PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

The FINTRAC Outage: Guide for AML Reporting Agencies

Written with Heidi Unrau

 

On March 2, 2024, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) experienced a major cyber incident. As a security precaution, FINTRAC has taken most of its reporting systems offline, including MSB registration. Canadian reporting entities remain responsible for all anti-money laundering (AML) requirements during the outage.

Application programming interfaces (APIs) are available for some reports, including large cash transaction reports (LCTRs), large virtual currency transaction reports (LVCTRs), and suspicious transaction reports (STRs), as of April 8, 2024.

Reporting entities that are not able to submit reports via API must do so once other systems are back online. In the interim, special processes for priority STR submission and other notifications have been established.

Watch for Official Guidance

It’s essential that you follow FINTRAC’s official communications regarding the outage. Outlier’s insights are meant to complement this directive, not replace it. The official word from FINTRAC remains the final authority on these matters.

It is recommended that all Canadian AML Compliance Officers sign up for FINTRAC’s mailing list to get the latest news from the regulator (if you are not signed up already).

Accessing FINTRAC’s APIs

As of April 8, 2024, FINTRAC APIs are currently available for:

  • LCTRs
  • LVCTRs
  • STRs

An API is a way for different computer programs to communicate with each other. To use FINTRAC’s APIs, reporting entities must first apply to register and be granted access by FINTRAC. The implementation of APIs for reporting will require the support of your technical team or software provider. Reporting via API is different from batch reporting (for those that use it) as the API provides a secure exchange of information that does not require the installation of batch-transmitting software.

For reporting entities that have not implemented API functionality, additional guidance has been provided by FINTRAC.

Priority STRs

For priority STRs with national security or other dangerous implications, FINTRAC has provided a dedicated email address and telephone number to help you with this (see below).

Please note that the CSIS and RCMP systems for Terrorist Property Reporting (TPR) are unaffected by the outage and remain operational.

Priority STR Submission Contact Info:

  • Email: STR-DOD@fintrac-canafe.gc.ca
  • Call Centre: 1-866-346-8722 (toll free)

Reporting entities that are unsure of whether or not an STR is considered a priority may first contact FINTRAC using the information above to determine whether this submission method should be used. It is expected that STRs submitted via this method will also be re-submitted once systems are back online.

No Late Reporting Penalties

FINTRAC has indicated that the regulator understands that late reporting is an inevitable consequence of the outage. Therefore, FINTRAC has indicated that reporting entities will not be penalized for late reporting (within reason). It is expected that reporting entities will submit reports promptly once systems are back online.

Fulfilling Reporting Obligations

During the outage, reporting entities are required to track all reportable transactions. Keep detailed records of transactions that could not be reported during the outage. This will ensure that all required transaction reports are accurately and efficiently submitted once systems are restored.

In addition to information about reportable transactions, reporting entities should keep detailed records of:

  • The outage timing (provides useful context that may factor into future audit and examination-related data analysis)
  • All late reports submitted
  • Time required to clear the backlog once systems become operational

At this time, FINTRAC has not indicated that reporting entities should submit a voluntary self-declaration of non-compliance (VSDONC) related to late reporting due to the current outage. However, if there is a reporting backlog that will take significant time to clear, this may be considered once the outage has been resolved.

No Paper Submissions!

FINTRAC has explicitly advised against submitting paper copies of reports during the outage. Once the issue has been resolved, electronic reporting through the appropriate channels will resume.

MSB Registration & Inquiries

In a recent update on May 17, 2024, FINTRAC introduced a new web form specifically for existing Money Services Businesses (MSBs). This form allows currently registered MSBs to renew, update, or cancel their registration easily. You can access the form here:

It does not appear that new MSB registrations can be completed at this time. MSB registration inquiries can be directed to:

Be Prepared & Stay Alert

Stay up to date on the latest FINTRAC communications to ensure compliance should directives change.

For critical reporting and MSB registration needs, use the designated emails and phone numbers provided by FINTRAC. Keep all communications clear, concise, and accurate with all the necessary information.

