REGULATORY IMPACT ANALYSIS STATEMENT
(This statement is not part of the Regulations.)
Issues: In 2015–16, the Financial Action Task Force (FATF) evaluated Canada’s Anti-Money Laundering and Anti-Terrorist Financing (AML/ATF) Regime for compliance with its standards, and identified a number of deficiencies that Canada needs to address. In addition, in 2014 and 2017, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the Act) was amended through the Economic Action Plan 2014 Act, No. 1 and the Budget Implementation Act, 2017, No. 1 to strengthen the AML/ATF Regime. Regulatory changes1 are needed to operationalize some of the legislative changes, strengthen Canada’s AML/ATF Regime, and ensure its measures are aligned with the FATF standards.
Description: The proposed amendments to the regulations would strengthen Canada’s AML/ATF Regime by updating customer due diligence requirements and beneficial ownership reporting requirements; regulating businesses dealing in virtual currency; updating the schedules to the regulations; including foreign money service businesses (MSB) in Canada’s AML/ATF Regime; clarifying a number of existing requirements; and making minor technical amendments.
Cost-benefit statement: The proposed amendments would result in an estimated $1,867,698 (present value [PV]) in benefits and $61,132,622 (PV) in costs, for a net cost of $59,264,925 (PV) over a 10-year period in 2012 dollars. There are substantial qualitative benefits associated with the amendments that cannot be monetized. The proposed amendments would strengthen Canada’s AML/ATF Regime and improve compliance with the FATF international standards. Meeting these standards improves the integrity of the global AML/ATF framework. Furthermore, the amendments positively impact Canada’s international reputation, and would lead to regulatory efficiencies with other countries’ anti-money laundering and anti-terrorist financing regimes, making it easier for Canadian businesses to operate internationally.
“One-for-One” Rule and small business lens: The proposed amendments would result in a total annualized administrative cost increase on businesses, estimated at $463,098. The annualized administrative cost increase per affected business is estimated at approximately $20. However, the proposal is exempt from the requirement to offset under the
“One-for-One” Rule, as it implements non-discretionary obligations. The proposed amendments would have nationwide impacts of $1 million or more, and impact small businesses; therefore, the small business lens applies.
Domestic and international coordination and cooperation: The proposed amendments would enhance the quality and scope of Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)’s disclosures of financial intelligence to law enforcement and other disclosure recipients, which would better assist them in their investigations.
Canada’s AML/ATF Regime is largely consistent with international standards set by the FATF. Although the standards set by the FATF are not legally binding, as a member, Canada is obligated to implement them and to submit to a peer evaluation of their effective implementation. Canada’s last mutual evaluation took place in 2015–16. The FATF’s report outlined a number of deficiencies, which the proposed amendments help to address.
Canada’s AML/ATF Regime
The core elements of Canada’s AML/ATF Regime are set out in the Act. The Act applies to designated financial and non-financial entities (known as
“reporting entities”2) that provide access to the financial system and may therefore be susceptible to abuse by criminals seeking to integrate the proceeds of their crimes into the legitimate economy.
The Act sets out obligations that broadly fall into the following four categories: record keeping; verification of the identity of designated persons and entities (e.g. clients with whom the reporting entities conduct business); reporting of suspicious and other prescribed financial transactions (e.g. large cash transactions); and the establishment and implementation of an internal compliance program. The Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (the Regulations) set out how reporting entities are to fulfill these obligations.
Canada is a founding member of the FATF, an intergovernmental body that sets standards and promotes effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist activity financing and other related threats to the integrity of the international financial system. Although the standards set by the FATF are not legally binding, as a member, Canada is obligated to implement them and to submit to a peer evaluation of their effective implementation.
Not meeting this commitment could lead to a number of sanctions, from enhanced scrutiny measures to public listing and, in the extreme, suspension of membership from the FATF. Furthermore, non-compliance could cause serious reputational harm to Canada’s financial sector and subject Canadian financial institutions to increased regulatory burden when dealing with foreign counterparts or when doing business overseas.
In 2012, FATF took steps to enhance its standards. Canada’s last mutual evaluation took place in 2015–16. Although Canada’s AML/ATF Regime is largely consistent with FATF’s standards, the evaluation report outlined a number of deficiencies that Canada needs to address. One of the deficiencies raised by FATF evaluators was compliance with
“customer due diligence” requirements (e.g. no requirement to check the source of wealth, or to identify the beneficiary of a life insurance payout).
