PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Real Estate Sector – Identifying Individuals

We often hear friends and clients in the real estate sector say they are frustrated that there are not many ways to identify a customer other than meeting them face-to-face. Real estate developers, brokers and sales representatives have an obligation to ascertain a customer’s identity which requires them to refer to specific information and/or documentation to verify a customer’s identity.  However, this does not mean that identification must take place face-to-face. Below is a summary of all the different methods outlined in FINTRAC Guidance that are currently available to identify customers that are individuals and what’s coming.[1]

This article should not be considered advice (legal or otherwise). Throughout this article we refer to a purchaser of real estate as a customer, but you may refer to them as clients depending on your internal procedures. Also, your internal procedures may dictate what methods are acceptable in identifying a customer. If you are unsure, consult with your Compliance Officer where there is any doubt on what is acceptable within your organization.

Face-to-Face Identification for Individuals

When meeting customers face-to-face you may ask for a piece of identification that is:

  • Issued by a provincial, territorial or federal government in Canada or an equivalent foreign government (a foreign Passport would be acceptable for example);
  • Valid, not expired (if there is not expiry date this must be stated in the customer identification record);
  • Bears a unique identifier number (such as a driver’s license number);
  • Bears the name of the individual being identified;
  • Is an original (not a copy, photo, scan, video call, etc.); and
  • Bears a photo of the individual being identified.

Information that must also be collected and recorded includes things such as the customer’s full name (no initials, short forms or abbreviations), their occupation, date of birth, etc. The needed information is included in various fields on industry customer identification forms that are used so it is crucial they are complete and accurate.

Single Process Method

Under the single process method, a customer’s identify can be confirmed by completing  a credit header match on their Canadian credit file, provided it has been in existence for at least three years and has at least two trade lines.  This means there is not a ‘hard hit’, impacting the customer’s credit score. This must be completed at the time of confirming a customer’s identity and cannot take place earlier or later.  To be acceptable, the credit file details must match the exact name, date of birth and address provided by the customer. When using this method to confirm a customer’s identity a record of the following information must be retained:

  • The customer’s name;
  • The name of the Canadian credit bureau holding the credit file;
  • The reference number of the credit file; and
  • The date the credit file was consulted.

Dual Process Method

Where the single process method provides information that does not match what the customer has provided and/or the credit file does not meet the requisite requirements, the dual process method can be used to identify that customer.  This involves referring to information from reliable and independent sources and must be original, valid and the most recent.  In order to qualify as reliable, the sources should be well-known and reputable. Reliable and independent sources can be the federal, provincial, territorial and municipal levels of government, crown corporations, financial entities or utility providers. It is important to note that independent means neither of the sources can be the same, nor can they be you or your business.

Documentation being used must be in its original form.  This makes electronic documents the preference because the customer can send the originals via email, while retaining a copy for themselves. You cannot accept documents that have been photocopied, scanned or faxed.

Under the dual process method, you can refer to any two of the following options:

  • Documents or information from a reliable source that contain the customer’s name and date of birth;
  • Documents or information from a reliable source that contain the customer’s name and address; or
  • Documents or information that contain the customer’s name and confirms that they have a deposit, credit card or other loan account with a financial entity.

The table below provides some examples of the sources and documents that can be referred to when confirming a customer’s identification.  In order to meet the standards of the dual process method, two documents must be obtained but each document cannot be in the same column.

 

Documents or information to verify name and address

 

 

Column A

 Documents or information to verify name and date of birth

 

 

Column B

 Documents or information to verify name and confirm a financial account

 

Column C

 
Issued by a Canadian government body:

Any card or statement issued by a Canadian government body (federal, provincial, territorial or municipal):

·      Canada Pension Plan (CPP) statement;

·      Property tax assessment issued by a municipality; or

·      Provincially-issued vehicle registration.

·      Federal, provincial, territorial, and municipal levels.

CRA documents:

·      Notice of assessment;

·      Requirement to pay notice;

·      Installment reminder / receipt;

·      GST refund letter; or

·      Benefits statement.