Key FINTRAC Contact Information

Issue Email Phone
New MSB Registration Inquiries MSBRegistration@fintrac-canafe.gc.ca n/a
Existing MSB Registration Renewals, Updates, or Cancellations https://forms-formulaires.alpha.canada.ca/en/id/clwtp4i5j031kx883je15qc78? n/a
Priority STR Reporting STR-DOD@fintrac-canafe.gc.ca 1-866-346-8722
General Inquiries guidelines-lignesdirectrices@fintrac-canafe.gc.ca n/a
API Support tech@fintrac-canafe.gc.ca n/a

Additional Resources

Below, you’ll find a slide deck presentation and a YouTube video with the same information in this article. You are welcome to use and distribute these resources:

Need a Hand?

If you have any questions or concerns, the team at Outlier Solutions are here to help. Please contact us.

Is Your MSB Ready for a FINTRAC Exam?

Rodney_MSB2
We get a lot of questions about examinations conducted by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). While we’re happy to be able to help our customers in their examinations (you can check out our free resources for FINTRAC exams here), the responsibility during the examination will rest with the money services business (MSB), mainly with the MSB’s Compliance Officer.

FINTRAC’s expectations have changed dramatically, since MSB’s were first required to comply with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations. In 2015, we noticed that there was a dramatic shift in focus of MSB examinations. FINTRAC’s examiners were much more interested in detailed procedures (documents that describe how MSBs are complying with the PCMLTFA and regulations), and the Risk Based Approach.

One of the most important things that MSBs can do to ensure that their AML compliance programs are up to date, and at the same time, prepare for FINTRAC examinations, is to read FINTRAC’s published guidance. Two important guidance topics published in 2015 are, the Risk-Based Approach Guide (this guide describes what is the risk-based approach) and the Risk-Based Approach Workbook for MSBs (this workbook is for MSBs looking to implement a risk-based approach). While guidance published by FINTRAC doesn’t carry the weight of law or regulation, it does provide valuable insight about FINTRAC’s expectations.

Another excellent source of information is FINTRAC’s published Policy Interpretations. These are FINTRAC’s official answers to questions asked by MSBs and other reporting entities.

In Person & Desk Examinations

Whether the FINTRAC exam is in person or desk (conducted by phone) examinations, they follow very similar formats. The key difference is the regulator’s ability to request additional operational data during onsite examinations.

It is ok for you to take notes throughout the examination process (and we recommend that you do). You are permitted to have a lawyer, consultant or other representative with you (if you do, FINTRAC will request that you complete the Authorized Representative Form in advance). While your representative cannot generally answer questions on your behalf, they can prompt you if you are nervous or stuck, and help you to understand what is being asked of you, if it is not clear.

If you do not speak English and/or French fluently, we highly recommend that you have a person present who can translate questions and responses for you.

If you are not certain what the examiner is asking for, you should always ask for clarification before answering.

For in person examinations, do not invite the examiner to have a pint, lunch or even a coffee. FINTRAC has very strict policies around bribery, to the extent that if I am out socially with an acquaintance who works for FINTRAC, I cannot pay for their tea. It may feel a little bit “over the top”, not to be able to extend these courtesies, but don’t be offended – it’s not you, it’s policy.

The Introduction

The examiner will provide a brief overview of the examination process as a formal opening to the examination. At the end of this introduction, the examiner will ask if you have any questions. At this point, it can be useful to provide a very brief (five minutes maximum) overview of your business.

Your introduction should reflect the materials that you have already submitted to FINTRAC (which ideally included an opening letter that described anything about the business that would not be readily apparent to the examiner, or anything that you believe could be misunderstood). Key facts about your business include:

  • Your corporate structure and ownership;
  • The types of products and services that are offered / types of transactions that are conducted;
  • Where your offices, agents and customers are located;
  • How you connect with and your customers; and
  • Anything significant that has changed since your last FINTRAC examination.

This synopsis must be very brief. If there is anything that is complex, it should be included as an explanation in your initial package (preferably in a simplified chart form – for example an ownership structure chart).

The examination will then begin. At the end of each section, the examiner will ask if you have any questions and let you know whether there are any deficiencies.

Part 1 – FINTRAC MSB Registration

In this part, FINTRAC will go through your MSB registration field by field and confirm that the information is accurate. The most common errors that we have seen are:

  • Not listing a trade name/operating name;
  • Not listing all relevant locations;
  • Listing bank accounts that are inactive or not listing bank accounts that are active;
  • Not including MSB or agent relationships (either buying from or selling to another MSB);
  • Incomplete ownership information; and
  • Senior Management and/or Compliance Officer information, that is out of date.

