Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Are You a Foreign Money Services Business?

Background

On July 10, 2019 amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were released in the Canada Gazette. The amendments require entities that conduct MSB activities from outside of Canada, directed towards Canadians, to be considered Foreign Money Services Businesses (FMSBs) and therefore comply with Canadian AML obligations.  Foreign MSBs must register with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) and become compliant by June 1, 2020. Check out our blog post to see what your full requirements are.

What Is A Money Services Business?

You are considered an MSB in Canada if your business offers any of the following services:

  • Foreign exchange dealing;
  • Remitting or transmitting funds;
  • Issuing or redeeming money orders, traveller’s cheques and other negotiable instruments; or
  • Dealing in virtual currencies.

What Is A Foreign Money Services Business?

You are considered an FMSB if all of the following criteria applies to your business:

  • The person or entity is engaged in the business of providing at least one money services business (MSB) service;
  • The person or entity does not have a place of business in Canada;
  • The person or entity directs its MSB services at persons or entities in Canada; and
  • They provide these services to clients in Canada. 

For further clarity, you must direct services at persons or entities located in Canada. FINTRAC clarifies that directing services means that the services offered takes into consideration a Canadian audience. For example, if marketing or advertising materials are used with the intent to promote services and to acquire business from persons or entities in Canada. Where a business advertises online, but may not specifically exclude Canadian IP addresses, this fact on its own would not constitute directing services at persons or entities in Canada.

A business would be seen as directing services at persons or entities in Canada if at least one of the following applies:

  • The business’s marketing or advertising is directed at persons or entities located in Canada; 
  • The business operates a “.ca” domain name; or
  • The business is listed in a Canadian business directory.

Note that additional criteria may be considered when determining whether you are directing services at persons or entities in Canada. Examples of the additional criteria that may be considered is outlined in FINTRAC’s FMSB Annex 1.

We’re Here To Help

If you are, or think you may be, a foreign MSB and have any questions related to your compliance obligations in Canada, please get in touch!

Amending the Amendments!

Background

Back on July 10, 2019, the highly anticipated final version of the amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations were published. However, on February 15, 2020, further proposed amendments to those amended regulations was published in the Canada Gazette. To make reading these changes a little easier, we have created a redlined version of the regulations, with new content showing as tracked changes, which can be found here.

The Regulatory Impact Statement for this round of proposed changes states the following: “The proposed amendments to the regulations would strengthen Canada’s AML/ATF Regime, align measures with international standards and level the playing field across reporting entities by applying stronger customer due diligence requirements and beneficial ownership requirements to designated non-financial businesses and professions (DNFBPs); modifying the definition of business relationship for the real estate sector; aligning customer due diligence measures for casinos with international standards; aligning virtual currency record-keeping obligations with international standards; clarifying the cross-border currency reporting program; clarifying a number of existing requirements; and making minor technical amendments”. The proposed amendments are expected to come into force on June 1, 2021.

As with all proposed changes, there is a comment period. This comment period is much shorter than the last one, at only 30 days. For anyone interested in commenting on the proposed changes, comments are to be addressed to Lynn Hemmings, Director General, Financial Crimes and Security Division, Financial Sector Policy Branch, Department of Finance, 90 Elgin Street, Ottawa, Ontario K1A 0G5 or email: fin.fc-cf.fin@canada.ca.

While these are proposed changes, guidance from FINTRAC related to the amendments to regulation would hopefully be seen ahead of the coming into force dates of the final version.

We have summarized what this could mean for your business below.

Money Services Businesses

PEP

The most significant proposed change for Money Services Businesses (MSB)s is related to Politically exposed persons (PEP) determinations. Currently, a PEP determination must be made for international EFTs of CAD 100,000 or more. The proposed regulations will require MSBs to make a PEP determination when the MSB enters into a business relationship with a person.

If you currently conduct list screening, PEP screening could easily be added to that process.

Dealers in Virtual Currency

Travel Rule

For dealers in virtual currency, there is an additional proposed requirement on top of the requirements that were published in the last round of AML changes.  The proposed amendments add the requirement for records to be kept for virtual currency transfers of CAD 1,000 or more.

The record must contain the following:

  1. include with the transfer, the name, address and, if any, the account number or other reference number of both the person or entity that requested the transfer and the beneficiary; and
  2. take reasonable measures to ensure that any transfer received includes the information referred to in paragraph (a) above.

If the information required is not obtained, a determination of whether the transaction should be suspended or rejected will need to be made.

Given the nature of virtual currency transfers, it will be interesting to see how this requirement plays out, as currently, there are no technology solutions (that we are aware of) that would solve for this.

A reminder that dealers in virtual currency will be considered MSBs as of June 1, 2020. Check out our blog post for a full list of regulatory requirements related to dealers in virtual currency.

Real Estate

Business Relationship

One of the most significant proposed changes for real estate developers, brokers and sale representatives is related to the definition of a business relationship. Currently, a business relationship is defined as:

If a person or entity does not have an account with you, a business relationship is formed once you have conducted two transactions or activities for which you have to:

  • verify the identity of the individual; or
  • confirm the existence of the entity.

