FINTRAC Policy Interpretations

Compliance Regime

Written training manual requirements

Question:

What are FINTRAC’s expectations for the format of a written training manual and more specifically, would a power point presentation containing all required elements be sufficient? Or does a standalone manual need to be developed and maintained by a money services business (MSB)?

Answer:

Paragraph 71(1)(d) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) outlines that should a reporting entity have employees, agents, or other persons authorized to act on their behalf, they are required to develop and maintain a written ongoing compliance training program for those employees, agents, or persons.

Further guidance for MSBs on the FINTRAC website states that the written training manual has to include (at a minimum):

  • How reporting, client ID and record keeping obligations are explained.
  • What the penalties are if those obligations are not met.
  • What is money laundering and what is terrorist financing. To get detailed information, see FINTRAC Guideline 1: Backgrounder.
  • How your policies and procedures for preventing and detecting money laundering and terrorist financing will be explained.
  • How the responsibilities of your employees, agents or anyone else dealing with suspicious transactions will be explained.

You should also put in place written standards for the frequency and method of training, such as formal, on-the-job or external. While your training program itself has to be in writing, the way the training is delivered does not have to be in writing. For example, you could deliver your training program using computer based software, information sessions, face-to-face meetings, etc. The method of training will depend on the complexity and size of your business.

Therefore, so long as the training program is in writing and contains all of the required elements, it does not matter what format it takes.

Date answered: 2016-08-02

PI Number: PI-6885

Activity Sector(s): Money services businesses

Obligation(s): Compliance Regime

Guidance: 1, 4

Regulations: 71(1)d)

Form for customers to use as compliance tool?

Question:

Is there a form available for my customers to complete or must we develop our own practices in order to ensure compliance in the fight against anti-money laundering and anti-terrorist financing activity?

Answer:

FINTRAC does not have a form for your customers to complete. However, if your business falls within one of the reporting entity sectors, then as per the PCMLTFA and its associated Regulations, you are required to have a compliance regime in place that would include an assessment and documentation of the risks of money laundering and terrorist financing that pertain to your specific activities, as well as measures to mitigate these risks.

Date answered: 2016-07-19

PI Number: PI-6877

Activity Sector(s): Accountants, British Columbia notaries, Casinos, Dealers in precious metals and stones, Financial entities, Life insurance, Money services businesses, Real estate, Securities dealers

Obligation(s): Compliance Regime

Guidance: 4

Obligations for real estate if they do not accept/receive funds

Question:

What are the FINTRAC compliance and reporting requirements, if any, for real estate brokerages and real estate agents if they do not accept, receive, or retain any funds or money of any kind from their clients?

Answer:

Pursuant to section 37 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), every real estate broker or sales representative is subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) when they act as an agent in respect of the purchase or sale of real estate.

As a reporting entity subject to the PCMLTFA and its associated Regulations, a real estate broker or sales representative is required to have a compliance regime, ascertain identification, keep records, and report to FINTRAC. Information on all of these obligations is available in the guidelines FINTRAC has issued. In particular, I would direct you to the compliance regime requirements as these are not further detailed below.

It should first be noted that I have refrained from outlining the receipt of funds and large cash transaction obligations, based on the information you provided, namely that the real estate broker or sales representative does not accept funds/money. You may wish, though, to review these requirements, outlined in section 39 of the PCMLTFR. I also encourage you to review all of the Regulations and the guidance available, as I have only summarized these briefly below.

Every real estate broker or sales representative, while engaging in an activity described in section 37 of the PCMLTFR, must keep a client information record in respect of every purchase or sale of real estate (paragraph 39(1)(b) of the PCMLTFR). The client information record sets out a client’s name and address and
(a) if the client is a person, their date of birth and the nature of their principal business or their occupation, as applicable; and
(b) if the client is an entity, the nature of their principal business.

Furthermore, pursuant to subsection 10(1) of the PCMLTFR, where a real estate broker or sales representative is required to keep a client information record, they must make a third party determination, and as required by subsection 59.2(1) of the PCMLTFR, they must:
(a) in accordance with subsection 64(1), ascertain the identity of every person who conducts the transaction;
(b) in accordance with section 65, confirm the existence of and ascertain the name and address of every corporation on whose behalf the transaction is conducted and the names of its directors; and
(c) in accordance with section 66, confirm the existence of every entity, other than a corporation, on whose behalf the transaction is conducted.

There also exist requirements for real estate brokers or sales representatives when one or more of the parties to the real estate transaction are not represented. These are outlined in subsections 59.2(3) and (4) of the PCMLTFR.

You have indicated that a real estate broker or sales representative may not receive any funds/money, so the large cash transaction and receipt of funds obligations may not be triggered, but this does not negate the possibility of a suspicious transaction report, as this may be triggered by aspects of the real estate transaction unrelated to the receipt of money/funds involved. Suspicious transaction obligations are further outlined in subsection 53.1(1) of the PCMLTFR and Guidelines 2 and 3 on our website.

