Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Canada’s AML Rules for “Virtual Currency”

On June 9th, 2018, draft amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations (there are five separate regulations, that we’re going to collectively call regulations here for simplicity’s sake). While not all of the proposed amendments are related to virtual currency, many are (the term virtual currency comes up 304 times in about 200 pages). This article is intended to give a high-level summary of the proposed amendments as they relate to virtual currency for businesses in that industry (exchanges, brokerages, etc.).

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Finally, we want to encourage the community to discuss the draft and submit meaningful feedback for policymakers. To this end, we’re going to be posting, hosting and attending community events. We’ve also set up a survey that can be completed without submitting any personal information (though you may choose to do so). If you would like one of our compliance nerds at your event, please get in touch. If you’re already having a related event that benefits the community, let us know or post it in the comments.

The comment period for this draft is 90 days. After this, the Department of Finance takes the feedback to the bat cave and drafts a final version of the amendments. From the time that the final version is published, the draft indicates that there will be 12 months of transition to comply with the new requirements.

What to expect when you’re expecting (to be regulated)?

While we acknowledge that our sample is biased (people that talk to compliance geeks), we know that many businesses such as brokerages and exchanges have expected to be regulated as money services businesses (MSBs) since Bill C-31 was passed in 2014. Many of these businesses already have in place the required elements of an anti-money laundering (AML) compliance regime, including:

  1. The appointment of a Compliance Officer;
  2. Written policies and procedures;
  3. A documented risk assessment;
  4. Training; and
  5. Effectiveness testing (like an audit, but for compliance).

In addition, many have been voluntarily reporting suspicious activity to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the body under which they expect to be regulated for AML.

The proposed amendments would formalize compliance program requirements, as well as create new requirements specific to businesses “dealing in virtual currency” (which would now be considered MSBs). While “dealing in virtual currency” itself is not defined, the text of the regulations implies that it will include exchanging, sending, and receiving virtual currency on behalf of other people or entities. Such entities would be required to register as MSBs if they are serving Canadian customers (whether or not they are located in Canada).

There are a number of thresholds that are proposed, including identification (at CAD 1,000) and reporting (at CAD 10,000). In each case, specific information must be collected and recorded. The identification methods that are available in these circumstances are relatively prescriptive, although the proposed amendments do make some headway towards supporting a broader array of identification methods by requiring that documents be considered “authentic” rather than requiring documents in their original format. Of course, as with any complex issue, guidance from FINTRAC will be required before we’re certain how this will be interpreted by the regulator (It’s good news; we’re just not sure how good, yet).

As always in compliance, the devil is in the details. What follows is a few of those key details, as well as some of the issues that we anticipate. We encourage you to conduct your own analysis and to join the conversation.

What’s In A Definition?

Definitions are generally not very interesting. When was the last time that you read the dictionary? (Sidenote: if you are a serious scrabble geek and do this on the regular, you will enjoy this section more than most)… In this case though, definitions matter. Definitions will make a difference in terms of the businesses and activities that are regulated, and how they are regulated. Fortunately, our community includes a number of engineers, debaters, and other individuals with a penchant for the precise – and your skills are needed here. We encourage you to carefully consider the following and to submit feedback on how they can be improved.

authorized user means a person who is authorized by a holder of a prepaid payment product account to have electronic access to funds or virtual currency available in the account by means of a prepaid payment product that is connected to it.

funds means

(a) cash and other fiat currencies, and securities, negotiable instruments or other financial instruments that indicate a title or right to or interest in them; or

(b) information that enables a person or entity to have access to a fiat currency other than cash.

