PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

First AML Compliance Effectiveness Review Timing

As a company that gets to work with a lot of startups, and existing companies entering the Canadian market, we get to help folks understand the regulatory landscape in Canada. One of the required elements of a Canadian compliance program is an AML Compliance Effectiveness Review. These reviews must be completed every two years at a minimum. You can think of it like an audit, but for compliance.

The purpose of an effectiveness review is to determine whether your AML compliance program has gaps or weaknesses that may prevent your business from effectively preventing, detecting and deterring money laundering and terrorist financing. Recently, we have seen an increased focus on Effectiveness Reviews during FINTRAC examinations. Specifically, on whether the review really tested the effectiveness of the compliance program as a whole (not just what you say you’re doing, but also what you’re actually doing). This has led to FINTRAC examiners requesting the working papers for completed effectiveness reviews where the report did not clearly describe how the effectiveness was tested and assessed. This is the main reason Outlier has started providing our working papers with the final report. This also provides a pretty good reference point for making sure you are meeting your regulatory expectations.

First Time for Everything

In previous engagements, Outlier has operated on the theory that the clock for when your first review was due stemmed from the MSB’s FINTRAC registration date. However, we were incorrect. It wasn’t until a recent conversation where the registration date preceded any customer transactions by six months, that really spurred on an official clarification from the regulator. The trigger for the 2-year clock to start ticking is not registration but “a registered MSB is required to create a compliance program once it engages in one or more of the MSB-related activities.” This means that the clock starts ticking after the MSB has conducted their first transaction.

Here is a PDF version of the policy interpretation we received from FINTRAC that you can keep for your records.

Potential Corrections

If we have completed a review for you in the past that has a commencement date prior to your first customer transaction, please feel free to reach out so we can amend your report to the proper date.

Upcoming Effectiveness Reviews

While this article talks about your first review, you must also be sure to initiate all subsequent reviews within 2 years of the start date of your previous review. Please note that this is based on the previous commencement date, not the date of completion or issuance of the final report.

Need a Hand?

If you are looking for an idea of pricing for an upcoming review or have questions about a review that is currently underway, please feel free to contact us.

FINTRAC MSB Registration Expired?!?

FINTRAC Registration

Over the past few months, we have heard from several money services businesses (MSBs) that have experienced issues in renewing their MSB registrations with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). In most cases, these issues are easily resolved. However, if MSB registration issues are not addressed promptly, administrative monetary penalties (AMPs) or criminal charges may ensue.

It is likely that registration-related issues have become more common as FINTRAC is increasingly requesting additional information or clarifications from MSBs as part of the initial registration and registration renewal process. These requests are sent via email to the contact person listed in the MSB registration form.

Check Your MSB registration Status

You can view the status of your MSB registration by searching for your business on the public MSB registry. While this article is about the MSB registration status, anytime you are on this page, it is a useful practice to check to ensure that all of the information is up to date. There are several possible options for the “Registration status of MSB” field:

Registered: this is the status that is displayed for active MSBs. The detailed view will also show the expiry date of the registration.

Ceased: this status is displayed when an MSB has cancelled their registration (e.g. because the business is no longer conducting MSB activity or is only performing MSB activity as the agent of another MSB).

Expired: this status is displayed when an MSB has not submitted an MSB registration renewal on time, has not responded to requests for information from FINTRAC, or has not provided sufficient information to FINTRAC to complete the renewal process.

Revoked: this status indicates that FINTRAC has revoked an MSB’s registration.

If the Expiry Date is Coming Up Soon

If you notice that your MSB’s registration is expiring soon, there are several steps that you should take proactively. First, make sure that you have your login credentials and access FINTRAC’s secure MSB Registration portal. On the left-hand side of the screen, you may see an option to submit your renewal application. If this option is not yet present, it is still a useful practice to select “view completed form” and review the MSB information to ensure that everything is up to date. If there is anything that needs to be updated, you can update the form (information must be updated within 30 days of any changes; do not wait for the renewal date to make updates).

If the renewal can be processed at this time, make sure that you take the time to look at all data fields. Are these fields complete and accurate? Does the information related to the MSB’s beneficial ownership match what will be found in any corporate registries (if not, additional information and/or correction may be required before the registration can be processed). FINTRAC may request additional information by email, and your registration will not be renewed until these queries have been satisfied.

If the Registration is Expired

If you notice that your registration has expired, you should immediately access FINTRAC’s secure MSB Registration portal to renew it. It may be that you have simply missed a deadline, or that you did not notice an error message or request for additional information from FINTRAC. Whatever the cause, you should work to resolve the issue and renew the registration as soon as possible.

