The development, implementation and maintenance of an ongoing compliance training program is required if you have employees, agents or other individuals authorized to act on your behalf. Individuals who deal with clients and/or transactions must be trained in relation to their function/duties within your business.
Your training program must be in writing, must be reviewed and kept up to date. If you are a sole proprietor with no employees, agents or other individuals authorized to act on your behalf, you are not required to have a training program in place for yourself. However, you must still be able to demonstrate that you have all the other required elements of a compliance program.
All those authorized to act on your behalf need to be trained in relation to their specific duties/function that they are performing, so they understand:
- your obligations, as a reporting entity under the PCMLTFA and associated Regulations;
- how your business or profession could be vulnerable to ML/TF activities;
- the business’s policies and procedures stemming from your obligations under the PCMLTFA and associated Regulations; and
- their roles in detecting and deterring ML/TF activities – these can range from day to day tasks to high-risk situations.
Who do I need to provide training to?
Your training program should be delivered and tailored to people who:
- have contact with clients such as front line staff or agents;
- are involved in client transaction activities;
- handle cash or funds in any way; and
- are responsible for implementing or overseeing the compliance program (such as senior management, information technology staff or internal auditors).
What do I need to provide training on?
At a minimum, FINTRAC expects that your training program will include:
- ML/TF concepts, and some background information on ML/TF in relation to your business, e.g. definitions of ML/TF, why criminals choose to launder money and how the process for ML/TF usually works.
- Your compliance policies and procedures for preventing and detecting ML/TF, including your reporting, client identification, know-your-client, and record keeping obligations.
- The responsibilities of your employees, agents or anyone else acting on your behalf when dealing with suspicious activities or transactions.
Your training materials should include examples of how your particular type of business could be used to launder illicit funds or fund terrorist activity. This should help with the identification of suspicious transactions and may provide you some assurance that your services are not being abused for ML/TF purposes.
Does my training have to be delivered in writing?
While your training program has to be documented, the method used to deliver your training does not have to be in writing. For example, you could deliver your training program using a software, information sessions, face-to-face meetings, attending conferences, etc. However, it is a requirement that you document the following elements in writing:
- who needs to be trained;
- what type of training is required and the topics covered;
- how training is provided;
- how often training is needed (timing and frequency, e.g. before handling transactions and yearly thereafter); and
- documentation showing that the training has taken place.
During an examination, FINTRAC may review the documentation you have in relation to your training program and may conduct interviews to assess the effectiveness of your training program, i.e. your staff’s understanding of your policies and procedures, their knowledge of ML/TF activities in relation to your business, etc.
What training method should I use?
The method of training you choose (such as formal, on-the-job, external, etc.) will depend on the complexity and size of your business, but it is ultimately up to you to determine the method that is most suitable. For example, a business with hundreds of branches and thousands of employees will have different training needs than a business that has one location and two employees.