PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Integrity Over Profit

Earlier this week I was approached by a client with whom we had completed a full overhaul of their Risk Assessment documentation, which occurred about 3-4 months ago. The project was completed with excellent results, and from all accounts, an ideal outcome. Mainly, the client was satisfied with the deliverable, felt more confident in the status of their overall compliance program, and was a delight to work with.

When they reached out this week, they were inquiring about Outlier completing their upcoming 2 year Compliance Effectiveness Review (CER). This was a clear indication of their satisfaction, which was a good feeling. However, we had to keep in mind that we (Outlier) revised their Risk Assessment documentation not too long ago. After some internal discussion, we felt it was not the right move for us to take on their CER, as we would be reviewing a portion of our own work. Not only would this be less value to the client, but should their financial service provider or FINTRAC determine that their reviewer was also the drafter of a portion of the compliance documentation, that would be a bad look. FINTRAC guidance states “Also, as a best practice, to ensure that your review is impartial, it should not be conducted by someone who is directly involved in your compliance program activities.”

Informing the client about our perceived conflict, and that it would not be the right move given the situation, felt less than optimal. No one wants to turn business away. However, the response was received with grace and understanding. This isn’t a shock as this individual is, in my opinion, an underrated pillar of the AML community, and generally, a person with a high degree of integrity.

Ok, So What?

This post is not intended to be a self-congratulatory post, but rather a message to highlight an important point for reporting entities. We have sat through examinations with clients where FINTRAC has identified the lack of separation between the drafter of the documentation and reviewer of the documentation. This situation left the reporting entity in a position they could not defend, resulting in, what I deem, an entirely unnecessary position. Had the reviewer acted with integrity, by informing the reporting entity about the potential risk and downfalls, the FINTRAC examination would have resulted in a more favorable outcome, including one less deficiency.

From my experience, the separation between the drafter and reviewer should go beyond merely assigning different people, or different departments, within the same organization because the baseline knowledge is consistent across the business. You want completely fresh eyes on your compliance program and its effectiveness.

The intent of this post is to serve as an FYI to reporting entities that relying on one firm to handle all aspects of compliance support is not an ideal scenario and can lead to problems down the line. There is no shortage of fantastic compliance consulting firms in Canada, each with deep expertise when it comes to Canadian regulatory requirements and FINTRAC expectations. If you would like some suggestions on additional firms that can offer compliance support, please feel free to reach out to us, and we can make warm introductions to other trusted firms.

Finally, this also raises concerns regarding independence of the CER process when the same company is engaged for multiple reviews in succession. We have strongly suggested to a few longstanding clients that they source a different reviewer for a “fresh set of eyes,” after completing multiple CERs for them previously. We have also received feedback from clients that during FINTRAC exams, FINTRAC examiners are suggesting the same thing. While its nice to have a good relationship with your compliance support providers, there comes a point where a changeup is not only suggested, it is necessary. It’s better to make the choice yourself, rather than have FINTRAC make it for you.

Independent Support

If you are in need of a completely independent reviewer, a suggestion for a couple of different options, or just have general questions, please feel free to contact us. We are here to help, and truly believe that rising tides lift all boats.

Preparing For An iGaming AML Compliance Effectiveness Review

Written with Heidi Unrau

 

iGaming Ontario is celebrating two years in the province. But before your online gaming (iGaming) business can launch, you must register with the Alcohol and Gaming Commission of Ontario (AGCO). This government body regulates gaming activities in Ontario to ensure the industry operates above board and does not become a breeding ground for illicit activity. iGaming refers to casino-like games that are played over the internet such as Blackjack, Roulette, Poker, and Slot Machines.

As part of the registration process, you must establish an anti-money laundering (AML) program that complies with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and passes a gap analysis, also known as an effectiveness test. If your AGCO registration is successful, your compliance responsibilities don’t stop there.

You must then sign a non-disclosure agreement (NDA) and enter into an operating agreement with Internet Gaming Ontario (iGO). This watchdog organization oversees registered iGaming operators to make sure they consistently fulfill all regulatory obligations, including AML compliance. Here’s what to know about the role of AML in the iGaming registration process and how to set yourself up for long-term success.

Know Your AML Obligations For Registration

Anti-money laundering regulations are designed to prevent money laundering, terrorist financing, and other illegal activity, hence the name. If you plan to operate an iGaming business in Ontario, the AGCO requires you to comply with the Registrar’s Standards for Internet Gaming. These standards include specific AML responsibilities to minimize illegal activity. They typically include, at a high level, but are not limited to:

  • Having documented policies & procedures
  • Designating a Compliance Officer
  • Establishing a training program for all relevant employees
  • Conducting audits & reviews
  • Identifying & verifying customers
  • Risk ranking customers
  • Monitoring transactions
  • Transaction reporting
  • Record keeping

Your AML program must pass a gap review, which is essentially an effectiveness test. This test is a mandatory part of your AGCO registration process to demonstrate that your AML compliance program meets regulatory standards and can function effectively once your platform is live.

Your iGO Operating Agreement

After successfully registering with AGCO, the next step is to execute an operating agreement with its subsidiary, iGO. This organization is responsible for overseeing and managing how private iGaming operators conduct themselves within the province of Ontario.