Date answered: 2016-02-18

PI Number: PI-6393

Activity Sector(s): Real estate

Obligation(s): Compliance Regime

Guidance: 2, 3, 4

Regulations: 10(1), 37, 39, 53.1(1)

Act: Part 1

DPMS compliance regime

Question:

What are the compliance regime requirements specific to dealers in precious metals and stones (DPMS)? More specifically, is a DPMS required to include, in its compliance regime, policies and procedures for identification methods it will not be carrying out?

Answer:

Once a DPMS conducts the triggering activity of $10,000 or more in a single transaction, and is subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated Regulations, the DPMS has the obligations outlined therein. Generally speaking, where a reporting entity does not conduct a particular type of transaction, we would not expect the reporting entity to include, in its compliance program, policies and procedures associated with that transaction. We would, however expect a reporting entity to include language to substantiate the lack of policies and procedures for a particular obligation. For example, an online entity that never accepts cash could include a line to that effect (e.g., we do not conduct cash transactions.). This ensures that all employees of the reporting entity are aware of the policies and practices of the entity, and also serves to explain why there are no procedures in place for cash transactions.

That said, pursuant to subsection 53.1(1) of the Proceeds and Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), except if the identity has been previously ascertained as required by the PCMLTFR, every person or entity that is subject to the PCMLTFR shall take reasonable measures to ascertain, in accordance with subsection 64(1), the identity of every person with whom the person or entity conducts or attempts to conduct a transaction that is required to be reported to the Centre under section 7 of the PCMLTFA. There is, however, an exception to this, outlined in subsection 53.1(2) of the PCMLTFR, that stipulates that subsection 53.1(1) of the PCMLTFR does not apply if the person or entity believes that complying with that subsection would inform the person that the transaction and the related information is being reported under section 7 of the Act. The requirement is, first and foremost, to take reasonable measures to ascertain the identity of a person or entity party to a suspicious transaction. As such, the reporting entity is required to have in place policies and procedures specific to these reasonable measures. Should an entity determine, on a case-by-case basis, that to comply with subsection 53.1(1) of the PCMLTFR, by implementing said reasonable measures, would inform the person that the transaction and the related information is being reported under section 7 of the Act, then the reporting entity is not required to carry out the reasonable measures, for the case in question.

Date answered: 2015-12-10

PI Number: PI-4438

Activity Sector(s): Dealers in precious metals and stones

Obligation(s): Compliance Regime

Guidance: 4.5

Regulations: 39.1, 53.1

Act: Part 1, 7

Risk matrix

Question:

Concerning the record-keeping requirements for life insurance companies, brokers and financial entities, could you provide us with information on the requirement to include the creation of a risk matrix where clients are rated based on various factors?

Answer:

It is first important to note that only reporting entities, as outlined in section 5 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), are subject to the requirements of the PCMLTFA and its associated Regulations. Reporting entities include accountants, British Columbia notaries, casinos, dealers in precious metals and stones, financial entities, money services businesses, real estate brokers and sales representatives, securities dealers, and finally life insurance companies, brokers and agents.

That said, in 2008, the Government of Canada introduced amendments to the PCMLTFA and its Regulations to enhance the Canadian anti-money laundering and anti-terrorism financing (AML/ATF) regime. As part of these amendments, the Risk-Based Approach (RBA), which requires reporting entities to conduct assessments of their exposure to money laundering and terrorism financing risk using a number of prescribed criteria, was introduced.

As a result, FINTRAC has published Guidance on the Risk-Based Approach to Combatting Money laundering and Terrorist Financing. This guidance document is structured to help reporting entities better understand what the RBA is and take inventory of their risks relating to products, services and delivery channels, clients and business relationships, geography and other relevant factors. It will also help in implementing effective mitigation measures and in monitoring the money laundering and terrorist financing risks reporting entities may have or encounter as part of their activities and business relationships. To help reporting entities assess business and relationship-based risks, FINTRAC provides an example of a likelihood and impact matrix tool in Annex C of the Guidance document.

Date answered: 2015-12-07

PI Number: PI-6384

Activity Sector(s): Life insurance

Obligation(s): Compliance Regime

Guidance: 4.6

Act: 5

9.7(3) - Subsidiary of the subsidiary

Question:

Our question is regarding subsection 9.7(3) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).

FINTRAC has previously indicated that subsection 9.7(1) does not apply to subsidiaries of subsidiaries. However, would FINTRAC still expect that the parent would be covering the subsidiary of the subsidiary? In other words, would the subsidiary of the subsidiary still be covered by the policies of the parent of its parent?

For example, Parent A has foreign subsidiary B. Foreign subsidiary B has subsidiary C.