If you are not able to renew the registration, contact FINTRAC immediately by emailing guidelines-lignesdirectrices@fintrac-canafe.gc.ca and MSBRegistration@fintrac-canafe.gc.ca immediately with the subject line “URGENT – MSB Renewal Issue – Renewal Date Passed”.

  • In the body of the email, let them know:
  • The company name and MSB number
  • That you have been attempting to renew the MSB registration
  • If you have responded to any requests for additional information, the details of these correspondences (attach copies if possible)
  • Ask what information is needed at this stage to renew the MSB registration

Keep a copy of this and all communications with FINTRAC.

You may also want to consider making a voluntary self-declaration of non-compliance (VSDONC) to FINTRAC. For help with disclosures, check out our previous blog post.

If you receive a “Notice of Violation”

Where an MSB registration is expired, and the MSB continues to perform MSB activities (other than as an agent for another MSB), a penalty may be assessed, and a “Notice of Violation” may be issued. At this stage, a law firm should be engaged (we’re happy to recommend competent firms if this is something that you need). There are specific and relatively short timeframes for all response steps, and this should be treated as urgent.

We’re here to help.

If you are not sure what to do next or need assistance with compliance, please get in touch.

Effectiveness Reviews for Dealers in Virtual Currency

Effective June 1, 2020, dealers in Virtual Currency activities were considered as Money Services Businesses (MSBs) and as such, must comply with MSB obligations under amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). One obligation is to have an AML effectiveness review at least once every two years. MSBs must start their effectiveness review no later than two years from the start of their previous review or in the case of dealers in Virtual Currency, no later than June 1, 2022, the date they were considered to be MSBs under law.

Such reviews must test your compliance program and effectiveness of your operations. Our reviews follow a similar format to examinations conducted by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), which you can read more about in a previous Blog Post.

We’re Here To Help

If you have not yet engaged or commenced your review, there are still a couple of weeks to be compliant. If you would like to engage Outlier to conduct your AML Compliance Effectiveness Review or have questions regarding this obligation, please get in touch.

Amendments To The Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations – 2022

Background

On April 27, 2022 amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations were published in the Canada Gazette. To make reading these changes a little easier, we (thanks Rodney) have created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

The Regulatory Impact Statement for these changes state the following:

Crowdfunding platforms and some payment service providers are not currently covered by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the Act) and therefore have no money laundering and terrorist financing obligations under federal statute. This lack of oversight presents a serious and immediate risk to the security of Canadians and to the Canadian economy. This risk was highlighted in early 2022, when illegal blockades took place across Canada that were financed, in part, through crowdfunding platforms and payment service providers. Allowing these gaps to continue represents a risk to the integrity and stability of the financial sector and the broader economy, as well as a reputational risk for Canada.

Amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations, and consequential amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations, will help prevent the financing of illegal activities through these types of financial services.

What’s Changed?

The changes are substantial and sudden. They will affect many companies that have not been previously under the purview of AML regulation in Canada. These changes are effective immediately and there is no comment period, which is not the norm for such changes.

To help digest these changes, we have summarized what we feel are the most important changes below:

The definition for an electronic funds transfer has been removed and the corresponding section within the body of the regulations was amended. Previous exemptions related to remitting or transmitting from one person or entity to another by Credit or Debit Card, or Prepaid Payment Product if the beneficiary has an agreement with the payment service provider that permits payment for the provision of goods and services, has been revoked for money services businesses, which as we mentioned now includes Payment Service Providers.

The definitions section was amended by adding the following:

  • crowdfunding platform means a website or an application or other software that is used to raise funds or virtual currency through donations. (plateforme de sociofinancement)
  • crowdfunding platform services means the provision and maintenance of a crowdfunding platform for use by other persons or entities to raise funds or virtual currency for themselves or for persons or entities specified by them.

With these changes, crowdfunding platforms and payment service providers will now be subject to existing money services businesses requirements. These obligations include:

  • Registration with FINTRAC;
  • Developing a compliance program;
  • Customer identification and due diligence;
  • Transaction monitoring and customer risk scoring;
  • Reporting certain transactions to regulators and government agencies;
  • Complying with Ministerial Directives; and
  • Keeping records.

Specific to record keeping, crowdfunding platforms that provide services to persons or entities in Canada where a person donates an amount of CAD 1,000 or more in funds or virtual currency will need to:

(a) keep an information record in respect of the person or entity to which they provide those services;

(b) keep a record of the purpose for which the funds or virtual currency are being raised; and

(c) if the person or entity for which the funds or virtual currency are being raised is different from the person or entity referred to in paragraph (a),

      1. keep a record of their name, and
      2. take reasonable measures to obtain their address, the nature of their principal business or their occupation and, in the case of a person, their date of birth, and keep a record of the information obtained.