The proposed amendments will change that definition for real estate developers, brokers and sale representatives to only one transaction.

For business relationships, a reporting entity must:

  • keep a record of the purpose and intended nature of the business relationship;
  • conduct ongoing monitoring of your business relationship with your client to:
    • detect any transactions that need to be reported as suspicious;
    • keep client identification and beneficial ownership information, as well as the purpose and intended nature records, up-to-date;
    • reassess your clients risk level based on their transactions and activities; and
    • determine if the transactions and activities are consistent with what you know about your client;
  • keep a record of the measures you take to monitor your business relationships and the information you obtain as a result.

We will have to wait for guidance to see how ongoing monitoring obligations applies to the real estate sector if this change takes effect.

PEP

The proposed amendments will require real estate developers, brokers and sale representatives to make a Politically exposed persons (PEP) determination when they enter into a business relationship (as defined above) with a client. In addition, they will also be required to take reasonable measures to determine whether a client from whom they receive an amount of CAD 100,000 or more is a PEP.

Beneficial Ownership

The proposed amendments will require real estate developers, brokers and sale representatives to comply with existing beneficial ownership requirements that apply to other reporting entities.

This means when identifying an entity, a reporting entity needs to collect the following for all Directors and individuals who own or control, directly or indirectly, 25% or more of the organization:

  • Their full legal name;
  • Their full home address; and
  • Their role and/or ownership stake in the organization.

Given the obligation is to obtain, rather than verify, such information, we do not expect this requirement to be overly burdensome for the real estate sector.

Dealers in Precious Metals and Stones

PEP

Dealers in Precious Metals and Stones (DPMS)s will be required to make a PEP determination when they enter into a business relationship with a client. In addition, a DPMS will be required to take reasonable measures to determine whether a person from whom they receive an amount of CAD 100,000 or more is a PEP.

A reminder that a business relationship is defined as:

If a person or entity does not have an account with you, a business relationship is formed once you have conducted two transactions or activities for which you have to:

  • verify the identity of the individual; or
  • confirm the existence of the entity.

Given the definition of a business relationship, we do not expect this requirement to be overly burdensome. If you currently conduct list screening, PEP screening could easily be added to that process.

Beneficial Ownership

The proposed amendments will required DPMSs to comply with existing beneficial ownership requirements that apply to other reporting entities.

This means when identifying an entity, a reporting entity needs to collect the following for all Directors and individuals who own or control, directly or indirectly, 25% or more of the organization:

  • Their full legal name;
  • Their full home address; and
  • Their role and/or ownership stake in the organization.

Given the obligation is to obtain, rather than verify, such information, we do not expect this requirement to be overly burdensome for the DPMS sector.

We’re Here To Help

If you would like assistance in updating your compliance program and processes, or have any questions related to the changes, please get in touch!

Regulations Amending the Regulations February 15, 2020- Redlined Versions

The following red-lined versions have been created to reflect the amendments to Canadian anti-money laundering (AML) regulations published in the Canada Gazette on February 15, 2020. You can also read our article “Amending the Amendments!” for a summary of the proposed changes by industry.

Redlined versions of all the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations are listed below for download.

These documents are not official versions of the regulations. Official versions can be found on the Government of Canada’s Justice Laws Website.

Regulations Amending the Regulations Amending Certain Regulations Made Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act

Please click the link below for downloadable PDF file.
Amending_the_Regulations_Amending_Certain_Regulations_Made_Under_the_Proceeds_of_Crime_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations

Please click the links below for downloadable pdf files.
PCMLTF_July_2019_Redlined_Full_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations

Please click the links below for downloadable pdf files.
PCMLTF_Suspicious_Transaction_Reporting_Regulations_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Registration Regulations

Please click the link below for a downloadable PDF file.
PCMLTF_Registration_Regulations_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations

Please click the link below for a downloadable pdf file.
PCMLTF_Administrative_Monetary_Penalties_Regulations_July_2019 – Redlined_Feb_2020

Proceeds of Crime (Money Laundering) and Terrorist Financing Cross-Border Currency and Monetary Instruments Reporting Regulations

Please click the link below for a downloadable pdf file.
PCMLTF_Cross-Border_Currency_and_Monetary_Instruments_Reporting_Regulations_July_2019 – Redlined_Feb_2020

Need a Hand?
Whether you need to figure out if you’re a dealer in virtual currency, to put a compliance program in place, or to evaluate your existing compliance program, we can help. You can get in touch using our online form, by emailing info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Information Should Be Free!

Outlier has produced an open-source AML and CTF, and Privacy repositories of definitions, acronyms, and terminology that is free for whoever wants it.

Please feel free to provide contributions and/or feedback, as it would be greatly appreciated. We have already had three contributors!

Discombobulated

About a year ago, we had a client who was interacting with the world of Anti-Money Laundering (AML) and Counter Terrorist Financing (CTF) for the first time. They were aggravated by the amount of jargon, acronyms, and uncommon uses of certain commonly understood terms. An example is, a business relationship. Those of you that are relatively familiar with the AML space know a business relationship doesn’t mean what the rest of the world thinks it means. In Canada, in the AML context, it means something very different.