Answer:

Subsection 9.7(3) of the PCMLTFA provides exemptions for
(a) an entity that is a subsidiary of an entity to which subsection 9.7(1) applies; or
(b) an entity that is a subsidiary of a foreign entity that has developed policies that establish requirements for its subsidiaries that are similar to the requirements of sections 6, 6.1 and 9.6, if that subsidiary is applying those policies to the extent it is permitted by, and do not conflict with, the laws of Canada or a province

Based on your example, the exemption applies to foreign subsidiary B which does not have to develop policies for its subsidiary C. It is also clear that Parent A will have to develop policies to foreign subsidiary C, but only if foreign subsidiary C carries out activities similar to those of entities referred to in paragraphs 5(a) to (g), and that is either wholly-owned by Parent A or has financial statements that are consolidated with Parent A.

Specifically, in respect to paragraph 9.7(3)(b) of the PCMLTFA,

  1. Foreign Parent B has a Canadian subsidiary D, and the Canadian subsidiary D has a foreign subsidiary E. In the case where foreign subsidiary E is also owned by foreign Parent B, the exemption applies to Canadian subsidiary D which does not have to develop policies for its foreign subsidiary E. Foreign Parent B will develop policies to foreign subsidiary E. In the case where foreign subsidiary E is only owned by Canadian subsidiary D, the exemption under 9.7(3)(b) of the PCMLTFA will not apply and Canadian subsidiary D will be required to develop policies for its foreign subsidiary E.
  2. Although Canadian subsidiary D is a reporting entity subject to the PCMLTFA and its associated Regulations, its policies developed by foreign Parent B can be acceptable if they are tailored to its Canadian reality. That means that FINTRAC would find Canadian subsidiary D’s policies compliant if they are not in conflict with the PCMLTFA and its associated Regulations, even if they were developed by foreign Parent B.

Date answered: 2015-11-19

PI Number: PI-6373

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4.5

Act: 9.7(3)

Type of document acceptable for signature card

Question:

Could you confirm whether a copy of the identification document presented by a client, that bears the client’s signature (e.g. Driver’s licence, passport), is acceptable for use as the client’s signature card?

Answer:

Pursuant to subparagraph 23(1)(a)(i) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), every securities dealers must keep, in respect of every account it opens, “a signature card, an account operating agreement or an account application” that bears the signature of the person who is authorized to give instructions in respect of the account. Subsection 1(2) of the PCMLTFR states the ““signature card”, in respect of an account, means any record that is signed by a person who is authorized to give instructions in respect of the account”.

We have said in the past that the record signed by a person authorized to give instructions in respect of an account must be created by the reporting entity. It cannot be a pre-existing item brought to the reporting entity. As such, retaining a copy of the record used for identification purposes and treating this as the signature card is not acceptable.

Date answered: 2015-10-16

PI Number: PI-6366

Activity Sector(s): Securities dealers

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 1(2), 23(1)(a)(i)

Compliance program for a group plan

Question:

Should the sponsors of group insurance plans set up a compliance program? For example, does an insurer that offers a bundle including life insurance, prescription drug insurance and dental insurance have to set up a compliance program even though life insurance only costs a fraction of the total package?

Answer:

The legislative obligations described in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act are applicable to life insurance companies, brokers and agents.

Subsection 1(2) of the Regulations defines life insurance broker or agent as “a person or entity that is registered or licensed under provincial legislation to carry on the business of arranging contracts of life insurance."

This subsection also defines life insurance companies: “means a life company or foreign life company to which the Insurance Companies Act applies or a life insurance company regulated by a provincial act.“

This means that if life insurance brokers or agents are registered or licensed under provincial legislation to arrange life insurance contracts, they are subject to the PCMLTFA. If life insurance companies are subject to the Insurance Companies Act, they are subject to the PCMLTFA.

If one of the above definitions applies to a person or an entity, that person or entity is subject to the PCMLTFA and has the following obligations, regardless of the type of products offered. It must report significant cash transactions involving the receipt of $10,000 or more in cash and must keep large cash transactions records. it must report transactions performed or attempted regarding which there are reasonable grounds to suspect that they are related to an actual or attempted money laundering or terrorist financing offence. It must also do record-keeping, ascertain clients' identity, establish whether the person with whom one is dealing is a politically exposed foreign person, establish whether the person who submits the amount is acting on behalf of a third party and, finally, it must have a compliance program.

General exceptions are applicable to ascertaining identity, e.g. the purchase of an insurance policy that is exempt, namely a policy issued for purposes of coverage rather than investment in accordance with subsection 306(1) of the Income Tax Regulations; upon the purchase of a group life insurance policy having no surrender value or savings component; upon the purchase of an immediate or deferred annuity which is fully paid by means of the funds transferred directly from a registered pension plan or from the proceeds of a group life insurance policy or the purchase of a registered annuity contract or a registered retirement income fund; upon the purchase of a registered plan, including a locked-in retirement account, an RRSP, a retirement savings account, and any other registered plan; upon opening an account whose holder or settlor is a pension fund governed by a federal or a provincial law; or any transaction engaged in by a manager of a reverse income mortgage or a structured settlement.

Date answered: 2015-10-05

PI Number: PI-6363

Activity Sector(s): Life insurance

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 1(2)

Sole proprietorship is considered to be a person

Question:

Could you specify whether a sole proprietorship is considered an entity for the purposes of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated Regulations?