 Issued by a Canadian government body:

Any card or statement issued by a Canadian government body (federal, provincial, territorial or municipal):

·      Canada Pension Plan (CPP) statement of contributions;

 

 

Issued by other Canadian sources:

·      Referring to a customer/customer’s Canadian credit file that has been in existence for at least 6 months; or

Insurance documents (home, auto, life);

 Confirm that your customer/customer has a deposit account, credit card or loan account by means of:

·      Credit card statement;

·      Bank statement;

·      Loan account statement (for example: mortgage);

·      Cheque that has been processed by a financial institution;

·      Telephone call, email or letter from the financial entity holding the deposit account, credit card or loan account; or

·      Identification product from a Canadian credit bureau (containing two trade lines in existence for at least 6 months);
Issued by other Canadian sources:

·      Referring to the customer/customer ‘s Canadian credit file that has been in existence for at least 6 months;

·      Utility bill (for example, electricity, water, telecommunications);

·      T4 statement;

·      Record of Employment;

·      Investment account statements (for example, RRSP, GIC); or

·      Identification product from a Canadian credit bureau (containing two trade lines in existence for at least 6 months).

 

Where the dual process method is used to confirm the identity of a customer, a record of certain information must be maintained. Specifically:

  • The customer’s name;
  • The name of the two different sources that were used to identify the customer;
  • The type of information (for example, utility statement, bank statement, etc.) that was referred to;
  • The account number associated with the information for each source (if there is account number, you must record a reference number); and
  • The date the information was verified.

Third Parties (Agent or Mandatary)

If you are unable to use any of the methods above (say in the case of a foreign buyer that you cannot meet with face-to-face), you can ask someone in their area to identify them on your behalf.  There must be a written agreement or arrangement in place before using this method and procedures must be in place on how the third party will identify a buyer.

 

What’s To Come?

On June 9th, 2018, draft amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations (there are five separate regulations that we’re going to collectively call regulations here for simplicity’s sake) were published. The draft amendments include some positive changes in respect to requirements related to identity verification.

With regards to the identification document used to identify a customer, the draft amendments replace the word “original” with “authentic” and state that a document used for verification of identity must be “authentic, valid and current.” This may[2] allow for scanned copies of documentation and/or for software that can authenticate identification documents to be used for the dual process method.

Under the draft amendments, regarding the single process method, information in a credit report must be derived from more than one source (this means there must be more than one trade line).

Under the draft amendments, real estate developers, brokers and sales representatives would be allowed to rely on identity verification undertaken by other regulated entities. This method requires a written agreement and a requirement to deliver the identity documentation within three days.

 

We’re Here To Help

If you have questions regarding the identification requirements in place currently or the requirements that are in draft form please contact us.

 

[1] Note that methods used to identify customers that are organizations are different from the ones discussed in this article.

[2] There is no certainty in this regard until a final version is published and FINTRAC has provided their guidance on the matter.

Sanctions This Week: July 25th – 29th, 2016

 

OSFISanctions Pic

There were no updates released from OSFI this week.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released four updates last week.  One update was related to the publication of Cuba-related Frequently Asked Questions (FAQ), covering some of the recent changes made to the sanctions that had previously been placed on Cuba.  Other updates included the removal of 12 individuals from the Counter Terrorism Designations List, the issuance of a Finding of Violation and the publication of Iran General License J.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

The update to the Cuba-related FAQs was for the issuance of a new FAQ (#38) and a revision of an existing FAQ (#39), relating to certain information collection and recordkeeping requirements for persons subject to U.S. jurisdiction who provide authorized carrier or travel services to or from Cuba for specifically licensed travelers.

The update to the Counter Terrorism Designations List included the removal of 12 individuals of Libyan origin who are currently residing in the UK.

The Finding of Violation was issued to Compass Bank, which uses the trade name BBVA Compass, for violations of the Foreign Narcotics Kingpin Sanctions Regulations. From June 12, 2013 to June 3, 2014, Compass maintained accounts on behalf of two individuals on OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”).

The final update of the week was related to OFAC issuing “General License J”, authorizing the re-exportation of certain civil aircraft to Iran on temporary sojourn and related transactions.

See the Cuba-related FAQ update on OFAC’s website.

See the Counter Terrorism Designations List update on OFAC’s website.

See the issuance of a Finding of Violation to Compass Bank on OFAC’s website.

See the Iran General License J details on OFAC’s website.