A Helping Hand

At the time, they wished for a simple reference point where they could easily find the meaning for different terms. Unfortunately, this entails combing multiple locations, including FINTRAC’s website, plus the Act and Regulations themselves. To make a long story short, there is no easy way. Fed up, they (not so) gently suggested that we (Outlier) fix this. Their idea was creating a GitHub repository.

For those unfamiliar with GitHub, it is a web-based hosting service for version control. It is mostly used for computer code, but has also been used to write and edit books. It offers access control and several collaboration features. A GitHub repository is where the code and/or information is maintained for a specific project. This process is fairly simple to someone who is a coder with years of experience working with GitHub. For myself, this was not so simple. A year later, almost to the day, the repository is created, open and available to the public. There is no need to be scared, you are able to comment and make suggestions without knowing how to code at all. If you can’t figure out how to provide commentary in GitHub, send it to use via email at info@outliercanada.com with the subject line “GitHub Feedback.”

The Power of Collaboration

The (not so) gentle nudge meshed well with one of Outlier’s core beliefs: that information should be free. By collecting the information, housing it in GitHub, and making it available to anyone, we are able to provide free information to everyone who wants it. By making information free and public, it gives others the opportunity to make suggestions, add content, and improve the quality of the information.

What Happens When We Work Together?

By sharing this open-source project with the world, we are looking to empower anyone willing to be empowered. From the client who is interacting with the world of AML for the first time. To the seasoned-veteran who is looking for helpful resources. To the person who wants to provide their customer with a helpful resource. Take the information and do what you wish with it. If you would like to attribute Outlier, awesome! If not, that’s ok too. Our only request is this should never be provided for a fee.

Have a Question?

If you looked at the resource and are curious about how to make a contribution, please feel free to contact us anytime. Contributions can include anything from corrections and suggestions, to the addition of different jurisdictional definitions, specifically the European perspective.

This is not a solicitation (but we do get this request often), should you want to provide a tip in BTC or ETH, our addresses are listed below.

To open a channel with our Lightning Node, our address is: 03acb418d5b88c0009cf07d31ec53d0486814bc77917c352bd7e952520edf7bf3c@99.236.76.38:9735

or you can use Tippin.Me.

bitcoin ethereum
33CdqJTw6jMWVBAveT9Ue3rPym8HPKKPow 0x03CDF23a2Eb070F2c79De5B2E6FB90671D3c70fE

Real Estate Sector – Identifying Individuals

We often hear friends and clients in the real estate sector say they are frustrated that there are not many ways to identify a customer other than meeting them face-to-face. Real estate developers, brokers and sales representatives have an obligation to ascertain a customer’s identity which requires them to refer to specific information and/or documentation to verify a customer’s identity.  However, this does not mean that identification must take place face-to-face. Below is a summary of all the different methods outlined in FINTRAC Guidance that are currently available to identify customers that are individuals and what’s coming.[1]

This article should not be considered advice (legal or otherwise). Throughout this article we refer to a purchaser of real estate as a customer, but you may refer to them as clients depending on your internal procedures. Also, your internal procedures may dictate what methods are acceptable in identifying a customer. If you are unsure, consult with your Compliance Officer where there is any doubt on what is acceptable within your organization.

Face-to-Face Identification for Individuals

When meeting customers face-to-face you may ask for a piece of identification that is:

  • Issued by a provincial, territorial or federal government in Canada or an equivalent foreign government (a foreign Passport would be acceptable for example);
  • Valid, not expired (if there is not expiry date this must be stated in the customer identification record);
  • Bears a unique identifier number (such as a driver’s license number);
  • Bears the name of the individual being identified;
  • Is an original (not a copy, photo, scan, video call, etc.); and
  • Bears a photo of the individual being identified.

Information that must also be collected and recorded includes things such as the customer’s full name (no initials, short forms or abbreviations), their occupation, date of birth, etc. The needed information is included in various fields on industry customer identification forms that are used so it is crucial they are complete and accurate.

Single Process Method

Under the single process method, a customer’s identify can be confirmed by completing  a credit header match on their Canadian credit file, provided it has been in existence for at least three years and has at least two trade lines.  This means there is not a ‘hard hit’, impacting the customer’s credit score. This must be completed at the time of confirming a customer’s identity and cannot take place earlier or later.  To be acceptable, the credit file details must match the exact name, date of birth and address provided by the customer. When using this method to confirm a customer’s identity a record of the following information must be retained:

  • The customer’s name;
  • The name of the Canadian credit bureau holding the credit file;
  • The reference number of the credit file; and
  • The date the credit file was consulted.

Dual Process Method

Where the single process method provides information that does not match what the customer has provided and/or the credit file does not meet the requisite requirements, the dual process method can be used to identify that customer.  This involves referring to information from reliable and independent sources and must be original, valid and the most recent.  In order to qualify as reliable, the sources should be well-known and reputable. Reliable and independent sources can be the federal, provincial, territorial and municipal levels of government, crown corporations, financial entities or utility providers. It is important to note that independent means neither of the sources can be the same, nor can they be you or your business.