Customer due diligence measures require that a reporting entity verify the identity of their client, understand the nature of the business relationship, and conduct ongoing monitoring. Strong due diligence measures allow for more effective ongoing monitoring of clients, and help reporting entities to be satisfied that the transactions and/or activities are in line with what they know about their clients. Reporting entities who know their clients and their activities are better able to assess the money laundering and terrorist activity financing risk level of those clients, and to identify and report any suspicious transactions conducted by those clients.
Other deficiencies identified by the FATF include not having a requirement to assess new technologies before their launch, no coverage of open loop prepaid cards, of foreign MSBs, or of businesses dealing in virtual currency.
The outcome of this evaluation was that Canada became subject to what is referred to as the
“enhanced follow-up process.” This FATF process exists for countries with significant deficiencies in their AML/ATF regimes. Currently, Canada is required to report annually on its progress toward addressing the deficiencies identified in the 2015–16 mutual evaluation. A number of these deficiencies stem from Canada’s AML/ATF Regime not reflecting the ongoing modernization of the financial sector.
Modernization of the financial sector
Financial technology, or
“FinTech,” refers to companies using technology to make financial services more effective and efficient. The various business models used to support or deliver new payment method services (e.g. prepaid cards, Internet and mobile payment services) have the advantage of helping people withdraw and convert funds more quickly than through traditional channels, including conducting international transactions in real time. While providing benefits to consumers, the new business models can complicate monitoring as well as make it difficult for authorities to follow the money trail. Also, transactions conducted through the Internet allow a certain degree of anonymity that can potentially be exploited by money launderers or terrorist activity financiers.
The Act and the associated regulations were originally intended for traditionally offered financial services, and
“bricks and mortar”institutions. With the financial industry increasingly moving to the digital world, it is necessary to update the legal framework to ensure no loopholes emerge (e.g. prepaid cards, virtual currency, foreign MSBs) that could be exploited by criminals without stifling innovation in the financial sector.
Open-loop prepaid cards (i.e. cards that run on a payment card network and are not restricted for use only at a particular merchant or a group of merchants, such as a shopping centre gift card) provide access to funds that are paid in advance by the cardholder or a third party. These cards are not necessarily connected to a bank account, and the verification of cardholder identity varies from one financial institution to another. The wide variety of funding options also means that the origins of funds are difficult to trace and it is difficult to ascertain whether or not the money is from a legitimate source (e.g. some cards can be anonymously loaded with cash at a third party reseller location, such as a Canada Post office).
The evolving financial services landscape is further influenced by virtual currencies, especially decentralized digital payment systems, like Bitcoin, that operate outside the traditional financial system. A virtual currency is a medium of exchange that allows for value to be held and exchanged in an electronic, non-physical manner, is not a fiat currency (i.e. the official currency of a country), has the intended purpose of being exchanged for real and virtual goods and services, and allows peer-to-peer transfers.
Virtual currencies can be
“centralized,” in that they are issued and controlled by a single company or entity, or
“decentralized,” in that there is no central authority that creates or manages it (e.g. Bitcoin). Rather, these tasks are managed collectively by the network of some virtual currency users.
In addition, virtual currencies can be
“non-convertible,” depending on whether they can be exchanged for funds. Convertible virtual currencies are vulnerable to abuse for money laundering and terrorist activity financing purposes because they allow greater levels of anonymity, or in some cases complete anonymity, when compared to traditional non-cash payment methods. Virtual currencies can be accessed globally via online or mobile systems. They allow for the rapid transfer of funds within or across borders, oftentimes without any intermediary, are generally characterized by non-face-to-face customer relationships, and can circumvent the physical
“brick and mortar” financial system entirely. Due to these characteristics, virtual currencies are increasingly being used to facilitate fraud and cybercrime, and to purchase illicit goods and services on the dark Web.
The Internet and new payment methods provide an opportunity for foreign entities without a place of business in Canada to offer MSB services in Canada. These businesses are at risk of being exploited by money launderers and/or terrorist financiers, but the current AML/ATF framework was not envisioned to capture transactions conducted using non-traditional, Internet-based methods. This represents a gap in Canada’s legal framework and an uneven playing field for Canadian domestic competitors, who are required to abide by the Act.
First established in 2000–01, Canada’s AML/ATF Regime must regularly adapt and evolve to changes in its operating environment (e.g. to account for technological advancements like virtual currency or in response to ongoing modernization of the financial sector).