See OFAC’s recent actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Sanctions This Week: July 18th – 22nd, 2016

OSFIOutlier3_032

On July 18th and 22nd, 2016, the Office of the Superintendent of Financial Institutions (OSFI) released the United Nations Security Council’s (UNSC’s) Al’Qaida and Taliban regulations updates to the sanctions list, deleting one individual and amending another.

The individuals are subject to the assets freeze, travel ban and arms embargo set out in paragraph 2 of Security Council resolution 2253 (2015) adopted under Chapter VII of the Charter of the United Nations.

The review of the individual who was deleted from the list was triggered by regularly scheduled updates.  However, no additional information was available regarding the justification.

The amendment of one individual’s information included the following:

  • A physical description;
  • The confirmation of the most recent position held within the Taliban, as of April 2015; and
  • That they are currently involved in drug trafficking and operate a heroin laboratory in Afghanistan.

See the July 18th update on the United Nations (UN) website.

See the July 22nd update on the United Nations (UN) website.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released three updates last week.  One update was related to the addition of three individuals to the Counter Terrorism Designations list.  The second update was related to the addition of multiple individuals and entities to the Syria and Non-proliferation Designations lists.  The final update last week was to the Kingpin Act and Panama-related Frequently Asked Questions (FAQs) regarding General Licenses.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

The changes to the Counter Terrorism Designations list included three individuals of different nationalities, Saudi Arabia, Egypt and Algeria, though all have been linked to Al Qa’ida.

The update to the Syria Sanctions list included eight individuals, all of whom are Syrian.  The seven entities, which range from construction, to finance to manufacturing industries and vary in location, which include:

  • Syria;
  • Saint Kitts and Nevis;
  • Cyprus;
  • UAE; and

The update to the Kingpin Act and Panama-related FAQs are specific General License 5B and 6B

See the Counter Terrorism Designations list update on OFAC’s website.

See the Syrian and Non-proliferation Designations lists update on OFAC’s website.

See the Kingpin Act and Panama-related General License FAQs update on OFAC’s website.

See OFAC’s recent actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Sanctions This Week: July 11th – 15th, 2016

OSFIOutlier3_036

There were no updates released from OSFI this week.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released one update last week.  The update was related to the addition of two Russian individuals who were added to the Counter Terrorism Designations list.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

No other information was available on the individuals who were added.

See the Counter Terrorism Designations list update on OFAC’s website.

See OFAC’s Recent Actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Sanctions This Week: July 4th – 8th, 2016

OSFISanctions Pic

On July 5th, 2016, the Office of the Superintendent of Financial Institutions (OSFI) released the United Nations Security Council’s (UNSC’s) Al’Qaida and Taliban regulations update to the sanctions list, removing one individual.

Individuals who are included in the list are subject to the assets freeze, travel ban and arms embargo set out in paragraph 2 of Security Council resolution 2253 (2015) adopted under Chapter VII of the Charter of the United Nations. The individual delisted was decided following a review, initiated by a request that was submitted to the Ombudsperson.  The individual is a German national and has been imprisoned in Germany since 2007.

See the update on the United Nations (UN) website.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released three updates last week.  The first update, released on July 5th, 2016 was related to the settlement of a potential civil liability for apparent violations of the Iranian and Sudanese transactions and sanctions regulations.  The second update was related to the addition of multiple North Korean individuals and entities to the North Korean Designations List.  The final update was further clarification to the new Cuba-related Frequently Asked Questions (FAQ).

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

The settlement on July 5th for apparent violations of the Iranian and Sudanese sanctions was levied against Alcon Laboratories, Inc., Alcon Pharmaceuticals Ltd., and Alcon Management SA.  In the course of the investigations, Alcon produced documents and information where it appeared that from August 2008 to December 2011, Alcon violated Iranian sanctions on 452 occasions and Sudanese sanctions on 61 occasions.  Alcon engaged in the sale and exportation of medical end-use surgical and pharmaceutical products from the United States to distributors located in Iran and Sudan without OFAC authorization. OFAC determined that Alcon did not make a voluntary self-disclosure and that the apparent violations were not egregious. The statutory maximum civil monetary penalty amount for the Apparent Violations was $138,982,584 USD and the base penalty amount was $16,927,000 USD.  Ultimately, Alcon paid $1,317,150 USD.