Documentation being used must be in its original form.  This makes electronic documents the preference because the customer can send the originals via email, while retaining a copy for themselves. You cannot accept documents that have been photocopied, scanned or faxed.

Under the dual process method, you can refer to any two of the following options:

  • Documents or information from a reliable source that contain the customer’s name and date of birth;
  • Documents or information from a reliable source that contain the customer’s name and address; or
  • Documents or information that contain the customer’s name and confirms that they have a deposit, credit card or other loan account with a financial entity.

The table below provides some examples of the sources and documents that can be referred to when confirming a customer’s identification.  In order to meet the standards of the dual process method, two documents must be obtained but each document cannot be in the same column.

 

Documents or information to verify name and address

 

 

Column A

Documents or information to verify name and date of birth

 

 

Column B

Documents or information to verify name and confirm a financial account

 

Column C

 

Issued by a Canadian government body:

Any card or statement issued by a Canadian government body (federal, provincial, territorial or municipal):

·      Canada Pension Plan (CPP) statement;

·      Property tax assessment issued by a municipality; or

·      Provincially-issued vehicle registration.

·      Federal, provincial, territorial, and municipal levels.

CRA documents:

·      Notice of assessment;

·      Requirement to pay notice;

·      Installment reminder / receipt;

·      GST refund letter; or

·      Benefits statement.

Issued by a Canadian government body:

Any card or statement issued by a Canadian government body (federal, provincial, territorial or municipal):

·      Canada Pension Plan (CPP) statement of contributions;

 

 

Issued by other Canadian sources:

·      Referring to a customer/customer’s Canadian credit file that has been in existence for at least 6 months; or

Insurance documents (home, auto, life);

Confirm that your customer/customer has a deposit account, credit card or loan account by means of:

·      Credit card statement;

·      Bank statement;

·      Loan account statement (for example: mortgage);

·      Cheque that has been processed by a financial institution;

·      Telephone call, email or letter from the financial entity holding the deposit account, credit card or loan account; or

·      Identification product from a Canadian credit bureau (containing two trade lines in existence for at least 6 months);

Issued by other Canadian sources:

·      Referring to the customer/customer ‘s Canadian credit file that has been in existence for at least 6 months;

·      Utility bill (for example, electricity, water, telecommunications);

·      T4 statement;

·      Record of Employment;

·      Investment account statements (for example, RRSP, GIC); or

·      Identification product from a Canadian credit bureau (containing two trade lines in existence for at least 6 months).

 

Where the dual process method is used to confirm the identity of a customer, a record of certain information must be maintained. Specifically:

  • The customer’s name;
  • The name of the two different sources that were used to identify the customer;
  • The type of information (for example, utility statement, bank statement, etc.) that was referred to;
  • The account number associated with the information for each source (if there is account number, you must record a reference number); and
  • The date the information was verified.

Third Parties (Agent or Mandatary)

If you are unable to use any of the methods above (say in the case of a foreign buyer that you cannot meet with face-to-face), you can ask someone in their area to identify them on your behalf.  There must be a written agreement or arrangement in place before using this method and procedures must be in place on how the third party will identify a buyer.

 

What’s To Come?

On June 9th, 2018, draft amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations (there are five separate regulations that we’re going to collectively call regulations here for simplicity’s sake) were published. The draft amendments include some positive changes in respect to requirements related to identity verification.

With regards to the identification document used to identify a customer, the draft amendments replace the word “original” with “authentic” and state that a document used for verification of identity must be “authentic, valid and current.” This may[2] allow for scanned copies of documentation and/or for software that can authenticate identification documents to be used for the dual process method.

Under the draft amendments, regarding the single process method, information in a credit report must be derived from more than one source (this means there must be more than one trade line).

Under the draft amendments, real estate developers, brokers and sales representatives would be allowed to rely on identity verification undertaken by other regulated entities. This method requires a written agreement and a requirement to deliver the identity documentation within three days.

 

We’re Here To Help

If you have questions regarding the identification requirements in place currently or the requirements that are in draft form please contact us.

 

[1] Note that methods used to identify customers that are organizations are different from the ones discussed in this article.

[2] There is no certainty in this regard until a final version is published and FINTRAC has provided their guidance on the matter.

AML Changes For The Real Estate Sector

Here We Go Again! Canada’s Proposed AML Changes for Real Estate Developers, Brokers and Sales Representatives

 

On June 9th, 2018, draft amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations (there are five separate regulations that we’re going to collectively call regulations here for simplicity’s sake). This article is intended to give a high-level summary of the proposed amendments as they relate to the real estate industry.

This article should not be considered advice (legal, tax or otherwise). That said, any of the content shared here may be used and shared freely – you don’t need our permission. While we’d love for content that we’ve written to be attributed to us, we believe that it’s more important to get reliable information into the hands of community members (meaning that if you punk content that we wrote, we may think you’re a jerk but we’re not sending an army of lawyers).