For greater certainty, it does not include virtual currency. (fonds)

fiat currency means a currency that is issued by a country and is designated as legal tender in that country.

large virtual currency transaction record means a record that indicates the receipt of an amount of $10,000 or more in virtual currency in a single transaction and that contains the following information:

(a) the date of the receipt;

(b) if the amount is received for deposit into an account, the name of each account holder;

(c) the name, address and telephone number of every other person or entity that is involved in the transaction, the nature of their principal business or their occupation and, in the case of a person, their date of birth;

(d) the type and amount of each virtual currency involved in the receipt;

(e) the exchange rate used and the source of the exchange rate;

(f) the number of every other account that is affected by the transaction, the type of account and the name of each account holder;

(g) every reference number that is connected to the transaction;

(h) every other known detail that identifies the receipt; and

(i) if the amount is received by a dealer in precious metals and precious stones for the sale of precious metals, precious stones or jewellery,

(i) the type of precious metals, precious stones or jewellery,

(ii) the value of the precious metals, precious stones or jewellery, if different from the amount of virtual currency received, and

(iii) the wholesale value of the precious metals, precious stones or jewellery.

prepaid payment product means a product that is issued by a financial entity and that enables a person or entity to engage in a transaction by giving them electronic access to funds or virtual currency paid to a prepaid payment product account held with the financial entity in advance of the transaction. It excludes a product that enables a person or entity to access a credit or debit account or one that is issued for use only with particular merchants.

prepaid payment product account means an account that is connected to a prepaid payment product and that permits

(a) one or more transactions that total $1,000 or more to be conducted within a 24-hour period; or

(b) a balance of funds or virtual currency available of $1,000 or more to be maintained.

virtual currency means

(a) a digital currency that is not a fiat currency and that can be readily exchanged for funds or for another virtual currency that can be readily exchanged for funds; or

(b) information that enables a person or entity to have access to a digital currency referred to in paragraph (a).

virtual currency exchange transaction means an exchange, at the request of another person or entity, of virtual currency for funds, funds for virtual currency or one virtual currency for another.

virtual currency exchange transaction ticket means a record respecting a virtual currency exchange transaction — including an entry in a transaction register — that sets out

(a) the date of the transaction;

(b) in the case of a transaction of $1,000 or more, the name, address and telephone number of the person or entity that requests the exchange, the nature of their principal business or their occupation and, in the case of a person, their date of birth;

(c) the type and amount of each of the funds and virtual currencies involved in the payment made and received by the person or entity that requests the exchange;

(d) the method by which the payment is made and received;

(e) the exchange rate used and the source of the exchange rate;

(f) the number of every account that is affected by the transaction, the type of account and the name of each account holder;

(g) every reference number that is connected to the transaction; and

(h) every other known detail that identifies the transaction.

Diving Deeper – Obligations and Potential Issues

1 – Do the definitions capture unintended parties?

We were surprised to see that there were not specific carve-outs for certain types of tokens, including securities, and tokens intended specifically for gaming. The definition, as it’s currently written seems capable of encompassing both tokenized security offerings and gaming tokens.

In addition, the second part of the definition that includes “information that enables a person or entity to have access to a digital currency referred to in paragraph (a).” has the potential to open the definition even more broadly. For instance, if I have stored a copy of a seed phrase or a hardware device with a vault service – have they received virtual currency? Are they sending virtual currency to me if the contents of my vault are couriered to me?

 2 – What about peer-to-peer, decentralized applications, and smart contracts?

The amendments as they are presented appear to take the view that transactions have intermediaries. There are no specific carve-outs for peer-to-peer transactions (though we expect that previous guidance could be applied here), decentralized applications, and smart contracts. This may be a particularly contentious issue in the case of an exchange from one “virtual currency” to another – especially where such an exchange is initiated or completed without any human intervention. Similarly, questions arise for wallet service providers. For instance, what if a wallet provider does not have access to private keys, but connects to applications that permit users to initiate transactions that would be considered to be exchange transactions under the current definition?

That said, there are some astute exclusions, including the following activities which are explicitly not covered:

(a) a transfer or receipt of virtual currency as compensation for the validation of a transaction that is recorded in a distributed ledger; or

(b) an exchange, transfer or receipt of a nominal amount of virtual currency for the sole purpose of validating another transaction or a transfer of information.

Nonetheless, it is difficult to determine where the policymakers intended to draw the line, and where the regulator will later enforce it…

3 – Jurisdiction doesn’t matter; foreign money services businesses (MSBs) are covered.

While not specific to virtual currency, it is noteworthy that the proposed amendments expand the definition of an MSB to include any business that is providing prescribed services in Canada. As we’ve seen in the case of the NY BitLicense, badly drafted legislation can drive away business and lead to a lack of service providers willing to do business in a region.