The North Korean sanctions list update included numerous individuals and entities, some of whom are high-ranking officials with titles such as:

  • Director of the Fifth Bureau of the Reconnaissance;
  • Director of the Workers’ Party of Korea Propaganda and Agitation Department; and
  • Minister of People’s Security.

The update to the Cuba-related FAQs were specific to the issuance of two new questions added, #43 and #50, regarding the use of the U.S. dollar in certain transactions.

See the Enforcement Action update on OFAC’s website.

See the North Korea Designations List update on OFAC’s website.

See the Cuba-related FAQ update on OFAC’s website.

See OFAC’s Recent Actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Sanctions This Week: June 20th – 26th, 2016

 

OSFIOutlier3_032

On June 20th, 2016, the Office of the Superintendent of Financial Institutions (OSFI) released the United Nations Security Council’s (UNSC’s) Al-Qaida and Taliban Regulations (UNAQTR) update to the sanctions list, removing one individual.

The assets freeze, travel ban and arms embargo, set out in paragraph 2 of Security Council resolution 2253 (2015), no longer apply to the individual.  The review pursuant to Security Council resolution 1822 (2008) was concluded on July 30th, 2009, which is almost seven years ago.  For further information about the process for removing individuals and entities from the UNAQTR List, pursuant to a decision by the UN Security Council Committee, may be found in the “Press Releases” section on the Committee’s website.

Go to OSFI’s release of the UNAQTR update on the OSFI page.

Go to the United Nations Security Council Committee’s page on “Delisting”.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released two updates last week.  One update involved the agreement to to settle potential civil liability for apparent violations of the Iranian Transactions and Sanctions Regulations.  The second update was the addition of a single individual to the Democratic Republic of the Congo Designations list.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

The OFAC penalty settlement amount for violations of the Iranian Transactions and Sanctions Regulations was $107,691.30 USD.  The stated violations are as follows:

  • On or about April 15, 2011, the company appeared to have violated the Regulations when it exported 3,600 medical products to its United Arab Emirates distributor with knowledge, or reason to know, that the goods were ultimately destined for Iran; and
  • Additionally, on or about May 27, 2011, the company exported an additional 400 units of the same product to its United Arab Emirates distributor with knowledge, or reason to know, that the goods were ultimately destined for Iran.

OFAC determined that the company voluntarily self-disclosed the apparent violations, and that the company constitutes a non-egregious case. The statutory maximum civil monetary penalty amount for the apparent violations was $1,129,912 USD and the base civil monetary penalty was $159,542.  The settlement amount reflects OFAC’s consideration of the following factors:

  • The company acted willfully by exporting products to its foreign distributor with knowledge, or reason to know, that the exports were ultimately destined for Iran in apparent violation of U.S. law, editing its destination control statement at the request of its distributor, and continuing to conduct business with its distributor after receiving confirmation that the distributor had re-exported the products to Iran;
  • The company’s former CEO and former International Sales Manager knew that the exports were ultimately destined for Iran; and
  • The company did not have a sanctions compliance program in place at the time of the apparent violations.

The company took remedial steps, including the implementation of an OFAC compliance program; and cooperated with OFAC’s investigation and agreed to toll the statute of limitations for a total of 513 days.

See the Enforcement Action Report on OFAC’s website.

See the Democratic Republic of the Congo updates on OFAC’s website.

See OFAC’s recent actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

AML Regulation Updates & Digital Currency

Amber AML Program_2On July 4th, 2015, draft amendments to Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations were published in the Canada Gazette. These updates are intended to, among other things, strengthen Canada’s anti-money laundering (AML) regime and address certain technical issues. The draft does expand the definition of a money services business (MSB) to include “dealers in digital currency,” but digital currency businesses may still consider submitting comments related to the draft, as the consultation period of 60 days is open to the public.

This round of amendments didn’t include ‘dealers in digital currency’ – so why should you comment?

While dealers in digital currency are not yet regulated as MSBs, it is reasonable to expect that this is the direction Canada is taking based on Bill C-31, which was passed last year. This means that the regulations could apply to digital currency businesses in the near future. The 60-day comment period is likely to be the only public comment period before a final version of the amended regulations is published.

