PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Ministerial Directives Related to Iran & LVCTRs

There have been a number of conversations floating around about FINTRAC Large Virtual Currency Transaction Reporting (LVCTR) obligations as it relates to transactions involving Iran, and potentially involving Iran, under the current Ministerial Directive (MD). While this is not a new requirement (LVCTRs were effective June 1, 2021 and the original MD became effective July 25, 2020), there has been clarification provided with regards to reporting, and what activities trigger which reports.

For background, Outlier Compliance Group wrote an article on what the Iran-related MD entails, so if you are not familiar with the requirements, we suggest starting there.

Existing Guidance

The existing MD guidance does not align with the information provided in a recent policy interpretation for reporting transactions involving Iran that generally are not otherwise reportable, such as a transaction below the reporting threshold. The current guidance says the following:

Any transaction involving the receipt of virtual currency (VC) for exchange to Iranian rial, or VC that is equivalent to an amount under the reporting threshold of $10,000 CAD must be reported using the LVCTR by:

    • Inserting the IR2020 code when using the LVCTR upload; or
    • Selecting IR2020 in the ‘Ministerial Directive’ field of the LVCTR.
    • Because the report is related to the MD, you must ensure that the information provided reflects a connection to Iran.

Recent Interpretation

On June 11, 2023, a policy interpretation was submitted to clarify FINTRAC’s expectations with regards to reporting VC transactions related to the Iran MD. A few specific scenarios were included to ensure an easily digestible response was provided. The portion below is the most noteworthy sections of the response from FINTRAC clarifying the expectation of reporting virtual currency transactions that are below the reporting threshold where there is a nexus to Iran:

To answer your question regarding other instances that could involve the receipt of VC originating from Iran in one or more transactions under the threshold, please refer to section 3) of the Ministerial Directive. It states that any transaction (originating from or bound for Iran) must be treated as a high-risk transaction for the purposes of subsection 9.6(3) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), and must be reported to FINTRAC. Where these transactions involve the receipt of VC but cannot be reported using an LVCTR, they must be reported using the Suspicious Transaction Report (STR) with the IR2020 code.  Only completed transactions can be reported through an STR if the only reason for reporting is that the transaction is originating from or bound for Iran. An attempted transaction should only be reported when you have reasonable grounds to suspect that the transaction is related to the attempted commission of a money laundering or terrorist activity financing offence. 

Further to section 3(a) of the Ministerial Directive, you need to look at a variety of elements when determining whether a transaction originates from or is bound for Iran because the circumstances of each transaction are different. The exchange of VC for Iranian rial is not the only circumstance in which a VC transaction may fall under the Ministerial Directive. After you’ve considered the facts, contexts and indicators of a transaction and you determine it is subject to the Ministerial Directive, you must determine if the transaction(s) should be reported using the LVCTR or STR, as described above.

I’ve provided the reporting information for the scenarios you presented in your email:

    1. Virtual currency that originates from an identified virtual currency exchange in Iran.
      • Report the transaction in the STR with code IR2020.
    2. Virtual currency that originates from a wallet address identified as being in or from Iran.
      • When the conductor, beneficiary or third party address details list Iran as the country, and the transaction is not a VC exchange to Iranian rial, report the transaction in the STR with code IR2020.
    3. Travel rule information from the receiving client (or from a participant in the travel rule network) that sent the virtual currency from an address associated with an Iranian virtual currency exchange, or a person or entity in Iran that is not captured under the Ministerial Directive.
      • If a VC transaction has travel rule information that indicates it originates from or is bound for Iran and it does not meet the LVCTR criteria for the Ministerial Directive, the transaction must be reported using the STR with code IR2020.

So What Do I Need To Do?

What is important to understand in this clarification, is the obligation to report every transaction that has a nexus to Iran, such as originating from a VC exchange in Iran, and how that is to be reported. Where a transaction is not otherwise reportable to FINTRAC via an LVCTR, it must be reported using a Suspicious Transaction Report (STR) and the MD indicator IR2020 must be selected (we also suggest including IR2020 in the opening of the narrative in Section G). Transactions that are not otherwise reportable to FINTRAC include VC exchange transactions below the reporting threshold, as referenced in the response from FINTRAC.

Moving Forward

In order to ensure you are compliant with the MD obligation, a thorough lookback to June 1, 2021 for all VC transactions below the reporting threshold, that may have had a nexus with Iran, needs to be performed. Should transactions that should have been reported be found, a Voluntary Self-Disclosure of Non Compliance (VSDONC) should be submitted to FINTRAC. For more information on VSDONCs and how to complete one, please see our blog post on the topic.

Need a Hand?

If you are looking for help completing a lookback or would like a second set of eyes on a VSDONC, please feel free to contact us.

Proposed 2023 AML Changes: Mortgage Lenders and Armoured Car Services

Background

February seems to be the month for proposed legislative changes.

On February 18, 2023, draft amendments to the regulations under the Proceeds of Crime Money Laundering and Terrorist Financing Act (PCMLTFA), and a net-new draft regulation, were published in the Canada Gazette. If you’re the type that likes to read original legislative text, you can find it here. We (thanks Rodney) also created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

These changes are meant to renew and improve Canada’s anti-money laundering (AML) and Counter Terrorist Financing (CTF) regime, adapting to new money laundering (ML) and terrorist financing (TF) risk. One of the most significant changes, in our opinion, is the introduction of two new regulated entity types, mortgage lenders and armoured car companies.

Currently, mortgages issued by financial entities are captured under the PCMLTFA but these amendments would make all entities involved in the mortgage lending process (brokers responsible for mortgage origination, lenders responsible for underwriting the loan, and administrators responsible for servicing the loan) reporting entities. The intent here is to level the playing field between regulated and unregulated mortgage lenders, and to deter misuse of the sector for illicit activities.

While the activity of transportation is not currently supervised for AML purposes per se, armoured car carriers provide services largely to regulated entities. Given the flow of funds that is typically seen in this sector, reconciliation and identification of the origin of funds can sometimes be challenging, and allows funds to move with some degree of anonymity, which is an ML/TF vulnerability.

The draft regulations also introduce new requirements for correspondent banking relationships, and additional requirements related to the Money Services Business (MSB) registration. There are also some technical amendments related to existing reporting requirements and changes related to Administrative Monetary Penalties (AMPs).

Lastly, a new regulation would introduce a prescribed formula for the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) to assess the expenses it incurs in the administration of the PCMLTFA against reporting entities. Such models are seen from other regulators, such as the Office of the Superintendent of Financial Institutions (OSFI) and the Financial Consumer Agency of Canada (FCAC). Currently, FINTRAC is funded through appropriations.

In the following sections, we have summarized what we feel are the most important requirements to note.