Finally, we want to encourage the community to discuss the proposed changes and submit meaningful feedback for policy makers. The comment period for this draft is 90 days. After this, the Department of Finance takes the feedback to the bat cave and drafts a final version of the amendments. From the time that the final version is published, the draft indicates that there will be 12 months of transition to comply with the new requirements.

What does this mean for my business?

While there are quite a number of proposed changes (the draft is about 200 pages in length), some are likely to have more of an impact on for real estate developers, brokers and sales representatives than others. We’ve summarized the changes that we expect to have the most impact below. Remember these are just proposed changes so there is no need to update your compliance material just yet.

What’s New?

Virtual Currency:

While there are not many proposed amendments that will introduce new requirements for real estate developers, brokers and sales representatives the draft regulations introduce reporting requirements for the receipt of CAD 10,000 or more of virtual currency. These basically are the same as large cash reporting obligations and will require reporting entities to maintain a large virtual currency transaction record.

The requirements for reporting and recordkeeping for virtual currency will be very similar to cash reporting requirements.

What existing requirements are changing?

24-hour rule:

The draft regulations clarify that multiple transactions performed by or on behalf of the same customer or entity within a 24-hour period are considered a single transaction for reporting purposes when they total CAD 10,000 or more. Only one report would need to be submitted to capture all transactions that aggregate to CAD 10,000 or more. For real estate developers, brokers and sales representatives this would apply to recipient of cash deposits. Specifically, this will apply to large cash transactions or CAD 10,000 or more. 

Identification:

The draft regulations replace the word “original” with “authentic” and states that a document used for verification of identity must be “authentic, valid and current. This would allow for scanned copies of documentation and/or for software that can authenticate identification documents to be used for the dual process method for real estate developers, brokers and sales representatives that identify clients in a non-face-to-face manner. Another change, related to measures for verifying identity, is that the word “verify” has been replaced with “confirm” and “ascertain” has been replaced with confirm. What this will mean exactly is still unclear (FINTRAC will need to provide more guidance once the final amendments are released). We are hopeful that it will allow for easier customer identification – especially for customers outside of Canada.

Records:

There have been some changes to the details that must be recorded in records that real estate broker or sales representative must maintain. In particular, the draft regulations add the requirement that information records must contain details of every person or entity for which they act as an agent or mandatary in respect of the purchase or sale of real property. Under the existing regulations information related to the person or entity purchasing real estate only.

Risk Assessment:

Under current regulations, reporting entities are required to assess the risks associated with its business and develop a risk assessment specific to your situation. For real estate developers, brokers and sales representatives a risk assessment must address the following four areas:

  • Products, services, and delivery channels (to better reflect the reality of the real estate sector, this workbook will now only refer to services and delivery channels);
  • Geography;
  • Clients and business relationships; and
  • Other relevant factors

A proposed amendment would require all reporting entities to assess the risk related the use of new technologies, before they are implemented.  This has been a best practice since the requirement to conduct a risk assessment came into force, but this change would make this a formal requirement.

Suspicious Transaction Reporting:

Under current regulations if a reporting entity has reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. The revised regulations add to this requirement by stating:

The person or entity shall send the report to the Centre within three days after the day on which measures taken by them enable them to establish that there are reasonable grounds to suspect that the transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist activity financing offence.

This would require reports to be submitted to FINTRAC within three days after the reporting entity conducts an analysis that established reasonable grounds for suspicion.

Schedules:

The draft regulations introduce changes to reporting schedules, requiring more detailed information to be filed with FINTRAC then previously was required. This is in addition to including information that is marked as optional, if a reporting entity has the information. As it relates real estate developers, brokers and sales representatives these changes will impact attempted suspicious and suspicious transaction reporting, terrorist property reporting and large cash reporting. Some of the additional proposed data fields are:

  • every reference number that is connected to the transaction,
  • every other known detail that identifies the receipt (of cash for large cash transactions),
  • type of device used by person who makes request online,
  • number that identifies device,
  • internet protocol address (IP address) used by device,
  • person’s user name, and
  • date and time of person’s online session in which request is made.

Such changes may be onerous for reporting entities, especially for transactions that are conducted online.

Training:

Under current regulation, if real estate developers, brokers and sales representatives use agents, mandataries or other persons to act on their behalf, they must develop and maintain a written, ongoing compliance training program for those agents, mandataries or other persons. The draft regulations introduces an additional requirement in which there must be a documented plan for the ongoing compliance training program and delivering of that the training.

What’s Next?

If you’ve read this far, congratulations and thank you!

We hope that you will contribute your thoughts and comments. You can do this by contacting the Department of Finance directly. Their representative on this file is:

Lynn Hemmings
Acting Director General
Financial Systems Division
Financial Sector Policy Branch
Department of Finance
90 Elgin Street
Ottawa, Ontario
K1A 0G5
Email: fin.fc-cf.fin@canada.ca

If you would like assistance drafting a submission, or have questions that you would like Outlier to answer, please get in touch!