One of the most significant changes in the current draft relates to customer identification. The current customer identification methods for non-face-to-face customers (which apply to all online MSB customers) are complicated and heavily reliant on an individual having at least six months of Canadian credit history (you can learn more here). The proposed amendments have the potential to broaden the range of available sources to include sources other than credit reporting bureaus.

Digital currency businesses should consider commenting on these amendments. While we at Outlier consider the changes to be positive overall, we’re aware that there are many identification solutions on the market (many of which don’t meet the current Canadian identification requirements). This has caused more than a few headaches for businesses that operate online. While the proposed changes may alleviate some of the current pain points, businesses should consider how these fit with your business model and service providers.

Customer Identification Measures

In the text below, the text that is struck through includes proposed deletions, while the green text includes proposed additions. You can also see a full marked-up version of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations here.

MEASURES FOR ASCERTAINING IDENTITY

  1. (1) In the cases referred to in sections 53, 53.1, 54, paragraph 54.1(a) and sections 55, 56, 57, 59, 59.1, 59.2, 59.3, 59.4, 59.5, 60 and 61, a person’s the identity of a person shall is to be ascertained, at the time referred to in subsection (2) and in accordance with subsection (3), in the following manner:

(a) By referring to the person’s birth certificate, driver’s licence, provincial health insurance card (if such use of the card is not prohibited by the applicable provincial law), passport or other similar document; or

(a) By referring to identification document that contains their name and photograph and that is issued by the federal government or a provincial government or by a foreign government other than a municipal government, and by verifying that the name and photograph are those of the person;

(b) if the person is not physically present when the account is opened, the credit card application is submitted, the trust is established, the client information record is created or the transaction is conducted,

(i) by obtaining the person’s name, address and date of birth and

(A) confirming that one of the following entities has identified the person in accordance with paragraph (a), namely,

(I) an entity, referred to in any of paragraphs 5(a) to (g) of the Act, that is affiliated with the entity ascertaining the identity of the person,

(II) an entity that carries on activities outside Canada similar to the activities of a person or entity referred to in any of paragraphs 5(a) to (g) of the Act and that is affiliated with the entity ascertaining the identity of the person, or

(III) an entity that is subject to the Act and is a member of the same association as the entity ascertaining the identity of the person, and

(B) verifying that the name, address and date of birth in the record kept by that affiliated entity or that entity that is a member of the same association corresponds to the information provided in accordance with these Regulations by the person, or

(ii) subject to subsection (1.3), by using one of the following combinations of the identification methods set out in Part A of Schedule 7, namely,

(A) methods 1 and 3,

(B) methods 1 and 4,

(C) methods 1 and 5,

 (D) methods 2 and 3,

(E) methods 2 and 4,

 (F) methods 2 and 5,

(G) methods 3 and 4, or

(H) methods 3 and 5.

 (b) by referring to information concerning them that is received by the     person or entity that is ascertaining their identity on request from a federal or provincial government body — or a body that is acting as the agent or mandatary of such a body — that is authorized in Canada to ascertain the identity of persons, and by verifying that either the name and address or the name and date of birth contained in the information are those of the person;

(c) by referring to information that is contained in the person’s credit file — if that file is located in Canada and has been in existence for at least      three years — and by verifying that the name, address and date of birth   contained in the credit file are those of the person;

(d) by doing any two of the following:

(i) referring to information from a reliable source that contains their name and address, and verifying that the name and address are those of the person,

(ii) referring to information from a reliable source that contains their name and date of birth, and verifying that the name and date of birth are those of the person, or

(iii) referring to information that contains their name and confirms that they have a deposit account or a credit card or other loan account with a financial entity, and verifying that information; or

(e) by confirming that one of the following entities previously ascertained their identity in accordance with any of paragraphs (a) to (d), and by verifying that the name, address and date of birth contained in the entity’s record are those of the person:

(i) an entity that is referred to in any of paragraphs 5(a) to (g) of the Act and that is affiliated with the entity that is ascertaining the person’s identity, 

(ii) an entity that carries on activities outside Canada similar to the activities of a person or entity referred to in any of paragraphs 5(a) to (g) of the Act and that is affiliated with the entity that is ascertaining the person’s identity, or

(iii) a financial entity that is subject to the Act and that is a member of the same financial services cooperative or credit union central as the entity that is ascertaining the person’s identity.