Answer:

The PCMLTFA defines the term entity as “a body corporate, a trust, a partnership, a fund or an unincorporated association or organization.” Therefore, a sole proprietorship is not an entity. Instead, because a sole proprietorship is a business that is owned and operated by an individual, it is considered to be a person as defined by section 2 of the PCMLTFA.

Consequently, paragraph 11.1(1)(c) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) is not applicable as beneficial ownership information is not required, the record-keeping obligations for financial entities at paragraph 14(c)(ii) are not applicable but paragraph 14(c)(i) must be applied, and subject to section 62 and 63, financial entities must ascertain the identity of a sole proprietor as per paragraph 54(1)(a). Paragraph 54(1)(e) is not applicable in this situation.

Date answered: 2015-09-08

PI Number: PI-6357

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 11.1(1)c), 14(c)(i), 54(1)(a)

Act: 2

Two Year Review

Question:

If a bank has an internal and/or external auditor, does the 2 year review have to be carried out by the external auditor only?

Answer:

The 2 year review may be conducted by either the internal or external auditor. One does not have precedence over the other.

Date answered: 2015-07-24

PI Number: PI-6333

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Obligations for new and old housing

Question:

Your website states "new" housing. What is in place to ensure real estate agents local or overseas, are reporting large cash purchases? Why does this not apply to all housing. What controls are in place to crosscheck this? If not old housing, is there anything in place on this going forward and examining past practices?

Does FINTRAC monitor ALL real estate deals, be it OLD or NEW? Or just new? If foreign agents are involved in the sale, what measures does FINTRAC undertake to ensure the validity of the transaction? Is this left to the agent to report? What expertise does the agent possess with money laundering transactions? Are they sufficiently trained to report such transactions to FINTRAC? Will FINTRAC look at reporting by agents in regards to foreign ownership more closely for ALL real estate transactions?

Answer:

On its website, FINTRAC provides a plain language interpretation of the obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated Regulations for each of the sectors identified under Part 1. In addition to the specific sector information, FINTRAC has written guidelines that outline in detail the requirements for each report, the record keeping and client identification requirements for each sector, and information on creating and maintaining a compliance regime.

Regarding the real estate sector, subsection 1(2) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) defines a real estate broker or real estate sales representative as “a person or entity that is registered or licensed under provincial legislation in respect of the sale or purchase of real estate.” Section 37 of the PCMLTFR further indicates that every real estate broker or sales representative is subject to Part 1 of the PCMLFTA when they act as an agent in respect of the purchase or sale of real estate.

Also included in the real estate sector, a real estate developer is defined as “on any given day in a calendar year, a person or entity who, in that calendar year and before that day or in any previous calendar year after 2007, has sold to the public, other than in the capacity of a real estate broker or sales representative,
(a) five or more new houses or condominium units;
(b) one or more new commercial or industrial buildings; or
(c) one or more new multi-unit residential buildings each of which contains five or more residential units, or two or more new multi-unit residential buildings that together contain five or more residential units.”

According to subsection 39.5(1) of the PCMLTFR, “Every real estate developer is subject to reporting obligations under Part 1 of the PCMLTFA when
(a) in the case of a person or of an entity other than a corporation, they sell to the public a new house, a new condominium unit, a new commercial or industrial building or a new multi-unit residential building; and
(b) in the case of an entity that is a corporation, they sell to the public a new house, a new condominium unit, a new commercial or industrial building or a new multi-unit residential building on their own behalf or on behalf of a subsidiary or affiliate.”

Therefore, in response to your query, the references to “new” housing, made in the sector profile page for the real estate sector, that you have identified, relate to real estate developers who sell new houses, new condominium units, new commercial or industrial buildings, and new multi-unit residential buildings. Real estate brokers and sales representatives, who act as an agent in the purchase or sale of existing real estate, are identified in the first paragraph of the sector profile page you referenced and are also obligated to report to FINTRAC in certain situations, such as when they receive cash in amounts of $10,000 or more.

In response to your second question, the definitions indicate that only real estate brokers and sales representatives, registered or licensed under provincial legislation, are required to report to FINTRAC, when they act as an agent in respect of the purchase or sale of real estate. As such, foreign real estate agents are only subject to the Act and Regulations if they are also registered or licensed under provincial legislation within Canada and only when they act as agents in the purchase or sale of real estate within Canada.

Regarding your question about whether real estate agents and developers are sufficiently trained to report to FINTRAC, subsection 71(1) of the PCMLTFR requires that reporting entities implement a compliance regime which must include, amongst other things, written compliance policies and procedures that are kept up to date, as well as a written ongoing compliance training program for all employees. The compliance regime is put in place to ensure reporting entities are aware of the record keeping, client identification, and reporting requirements under the Act and Regulations. As a result, it is up to the real estate broker, sales representative, and developer to ensure they are equipped to identify and accurately report information to FINTRAC when cash is received in an amount of $10,000 or more, when there are financial transactions that they have reasonable grounds to suspect are related to the commission of a money laundering offence or terrorist financing offence, including transactions that they have reasonable grounds to suspect are related to the attempted commission of a money laundering or terrorist financing offence, and when the transaction involves property that is owned or controlled by or on behalf of a terrorist or terrorist group.