Armoured Car Companies

The proposed changes would require a company that engages in “transporting currency or money orders, traveller’s cheques or other similar negotiable instruments” (except for cheques payable to a named person or entity) to be considered an MSB. As such, the following obligations will have to be met:

  • Development of a compliance program;
  • Maintaining an up-to-date MSB registration with FINTRAC;
  • Conducting compliance effectiveness reviews;
  • Reporting certain transactions;
  • Identifying customers;
  • Record keeping;
  • Risk ranking customers and business relationships;
  • Conducting transaction monitoring and list screening;
  • Conducting enhanced due diligence and transaction monitoring for high-risk customers and business relationships; and
  • Follow ministerial directives and transaction restrictions.

One record keeping obligation to note, which is new for armoured car companies, is the requirement to record the following information when transporting CAD 1,000 or more of cash or virtual currency, or CAD 3,000 or more in money orders or similar negotiable instruments:

  • The date and location of collection and delivery;
  • The type and amount of cash, virtual currency or negotiable instrument transported;
  • The name and address of the person or entity that made the request, the nature of their principal business/occupation and, in the case of an individual, their date of birth;
  • The name and address, if known, of each beneficiary;
  • The number of every account affected by the transport, the type of account, and the name of the account holder;
  • Every reference number that is connected to the transport, and has a function; equivalent to that of an account number; and
  • The method of remittance.

An additional requirement that will apply to armoured car companies is in relation to PEP determinations (existing PEP requirements for MSBs still apply). Specifically, a PEP determination is required whenever a person requests that the MSB transport more than CAD 100,000 in cash or virtual currency, or in an amount that is not declared.

Under the proposed regulations, there are some exemptions for reporting that are noteworthy. Large Cash and Large Virtual Currency reporting requirements will not apply where there is an agreement of transportation between:

  • The Bank of Canada and a person or entity in Canada;
  • Two financial entities;
  • Two places of business of the same person or entity; or
  • Canadian currency coins for purposes of delivery under the Royal Canadian Mint.

It is noteworthy, based on the definition, that there may be more than just armoured car companies that are captured under these new requirements. This will be clarified in guidance from FINTRAC that will follow publication of the legislation.

The requirements applicable to armoured car companies will come into force eight months after final publication in the Canada Gazette.

Mortgage Lending

The proposed regulations would require mortgage lenders, brokers, and administrators (mortgage participants) to put in place compliance regimes, similar to that of other regulated entities, which include the following:

  • Development of a compliance program;
  • Conducting compliance effectiveness reviews;
  • Reporting certain transactions;
  • Identifying customers;
  • Keeping records;
  • Risk ranking customers and business relationships;
  • Conducting transaction monitoring and list screening;
  • Conducting enhanced due diligence and transaction monitoring for high-risk customers and business relationships; and
  • Follow ministerial directives and transaction restrictions.

It is noteworthy, that many mortgage brokers already have existing voluntary AML compliance programs and already apply AML measures. This is in part due to various securities regulations and lending partners.

The requirements applicable to mortgage lending will come into force six months after final publication in the Canada Gazette.

Cost Recovery

As part of this round of regulatory changes, there is a net-new regulation, the Financial Transactions and Reports Analysis Centre of Canada Assessment of Expenses Regulations. This regulation will allow FINTRAC to pass on expenses, to reporting entities, that it incurs in the administration of the PCMLTFA. Only the following prescribed entity types are affected by this:

  • Banks and authorized foreign banks;
  • Life insurance companies;
  • Trust and loan corporations; and
  • Every entity that made more than 500 threshold reports during the previous fiscal year.

The regulations provide a formula that FINTRAC would use to calculate the assessment amounts payable by reporting entities on the basis of their annual asset value, and the volume of all threshold transaction reports submitted. For clarity, threshold transaction reports include Large Cash Transaction Reports (LCTRs), Large Virtual Currency Transaction Reports (LVCTRs), Electronic Funds Transfer Reports (EFTRs), and Casino Disbursement Reports (CDRs).

The requirement would come into force on April 1, 2024. This means FINTRAC would commence recovering costs from the 2024-2025 fiscal year and forward.

Other Changes

Enhancing MSB registration

Under the proposed amendments, as part of MSB registration, MSBs would now need to include the telephone numbers and email addresses of its president, directors and every person who owns or controls 20% or more of the MSB. This is in addition to current required information. Additionally, the number of the MSB’s agents, mandataries and branches in each country will be added (currently, only those within Canada are required).

This requirement will come into force twelve months after final publication in the Canada Gazette.

Streamlining requirements for sending AMPs

Under the proposed amendments, FINTRAC would be allowed to serve a reporting entity solely by electronic means when issuing an AMP. Currently, FINTRAC would also have to send an additional copy by registered mail.

This requirement would come into force on registration.

What Next?

There is a 30 day comment period (ending March 20, 2023) for the proposed regulations. It is strongly recommended that industry, and potentially impacted companies, review carefully and provide feedback. Comments can be submitted online via the commenting feature after each section of the proposed changes, or via email directly to Julien Brazeau, Associate Assistant Deputy Minister, Financial Sector Policy Branch, Department of Finance, 90 Elgin Street, Ottawa, Ontario K1A 0G5.

We’re Here To Help

If you have questions related to the proposed changes, or need help starting to plan, you can get in touch using the online form on our website, by emailing us directly at info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Effectiveness Reviews for Dealers in Virtual Currency

Effective June 1, 2020, dealers in Virtual Currency activities were considered as Money Services Businesses (MSBs) and as such, must comply with MSB obligations under amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). One obligation is to have an AML effectiveness review at least once every two years. MSBs must start their effectiveness review no later than two years from the start of their previous review or in the case of dealers in Virtual Currency, no later than June 1, 2022, the date they were considered to be MSBs under law.

Such reviews must test your compliance program and effectiveness of your operations. Our reviews follow a similar format to examinations conducted by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), which you can read more about in a previous Blog Post.

We’re Here To Help

If you have not yet engaged or commenced your review, there are still a couple of weeks to be compliant. If you would like to engage Outlier to conduct your AML Compliance Effectiveness Review or have questions regarding this obligation, please get in touch.

Outlier Solutions Inc. Offering Compliance Services to the Metaverse in Decentraland

February 23, 2022 Toronto — Outlier Solutions Inc. doing business as Outlier Compliance Group, a consultancy specializing in compliance solutions for reporting entities ranging from banks to dealers in virtual currencies (like bitcoin) to real estate firms, is one of the first to offer compliance services in the metaverse. Outlier will be joining as one of the professional service providers setting up shop in conjunction with Grinhaus Law Firm, a leading Canadian law firm in Blockchain regulatory advisory, and DGM Financial Group, a prominent Trust and corporate services office which helps structure crypto businesses internationally, in Decentraland, to service clients globally and through the metaverse.

Visitors to Decentraland will now be able to visit Outlier’s office, and book meetings with one of the team members. Visitors can discuss their Canadian compliance needs on topics such as Canadian anti-money laundering (AML), counter terrorist financing (CTF), privacy, and regulatory compliance management. Virtual spaces include traditional offices and a fountain (and of course, meetings can also be requested in person and via more traditional virtual meeting software). The Decentraland office is located at -39, 121, in the same neighbourhood as Decentraland University.