Don’t Panic: June 2018 AML Update for DPMSs

As you may have heard, in 2018 the Department of Finance released draft updates to Canada’s anti-money laundering (AML) and counter terrorist financing (CTF) legislation. If you’re the type that likes to read the original legislative text, you can find it here.

For the rest of us, we’ve summarized the proposed updates and what they might mean for your business below.

Why is it a draft?

Publishing proposed amendments as a draft provides reporting entities like dealers in precious metals and stones (DPMSs), our industry associations like the Canadian Jewellers Association (CJA) and members of the general public, the opportunity to read the draft and suggest changes. There is a 90-day window from the original June 9th, 2018 publication date during which comments are accepted (meaning that comments should be submitted to the Department of Finance by early September).

After this, the Department of Finance will take the comments, synthesize them, request additional clarification where needed, and draft a final version of the amendments. The final version is likely to look fairly similar to the draft, with some changes. From the date that the final version is published, we expect that reporting entities will have 12 months to adjust their compliance programs and operations.

Practically speaking, this means that you should start thinking about what this means to you and your business now. However, while it can be useful to start teeing up resources (especially if you think that your IT systems need to be updated), it often makes sense to wait until the final version has been published to make changes. If you have thoughts on the proposed changes, it also means that you should consider submitting these, either independently or through an industry association. CJA members should contact Carla Adams (carla@canadianjewellers.com).

What does it mean for my business?

While there are quite a number of proposed changes (the draft is about 200 pages in length), some are likely to have more of an impact on DPMSs than others. We’ve summarized the changes that we expect to have the most impact here.

Large Virtual Currency Transaction Reporting

If you accept payments using virtual currencies like bitcoin, these will be treated similarly to cash payments. For any payments valued at CAD 10,000 or more made by or on behalf of the same person or entity in a 24-hour period, you will need to identify the customer and submit a report to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).

Non-Face-To-Face Customer Identification

Currently, there is a requirement that when customers are identified using the dual process method, the document and/or data that you collect is in its “original” format. This has been interpreted to mean that if the customer receives a utility bill in the mail, they must send you the original paper (not scanned or copied) document. The word “original” will be replaced with “authentic” (meaning that so long as you believe that the utility bill is a real utility bill for that person, it doesn’t need to be the same piece of paper that they received in the mail).

In addition, there are provisions that would allow reporting entities to rely on the identification conducted previously by other reporting entities. If this method is used to identify a customer, the reporting entity must immediately obtain the identification information from the other reporting entity and have a written agreement in place requiring the entity doing the identification to provide the identification verification within 3 days of the request.

Suspicious Transaction Reporting

Currently, if a reporting entity has reasonable grounds to suspect that a transaction or requested transaction is related to money laundering or terrorist financing, a report must be submitted to FINTRAC within 30 days of the date that a fact was discovered that caused the suspicion. This was changed in the last round of amendments that came into force last year, and the proposed new wording would be another significant change:

The person or entity shall send the report to the Centre within three days after the day on which measures taken by them enable them to establish that there are reasonable grounds to suspect that the transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist activity financing offence.

This means that a report would be due three days after the reporting entity conducts an investigation or does something else that allows them to reach the conclusion that there are reasonable grounds to suspect.

Information Included In Reports to FINTRAC

Certain information is required in reports to FINTRAC. Even where information is marked as being optional, if a reporting entity has the information, it becomes mandatory to include it. Some of the additional proposed data fields are:

  • every reference number that is connected to the transaction,
  • every other known detail that identifies the receipt (of cash for large cash transactions),
  • type of device used by person who makes request online,
  • number that identifies device,
  • internet protocol address (IP address) used by device,
  • person’s user name, and
  • date and time of person’s online session in which request is made.

These fields may require significantly more data to be included in reports, especially for transactions that are conducted online.

New Products & Delivery Channels

One of the deficiencies identified in the Financial Action Task Force (FATF) review of Canada was not having a requirement to assess new technologies before their launch. A proposed amendment would require all reporting entities to assess the risk related to assess the risk of products and their delivery channels, as well as the risk associated with the use of new technologies, prior to their launch.

This has been a best practice since the requirement to conduct a risk assessment came into force, but this change would make this a formal requirement.

Defining a DPMS

The proposed amendments would change the definition of a DPMS slightly to read:

(1) A dealer in precious metals and precious stones, other than a department or an agent or mandatary of Her Majesty in right of Canada or of a province, that buys or sells precious metals, precious stones or jewellery for an amount of $10,000 or more is engaged in an activity for the purposes of paragraph 5(i) of the Act. A department or an agent or mandatary of Her Majesty in right of Canada or of a province carries out an activity for the purposes of paragraph 5(l) of the Act when they sell precious metals to the public for an amount of $10,000 or more.

(2) The activities referred to in subsection (1) do not include a purchase or sale that is carried out in the course of or in connection with manufacturing a product that contains precious metals or precious stones, extracting precious metals or precious stones from a mine or polishing or cutting precious stones.