The Act was amended through the Economic Action Plan 2014 Act, No. 1 and the Budget Implementation Act, 2017, No. 1, to strengthen the AML/ATF Regime and align it with international standards. In 2015–16, the FATF evaluated Canada’s AML/ATF Regime, and identified a number of deficiencies.
Regulatory changes are needed to operationalize some of the legislative changes, close loopholes in Canada’s AML/ATF Regime, and address a number of the deficiencies outlined by the FATF.
The proposed amendments would
- strengthen Canada’s ability to combat money laundering and terrorist activity financing activities;
- operationalize changes to the Act and close gaps in Canada’s AML/ATF Regime;
- help improve reporting entities’ compliance with regulatory requirements;
- help improve the monitoring and enforcement efforts of the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC);
- improve Canada’s compliance with international standards; and
- adopt minor technical changes.
The proposed amendments make the following changes.
The proposed regulatory amendments would update the requirements for reporting entities to perform customer due diligence and help bring them in line with FATF recommendations.
- Currently, reporting entities may conduct their own customer due diligence or rely on information collected by an agent, an affiliate or a subsidiary. This provision would be expanded to allow a reporting entity to rely on customer identification that has already been performed by other entities.
To rely on information from a third party, a reporting entity would have to be able to request and obtain information on the method of identity verification immediately or within three days of a request being made.
A reporting entity would also be able to rely on identity verification information from a foreign affiliate. To do so, the reporting entity would be required to assess the level of risk associated with the country where the third party operates (e.g. is it a member of the FATF, or does the country have a similar AML/ATF regime in place). These measures would increase flexibility for reporting entities when carrying out customer identity verification and decrease duplication of efforts.
- The life insurance sector has entered into a new line of business: the issuance of loans (e.g. mortgages, loans against the amount of an insurance policy). Currently, this sector is not subject to the same record-keeping, reporting, and customer due diligence requirements with respect to this line of business as other financial entities (e.g. the requirement to keep client information records or records related to customer due diligence). The proposed amendments would now require the life insurance sector to follow these requirements, and ensure that the life insurance sector is treated the same as other reporting entities under Canada’s AML/ATF Regime.
- Currently, if a reporting entity conducts business with a corporation it must request proof of the corporation’s existence (e.g. it would need to verify the company’s certificate of corporate status), as part of the customer due diligence requirements. However, the Regulations do not currently set any parameters on the date of issuance for the documents used to demonstrate the corporation’s existence.
The proposed amendments would require that documents used to establish proof of corporate existence of a client be no more than one year old for the certificate of corporate status and
“most recent” for other permissible documents (e.g. annual audited financial statements). This change would help ensure that corporations exist at the time they open an account or conduct a financial transaction.
- Anonymity of ownership and control can facilitate money laundering and terrorist activity financing, as well as complicate the seizure of the proceeds of crime during investigations. Beneficial owners are the natural persons who directly or indirectly own or control 25% or more of a company. However, the legal owners of a company or trust may not be the actual persons who own or control the company or trust (i.e. it might be necessary to search through several layers of information to uncover the ultimate owners).
The collection and verification of beneficial ownership information by reporting entities is an important step in mitigating the risk of money laundering and terrorist activity financing and ultimately in protecting the integrity of Canada’s financial system. Currently, when a company wants to open an account, the Regulations require reporting entities to obtain its beneficial ownership information; to take reasonable measures to confirm the accuracy of this information; and to keep the information up to date on an ongoing basis. However, the Regulations do not explicitly state that reporting entities must take steps to confirm the accuracy of new information as it comes in or as it is updated over time. The Regulations would be amended to make this requirement explicit.
- The amendments are needed to exempt reporting entities from the requirement to conduct customer due diligence for certain low-risk customers (e.g. large companies that are listed on the Toronto Stock Exchange). For example, the reporting entity would not have to confirm that the company exists, as long as they are satisfied that the corporation exists (i.e. it is common knowledge) and the reporting entity is confident that every person who deals with them on behalf of the corporation is actually authorized to do so. However, all other requirements would apply, including record keeping, ongoing monitoring and reporting.
- In June 2016, the Regulations were amended to require reporting entities to keep a record of any
“reasonable measures” they have taken in cases where they were unsuccessful in meeting certain obligations. The Act and the Regulations explicitly state when reasonable measures must be taken to meet an obligation. For example, when a reporting entity asks a client if they are conducting a large cash transaction on behalf of a third party and they refuse to answer, the reporting entity must record that the client was asked, the date the question was asked and that the client refused to answer. These actions represent the
“reasonable measures taken.”