(1.1) In the case referred to in paragraph 54.1(a), the identity of a person shall be ascertained by a person or entity, at the time referred to in subsection (2) and in accordance with subsection (3),

(a) by referring to the person’s birth certificate, driver’s licence, provincial health insurance card (if such use of the card is not prohibited by the applicable provincial law), passport or other similar document; or

(b) where the person is not physically present when the credit card application is submitted,

(i) by obtaining the person’s name, address and date of birth and

(A) confirming that one of the following entities has identified the person in accordance with paragraph (a), namely,

(I) an entity, referred to in any of paragraphs 5(a) to (g) of the Act, that is affiliated with the entity ascertaining the identity of the person,

(II) an entity that carries on activities outside Canada similar to the activities of a person or entity referred to in any of paragraphs 5(a) to(g) of the Act and that is affiliated with the entity ascertaining the identity of the person, or

(III) an entity that is subject to the Act and is a member of the same association as the entity ascertaining the identity of the person, and

(B) verifying that the name, address and date of birth in the record kept by that affiliated entity or that entity that is a member of the same association corresponds to the information provided in accordance with these Regulations by the person,

(ii) subject to subsection (1.3), by using a combination of any two identification methods referred to in either Part A or Part B of Schedule 7, or

(iii) subject to subsection (1.3), where the person has no credit history in Canada and the credit limit on the card is not more than $1,500, by using combination of any two identification methods referred to in any of Parts A, B and C of Schedule 7.

(1.1) For the purposes of subparagraphs (1)(d)(i) to (iii), the information that is referred to must be from different sources, and the person whose identity is being ascertained and the person or entity that is ascertaining their identity cannot be a source.

(1.2) for the purposes of paragraphs (1)(b)(i) and (1.1)(b)(i), an entity is affiliated with another entity if one of them is wholly owned by the other or both are wholly owned by the same entity.

(1.2) The person or entity that is ascertaining the identity of a person who is at least 12 years of age but not more than 15 years of age may refer under subparagraph (1)(d)(i) to information that contains the name and address of one of the person’s parents or their guardian or tutor in order to verify that the address is that of the person.

(1.21) For the purposes of subparagraphs (1)(b)(i) and (1.1)(b)(i),

(a) a financial services cooperative and each of its members that is a financial entity are considered to be members of the same association; and

(b) a credit union central and each of its members that is a financial entity are considered to be members of the same association.

(1.3) A combination of methods referred to in sub-paragraph (1)(b)(ii) or (1.1)(b)(ii) or (iii) shall not be relied on by a person or entity to ascertain the identity of a person unless

(a) the information obtained in respect of that person from each of the two applicable identification methods is determined by the person or entity to be consistent; and

(b) the information referred to in paragraph (a) is determined by the person or entity to be consistent with the information in respect of that person, if any, that is contained in a record kept by the person or entity under these Regulations.

(1.3) If a document is used to ascertain identity under subsection (1), it must be original, valid and current. Other information that is used for that purpose must be valid and current and must not include an electronic image of a document.

(2) The identity shall be ascertained

(a) in the cases referred to in paragraph 54(1)(a) and subsection 57(1), and paragraph 60(a), before any transaction other than an initial deposit is carried out on an account;

(b) in the cases referred to in section 53, paragraph 54(1)(b), subsection 59(1) and paragraphs 59.3(a), 59.4(1)(a), 59.5(a), 60(b) and 61(b), at the time of the transaction;

(b.1) in the case referred to in section 53.1, before the transaction is reported as required under section 7 of the Act;

(b.2) in the case referred to in paragraph 54.1 (a), before any credit card is activated;

(c) in the cases referred to in paragraphs 55(a), (d) and (e), within 15 days after the trust company becomes the trustee;

(d) in the cases referred to in subsection 56(1) and paragraph 61(a), within 30 days after the client information record is created;

(e) in the cases referred to in paragraphs 59.1(a) and 59.2(1)(a), at the time of the transaction; and

(e.1) in the case referred to in paragraph 60(a), before any funds are disbursed; and

(f) in the case referred to in subsection 62(3), at the time a contribution in respect of an individual member of the group plan is made to the plan, if

(i) the member’s contribution is not made as described in paragraph 62(3)(a), or

(ii) the existence of the plan sponsor has not been confirmed in accordance with section 65 or 66.