(3) For greater certainty, the activities referred to in subsection (1) include the sale of precious metals, precious stones or jewellery that are left on consignment with a dealer in precious metals and precious stones. Goods left with an auctioneer for sale at auction are not considered to be left on consignment.

Neither the PCMLTFA nor the Regulations define consignment. This may need to be addressed, as the understanding of the term can vary.

Exempt Low Risk Activities

Certain activities are currently exempt from the DPMS designation, including manufacturing jewellery, extracting precious metals or precious stones from a mine, and cutting or polishing precious stones. The exempt activities would be expanded to capture other types of manufacturing processes that may also involve the use or consumption of precious metals and stones (e.g. diamonds used to manufacture drill bits). This is described as being consistent with the original policy intent.

What’s next?

If you would like to make a comment about the proposed changes to the Department of Finance during the comment period (which closes in early September), the contact person is:

Lynn Hemmings

Acting Director General

Financial Systems Division

Financial Sector Policy Branch

Department of Finance

90 Elgin Street

Ottawa, Ontario

K1A 0G5

Email: fin.fc-cf.fin@canada.ca

If you would like to submit comments via an industry association, and you are a member of CJA, please contact carla@canadianjewellers.com.

If you have questions about AML & CTF compliance generally, please feel free to contact us.

Breach of Security Safeguards Regulations

Back in June of 2015, the Digital Privacy Act received royal assent, resulting in amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). Most amendments came into force at that time, except for the much-anticipated requirements related to breach notification. These requirements will come into force once regulations have been developed and put into place, and will affect any organization that collects, uses or discloses personal information in the course of commercial activities.

On September 2, 2017, a draft of those regulations was published in the Canada Gazette. The draft regulations will require organizations to report, to the privacy commissioner, any breach of security safeguards involving personal information under its control if it is reasonable to believe the breach creates a real risk of significant harm. The draft regulations state that such a report would have to contain the following:

  • a description of the circumstances of the breach and, if known, the cause;
  • the day or the period in which the breach occurred;
  • a description of the personal information that was involved in the breach;
  • an estimate of the number of individuals impacted – where the breach creates a real risk of significant harm;
  • the steps that the organization has taken to reduce the risk of harm to the impacted individuals;
  • the steps that the organization has taken or will take to notify impacted individuals; and
  • the name and contact information of a person who can answer, on behalf of the organization, the Privacy Commissioner’s questions about the breach.

Organizations that experience such a breach will also have to do the  following:

  • Determine if the breach poses a “real risk of significant harm” to any individual whose personal information was involved in the breach by conducting a risk assessment;
  • Notify affected individuals if it is determined that there is a real risk of significant harm. How the notification will take place depends on serval factors such as if contact information of the impacted individuals is known, cost, and if the method chosen to deliver such a notification will cause further harm;
  • Issue notification that contains:
    • a description of the circumstances of the breach;
    • the day or period during which the breach occurred;
    • a description of the personal information that was involved in the breach;
    • the steps that the organization has taken to reduce the risk of harm to the impacted individuals;
    • the steps that the impacted individuals could take to reduce the risk of harm resulting from the breach;
    • a toll-free number or email address that the impacted individuals can use to obtain further information about the breach; and
    • information about the organization’s internal complaint process and about the individual’s rights under PIPEDA, and that they can make a complaint with the privacy commissioner;
  • Notify other organizations or government institutions if they believe they may be able to reduce the risk of harm to the impacted individuals (i.e. law enforcement agencies). If this is the case, consent of individuals is not required for such disclosures; and
  • Keep records of any data breach for a minimum of 24 months.

The determination if there is a real risk of significant harm to an individual, and reporting “as soon as feasible” requirements, are likely to be the most challenging for organizations.

In determining if there is a “real risk of significant harm”, the assessment of risk conducted must consider factors such as the sensitivity of the personal information involved, whether or not the data was data encrypted, whether the personal information could be misused, if the information has been recovered, etc. The true risk of such factors may not always be known at the time that the risk assessment is first conducted. If not known, it may be best to use a worst case scenario in the assessment.

In reporting “as soon as feasible” after an organization determines that the breach has occurred, to both the Privacy Commissioner and impacted individuals, organizations may be hesitant to provide specific information. Reasons why organizations may be hesitant may include, details and information may change as further investigating of the breach is conducted, or for fear of litigation risk down the road. Additionally, there is reputational risk that organizations will be concerned about. When notifying the Privacy Commissioner, organizations may want to state that the investigation is ongoing and that updates will be provided in a timely manner. When notifying impacted individuals, organizations should ensure that all required information is contained in the notification. It is best to be transparent and truthful in such notifications, as not doing so may cause even greater litigation and reputational risk.

Regulatory Impact Analysis and Regulations

The draft regulations are open for a comment period, to read full details of the draft and the accompanying regulatory impact analysis statement please visit the Canada Gazette.

We’re Here To Help

If you have questions regarding this or any questions related to privacy legislation in general, please contact us.

Would You Recognize Real Estate Red Flags?