What Next?

Due to these changes, FINTRAC will need to revise its interpretation of existing requirements to include crowdfunding platforms and payment service providers. There is no set date for when we can expect guidance from FINTRAC. Additionally, various FINTRAC policy interpretations will no longer be able to be relied upon (i.e. policy interpretations related to merchant services as well as payment processing for utility bills, mortgage and rent, payroll, and tuition being exempt from AML obligations). The hope is FINTRAC will issue new policy interpretations, but for now the industry is left with many questions.

We’re Here To Help

If you would like assistance in understanding what these changes mean to your business, or if you need help in creating or updating your compliance program and processes, please get in touch.

Don’t Share STRs or STR Data

Recently the Compliance Officer from a small reporting entity reached out to me to ask an uncomfortable question: should they provide copies of the Suspicious Transaction Reports (STRs) that they had filed with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) to their financial services providers such as a credit union or bank?

This was a difficult situation for the reporting entity’s Compliance Officer because they were afraid of pushing back too much with the financial services provider. Like most non-bank reporting entities, they rely heavily on the services provided by the bank in order to be able to operate their business. Financial service providers, such as banks and credit unions, have the ability to close the accounts of businesses in Canada (often called de-risking), and it can be difficult for some types of reporting entities to establish new banking or payments relationships. The financial services provider in this situation has significantly more power than the reporting entity that is dependent on them.

My gut reaction was that the reporting entity should not disclose the contents of their STR reports, or provide copies. In Canadian legislation, disclosing the fact that an STR was made, or disclosing the contents of such a report, with the intent to “prejudice a criminal investigation” can be punishable as a criminal offence, with penalties of up to 2 years imprisonment (this is also known as “tipping off”). While there did not appear to be any intent to prejudice a criminal investigation in this case, it still seemed like a bad idea. I did a quick check-in with fellow AML geeks on LinkedIn. There are some great comments here, and I had a number of conversations in DMs and by phone. No one seemed to think that the reporting entity should be providing copies of STRs.

The question then became how to best empower the reporting entity to push back effectively. I submitted the following request to FINTRAC and to the Office of the Privacy Commissioner (OPC), both of which have mechanisms to allow Canadians and Canadian companies to ask the regulators to opine on matters free of charge:

One of our clients, a Canadian Money services business (MSB) has been asked by their financial services provider (bank/credit union) to provide copies of the suspicious transaction reports (STRs) and Attempted Suspicious Transaction Reports (ASTRs) that have been filed with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) on an ongoing basis. This struck us as being an overreach in terms of the information that should be disclosed to a service provider, and we are reaching out for an opinion on the appropriateness of these requests.

The financial service provider appears to be of the opinion that this is a reasonable request, and that they may close the MSB’s bank account if the STRs and ASTRs are not provided by the MSB.

I let both FINTRAC and OPC know that I had submitted requests to both. So far, only FINTRAC has responded. Their response is below in full (TL:DR: reporting entities should not share copies of STRs reported to FINTRAC).

Thank you for contacting the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canada’s independent agency responsible for the receipt, analysis, assessment and disclosure of information in order to assist in the detection, prevention and deterrence of money laundering and the financing of terrorist activities in Canada and abroad.

I am writing further to your email of July 16th, 2020, wherein you requested clarification regarding the sharing of suspicious transaction reports (STRs) submitted to FINTRAC.

As you know, section 8 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) states that no person or entity shall disclose that they have made, are making, or will make a report under section 7, or disclose the contents of such a report, with the intent to prejudice a criminal investigation, whether or not a criminal investigation has begun.

The PCMLTFA sets out a regime in which the information contained in financial transaction reports sent to FINTRAC (including STRs) is protected from disclosure except in very limited circumstances. The Act also includes specific provisions aimed at protecting the personal information under FINTRAC’s control. For example, as you may be aware, the PCMLTFA is founded on a prohibition on disclosure (s. 55(1), PCMLTFA). Any disclosure of information or intelligence by FINTRAC must fall under one of the exceptions to this prohibition. Outside of these exceptions, FINTRAC is prohibited from disclosing the contents of financial transaction reports, or even acknowledging their existence.