The iGO registration process requires you to provide a package of documents, templates, and confirmations related to your anti-money laundering and anti-terrorist financing responsibilities. You’ll be teaming up with iGO’s AML department for this part and the entire process takes approximately two weeks.

Your iGO registration is very similar to the AML component of your AGCO registration. iGO requires you to document your AML policies and procedures as part of the registration process. This documentation should outline measures for preventing and detecting money laundering and terrorist financing activities on your iGaming platform.

You will also need to demonstrate compliance with Canadian AML regulations established by regulatory authorities and iGO as the conduct managing entity.

iGO & Compliance Effectiveness Reviews

Once your iGaming platform is live, you are required to submit to an AML effectiveness review by an independent third party every two years as part of your iGO compliance obligations. The purpose of a regular recurring review is to assess how well your AML program is working, identify weaknesses, and determine whether your business meets requirements. It is also a test to see if your business is doing what it says it’s doing.

A good effectiveness review should mimic a full-scope FINTRAC examination. As Canada’s financial intelligence unit, FINTRAC has the right to audit regulated entities at any time. In this case, iGO would be the direct subject of the examination and they would contact individual operators for specific documentation if necessary.

An effectiveness review not only ensures you remain compliant in your day-to-day operations, it also ensures you’re prepared in the event iGO is examined by FINTRAC.

Scope of the Review

Ongoing effectiveness reviews can include, but are not limited to:

  • Interview staff handling transactions to assess their understanding of policies, procedures, and reporting requirements.
  • Review a sample of records to check compliance with client identification policies.
  • Examine agreements with agents/vendors and review sample information they use for client identification.
  • Check if suspicious transactions were reported to FINTRAC within the required timeframe.
  • Verify application of risk assessment in client records.
  • Assess adequacy and consistency of ongoing monitoring in client records.
  • Confirm implementation of enhanced measures for high-risk clients.
  • Ensure adherence to proper record-keeping procedures.
  • Review and update risk assessment to align with current operations.
  • Update policies and procedures to comply with legislative requirements and reflect current business practices.

After a Review

Once an effectiveness review is complete, the results must be presented to senior management for sign-off. It should include a summary of the findings, a remediation plan, and the status of required changes.

Choosing an AML Program Reviewer

The right AML program reviewer is foundational to the integrity and effectiveness of your compliance program. They should have a deep understanding of the Canadian anti-money laundering and anti-terrorist financing requirements as well as the specific risks unique to the iGaming industry.

Your chosen reviewer needs to provide a comprehensive and objective assessment of the effectiveness of your AML program, with a final report that identifies deficiencies and includes an action plan for improvement. Therefore, you want a reviewer with relevant experience conducting AML reviews for similar businesses.

Need a Hand?

If you would like to engage Outlier to conduct your AML Compliance Effectiveness Review, have questions about your obligation, or need help creating, reviewing, or updating your AML program, reach out to us today.

First AML Compliance Effectiveness Review Timing

As a company that gets to work with a lot of startups, and existing companies entering the Canadian market, we get to help folks understand the regulatory landscape in Canada. One of the required elements of a Canadian compliance program is an AML Compliance Effectiveness Review. These reviews must be completed every two years at a minimum. You can think of it like an audit, but for compliance.

The purpose of an effectiveness review is to determine whether your AML compliance program has gaps or weaknesses that may prevent your business from effectively preventing, detecting and deterring money laundering and terrorist financing. Recently, we have seen an increased focus on Effectiveness Reviews during FINTRAC examinations. Specifically, on whether the review really tested the effectiveness of the compliance program as a whole (not just what you say you’re doing, but also what you’re actually doing). This has led to FINTRAC examiners requesting the working papers for completed effectiveness reviews where the report did not clearly describe how the effectiveness was tested and assessed. This is the main reason Outlier has started providing our working papers with the final report. This also provides a pretty good reference point for making sure you are meeting your regulatory expectations.

First Time for Everything

In previous engagements, Outlier has operated on the theory that the clock for when your first review was due stemmed from the MSB’s FINTRAC registration date. However, we were incorrect. It wasn’t until a recent conversation where the registration date preceded any customer transactions by six months, that really spurred on an official clarification from the regulator. The trigger for the 2-year clock to start ticking is not registration but “a registered MSB is required to create a compliance program once it engages in one or more of the MSB-related activities.” This means that the clock starts ticking after the MSB has conducted their first transaction.

Here is a PDF version of the policy interpretation we received from FINTRAC that you can keep for your records.

Potential Corrections

If we have completed a review for you in the past that has a commencement date prior to your first customer transaction, please feel free to reach out so we can amend your report to the proper date.

Upcoming Effectiveness Reviews

While this article talks about your first review, you must also be sure to initiate all subsequent reviews within 2 years of the start date of your previous review. Please note that this is based on the previous commencement date, not the date of completion or issuance of the final report.

Need a Hand?

If you are looking for an idea of pricing for an upcoming review or have questions about a review that is currently underway, please feel free to contact us.

Return to Blog Listing