Rodney_FINTRACOn November 14th, 2016 FINTRAC released a brief for all reporting entities who may be involved in real estate transactions.  The briefing is intended as guidance to provide some examples of indicators that may be present in transactions that may suggest they are linked to money laundering or terrorist financing.  The indicators described have been taken from transactions suspected of being related to money laundering or terrorist financing reported internationally.  The briefing focuses on the potential risks and vulnerabilities within the real estate industry and provides suggestions on how to ensure reporting entities are sufficiently meeting suspicious transaction reporting obligations.

The briefing is meant to provide operational guidance given the small overall number of suspicious transactions that have been reported to FINTRAC by the Real Estate industry.  The briefing states that these indicators will be used by FINTRAC to assess compliance with your reporting obligations.  If you are a reporting entity that interacts with the real estate industry in one form or another, the indicators and scenarios outlined in this brief should be considered when updating your Risk Assessment and training materials.

To put things into perspective, though the actual size of the real estate market is difficult to determine precisely, CMHC has produced some statistics.  CMHC suggests that between 2003 and 2013 over $9 trillion of mortgage credits were negotiated and roughly 5 million sales took place through Multiple Listing Services (MLS).  In contrast, FINTRAC received only 127 Suspicious Transactions Reports (STRs) from real estate brokers, agents and developers and 152 by other types of reporting entities, such as banks and trust/loan companies.  To go a step further, in FINTRAC’s 2015 Annual Report, between April 1, 2014 and March 31, 2015, a total of 92,531 STRs were filed across all reporting entities.

 

re-strs-filed-vs-sales

This evidence supports FINTRAC’s assertion that operational guidance for the real estate industry is needed.

The indicators and examples covered in the brief outline numerous scenarios that may suggest that a transaction is related to a money laundering or terrorist financing offense.  It also speaks to how the appearance of legitimacy obfuscates the clarity of suspicious transactions and requires more than a just “gut feel”.  What is required is the consideration of the facts related to the transaction and their context.  Does the transaction with all the known factors, positive or negative, make sense?

 

What This Means to Your Business? 

First off, FINTRAC will be using the indicators provided to assess your compliance with reporting obligations.  This has a couple different applications.  The first being, does your AML compliance program documentation make reference to the suspicious indicators that are provided.  Basically, are staff aware of the elements that may be present in a transaction that would suggest money laundering or terrorist financing may be occurring?

Secondly, is there an oversight process to ensure if there are transactions that contain one or more of these indicators where an STR was not submitted, is reviewed?  If so, does the process ensure supporting evidence that the Compliance Officer reviewed the transaction and determined there were not reasonable grounds to suspect its relation to money laundering or terrorist financing?  When you encounter a transaction involving any of the indicators provided, it is very important that you collect as much information as possible to assist the Compliance Officer with their determination of whether there are reasonable grounds to suspect that a transaction, or attempted transaction, may be related to money laundering or terrorist financing.  Alternatively, even if none of the indicators provided by FINTRAC are present but we still feel there is “something off” about our customer’s transaction, speak with your Compliance Officer.  They will be able to provide some insight on additional information that may assist our decision.  Once you have collected any additional information you may still not feel comfortable, but this does not mean you cannot complete the transaction, but that you must be sure your Compliance Officer is provided with all the information, which includes our reason for the escalation, so that they can decide whether there are reasonable grounds to suspect it may be related to a money laundering or terrorist financing offense.  The Compliance Officer will document their decision and, if necessary, submit an STR to FINTRAC.

Need a Hand?

If you are a reporting entity that interacts with the real estate industry and would like assistance updating your AML compliance program documentation or simply have some questions, please contact us.

Sanctions This Week: July 25th – 29th, 2016

 

OSFISanctions Pic

There were no updates released from OSFI this week.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released four updates last week.  One update was related to the publication of Cuba-related Frequently Asked Questions (FAQ), covering some of the recent changes made to the sanctions that had previously been placed on Cuba.  Other updates included the removal of 12 individuals from the Counter Terrorism Designations List, the issuance of a Finding of Violation and the publication of Iran General License J.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

The update to the Cuba-related FAQs was for the issuance of a new FAQ (#38) and a revision of an existing FAQ (#39), relating to certain information collection and recordkeeping requirements for persons subject to U.S. jurisdiction who provide authorized carrier or travel services to or from Cuba for specifically licensed travelers.

The update to the Counter Terrorism Designations List included the removal of 12 individuals of Libyan origin who are currently residing in the UK.

The Finding of Violation was issued to Compass Bank, which uses the trade name BBVA Compass, for violations of the Foreign Narcotics Kingpin Sanctions Regulations. From June 12, 2013 to June 3, 2014, Compass maintained accounts on behalf of two individuals on OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”).

The final update of the week was related to OFAC issuing “General License J”, authorizing the re-exportation of certain civil aircraft to Iran on temporary sojourn and related transactions.

See the Cuba-related FAQ update on OFAC’s website.

See the Counter Terrorism Designations List update on OFAC’s website.

See the issuance of a Finding of Violation to Compass Bank on OFAC’s website.

See the Iran General License J details on OFAC’s website.

See OFAC’s recent actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Return to Blog Listing


PROCESSING...