We often hear friends and clients in the real estate sector say they are unsure what to expect if (and when) the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) notifies them of an examination. This article is meant to provide guidance on what to expect and how to ensure a smooth review.
Background
In 2019–20, FINTRAC conducted 399 compliance examinations, of which 146 were focused on the real estate sector [1]. The real estate sector has been the main focus for FINTRAC examinations since 2017 due to the growing concern of money laundering taking place in the Vancouver, Toronto and Montreal real estate market.
For the purpose of assessing compliance, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act gives FINTRAC the authority to inquire into the business of any regulated entity.
FINTRAC examinations are reviews of your compliance program (what you say you are doing to stay in compliance) and your operations (what you’re actually doing to stay in compliance). These exams can take place at any time and should not be confused with your obligation to have an AML Effectiveness Review at least once every two years. FINTRAC examinations can take place in-person onsite at your office, at a FINTRAC office, or over the phone. FINTRAC will provide advance notice of an examination, which is scheduled by telephone and confirmed by letter [2]. Note, due to the COVID-19 pandemic, FINTRAC is not currently conducting onsite examinations [3].
I Have Received Notice of an Exam. Now What?
FINTRAC will request documentation, including your compliance policies and procedures, assessment of risks of money laundering and terrorist financing, measures to mitigate high risks, samples of transaction documentation, and other documents be summitted to them. Based on FINTRAC’s areas of review, the below is a sample list of what you can expect to provide. We have also created a more detailed version of the list which you can find here.
- Most recent version of compliance policies and procedures;
- Most recent version of your documented risk assessment;
- Copy of the last two documented internal and/or external reviews of your compliance program (this may include the reviewer’s working papers as well);
- Training program and records;
- Organizational Chart;
- Financial Statements;
- Number of full-time and part-time employees/sales representative;
- All suspicious and attempted suspicious transaction records;
- A list of all closed deals related to the sale/purchase of real estate;
- In-Trust bank account records; and
- Large cash transaction records.
You will generally have 30 days to provide all requested documentation to FINTRAC. It’s a good idea to read through the request carefully before you begin your preparation.
Whether you are submitting your materials on paper or in electronic format, it is a good idea to create folders or cover pages for each item that FINTRAC has requested. This creates separate sections for each item and helps you to stay organized. A missed item usually can’t be submitted once the deadline has passed, and can result in deficiencies. We’ve created a sample format for your submission package that you can download for free here.
The Exam
Whether the FINTRAC exam is in-person, at their office or over the phone, they follow very similar formats. The key difference is the regulator’s ability to request additional operational data during onsite examinations.
It is ok for you to take notes throughout the examination process (and we recommend that you do). You are permitted to have a lawyer, consultant or other representative with you (if you do, FINTRAC will request that you complete the Authorized Representative Form in advance). While your representative cannot generally answer questions on your behalf, they can prompt you if you are nervous or stuck, and help you to understand what is being asked of you if it is not clear.
The Introduction
The examiner will provide a brief overview of the examination process as a formal opening to the examination. At the end of this introduction, the examiner will ask if you have any questions. At this point, it can be useful to provide a very brief (five minutes maximum) overview of your business.
Your introduction should reflect the materials that you have already submitted to FINTRAC (which ideally included an opening letter that described anything about the business that would not be readily apparent to the examiner, or anything that you believe could be misunderstood). Key facts about your business include:
- Your corporate structure and ownership;
- The types of products and services that are offered/types of transactions that are conducted;
- Where your offices, agents and customers are located;
- How you connect with your customers; and
- Anything significant that has changed since your last FINTRAC examination.
This overview should be simple and brief. At this point, the examination will then begin. At the end of each section, the examiner will ask if you have any questions and let you know whether there are any deficiencies.
Compliance Policies & Procedures
During this part, FINTRAC will ask questions about the policy and procedure documents that you have provided in advance of the examination. There are a few standard questions that are generally asked:
- Who wrote the policies and procedures?
- Were the versions submitted to FINTRAC the most recent versions?