While reporting entities (REs) are not subject to the same prohibitions, FINTRAC strongly believes that STRs should be regarded as highly sensitive documents, given the role FINTRAC plays in the fight against money laundering (ML) and terrorist activity financing (TF) in Canada, and the fact that STRs are a key source of FINTRAC’s intelligence holdings. From FINTRAC’s perspective, it is not in the public interest for REs to disclose financial transaction reports and the information contained therein. Even beyond this, the collection or disclosure of financial transaction reports, including STRs, without a valid purpose and authority, may infringe on legislated privacy protection obligations. Almost all information within financial transaction reports is personal information about an identifiable individual and is considered financial intelligence by

FINTRAC, collected for the sole purpose of reporting to FINTRAC. The potential harm that could occur from the disclosure of the information in these financial transactions reports is great, and includes compromising: (1) police and national security investigations that are both ongoing or could be undertaken in the future; (2) sources of the information/intelligence within the reports, placing those sources at risk of retaliation; and (3) FINTRAC’s compliance activities, given that data provided by REs is always provided in confidence and that confidence is expected to be maintained by all parties. FINTRAC relies on the information included within STRs to support disclosure of financial intelligence to police and other law enforcement and national security organizations, in the interest of detecting, preventing and deterring ML and TF.

Therefore, while your client (MSB) is not prohibited from sharing the STRs it has submitted to FINTRAC with its service provider (Bank/CU), unless it is with the intent to prejudice a criminal investigation, strong consideration should be given to the above.

If you would like a PDF copy of the complete question and policy position for your due diligence files, or to provide to an external party that is requesting copies of your STRs, or information about their content, you can download it here.

Response from FINTRAC – Re_ Sharing Copies of STRs_ASTRs

A version of this Q&A is also now posted on FINTRAC’s website (PI-10662).

The response from OPC, in contrast, was underwhelming. In essence, they will investigate specific complaints, but they will not issue advanced rulings. That said, if any service provider is insisting that copies of STRs must be shared with them, a complaint to the OPC may be an option.

Response from the Office of the Privacy Commissioner of Canada – INFO-084075

Need a hand?

If you have AML or privacy-related questions, we can help. You can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Regulations for Dealers in Virtual Currency – June 2020

Effective June 1, 2020, entities engaged in Virtual Currency activities are considered as Money Services Businesses (MSBs), and are required to register with FINTRAC and comply with MSB obligations under amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) that were released on July 19, 2019. Those amendments also require, as of June 1, 2021, reporting large virtual currency transactions. The Department of Finance has since made further amendments to those amended regulations, published in the Canada Gazette on June 10, 2020.

To make reading these changes a little easier, we have created a redlined version of the regulations, with the most recent changes showing as tracked changes, which can be found here.

Dealers in Virtual Currency

It’s important to start by understanding what’s being regulated. This is best done by considering some of the definitions that have been added to the regulation.

fiat currency means a currency that is issued by a country and is designated as legal tender in that country. (monnaie fiduciaire)

funds means

(a) cash and other fiat currencies, and securities, negotiable instruments or other financial instruments that indicate a title or right to or interest in them; or

(b) a private key of a cryptographic system that enables a person or entity to have access to a fiat currency other than cash.

For greater certainty, it does not include virtual currency. (fonds)

virtual currency means

(a) a digital representation of value that can be used for payment or investment purposes that is not a fiat currency and that can be readily exchanged for funds or for another virtual currency that can be readily exchanged for funds; or

(b) a private key of a cryptographic system that enables a person or entity to have access to a digital representation f value referred to in paragraph (a). (monnaie virtuelle)

virtual currency exchange transaction means an exchange, at the request of another person or entity, of virtual currency for funds, funds for virtual currency or one virtual currency for another. (opération de change en monnaie virtuelle)

In terms of who will be regulated, businesses (whether or not the business is incorporated) that conduct transactions on behalf of their customers, including:

  • Exchanging digital currencies for fiat currencies; and
  • Exchanging between virtual currencies.

Current Obligations

Client Identification:

Dealers in Virtual Currency must identify individuals and confirm the existence of entities when they:

  • Remit or transmit funds (see definition above) of $1,000 or more at the request of a customer;
  • Conduct a foreign exchange transaction of $3,000 or more;
  • Enter into an ongoing service agreement with a customer (conduct transactions for a customer that is an entity);
  • Conduct a large cash transaction; and
  • Must take reasonable measures to identify individuals who conduct or attempt to conduct a suspicious transaction.

As of June 2021, there will be an additional requirement to identify virtual currency exchange transactions valued at CAD 1,000. This will include exchanging fiat and virtual currency, as well as exchanges between virtual currencies.

Information on acceptable methods to identify clients can be found on FINTRAC’s website. 