“The world, actual and virtual, is evolving rapidly” said Outlier’s Co-Founder and CEO, Amber D. Scott. “It’s important to understand what shape that evolution is taking, and no better way to learn than to be involved directly.” She adds, “It just makes sense that in order to be good advisors to companies operating in the metaverse, we would be there too.”

Scott’s avatar in Decentraland checks out the new virtual office space.

Founder of Grinhaus Law Firm, Aaron Grinhaus, stated, “we are pleased to welcome Outlier Solutions Inc. and complement our line up of professional services to help people and businesses navigate the ‘gray areas’ and legitimize the existence of the metaverse.”

Decentraland, with its 800,000+ residents and $54B in transactions, is also home to a wide array of companies and institutions from academia to crypto companies to fashion. This represents an opportunity to strategically grow Outlier’s presence as well as participate in the booming growth and creation in the metaverse.

Please direct media inquiries to decentraland@outliercanada.com.

About Outlier Solutions Inc.
Outlier Solutions Inc. dba Outlier Compliance Group is a Canadian consulting firm, founded in August of 2013, which is focused on developing compliance solutions for reporting entities. Outlier’s areas of expertise include anti-money laundering (AML), counter terrorist financing (CTF), privacy, and regulatory compliance.

For further information please visit https://www.outliercanada.com

About Grinhaus Law Firm
Grinhaus Law Firm was established in 2012 and is a business, tax and regulatory focused firm with a niche expertise in Blockchain and Smart Contract law.

For further information please visit https://grinhauslaw.ca

About DGM Financial Group
DGM Financial Group is a global financial services firm that provides Trust Administration, Corporate Services, Management Services to insurance and non-insurance companies, Family Office, Director Services, and is a Listing Sponsor on the Barbados Stock Exchange.

For further information please visit https://dgmfinancialgroup.com/

About Decentraland
Decentraland is the first fully decentralized virtual world. Powered by DAO, which owns the most important smart contracts and assets of Decentraland. Decentraland is a software running on Ethereum that seeks to incentivize a global network of users to operate a shared virtual world. Decentraland users can buy and sell digital real estate, while exploring, interacting and playing games within this virtual world.

For further information please visit https://decentraland.org

Regulations for Dealers in Virtual Currency – June 2020

Effective June 1, 2020, entities engaged in Virtual Currency activities are considered as Money Services Businesses (MSBs), and are required to register with FINTRAC and comply with MSB obligations under amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) that were released on July 19, 2019. Those amendments also require, as of June 1, 2021, reporting large virtual currency transactions. The Department of Finance has since made further amendments to those amended regulations, published in the Canada Gazette on June 10, 2020.

To make reading these changes a little easier, we have created a redlined version of the regulations, with the most recent changes showing as tracked changes, which can be found here.

Dealers in Virtual Currency

It’s important to start by understanding what’s being regulated. This is best done by considering some of the definitions that have been added to the regulation.

fiat currency means a currency that is issued by a country and is designated as legal tender in that country. (monnaie fiduciaire)

funds means

(a) cash and other fiat currencies, and securities, negotiable instruments or other financial instruments that indicate a title or right to or interest in them; or

(b) a private key of a cryptographic system that enables a person or entity to have access to a fiat currency other than cash.

For greater certainty, it does not include virtual currency. (fonds)

virtual currency means

(a) a digital representation of value that can be used for payment or investment purposes that is not a fiat currency and that can be readily exchanged for funds or for another virtual currency that can be readily exchanged for funds; or

(b) a private key of a cryptographic system that enables a person or entity to have access to a digital representation f value referred to in paragraph (a). (monnaie virtuelle)

virtual currency exchange transaction means an exchange, at the request of another person or entity, of virtual currency for funds, funds for virtual currency or one virtual currency for another. (opération de change en monnaie virtuelle)

In terms of who will be regulated, businesses (whether or not the business is incorporated) that conduct transactions on behalf of their customers, including:

  • Exchanging digital currencies for fiat currencies; and
  • Exchanging between virtual currencies.

Current Obligations

Client Identification:

Dealers in Virtual Currency must identify individuals and confirm the existence of entities when they:

  • Remit or transmit funds (see definition above) of $1,000 or more at the request of a customer;
  • Conduct a foreign exchange transaction of $3,000 or more;
  • Enter into an ongoing service agreement with a customer (conduct transactions for a customer that is an entity);
  • Conduct a large cash transaction; and
  • Must take reasonable measures to identify individuals who conduct or attempt to conduct a suspicious transaction.

As of June 2021, there will be an additional requirement to identify virtual currency exchange transactions valued at CAD 1,000. This will include exchanging fiat and virtual currency, as well as exchanges between virtual currencies.

Information on acceptable methods to identify clients can be found on FINTRAC’s website. 

Reporting:

For reporting, there are two important dates. By June 1, 2020, dealers in virtual currency will need to report the same types of transactions that MSBs are currently required to report. These are:

  • Electronic Funds Transfers: if you send or receive international electronic funds transfers (EFTs), including wires, valued at CAD 10,000 or more, by or on behalf of the same customer, it must be reported to FINTRAC within 5 working days.
  • Large Cash Transactions: if you receive cash (this means fiat in the form of bills and/or coins) valued at CAD 10,000 or more in the same 24-hour period, by or on behalf of the same customer, it must be reported to FINTRAC within 15 calendar days.
  • Suspicious Transactions: if there are “reasonable grounds to suspect” that a completed attempted transaction is related to money laundering or terrorist financing, it must be reported to FINTRAC “as soon as practicable” of the discovery of a fact that led you to determine that the transaction was suspicious.

FINTRAC defines “as soon as practicable” in its Glossary as follows:

A time period that falls in-between immediately and as soon as possible within which a suspicious transaction report (STR) be submitted to FINTRAC. In this context, the report must be completed promptly, taking into account the facts and circumstances of the situation. While some amount of delay is permitted, it must have a reasonable explanation. The completion and submission of the report should take priority over other tasks.

FINTRAC has released more specific guidance on what “measures” enable reporting entities to have “reasonable grounds to suspect”.

More information on suspicious transaction reporting can be found on FINTRAC’s website.

  • Terrorist Property: if you’re in possession of property (which includes funds and virtual currency) that belong to a terrorist or terrorist group, it must be reported without delay, and the property must be frozen. In addition to reporting to FINTRAC, these reports are also sent to the CSIS and RCMP – by fax. In order to know if customers fall into this category, it is important to screen against the United Nations Security Council consolidated list. We’ve worked with some friends on a tool to make this easier, which you can try here (use the code Free100 for a free trial).

If you are required to report transactions valued at CAD 10,000 or more in a 24-hour period, you must have a mechanism in place to detect reportable transactions which is described in your compliance documentation.