While we’re not suggesting that the proposed amendments are nearly as ill-conceived as the NY BitLicense, it is important to consider whether or not these will affect Canadians’ ability to access services, and the attractiveness of the Canadian market generally for innovative international businesses. While we do not expect this particular amendment to be altered, we would encourage businesses located outside of Canada that serve Canadians to comment.

What Next?

If you’ve read this far, congratulations and thank you!

We hope that you will contribute your thoughts and comments. You can do this by contacting the Department of Finance directly. Their representative on this file is:

Lynn Hemmings

Acting Director General

Financial Systems Division

Financial Sector Policy Branch

Department of Finance

90 Elgin Street

Ottawa, Ontario

K1A 0G5

Email: fin.fc-cf.fin@canada.ca

If you would like assistance drafting a submission, or have questions that you would like Outlier to answer, please get in touch!

You can also answer specific questions in our survey, or join us at a community event.

Proposed PCMLTFR Updates

Screen Shot 2015-07-08 at 4.03.31 AM

We’ve created a marked-up version of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) that reflects the draft amendments posted in the Canada Gazette on July 4th, 2015.

Here’s a printable and downloadable PDF file: PCMLTFR Mark-Up (July 4, 2015 Draft Amendments)

If you would like a copy of the file in Microsoft Word, please contact us.

Need A Hand?

At Outlier, we believe that it is important to participate in decisions that affect you and your business.  If you would like someone to look over your submission before you make comments to the Department of Finance, you can get in touch with us free of charge.  We will look over your submission and make suggestions, without any cost to you.  If you need a hand, please feel free to contact us.

Highlights from the 2015 AML Forum

This year I had the honour of co-chairing the Canadian Institute’s 14th Annual AML Forum, along with Ron King of Scotiabank. The event brought together a diverse group of stakeholders and speakers including regulators, law enforcement, bankers, money service businesses (MSBs), technology experts and government. Over two days, we enjoyed many lively discussions, and while I can’t cover all of the content here, I want to provide some insight for colleagues that weren’t able to attend the event.

Key Messages from Regulators & The Department of Finance

Representatives from the Department of Finance, the Office of the Superintendent of Financial Institutions (OSFI) and the Financial Transactions Reports Analysis Centre of Canada (FINTRAC) were present throughout the conference, and fielded questions from the audience throughout the event. Among the most exciting announcement was the Department of Finance’s assertion that we should expect a new AML regulations package to be released in draft for public comment later this year. Though the target date is set for June or July, anything can happen in an election year and there may be delays.

The Department of Finance, OSFI and FINTRAC also discussed Canada’s upcoming mutual evaluation by the Financial Action Task Force (FATF) and Canada’s countrywide risk assessment. The risk assessment is underway and expected to be shared later this year, in advance of the FATF’s visit this fall (with results expected to be published next summer). The risk assessment will likely prove to be a useful tool for regulated entities struggling to qualify Canadian money laundering and terrorist financing risk.

OSFI emphasized the importance of considering the AML program as part of the overall prudential compliance management strategy for federally regulated financial entities (FRFEs). It is expected that OSFI’s guideline B-8 will be revised in the near term. To avoid rework, OSFI is waiting for several key inputs including the updated AML regulations package, FINTRAC’s updated risk assessment guidance and the countrywide risk assessment. OSFI will also continue to work with FINTRAC on streamlining examination processes, citing the need to create a common framework and approach to examinations.

FINTRAC reviewed its recent statistics and emphasized the importance of the agency’s role as a financial intelligence unit (FIU). Key to this role are suspicious transaction reports (STRs), which will play a key role in upcoming examinations for regulated entities. FINTRAC will be applying several tests to STR data, including:

  • Entity Practitioner: similar transactions within an entity that were not reported to FINTRAC;
  • Sector Practitioner: a comparison of the number and type of STRs submitted by similar entities (the size and type of business are taken into consideration); and
  • Reasonable Practitioner: a comparison of the reported and unreported transactions against relevant guidance on reasonable grounds to suspect that money laundering or terrorist financing activity may be taking place.

This echoes FINTRAC’s comments throughout 2014 on the importance of suspicious activity reporting, a sentiment that was echoed by law enforcement.

