PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

EFTs, PSPs & Crowdfunding : Canada’s Changing Regulatory Landscape

On April 27th, 2022 amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) and associated regulations related to penalties for non-compliance were passed. These amendments were unusual, as there was little prior public consultation, no pre-publication for public comment, and they came into force “on publication” (right away). This is particularly unusual, as new business models were included in the money services business (MSB) and foreign money services business (FMSB) categories.

Specifically, a number of payment services providers (PSPs) became MSBs through a change in the definition of electronic funds transfers (EFTs), and companies that provide crowdfunding services also became MSBs/FMSBs. Historically, these types of changes would have included a pre-publication of the proposed amendment with time for industry participants to comment. There is also, generally, a period of time between the publication of final amendments and the coming into force date (often a year). Absent these buffers, both industry and Canada’s AML regulator, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) have been scrambling to assess the many nuances of the amendments.

While we’ve seen a number of responses to individual applicants for MSB registrations and requests for policy interpretations from FINTRAC, today’s release was the first substantial piece of public guidance from the regulator. For those inclined, it can be accessed here: https://fintrac-canafe.canada.ca/notices-avis/2022-07-21-eng

EFTs and PSPs

What may have seemed like an inconsequential change to the definition of EFTs, which removed certain exemptions, has significant impacts on payment services providers.

“As payment services are not a prescribed service under the PCMLTFA, FINTRAC is taking the position that persons or entities that provide invoice payment services or payment services for goods and services are engaged in the business of remitting or transmitting funds, or dealing in virtual currency.”

FINTRAC’s guidance goes on to define each of these activities and the (very limited) exemptions in each case.

Crowdfunding

While crowdfunding gets a nod in the title of the guidance, it doesn’t really factor into the substance of today’s piece. There are definitions in the amendments themselves in this case, and it’s likely that additional guidance will follow as FINTRAC works through these registrations.

crowdfunding platform means a website or an application or other software that is used to raise funds or virtual currency through donations. (plateforme de sociofinancement)”

crowdfunding platform services means the provision and maintenance of a crowdfunding platform for use by other persons or entities to raise funds or virtual currency for themselves or for persons or entities specified by them. (services de plateforme de sociofinancement)”

FINTRAC’s MSB/FMSB Registration Process

The guidance notes that FINTRAC is working on getting businesses registered “over the next several weeks.” As there are many businesses that will be newly registering as MSBs or FMSBs, industry participants should expect some delays. It has also become much more common for FINTRAC to ask for additional details about the business, such as the business model and flow of funds.

There is also a tool to check to see if your business should be registered: https://www.fintrac-canafe.gc.ca/msb-esm/questions/2-eng

If you’re ready to register, you can find an overview of the process and links to the pre-registration form here: https://fintrac-canafe.canada.ca/msb-esm/register-inscrire/reg-ins-eng

Requesting Policy Interpretations

There are two important FINTRAC email addresses. If you have a question specifically about whether or not your business should register, first try msb-esm@fintrac-canafe.gc.ca.

For other policy interpretation requests (or if your request is particularly complex), your best avenue is most likely guidelines-lignesdirectrices@fintrac-canafe.gc.ca.

Enforcement Actions

FINTRAC’s guidance indicates that the regulator will take a reasonable approach to entities required to register.

“We understand that there will be challenges in meeting certain obligations. FINTRAC will be reasonable in its assessment and enforcement approach, and is committed to working with reporting entities subject to the PCMLTFA and its Regulations to increase their awareness, understanding and compliance with their obligations. Please continue to monitor our website for updates or additional guidance.”

This gentle approach will not last indefinitely. If your business needs to be registered (and get its house in order AML compliance-wise), it’s time to get started.

We’re here to help.

Whether you want a hand drafting a policy interpretation request, an AML compliance program, or training for your newly minted AML Compliance Officer (congratulations, I’m sorry), we’re here to help. Please get in touch.

Don’t Share STRs or STR Data

Recently the Compliance Officer from a small reporting entity reached out to me to ask an uncomfortable question: should they provide copies of the Suspicious Transaction Reports (STRs) that they had filed with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) to their financial services providers such as a credit union or bank?

This was a difficult situation for the reporting entity’s Compliance Officer because they were afraid of pushing back too much with the financial services provider. Like most non-bank reporting entities, they rely heavily on the services provided by the bank in order to be able to operate their business. Financial service providers, such as banks and credit unions, have the ability to close the accounts of businesses in Canada (often called de-risking), and it can be difficult for some types of reporting entities to establish new banking or payments relationships. The financial services provider in this situation has significantly more power than the reporting entity that is dependent on them.