Date answered: 2015-06-19

PI Number: PI-6317

Activity Sector(s): Real estate

Obligation(s): Reporting, Compliance Regime

Guidance: 4

Regulations: 1(2), 37, 39.5(1)

Act: Part 1

Merger of business lines

Question:

Four separate legal entities are merging into one with four distinct business lines. Two of these entities are already reporting entities with FINTRAC under the MSB and Life Insurance sectors. Does the newly created single entity (with four distinct business lines) now have to implement a compliance regime and submit reports for all four business lines, or only those subject to Part 1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)?

Answer:

Once an entity is engaged in MSB activities, all of its activities become subject to the suspicious transaction obligations of the PCMLTFA and its associated Regulations. However, in addition, paragraph 5(c) of the PCMLTFA indicates that Part 1 applies to “life companies or foreign life companies to which the Insurance Companies Act applies or life insurance companies regulated by a provincial Act.” Life insurance companies are covered under the PCMLTFA simply by virtue of being regulated by the Insurance Companies Act or a provincial Act. There are no other specific triggering activities that apply, as is the case with certain other sectors covered under the PCMLTFA.

So, in addition to the suspicious transaction reporting requirement resulting from its MSB business line, the single entity is also subject to the reporting and record keeping obligations of the life insurance sector for all of its business lines. This means the single entity has large cash transaction reporting and record keeping obligations, they must report any suspicious transactions, and terrorist property reports. They also have record keeping obligations related to ascertaining identity, politically exposed foreign person (PEFP) determination, and third party determination. As a result of these obligations, the single entity will have to establish and maintain a compliance regime that accounts for all four of its business lines.

Date answered: 2015-03-30

PI Number: PI-6297

Activity Sector(s): Life insurance, Money services businesses

Obligation(s): Compliance Regime

Guidance: 4

Act: Part 1

Deposit Brokers or Mandatories of Financial Institutions

Question:

We are enquiring as to whether deposit brokers, operating on behalf of financial institutions, require a Chief Anti-Money Laundering Officer (CAMLO) or whether they fall under the compliance regime of the financial institutions, as they are the reporting entities?

Answer:

Only persons or entities outlined in section 5 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) are subject to Part 1 of the PCMLTFA. Registered Deposit Brokers are not reporting entities and are therefore not subject to Part 1 of the PCMLTFA. However, where they may act as the agent of a reporting entity, it is the reporting entity, as the one subject to the PCMLTFA, that is responsible for the appropriate application of the PCMLTFA and its associated Regulations.

In that respect, deposit brokers who operate as agents of financial institutions, would not be required to appoint their own CAMLO (compliance officer). As per paragraph 71(1)(a) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), the financial institutions, as the principal, are responsible for implementing a compliance regime and appointing a compliance officer who would be responsible for the policies and procedures as outlined in paragraph 71(1)(b) of the PCMLTFR. The deposit brokers would then be subject to the compliance regime established by the financial institutions.

Date answered: 2014-10-10

PI Number: PI-6249

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(a), (b)

Act: Part 1, 5

Obligations of the real estate sector for the establishment of a compliance regime

Question:

1 - Are real estate agencies responsible for having their own compliance regime?
2 - Are real estate brokers who are not employees in the legal or fiscal sense, but who are brokers with an agency, required to have their own compliance regime?

Answer:

1 - Are real estate agencies responsible for having their own compliance regime?
Yes.
Pursuant to section 37 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (the Regulations), “Every real estate broker or sales representative is subject to Part 1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the Act) when they act as an agent in respect of the purchase or sale of real estate.” Subsection 1(2) of the Regulations defines a real estate broker or sales representative as “a person or entity that is registered or licensed under provincial legislation in respect of the sale or purchase of real estate.”
Consequently, the agency (which meets the definition under subsection 1(2) is subject to Part 1 of the Act; therefore, under paragraph 9.6(1) of the Act, which stipulates that “Every person or entity referred to in section 5 shall establish and implement, in accordance with the regulations, a program intended to ensure their compliance with this Part and Part 1.1,” the agency must establish its own compliance regime.