By June 1, 2021, a new report will be introduced:

  • Large Virtual Currency Transactions: if you receive virtual currency valued at CAD 10,000 or more in the same 24-hour period, by or on behalf of the same customer, it must be reported to FINTRAC within 5 working days.

Amendments to the Amendments

The amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) that were published in the Canada Gazette on June 10, 2020 create the following obligations for dealers in Virtual Currency:

Travel Rule

One of the most significant changes that will impact Virtual Currency Dealers as MSBs relates to a new requirement for records to be kept on all virtual currency transfers of CAD 1,000 or more.

The record must contain the following:

  1. include with the transfer, the name, address and, if any, the account number or other reference number of both the person or entity that requested the transfer and the beneficiary; and
  2. take reasonable measures to ensure that any transfer received includes the information referred to in paragraph (a) above.

Where the information required was not obtained, MSBs must have written risk-based policies and procedures for determining if the transaction should be suspended, rejected, or if another follow-up measure should be taken.

PEP

In addition to the existing requirement for MSBs to take reasonable measures to determine whether a client from whom they receive an amount of CAD 100,000 or more is a Politically exposed person (PEP), the amendments will require MSBs to make a PEP determination when they establish a business relationship with a client.

A reminder that a business relationship is defined as:

If a person or entity does not have an account with you, a business relationship is formed once you have conducted two transactions or activities for which you have to:

  • verify the identity of the individual; or
  • confirm the existence of the entity.

MSBs will also periodically need to take reasonable measures to determine whether a person with whom they have a business relationship is a PEP. We will have to await guidance from FINTRAC on this, but our guess is the frequency for determination will align to the frequency for customer information and identification updates.

Given the definition of a business relationship, we do not expect this requirement to be overly burdensome. If you currently conduct list screening, PEP screening could easily be added to that process. You are also able to ask the customer directly, while presenting the definition of a PEP, and record their response.

If a positive determination is made, the following records must be kept:

  1. the office or position, and the organization or institution, in respect of which the person is determined to be a politically exposed foreign person, a politically exposed domestic person or a head of an international organization, or a family member of, or a person who is closely associated with, one of those persons;
  2. the date of the determination
  3. the source, if known, of the person’s wealth;
  4. the risk rating; and
  5. the name of the member of senior management who reviewed the client, and the date the client was approved.

Other Relevant Blog Posts for Dealers in Virtual Currency

What’s happening in the VC community? 

Messaging Standard Overview

In October 2018, the Financial Action Task Force (FATF) adopted changes to its Recommendations to explicitly clarify that they apply to financial activities involving virtual assets (VA), effectively expanding the scope of the Recommendations to apply to virtual asset service providers (VASPs) and other obliged entities that engage in or provide covered VA activities.

“There exists a need for VASPs to adopt uniform approaches and establish common standards to enable them to meet their obligations resulting from the FATF Recommendations as they apply to affected entities”.

The implementation of obligations such as the travel rule for virtual currency transactions, in the majority of cases, would require an accompanying technology. To tackle issues such as this, a cross-industry, cross-sectoral joint working group of technical experts was formed in December 2019 and a new technical standard developed by the group.  The Joint Working Group on interVASP Messaging Standards (JWG) was established  by three leading international industry associations representing VASPs:
Chamber of Digital Commerce
Global Digital Finance
International Digital Asset Exchange Association 

We will have to wait for FINTRAC guidance to see if such a standard is provided as an example.

More information on the working group can be found here.

To download a copy of the standard anonymously, use this link:

DOWNLOAD THE STANDARD

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch!

2019 AML Regulation Highlights for Dealers in Virtual Currency

Back in June 2018, we published an article on proposed AML rules for dealers in Virtual Currency. On July 10th, 2019, updates to Canada’s anti-money laundering (AML) regulations were published in the Canada Gazette. There are three different “coming into force” dates (the dates on which the content of various updates become requirements for regulated entities). 

  • July 10, 2019: a small change in wording (from “original” to “authentic”) is good news for digital identification.
  • June 1, 2020: dealers in virtual currency must be registered as money services businesses (MSBs) and have AML compliance programs in place.
  • June 1, 2021: additional provisions, including reporting large virtual currency transactions.

This is a significant regulatory package with a lot of changes (the document is over 200 pages long). This article will cover the major points for dealers in virtual currency, but it’s important to remember that there is a lot of nuances and differences between business models. We recommend speaking to your local neighbourhood compliance geek about how to adapt to these changes (if you need a compliance geek, please get in touch).

It is also worth noting that tokens that are considered securities would not be considered virtual currencies. Securities and securities dealers were already regulated. If you’re not sure whether or not a token is a security, we recommend reaching out to a securities lawyer (if you need recommendations, please feel free to contact us). It is possible to be both a securities dealer and a dealer in virtual currencies, but if you are only looking for the changes pertinent to securities dealers, you will find those in another article.

Hefty Disclaimers & Sharing

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Dealers In Virtual Currency

It’s important to start by understanding what’s being regulated. This is best done by considering some of the definitions that have been added to the regulation.

fiat currency means a currency that is issued by a country and is designated as legal tender in that country. (monnaie fiduciaire)

funds means

(a) cash and other fiat currencies, and securities, negotiable instruments or other financial instruments that indicate a title or right to or interest in them; or

(b) a private key of a cryptographic system that enables a person or entity to have access to a fiat currency other than cash.

For greater certainty, it does not include virtual currency. (fonds)

virtual currency means

(a) a digital representation of value that can be used for payment or investment purposes that is not a fiat currency and that can be readily exchanged for funds or for another virtual currency that can be readily exchanged for funds; or

(b) a private key of a cryptographic system that enables a person or entity to have access to a digital representation of value referred to in paragraph (a). (monnaie virtuelle)

virtual currency exchange transaction means an exchange, at the request of another person or entity, of virtual currency for funds, funds for virtual currency or one virtual currency for another. (opération de change en monnaie virtuelle)

In terms of who will be regulated, businesses (whether or not the business is incorporated) that conduct transactions on behalf of their customers, including:

  • Exchanging digital currencies for fiat currencies; and 
  • Exchanging between virtual currencies.

This would include custodial wallet services that hold customers’ private keys on their behalf, as well as exchanges, brokerages, and automated teller machines (ATMs). The requirements apply to foreign and domestically based businesses. The inclusion of foreign MSBs means that it won’t matter where your business is incorporated. If you are targeting your services to Canadians, you are expected to comply with Canadian rules and you will need to be aware of requirements as they apply to your Canadian customers.

One of the most important notes in our view is “These amendments serve to mitigate the money laundering and terrorist activity financing vulnerabilities of virtual currency in a way that is consistent with the existing legal framework, while not unduly hindering innovation. For this reason, the amendments are targeted at persons or entities engaged in the business of dealing in virtual currencies, and not virtual currencies themselves.” It is expected that there will be additional updates to the regulations, and community consultations. During these processes, this distinction should remain an important one.