- When were they last updated?
- When and how do you identify your customers?
- How do you ensure that identification is up to date?
- How do you monitor transactions?
- How do you recognize, document and monitor “business relationships” (note: this is any time that you have either an ongoing service agreement with a customer and/or your customer has performed two or more transactions that require identification [4]).
- What are indicators of a suspicious transaction?
- The examiner will also ask a number of questions based on the documents that you have submitted, including questions about compliance-related processes.
Risk Assessment
During this part, FINTRAC will focus on your Risk Based Approach, asking specific questions about the Risk Assessment and related documents that you have provided in advance of your examination. Again, there are some common questions that are asked:
- Do you have any high risk customers or business relationships?
- What factors do you consider in determining that a customer or business relationship is high risk?
- How are customer due diligence and enhanced due diligence different (both generally, and in your processes and documentation)?
Most additional questions will be related to risk management processes. For example, it has been common in the last few months for examiners to ask if a customer or transaction could be rejected (“Yes, if it was outside of our risk tolerance”).
This may also lead to questions about whether or not an Attempted Suspicious Transaction Report (ASTR) or Suspicious Transaction Report (STR) was filed. If there were reasonable grounds to suspect money laundering or terrorist financing, the answer should be yes. If not, you should explicitly say “There were not reasonable grounds to believe that this event was related to money laundering or terrorist financing”, then provide an explanation.
Operational Compliance & Reporting
During this part, the examiner will ask questions about specific transactions/deals. Some of the cases that you must be ready to explain are:
- A transaction matches an indicator of potentially suspicious activity (if there were reasonable grounds to suspect money laundering or terrorist financing, the answer should be that you filed an STR, if not, you should explicitly say that “there were not reasonable grounds to believe that this event was related to money laundering or terrorist financing”, then provide an explanation);
- Questions related to receipt of funds and large cash transactions; and
- Business relationships and ongoing monitoring (in particular, if this did not occur earlier in the examination).
During a desk examination, the examiners typically do not request additional materials.
During onsite examinations, it has become commonplace for examiners to request additional materials. These are generally related to:
- Business relationships;
- Ongoing monitoring (including the monitoring of business relationships);
- High risk customers;
- Enhanced due diligence; and
- Other risk-based processes.
Be clear with the examiner about what can be extracted easily from your IT systems, and in the case that data cannot be extracted easily, be prepared to show the examiner an example (or several). If your system has an “auditor access” feature (generally read-only access with search capability), it can be useful to set this up in advance of the onsite visit.
Exit Interview
Congratulations – you’ve made it to the finish line!
At this point, the examiner will sum up the findings (if there are any), and read a standard disclosure statement. For most of us, the disclosure statement is terrifying, as it talks about penalties. This is standard process – do not be alarmed. When the examiner has finished, you may ask if a penalty is being recommended (if you’re a worrier, please do this). Not all FINTRAC examiners will provide guidance at this stage, but it doesn’t hurt to ask.
After the Exit Interview
After the examination and exit interview, generally within 30 days, you will receive a formal letter that details FINTRAC’s findings. The letter will state either of these possibilities:
- No further compliance or enforcement action;
- Possible follow-up compliance action; or
- A recommendation for an enforcement action, such as an administrative monetary penalty (AMP).
In the case that there is an AMP imposed, we recommend taking action as soon as possible. In most cases, FINTRAC does not require real estate brokers and sales representatives to submit an action plan.
We’re Here To Help
If you need assistance preparing for a FINTRAC exam or have any compliance questions in general, please contact us.
[1] https://www.fintrac-canafe.gc.ca/publications/ar/2020/1-eng
[2] FINTRAC considers the date on which you are advised of an examination, which is typically done by phone, to be the start of the compliance examination process.
[3] https://www.fintrac-canafe.gc.ca/covid19/covid-2020-07-27-eng
[4] Effective June 1, 2021 a business relationship will be defined as either entering into an ongoing service agreement with a customer and/or your customer has performed one or more transactions that require identification.