Reporting:

For reporting, there are two important dates. By June 1, 2020, dealers in virtual currency will need to report the same types of transactions that MSBs are currently required to report. These are:

  • Electronic Funds Transfers: if you send or receive international electronic funds transfers (EFTs), including wires, valued at CAD 10,000 or more, by or on behalf of the same customer, it must be reported to FINTRAC within 5 working days.
  • Large Cash Transactions: if you receive cash (this means fiat in the form of bills and/or coins) valued at CAD 10,000 or more in the same 24-hour period, by or on behalf of the same customer, it must be reported to FINTRAC within 15 calendar days.
  • Suspicious Transactions: if there are “reasonable grounds to suspect” that a completed attempted transaction is related to money laundering or terrorist financing, it must be reported to FINTRAC “as soon as practicable” of the discovery of a fact that led you to determine that the transaction was suspicious.

FINTRAC defines “as soon as practicable” in its Glossary as follows:

A time period that falls in-between immediately and as soon as possible within which a suspicious transaction report (STR) be submitted to FINTRAC. In this context, the report must be completed promptly, taking into account the facts and circumstances of the situation. While some amount of delay is permitted, it must have a reasonable explanation. The completion and submission of the report should take priority over other tasks.

FINTRAC has released more specific guidance on what “measures” enable reporting entities to have “reasonable grounds to suspect”.

More information on suspicious transaction reporting can be found on FINTRAC’s website.

  • Terrorist Property: if you’re in possession of property (which includes funds and virtual currency) that belong to a terrorist or terrorist group, it must be reported without delay, and the property must be frozen. In addition to reporting to FINTRAC, these reports are also sent to the CSIS and RCMP – by fax. In order to know if customers fall into this category, it is important to screen against the United Nations Security Council consolidated list. We’ve worked with some friends on a tool to make this easier, which you can try here (use the code Free100 for a free trial).

If you are required to report transactions valued at CAD 10,000 or more in a 24-hour period, you must have a mechanism in place to detect reportable transactions which is described in your compliance documentation.

By June 1, 2021, a new report will be introduced:

  • Large Virtual Currency Transactions: if you receive virtual currency valued at CAD 10,000 or more in the same 24-hour period, by or on behalf of the same customer, it must be reported to FINTRAC within 5 working days.

Amendments to the Amendments

The amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) that were published in the Canada Gazette on June 10, 2020 create the following obligations for dealers in Virtual Currency:

Travel Rule

One of the most significant changes that will impact Virtual Currency Dealers as MSBs relates to a new requirement for records to be kept on all virtual currency transfers of CAD 1,000 or more.

The record must contain the following:

  1. include with the transfer, the name, address and, if any, the account number or other reference number of both the person or entity that requested the transfer and the beneficiary; and
  2. take reasonable measures to ensure that any transfer received includes the information referred to in paragraph (a) above.

Where the information required was not obtained, MSBs must have written risk-based policies and procedures for determining if the transaction should be suspended, rejected, or if another follow-up measure should be taken.

PEP

In addition to the existing requirement for MSBs to take reasonable measures to determine whether a client from whom they receive an amount of CAD 100,000 or more is a Politically exposed person (PEP), the amendments will require MSBs to make a PEP determination when they establish a business relationship with a client.

A reminder that a business relationship is defined as:

If a person or entity does not have an account with you, a business relationship is formed once you have conducted two transactions or activities for which you have to:

  • verify the identity of the individual; or
  • confirm the existence of the entity.

MSBs will also periodically need to take reasonable measures to determine whether a person with whom they have a business relationship is a PEP. We will have to await guidance from FINTRAC on this, but our guess is the frequency for determination will align to the frequency for customer information and identification updates.

Given the definition of a business relationship, we do not expect this requirement to be overly burdensome. If you currently conduct list screening, PEP screening could easily be added to that process. You are also able to ask the customer directly, while presenting the definition of a PEP, and record their response.

If a positive determination is made, the following records must be kept:

  1. the office or position, and the organization or institution, in respect of which the person is determined to be a politically exposed foreign person, a politically exposed domestic person or a head of an international organization, or a family member of, or a person who is closely associated with, one of those persons;
  2. the date of the determination
  3. the source, if known, of the person’s wealth;
  4. the risk rating; and
  5. the name of the member of senior management who reviewed the client, and the date the client was approved.

Other Relevant Blog Posts for Dealers in Virtual Currency

What’s happening in the VC community? 

Messaging Standard Overview

In October 2018, the Financial Action Task Force (FATF) adopted changes to its Recommendations to explicitly clarify that they apply to financial activities involving virtual assets (VA), effectively expanding the scope of the Recommendations to apply to virtual asset service providers (VASPs) and other obliged entities that engage in or provide covered VA activities.

“There exists a need for VASPs to adopt uniform approaches and establish common standards to enable them to meet their obligations resulting from the FATF Recommendations as they apply to affected entities”.