Digital Identification and “Authentic” Documents

Canadian businesses, such as MSBs, that are regulated for AML purposes must identify certain customers either because there is an ongoing service agreement, an account, or because the customer performs specific types of transactions. In these instances, the methods used to identify customers are prescribed in the regulations. Previously, there was a requirement that any document that was used in identification processes be “original”. A narrow view was taken of the definition of the word original: the document itself, in whatever form it was issued. No scans, copies or other digital representations were permitted. This was a significant challenge in non-face-to-face environments.

Effective on publication of the updates, the word “original” has been replaced with “authentic”. It’s important to keep in mind that while this does allow for documents to be submitted in a myriad of digital formats, there will be an expectation that reporting entities do something in order to determine whether or not the document is authentic. The regulations are not prescriptive in terms of how this will be done. We expect that a number of different solutions, ranging from having a human review documents, to using AI to make risk-based determinations, will be valid. If there are processes that you aren’t sure about, it is possible to write to FINTRAC to request a policy interpretation. We expect that FINTRAC will release updated guidance on identification, and issue many subsequent policy interpretations as the landscape evolves.

For customers that were previously identified, there is an expectation that the customer is identified in accordance with the rules that were in place at the time. Unfortunately, this means that if a customer was identified before the updated regulations were published, and an electronic version of a document was used, the identification may not be considered complete. It will be important for businesses to assess the processes that were in place at this point in time in order to make an accurate determination of whether or not the standards were being met.

Registering as a Money Services Business (MSB)

Although the legislation has been published, Dealers in Virtual Currency are not yet able to register as money services businesses (MSBs) with FINTRAC, Canada’s federal AML regulator and financial intelligence unit (FIU). The process is relatively straightforward, beginning with a pre-registration form. 

The FINTRAC registration process is generally very efficient (taking two to four weeks in total). As part of this process, you must provide FINTRAC with complete information about your business, including:

  • Bank account information;
  • Information about your compliance officer;
  • Number of employees;
  • Incorporation information (if your business type is a corporation);
  • Information about your MSB’s owners and senior management, such as their name and date of birth;
  • An estimate of the expected total dollar amount of transactions per year for each MSB service you provide;
  • Detailed information about every branch; and
  • Detailed information about every Canadian MSB agent.

You are not required to have locations or offices in Canada in order to register as an MSB with FINTRAC. Once registered, the registration must be maintained and you must:

  • Keep registration information up to date;
  • Respond to requests for, or to clarify information, in the prescribed form and manner, within 30 days;
  • Renew our registration before it expires; and
  •  Let FINTRAC know if we stop offering MSB services to Canadians

SCAM ALERT: There is no cost to register an MSB with FINTRAC – although we’ve heard of several scams claiming that there is a fee. Please ensure that you are only registering through valid FINTRAC sites, which will contain “fintrac-canafe.gc.ca” in the url. If you have received a phishing email or other request to pay FINTRAC registration fees, we recommend reporting this to both the Canadian Anti-Fraud Centre and to FINTRAC directly.

All dealers in virtual currency are expected to register with FINTRAC by June 1, 2020.

Building or Updating Your Compliance Program

MSBs in Canada are required to have a documented AML compliance program in place. In all instances, when something is a requirement it’s not enough to have done something to meet that requirement. Both your process and what you’ve actually done in order to meet the requirement must be documented. An AML compliance program has these elements:

  1. Compliance Officer: this is the person who will be responsible for your AML compliance program. They should understand Canadian AML requirements, be relatively senior in your company (access to your Board and Management team is necessary), and sign up to receive updates from FINTRAC.
  2. Policies and Procedures: these are documents that describe what you are required to do, and how you will do it. The processes should be an accurate description of what you are actually doing and detailed enough that a new hire could follow them.
  3. Risk Assessment: this is a document that considers the risk that your business could be used to launder money and/or finance terrorism. FINTRAC has released detailed guidance for MSBs to help create this type of document.
  4. Ongoing Training: any staff (including part-time and temporary staff) that deal with customers, transactions, and systems must receive training on a regular basis (this is generally interpreted to mean at least annually). It’s fine to rely on an external vendor, but your training should also include training on your processes.
  5. AML Compliance Effectiveness Reviews/Audits: every two years, you must complete a formal review of the effectiveness of your AML compliance program and operations. This can be conducted internally or by an external vendor.

In addition, to your documented program, you will need to ensure you operate in a compliant manner which includes, registering with FINTRAC, identifying customers under certain circumstances (more on this under customer identification), collect know your customer (KYC) information, keep records, and report certain transactions to FINTRAC.

All dealers in virtual currency are expected to have compliance programs in place and operational by June 1, 2020.

Customer Identification and Collecting KYC Information

For dealers in virtual currency, customer identification and the collection of KYC information will be required where virtual currency exchange transactions valued at CAD 1,000 or more are conducted. This will include exchanging fiat for virtual currency, as well as exchanges between virtual currencies.

Customers must also be identified, where possible if there are reasonable grounds to suspect that a transaction is related to money laundering or terrorist financing. When a transaction is suspicious, there is no minimum value threshold for identification.

Identification in this context must be completed in specific ways, each of which require particular records to be maintained. The chart below is from FINTRAC’s current customer identification guidance (which must be updated to reflect the change in wording from original to authentic, though other elements remain unchanged).

If the customer is an entity (a company, partnership, trust, etc.), then measures must be taken to confirm the entity’s existence and beneficial ownership. Certain details must be collected for directors, trustees, beneficiaries of trusts, and anyone that owns or controls 25% or more of an entity. This includes “indirect ownership” (such as ownership through another company).

There is also information about the customer that must be collected. For individuals, this includes name, date of birth, address, and occupation or principal business. For entities, this includes name, address, place of incorporation (if applicable), and incorporation number (if applicable). 

All dealers in virtual currency are expected to have processes in place to identify customers and collect KYC information by June 1, 2020.

FINTRAC Reporting

For reporting, there are two important dates. By June 1, 2020, dealers in virtual currency will need to report the same types of transactions that MSBs are currently required to report. These are:

  • Large Cash Transactions: if you receive cash (this means fiat in the form of bills and/or coins) valued at CAD 10,000 or more in the same 24-hour period, by or on behalf of the same customer, it must be reported to FINTRAC within 15 calendar days. 
  • Suspicious Transactions: if there are reasonable grounds to suspect that a transaction is related to money laundering or terrorist financing, it must be reported to FINTRAC within 30 calendar days of the discovery of a fact that led you to determine that the transaction was suspicious.
  • Attempted Suspicious Transactions: if a customer or prospective customer requests a transaction, but does not complete it (including transactions that you reject), and there are reasonable grounds to suspect money laundering or terrorist financing, then it must be reported. The timeframe is the same as it would be for completed transactions.
  • Terrorist Property: if you’re in possession of property (which includes funds and virtual currency) that belong to a terrorist or terrorist group, it must be reported without delay, and the property must be frozen. In addition to reporting to FINTRAC, these reports are also sent to the CSIS and RCMP – by fax. In order to know if customers fall into this category, it is important to screen against lists published by OSFI. We’ve worked with some friends on a tool to make this easier, which you can try here (use the code Free100 for a free trial).
  • Electronic Funds Transfers: if you send or receive international electronic funds transfers (EFTs), including wires, valued at CAD 10,000 or more, by or on behalf of the same customer, it must be reported to FINTRAC within 5 working days.