2 - Are real estate brokers who are not employees in the legal or fiscal sense, but who are brokers with an agency, required to have their own compliance regime?
This depends on the agreements between the agencies and the brokers.
With respect to terminology, a distinction must be made between an employee and a self employed person under the regulations. Therefore, “If it is determined, based on the relationship between the broker and his/her firm, that the broker is self-employed, and given that a self-employed worker is not considered to be an employee (in accordance with the generally accepted criteria, for example, the parties’ intentions, performance of work, compensation, reporting relationship), the self-employed person would in fact be required to establish his/her own compliance regime.”
Here are some example situations to clarify this:
a) The broker is employed by a real estate agency.
• For this to be the case, the broker must clearly be employed by the agency, and that is a question of fact. It depends on the intentions of the broker and the agency, including, for example, whether the broker’s salary is paid by the agency and whether the agency establishes the broker’s working conditions.
• In this case, the agency must implement a compliance regime. Because the broker must follow the agency’s policies and procedures, he/she is not required to implement his/her own compliance regime; rather, he/she adheres to the employer’s compliance regime (which is the purpose of subsection 6(1) of the Regulations).

b) The broker is a self-employed person who works exclusively for the agency pursuant to an agreement to that effect (contract).
• Once again, this is a question of fact and depends on the intentions of the broker and the agency. It applies, for example, if a written agreement exists according to which the broker acts solely on behalf of the agency, even though he/she is not an employee of the agency.
• In this case, the agency must implement a compliance regime. Because the broker must follow the policies and procedures of the agency in accordance with the written agreement, he/she is not required to implement his/her own compliance regime; rather, he/she adheres to the employer’s compliance regime (which is the purpose of subsection 6(2) of the Regulations).

c) The broker is a self-employed person who is employed by the agency, but also works for him/herself, or the broker does not have an employment relationship or written agreement with any agency.
• When a broker performs any tasks that are not under an agency’s control (for example, when acting as a broker for the sale of a property that he/she listed him/herself or when involved in the sale or purchase of property by an individual), the broker must establish his/her own compliance regime because he/she then becomes a reporting entity.

Date answered: 2014-10-03

PI Number: PI-6248

Activity Sector(s): Real estate

Obligation(s): Compliance Regime

Guidance: 4(2.5)

Regulations: 1(2), 37

Act: Part 1

Compliance regime for DPMS sales agents that receive a commission

Question:

In the DPMS sector there are sales agents or agencies that are not employees of companies but are self employed. They work on commission from the orders they write for those supplier companies. They are not responsible for the invoice or collection of payment from the retailers they sell to. They submit orders to and receive a commission from the supplier of the products they sell. Do they need a compliance regime?

Answer:

As per subsection 1(2) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), a DPMS is defined as “a person or entity that, in the course of its business activities, buys or sells precious metals, precious stones or jewellery. It includes a department or agent of Her Majesty in right of Canada or of a province when the department or agent is carrying out the activity, referred to in section 39.1, of selling precious metals to the public. ”

Section 39.1 of the PCMLTFR indicates that once a DPMS engages in the purchase or sale of precious metals, precious stones or jewellery, in an amount of $10,000 or more in a single transaction, it is subject to Part 1 of the PCMLTFA.

Based on the information you provided, it would appear that the sales agents or agencies are not subject to PCMLTFA and do not require a compliance regime, as they are not directly engaged in the buying or selling of precious metals, precious stones or jewellery. Instead, this responsibility would fall upon the DPMS supplier companies who supply the commission to the sales agents or agencies.

Should the sales agents or agencies ever become directly involved in the sales of these products, for example, if they receive payment from the retailer on behalf of the supplier company, or if they provide the product directly to the retailer, then they would be subject to the PCMLTFA and the obligations outlined therein, which include establishing a compliance regime.

As a side note, if the DPMS supplier companies rely on the sales agents or agencies to meet their client identification obligations, as per section 64.1 (1) of the PCMLTFR, then the DPMS supplier companies are also responsible for ensuring that written agreements or arrangements are in place with the sales agents or agencies.

Date answered: 2014-09-30

PI Number: PI-6243

Activity Sector(s): Dealers in precious metals and stones

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 1(2), 39.1, 64.1 (1)

Obligations to include an overall risk rating into the risk assessment

Question:

Can we receive a policy position on the inclusion of an ‘Over-all Risk Ranking’ as a requirement of a complete risk assessment?

Answer:

The subsection 9.6 (2) and (3) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) use the word “risk” in the singular form. FINTRAC’s guidelines use the word in the same manner. However, as per subsection 33(2) of the Interpretation Act, “Words in the singular include the plural, and words in the plural include the singular.” So the use of the singular form is not an indication of a requirement for an “overall risk rating”. In addition, the French version of the Act (la Loi sur le recyclage des produits de la criminalité et le financement des activités terroristes) is more precise in its utilization of the word « risques » and does so in a consistent fashion, using the plural form. FINTRAC’s guidelines also use the word “risques” in the plural form. With those two considerations, we can conclude that the language of the Act and the guidelines should not be read to specifically require entities to assess an “overall” specific risk.

On the matter of risk assessments in general, subsection 71(1) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) requires reporting entities to implement the compliance program referred to in subsection 9.6(1) of the Act by, among other things, “assessing and documenting, in a manner that is appropriate for the person or entity, the risk referred to in subsection 9.6(2) of the Act, taking into consideration
? (i) the clients and business relationships of the person or entity,
? (ii) the products and delivery channels of the person or entity,
? (iii) the geographic location of the activities of the person or entity, and
? (iv) any other relevant factor.”