The implementation of obligations such as the travel rule for virtual currency transactions, in the majority of cases, would require an accompanying technology. To tackle issues such as this, a cross-industry, cross-sectoral joint working group of technical experts was formed in December 2019 and a new technical standard developed by the group.  The Joint Working Group on interVASP Messaging Standards (JWG) was established  by three leading international industry associations representing VASPs:
Chamber of Digital Commerce
Global Digital Finance
International Digital Asset Exchange Association 

We will have to wait for FINTRAC guidance to see if such a standard is provided as an example.

More information on the working group can be found here.

To download a copy of the standard anonymously, use this link:

DOWNLOAD THE STANDARD

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch!

Amending the Amendments! 2020 AML Changes for MSBs

Background

Back on July 10, 2019, the highly anticipated final version of the amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were published. However, on June 10, 2020, further amendments to those amended regulations were published in the Canada Gazette. To make reading these changes a little easier, we have created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

The purpose of this round of amendments is to better align measures with international standards and level the playing field across reporting entities by applying stronger customer due diligence requirements and beneficial ownership requirements to designated non-financial businesses and professions (DNFBPs). The amendments come into force on June 1, 2021.

We have summarized the changes that will have an impact on Money Services Businesses (MSB)s below.

Travel Rule

One of the most significant changes that will impact MSBs and Foreign Money Services Businesses (FMSB)s relates to a new requirement for records to be kept on all virtual currency transfers of CAD 1,000 or more.

The record must contain the following:

  1. include with the transfer, the name, address and, if any, the account number or other reference number of both the person or entity that requested the transfer and the beneficiary; and
  2. take reasonable measures to ensure that any transfer received includes the information referred to in paragraph (a) above.

Where the information required was not obtained, MSBs and FMSBs must have written risk-based policies and procedures for determining if the transaction should be suspended, rejected or if another follow-up measure should be taken.

PEP

In addition to the existing requirement for MSBs and FMSBs to take reasonable measures to determine whether a client from whom they receive an amount of CAD 100,000 or more is a Politically exposed person (PEP), the amendments will require MSBs and FMSBs to make a PEP determination when they establish a business relationship with a client.

A reminder that a business relationship is defined as:

If a person or entity does not have an account with you, a business relationship is formed once you have conducted two transactions or activities for which you have to:

  • verify the identity of the individual; or
  • confirm the existence of the entity.

MSBs and FMSBs will also periodically need to take reasonable measures to determine whether a person with whom they have a business relationship is a PEP. We will have to await guidance from FINTRAC on this, but our guess is the frequency for determination will align to the frequency for customer information and identification updates.

Given the definition of a business relationship, we do not expect this requirement to be overly burdensome. If you currently conduct list screening, PEP screening could easily be added to that process. You are also able to ask the customer directly, while presenting the definition of a PEP, and record their response.

If a positive determination is made, the following records must be kept:

  1. the office or position, and the organization or institution, in respect of which the person is determined to be a politically exposed foreign person, a politically exposed domestic person or a head of an international organization, or a family member of, or a person who is closely associated with, one of those persons;
  2. the date of the determination; and
  3. the source, if known, of the person’s wealth.

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch!

Are You a Foreign Money Services Business?

Background

On July 10, 2019 amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were released in the Canada Gazette. The amendments require entities that conduct MSB activities from outside of Canada, directed towards Canadians, to be considered Foreign Money Services Businesses (FMSBs) and therefore comply with Canadian AML obligations.  Foreign MSBs must register with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) and become compliant by June 1, 2020. Check out our blog post to see what your full requirements are.

What Is A Money Services Business?

You are considered an MSB in Canada if your business offers any of the following services:

  • Foreign exchange dealing;
  • Remitting or transmitting funds;
  • Issuing or redeeming money orders, traveller’s cheques and other negotiable instruments; or
  • Dealing in virtual currencies.

What Is A Foreign Money Services Business?

You are considered an FMSB if all of the following criteria applies to your business:

  • The person or entity is engaged in the business of providing at least one money services business (MSB) service;
  • The person or entity does not have a place of business in Canada;
  • The person or entity directs its MSB services at persons or entities in Canada; and
  • They provide these services to clients in Canada. 

For further clarity, you must direct services at persons or entities located in Canada. FINTRAC clarifies that directing services means that the services offered takes into consideration a Canadian audience. For example, if marketing or advertising materials are used with the intent to promote services and to acquire business from persons or entities in Canada. Where a business advertises online, but may not specifically exclude Canadian IP addresses, this fact on its own would not constitute directing services at persons or entities in Canada.

A business would be seen as directing services at persons or entities in Canada if at least one of the following applies:

  • The business’s marketing or advertising is directed at persons or entities located in Canada; 
  • The business operates a “.ca” domain name; or
  • The business is listed in a Canadian business directory.