Following the coming into force of these new reporting requirements in June 2017, it was determined (through stakeholder feedback) that this measure is too onerous, and imposes a significant administrative burden on reporting entities. This amendment would repeal the requirement to keep a record of the unsuccessful reasonable measures taken.
- The Regulations currently require that documents used to verify customer identity be
“original, valid and current” and must not include a scanned or photocopied document. The prohibition on the use of scanned/photocopied documents would be repealed, and the requirement for an original document would be amended to require instead an
“authentic, valid and current” document.
- Life insurance companies can act as a facilitator between two other life insurance companies (or more). These entities are referred to as managing general agents (MGAs), where they act as facilitators between brokers and insurers, typically offering underwriting services and subcontracting to regional insurance brokers. MGAs do not act on their own accord. Currently, when a life insurance company is acting on behalf of another life insurance company, it is captured as a reporting entity that is subject to the requirements of the Act and its Regulations. The Regulations would be amended to clarify that when a life insurance company is acting in this capacity, it is not a reporting entity.
The proposed amendments would help address and close the gaps that exist in Canada’s AML/ATF Regime, including regulating new business models and technologies, and address new emerging risks.
- Persons and entities that are
“dealing in virtual currency” would be financial entities or other entities deemed domestic or foreign MSBs, as the case may be. These
“dealing in” activities include virtual currency exchange services and value transfer services. As required of all MSBs, persons and entities dealing in virtual currencies would need to implement a full compliance program and register with FINTRAC. In addition, all reporting entities that receive $10,000 or more in virtual currency (e.g. deposits, any form of payment) would have record-keeping and reporting obligations.
These amendments serve to mitigate the money laundering and terrorist activity financing vulnerabilities of virtual currency in a way that is consistent with the existing legal framework, while not unduly hindering innovation. For this reason, the amendments are targeted at persons or entities engaged in the business of dealing in virtual currencies, and not virtual currencies themselves.
- Prepaid access products (e.g. prepaid credit cards) would be treated as bank accounts for the purposes of the regulations. Therefore, reporting entities issuing prepaid access products would be subject to the same customer due diligence requirements as those imposed on these reporting entities who offer bank accounts (e.g. verifying the identity of their clients, keeping records, and reporting suspicious transactions related to a prepaid payment product account). The amendment would not apply to issuers of products restricted to use at a particular merchant or group of merchants, such as a shopping-centre gift card.
- Domestic MSBs (i.e. a business in Canada that offers the following services to the public: foreign exchange dealing, money transferring and/or cashing or selling money orders, traveller’s cheques or anything similar) are captured as reporting entities by the Act and its regulations. However, similar foreign businesses that offer money services directly to people located in Canada are not currently subject to obligations under the Act or regulations. The Regulations would be amended to capture foreign businesses that provide services to people located in Canada but that do not have a place of business in Canada, such as those offering such services through the Internet.
This change would ensure that domestic and foreign MSBs are required to fulfill the same obligations (e.g. register with FINTRAC, exercise customer due diligence, make a report, and keep records) for the same activities.
Furthermore, an amendment would be made to ensure that if a foreign MSB is found to be non-compliant with the requirements of the Act and its regulations; is issued an administrative monetary penalty (AMP); and does not pay the penalty associated with that AMP, then its registration can be revoked, thus making it ineligible to do business in Canada. Financial entities would be prohibited from opening or maintaining an account for, or having a correspondent banking relationship with, an unregistered foreign MSB.
As part of their compliance program, reporting entities are required to conduct a risk assessment of their vulnerability to money laundering and terrorist financing activities. The criteria (e.g. an entity’s business relationships, products, delivery channels or geographic locations) that must be considered in this risk assessment are listed in the Regulations. This list would be amended to make it clear that the assessment of products and their delivery channels must be included in an assessment of the risks associated with the use of new technologies prior to their launch.
- Currently, low-risk activities for dealers in precious metals and stones, such as manufacturing jewellery, are exempt from reporting obligations. This exemption would be expanded to capture other types of manufacturing processes that may also involve the use or consumption of precious metals and stones (e.g. diamonds used to manufacture drill bits), consistent with the original policy intent.