If you are required to report transactions valued at CAD 10,000 or more in a 24-hour period, you must have a mechanism in place to detect reportable transactions.

It’s noteworthy that if you are conducting international EFTs on your customers’ behalf, you may already be an MSB. The best way to know for certain, in our opinion, is to request a policy position from FINTRAC. This can be done free of charge by emailing guidelines-lignesdirectrices@fintrac-canafe.gc.ca. This can also be done on your behalf by a lawyer or consultant.

By June 1, 2021, a new report will be introduced.

  • Large Virtual Currency Transactions: if you receive virtual currency valued at CAD 10,000 or more in the same 24-hour period, by or on behalf of the same customer, it must be reported to FINTRAC within 5 working days.

There will be some additional changes to reporting and reporting timelines, including the requirement to report suspicious and attempted suspicious transactions “as soon as practicable” after you have determined that there are reasonable grounds to suspect that the transaction is related to money laundering or terrorist financing.

For Extreme Compliance Nerds

We clearly mean nerd as the highest term of admiration and endearment, and for you, we have created red-lined versions of the regulations, with new content showing as tracked changes. This is not an official version of the regulations, and we do, of course, recommend that you check it against the official version.

Need a Hand?

Whether you need to figure out if you’re a dealer in virtual currency, to put a compliance program in place, or to evaluate your existing compliance program, we can help. You can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

FATF, VASP – What Does It All Mean?

On June 21, 2019 the Financial Action Task Force (FATF) released “Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers”. In the ensuing days, while we read through and considered the implications of this dense 57 page document, we watched social media go overboard with all sorts of wild speculation and inaccurate representations. When that happens, and it’s within our power to get good information out there, we do our best to get solid information out fast to fight the fear, uncertainty and doubt (affectionately referred to as FUD online). Let’s take a closer look at the latest FATF guidance, and what it means for businesses that deal in crypto/digital/virtual currencies like bitcoin, and other virtual assets.

What is the FATF Anyway?

If you’re an AML geek, you can probably skip this section. For the other 99.99% of the world, the Financial Action Task Force (FATF for short) is an inter-governmental body formed in 1989 by its member jurisdictions. If you live in the developed world, odds are good that your country is a FATF member. The role of this organization is to issue guidance to countries on anti-money laundering (AML) and combatting terrorist financing. Countries that are members of the FATF are also evaluated in terms of how well they’re doing at following the FATF’s recommendations (these are called mutual evaluations). Generally speaking, member countries face a good deal of pressure to achieve positive results in mutual evaluations. Countries that are deemed to be non-compliant, or to have strategic deficiencies, are publicly listed and can face significant trade barriers.

To sum it up, the FATF is an international group made up of member countries that issues guidance to countries. That guidance is not law, but it certainly shapes the laws that are written by member countries. It may seem pedantic, but if you hear/read someone saying that the FATF has issued a law or a regulation, it’s likely that the speaker/writer doesn’t really understand how the FATF works – and this is the first piece of FUD that we’re going to dispel today: the FATF does not write laws or regulations.

Once the FATF has issued guidance, its member countries adapt their existing laws and regulations, and in some instances, impose new ones. Generally speaking, the more common approach is to adapt existing laws and regulations.  Regardless of the approach taken, a statement released with the guidance stating that the FATF will monitor implementation of the new requirements by countries and service providers and conduct a 12-month review in June 2020. The guidance is also expected to be the subject of further discussion at other international forums, including the G20.

Virtual Assets and Virtual Asset Service Providers

The FATF’s Guidance introduces new terms (and corresponding acronyms): virtual assets (VAs) and virtual asset service providers (VASPs). These are defined in the glossary at the end of the document, but it’s useful to start off by understanding what the terms mean.

A virtual asset is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the FATF Recommendations.

The broader text makes it clear that VAs are being broadly defined, and may include cryptocurrencies like bitcoin as well as other types of assets, like initial coin offering (ICO) tokens, which may also be considered securities.

There are also clear statements about the intent of the guidance, and that it is not an attempt to regulate technology. This is another important distinction, in particular where there is a discussion of regulation applicable to Bitcoin (with the capital B indicating that this is a reference to the Bitcoin protocol). That is simply not the case. In fact, the guidance notes that the intent is to remain technology agnostic, and that no specific technological adaptations to protocols are being proposed (we’ll dive a bit more deeply into this in the section that covers customer information).

What the guidance is, however, suggesting should be regulated are certain business activities that involve virtual assets.

Virtual asset service provider means any natural or legal person who is not covered elsewhere under the Recommendations, and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person:

i) exchange between virtual assets and fiat currencies;

ii) exchange between one or more forms of virtual assets;

iii) transfer of virtual assets;

iv) safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and

v) participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

The first, and probably most important, piece of FUD to fight here is the idea that peer-to-peer activity that is not being conducted for business purposes should be covered. This simply is not the FATF’s recommendation. This doesn’t preclude a country from writing laws or regulation that impose requirements on non-business peer-to-peer activity, but it does make that less likely in our estimation.

If you’ve looked at previous FATF guidance, you’ll notice that the scope is a bit different. Earlier guidance was focussed on what were termed “on and off ramps”, meaning transactions that involved trading fiat currency for a VA, or vice versa. The current scope includes trading between different VAs. To understand this change, consider that when the earlier guidance was issued there were no popular “stablecoin” VAs pegged to the value of an underlying asset (often a fiat currency) and ICOs had yet to raise millions in value in VA alone.

What Will It Mean for Businesses to be Regulated?

Businesses (including individuals that are conducting VASP activities on behalf of customers that have not incorporated a separate legal entity such as a company or partnership) may be subject to laws and regulations in more than one jurisdiction, and the specific requirements for each jurisdiction may be different (though most will follow the FATF’s guidance in broad strokes). For VASPs, it is important to understand the requirements that apply in each jurisdiction in which they operate (it is not enough to say that your business is following the FATF’s guidance).