Note that additional criteria may be considered when determining whether you are directing services at persons or entities in Canada. Examples of the additional criteria that may be considered is outlined in FINTRAC’s FMSB Annex 1.

We’re Here To Help

If you are, or think you may be, a foreign MSB and have any questions related to your compliance obligations in Canada, please get in touch!

Dealers In Virtual Currencies Can Pre-Register With FINTRAC

Last week, the Canadian Federal anti–money laundering agency, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), announced that money services businesses (MSBs) dealing in virtual currencies will be allowed to voluntarily register in advance of becoming reporting entities. All dealers in virtual currency (also referred to as cryptocurrency) are expected to register with FINTRAC by June 1, 2020.

The process of registration is relatively straightforward, beginning with a pre-registration form. In order to complete pre-registration, you simply need to provide full business and contact information. There is no cost to register an MSB with FINTRAC, although we’ve heard of several scams claiming that there is a fee. We also suggest that before you hire someone to assist, you try to complete the form on your own. 

To read more on the full registration details and all obligations that will apply to dealers in virtual currency beginning June 1, 2020, check out our blog 2019 AML Regulation Highlights for Dealers in Virtual Currency.

We’re Here To Help

Whether you need to figure out if you’re a dealer in virtual currency, put a compliance program in place, or evaluate your existing compliance program, we can help. You can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

2019 AML Changes for MSBs

Background

On July 10th, 2019, the highly anticipated final amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were published. This article is intended to give a high-level summary of the amendments as specific to MSBs. If you’re the type that likes to read original legislative text, you can find it here. We also created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

It is expected that all regulated entities will have to significantly revamp their AML compliance program due to the amount of changes. There are three different “coming into force” dates that should be noted.

  • June 25, 2019: a wording change from “original” to “authentic” related to identification. This is welcomed news for digital identification.
  • June 1, 2020: changes related dealers in virtual currency (which do not apply to MSBs).
  • June 1, 2021: all other regulatory amendments.

While this does give regulated entities some time to get their AML compliance programs updated and in order, we recommend that you start budgeting and planning now.

Guidance from FINTRAC, related to the changes in regulation, is expected to be seen ahead of coming into force dates. Given the legislative changes, there will be changes to FINTRAC policy interpretations as well so be sure to monitor closely and save any interpretations that you may have used for due diligence purposes.

Hefty Disclaimer

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Foreign MSBs

In the past, foreign MSBs only had to comply with Canadian AML requirements if they had a “real and substantial connection” to Canada. A “real and substantial connection” was defined in FINTRAC policy interpretations as having one or more of the following statements be true:

  • Is the business incorporated in Canada;
  • Does the business have agents in Canada;
  • Does the business have physical locations in Canada; and/ or
  • Does the business maintain a bank account or a server in Canada.

The final amendments create obligations for foreign businesses that direct and provide certain services to people located in Canada, via the Internet. If you are a foreign MSB, check out our blog on full requirements as they relate to a foreign MSB with dealings in Canada.

What Does This Mean For My Business?

Changes to Canada’s AML regulations will have a direct impact on MSB AML obligations, including the following:

  • Customer identification;
  • Reporting; and
  • Compliance Program requirements.

While there are quite a number of changes, only some will have more of an impact on MSBs. We’ve summarized the changes that will impact MSBs below.

Customer Identification

Currently, there is a requirement that when customers are identified, the document and/or data that you collect must be in its “original” format. This has been interpreted to mean that if the customer receives a utility bill in the mail, they must send you the original paper (not scanned or copied) document. The final regulations replace the word “original” with “authentic”, and state that a document used for verification of identity must be “authentic”, valid and current. This would allow for scanned copies of documentation, and/or for software that can authenticate a person’s identification documents.

Other changes to the identity verification requirements are as follows:

  • A customer’s identity must be verified if they are the beneficiary of an international EFT of CAD 1,000 or more;
  • For credit file verification (single source) the credit file information must now be derived from more than one source; and
  • For the dual source method, when relying on a credit report as part of a dual source, the credit file must have been in existence for at least six months. Additionally, the person or entity that is verifying the information cannot be a source.

In addition, there are provisions that allow reporting entities to rely on the identification conducted previously by other reporting entities. If this method is used to identify a customer, the reporting entity must immediately obtain the identification information from the other reporting entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification as soon as feasible.

FINTRAC Reporting

Reporting EFTs of CAD 10,000 or More

If you conduct international remittance transactions at the request of your customers, the requirement to report transactions of CAD 10,000 or more will now be your responsibility, not your financial services provider.

