This guidance provides information about certain amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (the Regulations) which were made in June 2016. Please note that guidance relating to client identification and Politically Exposed Persons (PEP) and Heads of International Organizations (HIO) is already published on FINTRAC's guidance webpage and are therefore not covered in this document. Some of the regulatory changes came into force in June 2016, while others will come into force in June 2017.
The changes relate to the following:
The changes were made to clarify the type of client information that reporting entities must obtain and keep as part of the client due diligence process, to strengthen Canada's Anti-money Laundering and Anti-Terrorist Financing Regime, to strengthen information sharing and to address technical issues.
A signature can now include a handwritten signature or an electronic signature which is numeric, character-based, or even biometric, so long as it is unique to the client and a record of it can be kept. The definition of signature was amended in the Regulations to include an electronic signature as long as it is unique to an individual or entity. Prior to this amendment, a signature was limited to the handwritten form.
This change provides increased flexibility in non-face-to-face situations, such as online account openings.
An electronic signature can be a personal identification number (PIN), since it is unique to the individual client and used to authorize transactions and provide account access. Another example is a password for an online bank account.
The electronic signature must be unique to the person or entity, so merely clicking on something like a “click to accept” button would not meet the requirement of “uniqueness” for an electronic signature.
The definition of signature card was amended to include electronic data that constitutes the signature of a person. This change would be relevant for financial entities, securities dealers and casinos at account opening when they create a signature card.
The definition has changed as a result of the modification of the definition of signature, which now includes electronic signatures. The changes to the definition provide increased flexibility in non-face-to-face situations, such as online account openings.
An electronic signature card can be an electronic record of your client's PIN. As another example, an electronic record of your client's password to their online banking account is an electronic signature. The data for the PIN and password could be encrypted. FINTRAC would expect you to provide a record that demonstrates you have met the requirements of a signature card even if it is on a computer system (versus a physical copy). The electronic signature on a computer system does not need to be available in unencrypted format.
The definition of securities dealer was changed to align with the definition in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the Act).
The definition of securities dealer in the Regulations was updated to align with the recently amended definition of securities dealer in the Act. The definition was amended to clarify that any broker employed by a securities dealer is not considered a reporting entity.
If you are a broker-dealer employed by and authorized to sell securities on behalf of a securities dealer firm such as XYZ Wealth Management, it is your employer, XYZ Wealth Management, that is considered to be the securities dealer according to the Regulations. Therefore, XYZ Wealth Management is the reporting entity in this example.
The definition of casino in the Regulations has been amended to clarify who is the reporting entity under the Act when it relates to casino or lottery schemes for which they are legally responsible. A lottery scheme is a term used in Canada's Criminal Code which can generally be defined as anything related to casino games or betting.
The Regulations refer to the term ‘conduct and manage' to identify the entity legally responsible for the gaming activities at a casino. The revised definition is now in line with the Criminal Code terminology that sets out who can oversee, carry out or license out the gaming activities. The entities that conduct and manage, as authorized by the Criminal Code, must do so in line with the provincial legislation on gaming.
In Canada, the provincial and territorial governments delegate legal responsibility to entities that can conduct and manage the gaming activities at a casino. The reporting entity subject to the Act, is the entity that is authorized by the province to conduct and manage a casino.
In some cases, the entity that conducts and manages a casino is not necessarily the same person or entity that operates the casino activities on a day-to-day basis.
A provincial entity that conducts and manages a casino, such as a lottery corporation, has obligations under the Act when the casino is:
It should be noted that if a provincial lottery corporation has been delegated the conduct and manage authority by the province, and that it then further delegates its reporting obligations to another entity, the lottery corporation remains the reporting entity responsible for ensuring compliance with the Act.
The definition of casino was updated in both the Act and the Regulations to align with the conduct and manage provisions outlined in the Criminal Code. It was also amended to clarify that online casinos are subject to the Act.
Under the changes relating to casinos, the language of the obligation was changed so that you now must ascertain the identity of every person for whom a signature card is created in respect of an account that your casino opens.
The timing of when the obligation must be fulfilled was also changed. Now you must identify every person for whom a signature card is created before any funds are disbursed from the account. For example, a client has to be identified before an online casino can disburse funds to that client.
Previously there were two definitions of affiliate. The Regulations have been revised to include just one definition, as follows: an entity is affiliated with another entity if one wholly owns the other, if both are wholly owned by the same entity, or if their financial statements are consolidated.
The reporting entities required to consider their affiliates are those referred to in paragraphs 5(a) to (g) of the Act, which include banks, credit unions, caisses populaires, financial services cooperatives, credit union centrals, trust and/or loan companies, life insurance companies regulated by provincial legislation, or a life company or foreign life company to which the Insurance Companies Act applies, and securities dealers.
The following are examples of affiliated entities:
Financial entities must keep a record of every client credit file they create in the course of normal business.
The definition of client credit file has been repealed from the Interpretation section of the Regulations. Record keeping obligations now specifically set out what information must be collected when entering into a credit arrangement with a client.
You are required to keep the following information with respect to a credit arrangement that you have entered into with a client:
Please note that it continues to be a good practice to also keep a record of the name of the business or place of work.
As part of your compliance program, you have to assess and document your exposure to the risk of money laundering offences or terrorist activity financing offences. You will also have to consider money laundering or terrorist financing risks that may arise because of new products and new business practices, including new delivery channels, and the use of new or developing technologies for both new and existing products.
The requirement was added to ensure that reporting entities are aware of the money laundering and terrorist financing vulnerabilities posed by implementing new technologies, in order for them to mitigate the risk. This regulatory requirement was added to strengthen Canada's Anti-Money Laundering and Anti-Terrorist Financing Regime and bring it in line with international standards.
As part of the compliance program, financial entities, life insurance companies and securities dealers will have to consider any risk resulting from the activities of:
The implementation of new technology and the activities of affiliates should be included as part of the overall risk-based approach.
The term “reasonable measures” refers to activities you are expected to undertake in order to meet certain obligations. The Regulations explicitly state when you must take reasonable measures to meet an obligation. For example, every person or entity that is required to keep a large cash transaction record must take reasonable measures to determine whether or not an individual is acting on behalf of a third party when conducting a large cash transaction, and then keep a record of that information. If, even after taking reasonable measures, certain information cannot be determined, gathered or confirmed; you have met the obligation.
It should be noted that reasonable measures must not be confused with, and do not apply to data elements that are mandatory, that is, where information must be obtained before the transaction or activity can be completed. For example, if you are unable to obtain the name of the conductor in a large cash transaction, then that transaction cannot be completed.
The Regulations have been changed to require that a record be kept when reasonable measures were taken, but were unsuccessful. A reasonable measure is unsuccessful when you do not obtain a response, such as a yes or no and you are unable to make a conclusive determination. When reasonable measures are unsuccessful, you must record the following information:
You must outline the reasonable measures that you take in your compliance policies and procedures.
Examples of documenting reasonable measures when they are unsuccessful:
You are required to assess any potential threats and vulnerabilities to money laundering and terrorist financing to which your business is exposed. You should consider a client's refusal to provide, or your inability to obtain certain information as part of your overall assessment of client risk. Even if you have met your obligation to obtain information based on reasonable measures, the refusal or unwillingness to provide information may form part of your reasonable grounds to suspect that a transaction is related to a money laundering or terrorist financing offence and therefore, a Suspicious Transaction Report (STR) may be required to be submitted to FINTRAC.
Retention: You must keep records of your unsuccessful reasonable measures for at least five years following the date they were created.