(3) Unless otherwise specified in these Regulations, only original documents that are valid and have not expired may be referred to for the purpose of ascertaining identity in accordance with paragraph (1)(a) or (1.1)(a).

64.1 (1) A person or entity that is required to take measures to ascertain a person’s identity under subsection 64(1) or (1.1) may rely on an agent or mandatary to take the identification those measures described in that subsection only if that person or entity has entered into an agreement or arrangement, in writing, with that agent or mandatary for the purposes of ascertaining identity.

(2) A person or entity that enters into an agreement or arrangement referred to in subsection (1) must obtain from the agent or mandatary the customer information obtained by the agent or mandatary under that agreement or arrangement.

(2) The person or entity may rely on measures that were previously taken by an agent or mandatary to ascertain the person’s identity if the agent or mandatary was, at the time they took the measures,

(a) acting in their own capacity, whether or not they were required to take the measures under these Regulations; or

(b) acting as an agent or mandatary under a written agreement or arrangement — entered into with another person or entity that is required to take measures to ascertain a person’s identity — for the purposes of ascertaining identity under subsection 64(1).

(3) In order to rely on measures taken by an agent or mandatary under subsection (1) or (2), the person or entity shall

(a) have entered into a written agreement or arrangement with the agent or mandatary for the purposes of ascertaining a person’s identity under subsection 64(1);

(b) obtain from the agent or mandatary all of the information that the agent or mandatary used to ascertain the person’s identity; and

(c) be satisfied that the information is valid and current and that the agent or mandatary ascertained the person’s identity in the manner described in any of paragraphs 64(1)(a) to (d).

64.2 Every person or entity that is required under these Regulations to ascertain a person’s identity in connection with a record that the person or entity has created and is required to keep under these Regulations — or in connection with a transaction that they have carried out and in respect of which they are required to keep a record under these Regulations or under section 12.1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations — shall set out on or in, or include with, that record the person’s name and the following information:

(a) if the person or entity referred to an identification document under paragraph 64(1)(a), the type of document referred to, its reference number and the issuing authority and, if available, the place it was issued and its expiry date; 

(b) if the person or entity referred to information under paragraph 64(1)(b), the source of the information, the type of information referred to, a reference number associated with the information and the date on which the person or entity verified the information;

(c) if the person or entity referred to information under paragraph 64(1)(c), the source of the information, the reference number associated with the search of the credit file and the date on which the person or entity verified the information;

(d) if the person or entity referred to information under paragraph 64(1)(d), the source of the information, the type of information referred to and the account number contained in it — or if there is no account number contained in it, a reference number associated with the information — and the date on which the person or entity verified the information; or

(e) if the person or entity confirmed under paragraph 64(1)(e) that another entity had previously ascertained the person’s identity, the name   of that entity, the manner in which it previously ascertained the person’s identity under any of paragraphs 64(1)(a) to (d), the applicable information set out in one of paragraphs (a) to (d) of this section that is associated with that manner of ascertaining identity and the date on             which the person or entity verified the information.

Submit comments by September 12, 2015

Comments must be submitted in writing during the comment period, either by email or snail mail:

Snail Mail:

Lisa Pezzack, Director Financial Systems Division,

Financial Sector Policy Branch Department of Finance

90 Elgin Street Ottawa, Ontario K1A 0G5

Email:

fcs-scf@fin.gc.ca

Need a Hand?

At Outlier, we believe that it is important to participate in decisions that affect you and your business.  If you would like someone to look over your submission before you make comments to the Department of Finance, you can get in touch with us free of charge.  We will look over your submission and make suggestions, without any cost to you.  If you need a hand, please feel free to contact us.

 

Micro Deposits & Micro Withdrawals

The Big DisclaimerAmber looking at laptop blank screen

We’re not lawyers and nothing that we write should be considered a legal opinion. Whether or not a solution will be acceptable to your regulators will always depend on your implementation and documentation – please contact us if you need help with either.