These elements can be taken into account in many ways; ultimately, the decision in determining the level of risk for each one will be up to the reporting entity and should be based on a number of considerations. The ultimate goal of the risk assessment exercise is to determine areas that have higher risk of ML/TF and apply mitigating measures to them. As such, a “total aggregated risk” is not required by FINTRAC as it would not identify the areas that are actually at risk. Where a “total aggregated risk” will apply is for clients and business relationships because the overall client- or relationship-based risk assessment ultimately relates clients with products, services, delivery channels, and/or geographical risks.

Date answered: 2014-08-19

PI Number: PI-6218

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)

Act: 9.6, 33(2)

Frequency and scope of scanning against OSFI list

Question:

Questions on the scanning of account holders to the OSFI list of Terrorist.

Is the scan of names required only for the account holders?
• For a personal account, those individuals named on the account?
• For a business account on the name of the business? on the beneficial owners 25% or more? Owners of any %? Or signing officer on the account?
Is there any stipulated requirement as to how often a terrorist scan of designated persons must be conducted?

Answer:

Pursuant to subsection 7.1(1) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), every person or entity referred to in section 5 that is required to make a disclosure under section 83.1 of the Criminal Code or under section 8 of the Regulations Implementing the United Nations Resolutions on the Suppression of Terrorism (RIUNRST) shall also make a report on it to the Centre, in the prescribed form and manner.

With regard to the question on the scanning of account holders to the OSFI list of Terrorist, I will start by referring you to the language of subsection 83.1(1) of the Criminal Code:
Every person in Canada and every Canadian outside Canada shall disclose without delay to the Commissioner of the Royal Canadian Mounted Police or to the Director of the Canadian Security Intelligence Service
? (a) the existence of property in their possession or control that they know is owned or controlled by or on behalf of a terrorist group; and
? (b) information about a transaction or proposed transaction in respect of property referred to in paragraph (a).

and of subsection 8 (1) of the RIUNRST:
Every person in Canada and every Canadian outside Canada shall disclose forthwith to the Commissioner of the Royal Canadian Mounted Police and to the Director of the Canadian Security Intelligence Service
? (a) the existence of property in their possession or control that they have reason to believe is owned or controlled by or on behalf of a listed person; and
? (b) information about a transaction or proposed transaction in respect of property referred to in paragraph (a).

The requirement is that the property in the reporting entity’s possession be “owned or controlled by or on behalf of” either
• a “terrorist group”, where subsection 83.01 of the CC defines a terrorist group as
? (a) an entity that has as one of its purposes or activities facilitating or carrying out any terrorist activity, or
? (b) a listed entity, and includes an association of such entities. (and “entity” means a person, group, trust, partnership or fund or an unincorporated association or organization.)
• Or a “listed person” which under RIUNRST means a person whose name is listed in the schedule in accordance with section 2, with the exception of the following:
? (a) the entities referred to in the Regulations Establishing a List of Entities; and
? (b) Usama bin Laden or his associates, or any person associated with the Taliban within the meaning of section 1 of the United Nations Al-Qaida and Taliban Regulations.

It should also be noted “property” does not stop at “account” but includes any type of real or personal property in your possession or control. This includes any deed or instrument giving title or right to property, or giving right to recover or receive money or goods, including funds, financial assets or economic resources. For example, cash, bank accounts, insurance policies, money orders, real estate, securities, and traveler’s cheques, precious metals and stones among other types of assets, are considered property.

From this, we understand that the requirements, for both business and personal accounts, extend beyond the account holder to include those who may control the account, and that scanning of OSFI or others lists in respect of accounts may not be sufficient as property does not stop at account.

With regard to the question about “how often a terrorist scan of designated persons must be conducted”, as soon as a reporting entity meets the requirements under section 7.1 (1) of the PCMLTFA - i.e. the person or entity is required to make a disclosure under section 83.1 of the Criminal Code or under section 8 of the RIUNRST, then they must also make a report to FINTRAC. Reporting entities are expected to make such reports once it is known that they are in possession of property owned or controlled by or on behalf of a terrorist group or a listed person, so while the PCMLTFA does not require reporting entities to perform specific scanning against lists nor does it prescribe any frequency to do so, the PCMLTFA does require Terrorist Property Reports to be sent to the Centre when they are required under the Criminal Code or the RIUNRST. In order to adequately produce those reports, then it would be expected that the reporting entities’ P&Ps would be in line with the legislative requirements of those Acts and regulations in order to also be compliant with the PCMLTFA.

Date answered: 2014-08-14

PI Number: PI-6216

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Act: 5, 7.1(1)

Review of the compliance regime

Question:

Can you please confirm that the compliance regime needs to be reviewed every two years, starting from the senior management's sign-off date for the review?