Law Enforcement Focus

Speakers representing the Royal Canadian Mounted Police (RCMP) and US Federal Bureau of Investigation (FBI) discussed the strategic value of intelligence obtained through FIUs and directly from the financial services community. While the specifics of ongoing cases cannot be discussed publicly, both speakers emphasized the importance of providing complete and concise information, and excellent examples of how this type of intelligence is used by law enforcement.

The speakers confirmed that the dollar values for terrorism related transactions seen in Canada are consistently low. The RCMP discussed a transaction pattern relevant to individuals planning to attend radical training camps wherein an individual saves a relatively small sum via legitimate work (often at low wage jobs), then purchases a plane ticket and camping gear (which may account for all or almost all of the funds saved). Patterns such as these are useful for institutions seeking to understand and identify patterns of activity that may be indicative of potential terrorism.

The De-Risking Debate Continues

One of the most lively discussions of the event surrounded “de-risking” (refusing to provide service to a customer that is outside of the institution’s risk tolerance). While banks in Canada are private, for profit enterprises, access to banking facilities remains a vital component for business success. The money service business (MSB) sector has struggled with banking relationships both in Canada and abroad. Best-practices discussed included independent third party compliance reviews conducted by qualified practitioners as a valuable tool in assisting banks to assess the state of an MSB’s compliance. It was noted that while the MSB sector is certainly vulnerable to money laundering and terrorist financing, it is not the only vulnerable sector in Canada. While Canadian MSBs are regulated by FINTRAC, other sectors that are both vulnerable and unregulated have not experienced the same degree of de-risking.

Banks emphasized the risks for financial institutions in dealing with certain types of business as being broader than AML compliance. Chief among these risks was reputational risk. As one banker noted, when a bank’s larger clients are offside with requirements, the client, not the bank, is publicly held accountable. When the bank’s client is of a smaller size however, banks are being considered more responsible in the eyes of the media and the public. This, coupled with the profitability of accounts held for smaller entities considered by banks to be high risk, may be at the root of some of the banking woes experienced in the MSB sector, in particular by smaller MSBs.

Sanctions, PEPs and Analytics

Several speakers emphasized the importance of implementing and tuning technology solutions to detect persons and entities subject to sanctions, politically exposed persons and potentially suspicious transactions. Sanctions in particular appeared to be an emerging concern, with list screening alone viewed as being insufficient in terms of banking controls. The increased complexity of sanctions includes not only specific individuals and entities but their affiliates, including subsidiaries (which may not be easy to detect in many cases) and sanctions applied to specific types of transactions. For multinational financial service providers, there is additional complexity in managing sanctions related to doing business in several jurisdictions with different requirements. In order to comply effectively, information sharing across jurisdictions (including information about customer activity and risk) is likely to be required. For many entities, this will mean revising privacy related policies and disclosures to enable information sharing across a network of affiliated entities.

In addition to privacy considerations, the integration of systems and processes across affiliated entities and lines of business was a key consideration. One Canadian bank noted that they are in the process of synchronizing know your client (KYC) requirements across all lines of business, a process that involves the integration of data from over 35 separate IT systems and databases. Such synchronization is necessary to ensure that customer risk is considered consistently across all lines of business.

A Key Question on Emerging Technology

My co-chair raised an insightful point with the emerging payments panel in regards to Bitcoin and other emerging payment technologies. While banks have heard loud and clear that these technologies are not as anonymous as they were initially believed to be, there is a sense within the banking community that there has not, to date, been a solid assessment of the risk (or subsequently established best practices in mitigating these risks). Some of the risks raised by panelists included consumer protection (the risk that funds may be lost through negligence or bad actors) and the risks related to effective controls (which are similar to the types of risk that exist in other vulnerable sectors).

While it’s clear that emerging payment technology companies are working to demonstrate compliance in a changing regulatory landscape, there is clearly a gap between these companies and traditional financial institutions, in terms of messaging and expectations. We expect that this will be an ongoing conversation as the industry, regulations and technology continue to evolve.

We Would Love To Hear From You!

If there are topics that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Return to Blog Listing


PROCESSING...