The FATF recommends in its guidance that countries enact laws and regulations that apply to VASPs. This should include (not a comprehensive list):

  • The licensing and/or registration of VASPs;
  • A prohibition against criminals and their associates being beneficial owners of VASPs;
  • A requirement for VASPs to have qualified Compliance Officers, written policies and procedures, documented risk assessments, ongoing training, and measures of the effectiveness of the compliance program (audits);
  • Know your client (KYC) information and identification should be collected by VASPs for customers and business relationships (with a de minimis exception for occasional transactions valued at less than 1,000 EUR/USD);
  • Where transactions occur between two VASPs or between a VASP and another regulated entity type (such as banks), sender and receiver information must be transmitted. This has received a lot of attention, and it is not yet clear how this will be accomplished. The options noted in the guidance include:
    • Public and private keys,
    • Transport Layer Security/Secure Sockets Layer (TLS/SSL),
    • 590 Certificates,
    • 509 Attribute Certificates,
    • API Technology, and
    • Other Commercially Available Technology.
  • VASPs’ customers and business relationships should be subject to ongoing monitoring; and
  • Mechanisms in place to freeze assets and stop transfers in the case of listed persons and entities (such as known terrorists or sanctioned persons/entities).

The guidance also states that there should be true regulatory oversight, not self-regulatory organizations. There are additional considerations for other entity types that are already regulated (including securities dealers and banks) that engage in VASP activities.

Thinking about Risk

Some of the most interesting content in the guidance is related to the money laundering and terrorist financing risk posed by VAs and VASPs. Here, it was clear that the FATF had done their homework as the discussion included TOR, tumblers, mixers, and other technologies referred to as being “anonymity enhanced”. The factors that are listed as increasing a VAs/VASPs risk include:

  • Value moving into and out of fiat currency,
  • The use of anonymity-enhanced technologies,
  • Operations that are entirely online (non-face-to-face),
  • Links to high risk jurisdictions, and
  • The value that can be accessed/transferred.

The guidance does note that not all VAs/VASPs should be considered to be high risk.

A Quick Note on Financial Inclusion & De-Risking

The FATF’s page on financial inclusion defines the term as: Ensuring that financially excluded or underserved groups (such as low income, rural sector or undocumented groups) have access to regulated financial services helps to strengthen the implementation of AML/CTF measures.

If you’ve been watching or participating in VAs or VASPs, you’ll understand that many of these have financial inclusion related goals themselves, but VASPs often struggle with access to banking. In their guidance, the FATF makes a strong statement against banks and financial service providers de-risking all VASPs: It is important that FIs apply the risk-based approach properly and do not resort to the wholesale termination or exclusion of customer relationships within the VASP sector without a proper risk assessment.

Unfortunately, the same cannot be said of prohibition by countries: Some countries may decide to prohibit VA activities or VASPs, based on their assessment of risk and national regulatory context or in order to support other policy goals not addressed in this Guidance (e.g., consumer protection, safety and soundness, or monetary policy). The guidance goes on to note that countries that chose to ban VAs and/or VASPs would still need to ensure that sufficient safeguards are in place. This approach did not seem to be encouraged, but that it is explicitly mentioned is interesting of itself, as this is not the case for other asset or regulated entity types.

Margin Notes

We’ve been asked to post the annotated copy of the first read-through of the FATF’s guidance document. The annotations were not created with the expectation of the audience. They’re likely to be hard to read, idiosyncratic, and to clearly reveal that the author is dyslexic… but if they are of use to you, then these notes are yours to use.

Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers Marked Up Copy

Need a Hand?

If you want to understand the regulations that apply to your VA business/VASP, please contact us.

Compliance with laws and regulations is nuanced; we do not practice in all jurisdictions (and quite frankly, we believe that anyone claiming to understand the nuance of AML in every jurisdiction is greatly exaggerating their skill set). If we don’t practice in the places that matter to you, we’ll do our best to connect you with qualified people that do.

Information Should Be Free!

Outlier has produced an open-source AML and CTF, and Privacy repositories of definitions, acronyms, and terminology that is free for whoever wants it.

Please feel free to provide contributions and/or feedback, as it would be greatly appreciated. We have already had three contributors!

Discombobulated

About a year ago, we had a client who was interacting with the world of Anti-Money Laundering (AML) and Counter Terrorist Financing (CTF) for the first time. They were aggravated by the amount of jargon, acronyms, and uncommon uses of certain commonly understood terms. An example is, a business relationship. Those of you that are relatively familiar with the AML space know a business relationship doesn’t mean what the rest of the world thinks it means. In Canada, in the AML context, it means something very different.

A Helping Hand

At the time, they wished for a simple reference point where they could easily find the meaning for different terms. Unfortunately, this entails combing multiple locations, including FINTRAC’s website, plus the Act and Regulations themselves. To make a long story short, there is no easy way. Fed up, they (not so) gently suggested that we (Outlier) fix this. Their idea was creating a GitHub repository.

For those unfamiliar with GitHub, it is a web-based hosting service for version control. It is mostly used for computer code, but has also been used to write and edit books. It offers access control and several collaboration features. A GitHub repository is where the code and/or information is maintained for a specific project. This process is fairly simple to someone who is a coder with years of experience working with GitHub. For myself, this was not so simple. A year later, almost to the day, the repository is created, open and available to the public. There is no need to be scared, you are able to comment and make suggestions without knowing how to code at all. If you can’t figure out how to provide commentary in GitHub, send it to use via email at info@outliercanada.com with the subject line “GitHub Feedback.”

The Power of Collaboration

The (not so) gentle nudge meshed well with one of Outlier’s core beliefs: that information should be free. By collecting the information, housing it in GitHub, and making it available to anyone, we are able to provide free information to everyone who wants it. By making information free and public, it gives others the opportunity to make suggestions, add content, and improve the quality of the information.

What Happens When We Work Together?

By sharing this open-source project with the world, we are looking to empower anyone willing to be empowered. From the client who is interacting with the world of AML for the first time. To the seasoned-veteran who is looking for helpful resources. To the person who wants to provide their customer with a helpful resource. Take the information and do what you wish with it. If you would like to attribute Outlier, awesome! If not, that’s ok too. Our only request is this should never be provided for a fee.

Have a Question?

If you looked at the resource and are curious about how to make a contribution, please feel free to contact us anytime. Contributions can include anything from corrections and suggestions, to the addition of different jurisdictional definitions, specifically the European perspective.

This is not a solicitation (but we do get this request often), should you want to provide a tip in BTC or ETH, our addresses are listed below.

To open a channel with our Lightning Node, our address is: 03acb418d5b88c0009cf07d31ec53d0486814bc77917c352bd7e952520edf7bf3c@99.236.76.38:9735

or you can use Tippin.Me.

bitcoin ethereum
3AqYJQhfKYCde7syKKqTJJPdLs6M5CbWkR 0x03CDF23a2Eb070F2c79De5B2E6FB90671D3c70fE
Outlier BTC Tipping Address

Now We Wait… Canada’s Proposed AML Updates

As of last Friday (September 7, 2018) the comment period for Canada’s draft AML amendments has closed (if you have something to say, they’ll likely still accept submissions for a few more days).

TLDR?

Check out our summary here, or this panel digging into the details.

Want to read our submissions? Here they are!