- Accountants are captured by the Act’s record-keeping and identity verification requirements when they undertake certain activities on behalf of their clients. The types of activities (e.g. receiving or paying funds; purchasing or selling securities, real properties or business assets) that trigger these requirements are listed in the Regulations. The Regulations would be amended to clarify that accountants who only act as a trustee in bankruptcy services or as an insolvency practitioner would not be subject to the requirements of the Act.
- The Regulations require that reporting entities treat multiple transactions performed by an individual within a 24-hour period as a single transaction for reporting purposes when they total $10,000 or more. However, the existing regulatory provision specifies that only transactions that are less than $10,000 be included in this aggregation. This has resulted in complex transaction monitoring to exclude transactions of $10,000 or more.
The proposed amendments clarify that multiple transactions performed by an individual within a 24-hour period are considered a single transaction for reporting purposes when they total $10,000 or more, and that only one report should be submitted to capture all transactions within a 24-hour period that collectively meet or surpass this threshold. The new formula would simplify the way reporting entities submit reports under the 24-hour rule.
The proposed amendments would also ensure that the 24-hour rule also applies to beneficiaries of multiple cash transactions (i.e. where deposits or transfers of money are received by the same person and the aggregate amount over a 24-hour period is $10,000 or more). In addition, these amendments would clarify that any cash transactions that a reporting entity receives in the aggregate amount of $10,000 or more, regardless of its corporate structure, must be reported.
- An amendment would require reporting entities to take reasonable measures to determine the sources of a politically exposed person’s wealth.3 The amount of a client’s accumulated funds or wealth should appear to be reasonable and consistent with the information provided, and doubts about the origin of such funds or wealth would have to be satisfied before a reporting entity proceeds with the relationship or permits transactions to occur.
- Currently, when a reporting entity has reasonable grounds to suspect that a financial transaction is related to the commission or attempted commission of a money laundering or terrorist activity financing offence, it has 30 days to file a suspicious transaction report with FINTRAC.
“Reasonable grounds to suspect” are determined by what is reasonable in that particular reporting entity’s circumstances, including normal business practices and systems within their industry.
The Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations would be modified to clarify the policy intent for this requirement and align it with international standards. After taking certain measures (such as conducting an assessment of the transaction) to be able to establish that there are reasonable grounds to suspect that the transaction is related to the commission or attempted commission of a money laundering or terrorist activity financing offence, the reporting entity would now have to file a suspicious transaction report to FINTRAC within three days. In practice, this means that the report would be filed three days after completion of the analysis that establishes reasonable grounds for suspicion. This is already the current standard practice for many reporting entities; however, it must be clarified in the regulatory text for legal certainty and to clarify the expectation that suspicious transaction reports must be submitted promptly.
- Currently, the Regulations only require that the reporting entities send a wire transfer to document information about the transaction. As proposed, reporting entities that are intermediaries in a transaction or that send or receive a wire transfer would be required to identify, keep records of, and include information about the transaction. This change would help ensure this information remains with the wire transfer throughout the payment chain, and ensure that reporting entities have all of the relevant transaction information to detect and report suspicious transactions.
The proposed amendments would improve compliance, monitoring and enforcement efforts.
- There are eight schedules to the Regulations that set out the types of information that reporting entities have to provide to FINTRAC. With the widespread prevalence of online financial transactions between consumers and financial intermediaries, and the emergence of new technologies that facilitate online transactions, there is a need to update these schedules to require reporting entities to submit information that reflects current practices (e.g. online identifiers and email addresses).
- MSBs must renew their registration with FINTRAC every two years, on the anniversary of the original registration, and provide supporting documentation to support the renewal. The Proceeds of Crime (Money Laundering) and Terrorist Financing Registration Regulations would be amended to provide flexibility for when the registration renewal is to take place during the two years and reduce the type of information that needs to be submitted (e.g. fax number).
Finally, the following technical amendments would also be adopted:
- repealing and replacing obsolete references in the regulatory text;
- improving the organization of the text, making it easier for regulatees to find and understand the requirements that apply to them;
- updating the schedules to the Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations to reflect new and updated obligations (e.g. to include businesses dealing in virtual currency); and
- updating the reference to the
“Canadian Institute of Chartered Accountants” in the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations and the Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations to
“Chartered Professional Accountants of Canada,” in light of the recent process of unification of the accounting profession.
The whole thing is a great read – includes impact analysis, and options considered, as well as the full text.