Although it is not technically part of the registration, some examiners will ask about the Compliance Officer’s responsibilities/duties at this stage.

Failure to update the MSB registration in the “prescribed form and manner” is the single most common deficiency for MSBs from 2008 to the present, accounting for deficiencies in 61% of examinations (according to FINTRAC data released in 2015).

Part 2 – Compliance Policies & Procedures

In this part, FINTRAC will ask questions about the policy and procedure documents that you have provided in advance of the examination. There are a few standard questions that are generally asked:

  • Who wrote the policies and procedures?
  • Were the versions submitted to FINTRAC the most recent versions?
  • When were they updated?
  • When and how do you identify your customers?
  • How do you ensure that identification is up to date?
  • How do you monitor transactions?
  • How do you recognize, document and monitor “business relationships” (note: this is any time that you have either an ongoing service agreement with a customer and/or your customer has performed two or more transactions that require identification).
  • What are indicators of a suspicious transaction?

The examiner will also ask a number of questions based on the documents that you have submitted, including questions about compliance-related processes.

Part 3 – Risk Assessment

In this part, FINTRAC will focus on your Risk Based Approach, asking specific questions about the Risk Assessment and related documents that you have provided in advance of your examination. Again, there are some common questions that are asked:

  • Do you have any high-risk customers or business relationships?
  • What factors do you consider in determining that a customer or business relationship is high risk?
  • How are customer due diligence and enhanced due diligence different (both generally, and in your processes and documentation)?

Most additional questions will be related to risk management processes. For example, it has been common in the last few months for examiners to ask if a customer or transaction could be rejected (“Yes, if it was outside of our risk tolerance.”)

This may also lead to questions about whether or not an Attempted Suspicious Transaction Report (ASTR) or Suspicious Transaction Report (STR) was filed. If there were reasonable grounds to suspect money laundering or terrorist financing, the answer should be yes, if not, you should explicitly say, “There were not reasonable grounds to believe that this event was related to money laundering or terrorist financing” then provide an explanation.

Part 4 – Operational Compliance & Reporting

In this part, the examiner will ask questions about specific transactions. Some of the cases that you must be ready to explain are:

  • A reportable transaction (generally an electronic funds transfer or EFT) was reported by another reporting entity;
  • A transaction matches an indicator of potentially suspicious activity (if there were reasonable grounds to suspect money laundering or terrorist financing, the answer should be yes, if not, you should explicitly say that “there were not reasonable grounds to believe that this event was related to money laundering or terrorist financing” then provide an explanation); and
  • Business relationships and ongoing monitoring (in particular, if this did not occur earlier in the examination).

During a desk examination, the examiners do not request additional materials.

During onsite examinations, it has become commonplace for examiners to request additional materials. These are generally related to:

  • Business relationships;
  • Ongoing monitoring (including the monitoring of business relationships),
  • High risk customers;
  • Enhanced due diligence; and
  • Other risk-based processes.

Be clear with the examiner about what can be extracted easily from your IT systems, and in the case that data cannot be extracted easily, be prepared to show the examiner an example (or several). If your system has an “auditor access” feature (generally read only access with search capability), it can be useful to set this up in advance of the onsite visit.

Exit Interview

Congratulations – you’ve made it to the finish line!

At this point, the examiner will sum up the findings (if there are any), and read a standard disclosure statement. For most of us, the disclosure statement is terrifying, as it talks about penalties. This is standard process – do not be alarmed. When the examiner has finished, you may ask if a penalty is being recommended (if you’re a worrier, please do this). Not all FINTRAC examiners will provide guidance at this stage, but it doesn’t hurt to ask.

The examiner will let you know when to expect a formal letter (generally within 30 days of the end of an examination).

After the Examination

You will receive a formal letter that details FINTRAC’s findings, as well as whether or not an Administrative Monetary penalty (AMP) is being recommended. In the case that there is a potential penalty, we recommend taking action as soon as possible). In most cases, FINTRAC does not require MSBs to submit an action plan (but your bank might still require that you do this, and it’s a good idea to keep a record of the actions that you’ve taken to correct any deficiencies).

Need a Hand?

If you are an MSB that needs compliance assistance preparing for an FINTRAC exam, remediating findings, or setting up an AML compliance program, please contact us.

Return to Blog Listing