2018Sep07_OutlierCanada Submission to Finance

2018Sep07_Apendix_SurveyResults

What Now?

The Department of Finance is going to head back to the Bat Cave to revise the policy. We expect that a final version will be published at some point in 2019, and that the content will include “dealing in virtual currency” (including businesses like bitcoin exchanges).

Once the final version is published, there will be a transition period (we expect a year or more) before everything is in force. In the meantime, if you’re expecting to be considered a money services business (MSB) when the final version is published, we recommend checking out some of the community events for MSBs, like the Canadian MSB Association (CMSBA)’s Fall Conference in Toronto.

We’re Here To Help

If you have questions about virtual currency and regulation in Canada, or regulation in Canada in general, please contact us.

Canada’s Proposed AML Changes for MSBs

What’s Old is New Again, Well Updated

On June 9th, 2018, draft amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations (there are five separate regulations that we’re going to collectively call regulations here for simplicity’s sake). This article is intended to give a high-level summary of the proposed amendments as they relate to Money Services Businesses (MSBs).

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Finally, we want to encourage the community to discuss the proposed changes and submit meaningful feedback for policy makers. The comment period for this draft is 90 days. After this, the Department of Finance takes the feedback to the bat cave and drafts a final version of the amendments. From the time that the final version is published, the draft indicates that there will be 12 months of transition to comply with the new requirements.

♬The Times Regulations Are Changing♬

Foreign MSBs

Currently, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has issued a policy interpretation (PI-5594) in August of 2013, which states that a “real and substantial connection” to Canada must be present for an entity to be required to register as an MSB with FINTRAC.  A “real and substantial connection” was defined in the interpretation as having one or more of the following:

  • Whether the business is incorporated in Canada;
  • Whether the business has agents in Canada;
  • Whether the business has physical locations in Canada; and/ or
  • Whether the business maintains a bank account or a server in Canada.

The draft amendments introduce a new definition, which is “Foreign Money Services Business” that means anyone serving Canadian customers or entities in Canada is now subject to all Canadian requirements no matter where they are located.  Throughout the proposed changes, where there is a reference to money services businesses, there is also a reference to foreign money services businesses.  This will be significant to MSBs who operate non-face-to-face in the online marketplace and do not reside in Canada.

Non-Face-To-Face Customer Identification

Currently, there is a requirement that when customers are identified using the dual process method, the document and/or data that you collect is in its “original” format. This has been interpreted to mean that if the customer receives a utility bill in the mail, they must send you the original paper (not scanned or copied) document. The word “original” will be replaced with “authentic” (meaning that so long as you believe that the utility bill is a real utility bill for that person, it doesn’t need to be the same piece of paper that they received in the mail).

In addition, there are provisions that would allow reporting entities to rely on the identification conducted previously by other reporting entities. If this method is used to identify a customer, the reporting entity must immediately obtain the identification information from the other reporting entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification within 3 days of the request.

Reporting EFTs of $10,000 or More

If you conduct international remittance transactions at the request of your customers, the requirement to report transactions of $10,000 or more will now be your responsibility, not your financial services provider.

The proposed change removes the language commonly known as the “first in, last out” rule.  This means that the first person/entity to ‘touch’ the funds for transactions incoming to Canada or the last person/entity to ‘touch’ the funds for a transaction outgoing from Canada had the reporting obligation (as long as the prescribed information was provided to them).

The update will change the reporting obligation to whoever maintains the customer relationship. So if you initiate a transaction at your customer’s request (outgoing transaction) or provide final receipt of payment to your customer (incoming transaction), it will be your obligation to report that transaction to FINTRAC.

For example, if the flow of the instructions for payment were as follows:

Currently, the reporting obligation of the outgoing EFT would fall to the bank in Canada.  With the draft updates, the reporting obligation would now fall to the MSB in Canada, because they have the relationship with the customer initiating the transaction.

 

Third Party Determination

Currently, the obligation to determine whether a third party is involved in a transaction relates to Large Cash Transactions.  The proposed changes would include the obligation to make a third party determination for all EFTs of $10,000 or more.  This would also require similar record keeping obligations as a third party determination under the current Large Cash Transaction records.

Suspicious Transaction Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. This change appeared in the last round of amendments that came into force last year, and the proposed new wording would be another significant change:

The person or entity shall send the report to the Centre within three days after the day on which measures taken by them enable them to establish that there are reasonable grounds to suspect that the transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist activity financing offence.

This means that a report would be due three days after the reporting entity conducts an investigation or does something that allows them to reach the conclusion that there are reasonable grounds to suspect.

Information Included In Reports to FINTRAC

Certain information is required in reports to FINTRAC. Even where information is marked as being optional, if a reporting entity has the information, it becomes mandatory to include it. Some of the additional proposed data fields are:

  • every reference number that is connected to the transaction,
  • type of device used by person who makes request online,
  • number that identifies device,
  • internet protocol address (IP address) used by device,
  • person’s user name, and
  • date and time of person’s online session in which request is made.

These fields may require significantly more data to be included in reports, especially for transactions that are conducted online.

Ongoing Compliance Training

Currently, there are five required elements of a Canadian AML compliance program, but there is soon to be a sixth.  Before you get too worried, it’s not that major.  The change is specific to your ongoing compliance training obligations, which says you must institute and document a plan for your ongoing compliance training program and the delivery of the training.  Basically, in your AML compliance program documentation, you need to provide a description of your training program for at least the next year and how the training will be delivered. Many MSBs have already implemented this best practice.

Risk Assessment Obligations

With the recent addition of the “New Technologies and Developments” category to the Risk-Based Approach requirements, the next logical progression has be added.  The updates include the obligation to assess the money laundering and terrorist financing risk of any new technology before implementation.  Meaning, if you are looking to take your business online and are going to use this fancy, new non-face-to-face ID system, you had better take careful inventory of where your risks are and be sure the appropriate controls have been put in place before going live. Much like the training plan, many MSBs have already implemented this best practice.

Virtual Currency

The draft updates also include major changes related to virtual currency. “Dealers in virtual currencies’ would be regulated as MSBs. New record keeping and reporting obligations would apply to all reporting entities that accept payment in virtual currency, or send virtual currency on behalf of their customers.

For more information on updates specific to virtual currency, please check out our full article.

What Next

If you’ve read this far, congratulations and thank you!

We hope that you will contribute your thoughts and comments. You can do this by contacting the Department of Finance directly. Their representative on this file is:

Lynn Hemmings

Acting Director General

Financial Systems Division

Financial Sector Policy Branch

Department of Finance

90 Elgin Street

Ottawa, Ontario

K1A 0G5

Email: fin.fc-cf.fin@canada.ca

If you would like assistance drafting a submission, or have questions that you would like Outlier to answer, please get in touch!

If you are interested in sharing your comments with the Canadian MSB Association (and we highly encourage you to do so) please email luisa@global-currency.com. She will have more information on the industry group’s submission and consultation process.

Return to Blog Listing