My gut reaction was that the reporting entity should not disclose the contents of their STR reports, or provide copies. In Canadian legislation, disclosing the fact that an STR was made, or disclosing the contents of such a report, with the intent to “prejudice a criminal investigation” can be punishable as a criminal offence, with penalties of up to 2 years imprisonment (this is also known as “tipping off”). While there did not appear to be any intent to prejudice a criminal investigation in this case, it still seemed like a bad idea. I did a quick check-in with fellow AML geeks on LinkedIn. There are some great comments here, and I had a number of conversations in DMs and by phone. No one seemed to think that the reporting entity should be providing copies of STRs.

The question then became how to best empower the reporting entity to push back effectively. I submitted the following request to FINTRAC and to the Office of the Privacy Commissioner (OPC), both of which have mechanisms to allow Canadians and Canadian companies to ask the regulators to opine on matters free of charge:

One of our clients, a Canadian Money services business (MSB) has been asked by their financial services provider (bank/credit union) to provide copies of the suspicious transaction reports (STRs) and Attempted Suspicious Transaction Reports (ASTRs) that have been filed with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) on an ongoing basis. This struck us as being an overreach in terms of the information that should be disclosed to a service provider, and we are reaching out for an opinion on the appropriateness of these requests.

The financial service provider appears to be of the opinion that this is a reasonable request, and that they may close the MSB’s bank account if the STRs and ASTRs are not provided by the MSB.

I let both FINTRAC and OPC know that I had submitted requests to both. So far, only FINTRAC has responded. Their response is below in full (TL:DR: reporting entities should not share copies of STRs reported to FINTRAC).

Thank you for contacting the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canada’s independent agency responsible for the receipt, analysis, assessment and disclosure of information in order to assist in the detection, prevention and deterrence of money laundering and the financing of terrorist activities in Canada and abroad.

I am writing further to your email of July 16th, 2020, wherein you requested clarification regarding the sharing of suspicious transaction reports (STRs) submitted to FINTRAC.

As you know, section 8 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) states that no person or entity shall disclose that they have made, are making, or will make a report under section 7, or disclose the contents of such a report, with the intent to prejudice a criminal investigation, whether or not a criminal investigation has begun.

The PCMLTFA sets out a regime in which the information contained in financial transaction reports sent to FINTRAC (including STRs) is protected from disclosure except in very limited circumstances. The Act also includes specific provisions aimed at protecting the personal information under FINTRAC’s control. For example, as you may be aware, the PCMLTFA is founded on a prohibition on disclosure (s. 55(1), PCMLTFA). Any disclosure of information or intelligence by FINTRAC must fall under one of the exceptions to this prohibition. Outside of these exceptions, FINTRAC is prohibited from disclosing the contents of financial transaction reports, or even acknowledging their existence.

While reporting entities (REs) are not subject to the same prohibitions, FINTRAC strongly believes that STRs should be regarded as highly sensitive documents, given the role FINTRAC plays in the fight against money laundering (ML) and terrorist activity financing (TF) in Canada, and the fact that STRs are a key source of FINTRAC’s intelligence holdings. From FINTRAC’s perspective, it is not in the public interest for REs to disclose financial transaction reports and the information contained therein. Even beyond this, the collection or disclosure of financial transaction reports, including STRs, without a valid purpose and authority, may infringe on legislated privacy protection obligations. Almost all information within financial transaction reports is personal information about an identifiable individual and is considered financial intelligence by

FINTRAC, collected for the sole purpose of reporting to FINTRAC. The potential harm that could occur from the disclosure of the information in these financial transactions reports is great, and includes compromising: (1) police and national security investigations that are both ongoing or could be undertaken in the future; (2) sources of the information/intelligence within the reports, placing those sources at risk of retaliation; and (3) FINTRAC’s compliance activities, given that data provided by REs is always provided in confidence and that confidence is expected to be maintained by all parties. FINTRAC relies on the information included within STRs to support disclosure of financial intelligence to police and other law enforcement and national security organizations, in the interest of detecting, preventing and deterring ML and TF.

Therefore, while your client (MSB) is not prohibited from sharing the STRs it has submitted to FINTRAC with its service provider (Bank/CU), unless it is with the intent to prejudice a criminal investigation, strong consideration should be given to the above.

If you would like a PDF copy of the complete question and policy position for your due diligence files, or to provide to an external party that is requesting copies of your STRs, or information about their content, you can download it here.

Response from FINTRAC – Re_ Sharing Copies of STRs_ASTRs

A version of this Q&A is also now posted on FINTRAC’s website (PI-10662).

The response from OPC, in contrast, was underwhelming. In essence, they will investigate specific complaints, but they will not issue advanced rulings. That said, if any service provider is insisting that copies of STRs must be shared with them, a complaint to the OPC may be an option.

Response from the Office of the Privacy Commissioner of Canada – INFO-084075

Need a hand?

If you have AML or privacy-related questions, we can help. You can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Return to Blog Listing