The final amendments removes the language commonly known as the “first in, last out” rule. This means that the first person/entity to ‘touch’ the funds for a transaction incoming to Canada, or the last person/entity to ‘touch’ the funds for a transaction outgoing from Canada, had the reporting obligation (as long as the prescribed information was provided to them). The update will change the reporting obligation to whoever maintains the customer relationship. So, if you initiate a transaction at your customer’s request (outgoing transaction), or provide final receipt of payment to your customer (incoming transaction), it will be your obligation to report that transaction to FINTRAC.

Virtual Currency Reporting

If you conduct transactions involving virtual currencies such as bitcoin, you will be required to report the receipt, or the sending, of amounts of CAD 10,000 or more in a virtual currency transaction to FINTRAC. These are basically the same as Large Cash Transaction reporting obligations, including making a determination of whether the person is acting on behalf of a third-party. There will also be the requirement for reporting entities to maintain a Large Virtual Currency Transaction record.

For more information on the full scope of updates specific to virtual currency, please check out our full article here.

The 24-Hour Rule

The final regulations clarify that multiple transactions performed by, or on behalf of, the same customer or entity, or are for the same beneficiary, within a 24-hour period, are to be considered as a single transaction for reporting purposes when they total CAD 10,000 or more. This would mean that only one report would need to be submitted to capture all transactions that aggregate to CAD 10,000 or more. If you use software to automatically detect these types of transactions, you should begin discussions with your IT department or software provider to determine the time and resources that will be required to update the detection process.

For example, currently, a Large Cash Transaction Report must be submitted either for single transactions of CAD 10,000 (or more), or for multiple transactions of less than CAD 10,000 each that add up to CAD 10,000 or more in a 24-hour period. This can result in situations where two reports are filed for transactions taking place in a 24-hour period.

Cash deposit of CAD 12,000 – LCTR #1 for CAD 12,000

Cash deposits of CAD 5,000 and CAD 6,000 – LCTR #2 for CAD 11,000

Using the same example, under the new rules we would have:

Cash deposits of CAD 12,000, CAD 5,000 and CAD 6,000 – Single LCTR for CAD 23,000

We can expect to see guidance from FINTRAC ahead of the enforce date. If you have questions prior to this,  it is possible to write to FINTRAC to request a policy interpretation.

Suspicious Transaction Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction, or attempted transaction, is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. The revised regulations amended this to “’as soon as reasonably practicable’ after measures have been completed to establish that there are reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing”.

This would require reports to be submitted to FINTRAC shortly after a reporting entity conducts an analysis that established reasonable grounds for suspicion. It will be important to have detailed processes for unusual transaction investigations. It will be interesting to see how FINTRAC looks at this obligation during examinations.

Terrorist Property Reporting

A very small change (or clarification), related to Terrorist Property Reports, has been made in the final regulations. The timing requirement for filing has changed from “without delay” to “immediately”. This means regulated entities need to report that they are in possession of terrorist property as soon as they become aware.

Information Included in Reports to FINTRAC

Certain information is required in reports to FINTRAC. The final regulations introduce changes to reporting schedules, requiring more detailed information to be filed with FINTRAC then previously was required. Even where information is marked as being optional, if a reporting entity has the information, it becomes mandatory to include it. Some of the additional data fields are:

  • every reference number that is connected to the transaction;
  • type of device used by person who makes request online;
  • number that identifies device;
  • internet protocol address (IP address) used by device;
  • person’s or entity’s user name; and
  • date and time of person’s online session in which request is made.

These fields may require significantly more data to be included in reports, especially for transactions that are conducted online. Such changes may mean working with your IT folks to ensure you are retaining the needed data in a format that will be easy to extract.

For full details on what has changed for FINTRAC report fields, we have created unofficial redline which can be found here.

Ongoing Compliance Training

The amended regulations have introduced a requirement to document a plan for ongoing compliance training. This differs from the current requirement to develop and maintain a written training program.

In practice, this means that in addition to documenting all of the training that has already been completed, you will need to clearly document future training plans.

Risk Assessment Obligations

With the last round of AML changes, we saw the addition of “New Technologies and Developments” as a newly added category to the Risk-Based Approach requirements. This round of changes makes the next logical progression, which is the obligation to assess the money laundering and terrorist financing risk of any product, delivery channel or new technology before implementation. Meaning, if you are looking to take your business online and are going to use this fancy, new ID software, you had better take careful inventory and document where your risks are, and be sure the appropriate controls have been put in place, before going live but many MSBs have already implemented this best practice.

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch using our online form on our website, by emailing info@outliercanada.com or by calling us toll-free at 1-844-919-1623.

Return to Blog Listing