currency related services that may interest MSBs including bitcoin teller machines (BTMs) and bitcoin payment processing.

Need a Hand?

If you would like more information about the CMSA, including information about how to become a member, you can contact them here.

If you have questions about AML or CTF compliance, please contact us for more information.

Keeping Your Bank Happy

For many reporting entities, a growing concern has become obtaining and maintaining banking relationships.  Most, if not all, businesses need a banking relationship to survive and prosper.  If you are an individual in Canada, you are entitled to basic banking services, but it is not so for businesses.  Banks and other financial service providers choose the business customers that they will serve.  This means that the stakes can be very high for businesses shopping for a banking relationship.

As reporting entities themselves, banks and other financial services companies have similar obligations to other reporting entities.  They must understand their customers and their customer’s transactions.  There is mounting pressure for banks to conduct due diligence that includes reviewing the compliance programs of clients that are reporting entities.  As a business owner, your best defence against losing your banking relationship is making your banker’s work easier.

This isn’t something that most business owners have spent a lot of time thinking about, but a few hours every year can go a long way towards ensuring that your banking relationships keep operating smoothly.  Based on my clients (and my own) experiences, I’ve summed up a five-step plan to help you on your way, which includes links to free resources to help you get started.

Step 1:  Have A Compliance Program (and Keep It Up To Date)

All reporting entities need to have an anti money laundering (AML) and counter terrorist financing (CTF) compliance program in place, that includes these five elements:

  1. Appoint A Compliance Officer (this is the person that is responsible for the compliance program; they should be fairly senior within your company and their appointment should be documented);
  2. Document Your Policies And Procedures (your documentation should be detailed enough to describe what you actually do, and be updated at least once a year);
  3. Create A Risk Assessment (this is a document that describes the risk that your business could be used to launder money or finance terrorism, and the controls that you have in place to prevent that from happening);
  4. Train Your Staff (this should happen at least once a year and all training sessions should be documented); and
  5. Have An AML Compliance Effectiveness Review (this is like an audit of your AML program and operations; it must be done at least every two years).

When you are creating and updating your documentation, remember that you and your staff are not the only people that will see it.  Your regulators, bankers and other people that don’t know your business the way that you do will also need to rely on your documentation.  This means that you need to write as if your reader doesn’t know your business.  Take the time to explain everything clearly.

If you need help creating a compliance program, please have a look at our resources pages for your reporting entity type or contact us.

Step 2:  Have a business plan

Your business plan should describe what you do, how you make money and include historical business volumes (for existing businesses) and predicted business volumes (for new and existing businesses).  This document should explain your business simply and clearly (to someone outside of your industry).  To make things easier for your banking service provider, you should explain the types of transactions that will go through your bank account and the estimated volumes.

Many business owners are hesitant to describe their transactions and marketing strategies in any type of document that will leave their hands.  This type of thinking can seriously harm banking relationships, especially if the bank perceives you as being secretive or evasive.  Remember that the bank needs to understand your business in order to keep you as a customer, and the easier that you can make it for them to understand, the better off you’ll be.

I’ve worked with consulting firms that charge high rates for business planning, but there is no real need to spend a lot of money creating a business plan.  There are many free resources available for Canadian businesses.  Here are some of my favourites:

Not surprisingly, the banks themselves offer many of these resources!

Step 3:  Have Contracts In Place

Any third party that is involved in your business (vendors, agents, etc) should have contracts in place, and your bankers may ask to see these agreements.  The contracts should spell out what the third party is obligated to do on your behalf and the copies of the agreements that you provide to your banker should be signed and dated by all parties.  Don’t provide original documents to your bank unless you are required to do so (often banks want copies only, as they will not be returned to you).

Many existing businesses have long-term business relationships that may never have had a formal agreement in place.  In these cases, especially if the third party is doing something like identifying customers on your behalf, you will need to get written agreements.  These don’t need to be overly complicated.  The agreement should state what all parties are required to do and when.  It can be a plain language document that you draft yourself, or something more complicated that you work on with the advice of a lawyer.  The important thing is that you have agreements in place and that they’re clear enough to allow the reader to understand how the parties are related.

Step 4:  Take The Time to Build Alliances

You don’t usually get to speak directly with your bank’s compliance department. The sales representative or branch manager is your liaison. They need to be your advocate.  In this type of scenario, a person becomes your advocate not because you’re cute or gave a nice gift but because they know, understand and can explain your business. This takes patience and time.  Remember you need them as much as they need you. Make it a no brainer for them to want you as a customer (profitable, low risk, low effort).

Your representative at the branch is your point of contact and can act as a sounding board for your documentation.  For instance, if they have requested your business plan, ask if you can walk through it with them and get their advice before it is submitted to the bank’s head office or compliance department.  Remember that they can’t write documentation for you, but they can provide excellent insights about what the bank expects to see.

Step 5:  Consider Having Audited Financial Statements Completed

In some cases, your financial service provider may require audited financial statements. Only a licensed accounting professional or firm (specifically someone with a CA or CPA) can issue this type of report in Canada.  The process involves an independent evaluation of your company’s financial statements and other documents.  The auditor expresses an opinion about your company’s financial statements, based on the audit work performed, to state if they feel that the financials are free from material errors.  This is not specific to anti-money laundering.  The audit report refers to the company’s financial risk and fraud risk, among many other topics, to give your financial service provider more comfort over the financials they are reviewing to help lower your risk profile.  While we at Outlier aren’t accountants, and don’t perform this type of work, we’re happy to recommend accounting firms that have experience with audited financial statements, including our friends at Helen Loukatos Chartered Accountant, who’ve generously given us permission to link to this Money Service Businesses Audit FAQ.

Stepping It Up

All of this is relatively simple, but it takes time.  Consider it an investment in your business.  If you need a hand getting started, please feel free to contact us.

Return to Blog Listing