Background

There are a limited number of ways for Canadian reporting entities to identify individuals without meeting face to face. Previously, we have sought opinions from the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) on whether or not micro deposits and micro withdrawals could be used to confirm a customer’s identity. Until recently, the answer had been no. We reached out to FINTRAC again on the issue after learning that technology had evolved in a way that could meet the requirements. We’re pleased to share with you that FINTRAC is of the opinion that – given the right technology conditions – micro deposits and micro withdrawals can indeed be used to confirm a customer’s identity.

Confirmation Of A Deposit Account

The methods that can be used to confirm a customer’s identity are listed in Schedule 7 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR). (Since this post was written, Schedule 7 has been repealed and replaced by FINTRAC’s Methods to Identify Individuals). The “Confirmation of a Deposit Account Method” involves confirming that the person has a deposit account (this means a chequing or savings type of account) with a Canadian financial entity (this means a bank, credit union or caisse populaire). To use this method, reporting entities must keep a record of the name of the financial entity where the account is held, the account number and the date of the confirmation.

The key elements of this method involve determining that the account belongs to the person that you are trying to identify and determining that the account is indeed a chequing or savings type of account.

Micro Deposits and Micro Withdrawals

Previously, micro deposits and micro withdrawals were viewed as failing on both of these key elements. Confirming the amount of a micro transaction proved that a person had access to the account, but not that they owned the account. It was also viewed as impossible to determine the type of account (for instance the account may have been a line of credit that had a similar account number structure).

Fortunately, technology has advanced and some payment processors are able to conduct name matching (in some cases, payments are even stopped if there isn’t a match) as well as the type of account. Not all payment processors may have the capabilities, but if you’re looking for a way to automate some of your non face-to-face customer identification, this could be an option.

Implementation Checklist

We’ve broken down the implementation into seven key questions. If you’re able to answer yes in each case, you’re likely to be ready to implement micro deposits or micro withdrawals as an identification method.

  1. Does my payment processor conduct name matching (our client’s name against the account being debited or credited) and what confirmation do we receive of a match?
  2. Is our system set up to keep a record that demonstrates that the name was matched?
  3. Does my payment processor have access to the account type when an account is being debited or credited and can they pass that information to us and/or confirm for us that the account is a deposit account?
  4. Is our system set up to keep a record of the type of account or confirmation that the account is a deposit account?
  5. Is our system set up to keep a record of the name of the financial entity where the account is held?
  6. Is our system set up to keep a record of the account number?
  7. Is our system set up to keep a record of the date of the confirmation?

In addition to this list, you should also give some thought to what happens when identification fails (for example if the name doesn’t match or the account isn’t the right type). You’ll need to consider an alternative way to identify your client, and you probably don’t want their account stuck in limbo.

Need a Hand?

If you want to be certain that you’re meeting the standard described in this blog, or just someone to chat with to make sure that you’re on the right track please contact us.

Full Text Response

Good afternoon Ms. Scott,

Thank you for contacting the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canada’s independent agency responsible for the collection, analysis, assessment and disclosure of information in order to assist in the detection, prevention, and deterrence of money laundering and financing of terrorist activities in Canada and abroad.

You indicated, “some payment providers have the capacity to match the customer’s name to the name on the account (and will not process transactions if there is not a match) and return information about the type of account to which the transaction was pushed.”

In light of this, you have asked whether micro-withdrawals and/or micro-deposits would be acceptable for use as confirmation of a deposit account provided that:

(a) there was a confirmed name match; and

(b) the account type was confirmed as a deposit account.

Subparagraph 64(1)(b)(ii) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) states that non-face-to-face identification can be done by using a combination of identification methods as set out in Part A of Schedule 7, the confirmation of deposit account method being one. This method of ascertaining a person’s identity consists of confirming that the person has a deposit account with a financial entity, other than an account referred to in section 62 of the PCMLTFR. For the deposit account method, paragraph 67(c) of the PCMLTFR requires that the client name, the deposit account number, the financial entity name, and the date of the confirmation be recorded. Therefore, if the payment provider confirms the client name, the deposit account number, the financial entity name, and the date of the confirmation, then yes, the micro-withdrawals and/or micro-deposits is an acceptable means to confirm a deposit account with a financial entity as per Part A of Schedule 7 of the PCMLTFR, and would satisfy one of the two combination methods required.

Please note that FINTRAC does not endorse nor advertise any products, companies, or providers of consumer information.

I trust this information will be of assistance.

Return to Blog Listing