Answer:

Paragraph 71(1)(e) of the Proceeds of Crime Money Laundering) and Terrorist Financing Regulations (PCMLTFR) states that a person or entity shall implement the compliance program by “instituting and documenting a review of the policies and procedures, the risk assessment and the training program for the purpose of testing their effectiveness, which review is required to be carried out every two years by an internal or external auditor of the person or entity, or by the person or entity if they do not have such an auditor”. To add to this, subsection 37(1) of the Interpretation Act defines the expression “year” by “any period of twelve consecutive months”.

Based on the above, FINTRAC has taken the position that a review must be started no later than 24 months from the start of the previous one and completed prior to the start of the next review.

Date answered: 2014-07-29

PI Number: PI-6205

Activity Sector(s): Money services businesses

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)e)

Act: 37(1)

Interpretation of subsection 71.1(a) of the Regulations

Question:

I am wondering why the following interpretation [1] limits its application to "taking reasonable measures to keep information on the client up to date (which obviously does not mean the information related to ID cards, but the information about the person)"?

Answer:

Section 71.1 of the Regulations has been amended and came into force on February 1, 2014.

Thus, the Caisse populaire, in its risk assessment, identified some high-risk folios. For these folios, it implemented a series of measures which included a monthly review of transactions in the account and updating, where required, of information on its clients. To do this, it directly contacted the member to confirm that he was still living at the same address, still had the same telephone number and was still in the same job. There is no confirmation of this information on the pieces of identification. Consequently, a client who opened an account prior to the legislative requirements, even if deemed a high-risk client, would not have any information on his pieces of identity on file.

To keep the information on the identity of its clients up to date, does the Caisse have to meet the client face to face to confirm the pieces of identification on file?

Section 71.1 of the Regulations stipulates that “The prescribed special measures that are required to be taken by a person or entity referred to in subsection 9.6(1) of the Act for the purpose of subsection 9.6(3) of the Act are the development and application of written policies and procedures for

a) taking enhanced measures based on the risk assessment undertaken in accordance with subsection 9.6(2) of the Act to ascertain the identity of any person or confirm the existence of any entity in addition to the measures required in sections 54, 54.1, 55, 56, 57, 59 and 59.1, subsection 59.2(1), section 59.3, subsection 59.4(1) and sections 59.5, 60 and 61; and;

b) taking any other enhanced measure to mitigate the risks identified in accordance with subsection 9.6(3) of the Act, including,
(i) keeping client identification information and the information referred to in section 11.1 up to date, and
(ii) in addition to the measures required in sections 54.3, 56.3, 57.2, 59.01, 59.11, 59.21, 59.31, 59.41, 59.51, 60.1 and 61.1, conducting ongoing monitoring of business relationships for the purpose of detecting transactions that are required to be reported to the Centre under section 7 of the Act.

The regulations require the reporting entity to keep information on the identity of its clients up to date, not that the reporting entity identify its clients again. The reporting entity must draw up and implement policies and procedures to keep information on client identity up to date. When a reporting entity has designated a client as high risk, it must increase the frequency of its activities related to ongoing monitoring and keeping client identification information up to date, and take other, more stringent measures, if need be.

Client identification information depends on the information you have to confirm or obtain from your clients and the records you have to keep. Client identification information that is required to be updated generally includes:

• For an individual, the individual's name, address, telephone number and occupation or principal business.
• For a corporation, its name and address and the names of the corporation's directors.
• For an entity other than a corporation, its name, address and principal place of business.

Measures to keep client identification up to date include asking the client to provide information to confirm or update their identification information. In the case of an individual client, measures can also include confirming or updating the information through the options available to ascertain the identity of individuals who are not physically present. In the case of clients that are entities, measures to keep client identification up to date include consulting a paper or an electronic document to confirm information or obtaining the information verbally from the client.

The reporting entity may also decide to keep it up to date using other appropriate methods.

With regard to a client who opened an account prior to the legislative requirements, we have already indicated in previous policy interpretations and continue to uphold that there is no legislative requirement to identify the client if his or her account was opened before the Act and Regulations took effect. The reason for this is that the legislative requirements cannot be applied retroactively. However, the reporting entity must, nevertheless, keep the information it has on this client up to date.

Date answered: 2014-07-03

PI Number: PI-6172

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71.1

Risk Reassessment

Question:

Do brokers need to look at transactions beyond five years as part of their risk reassessment, as they are only required to keep records under the PCMLTF regime for five years?

Answer:

As part of the ongoing monitoring obligations, reporting entities have to monitor all of their business relationships, and they must monitor business relationships they consider high-risk more frequently. Subsection 69(1) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) states that "Subject to subsection (2), every person or entity that is required to obtain, keep or create records under these Regulations shall retain those records for a period of at least five years". Although the PCMLTFR requires only that reporting entities retain certain records for at least five years, it is possible that reporting entities decide or are required by other legislation, policies or procedures, to retain records for a longer period of time. Reporting entities may look at all transactions and activities retained in order to satisfy the ongoing monitoring obligations.

Finally, the PCMLTFA and its associated Regulations do not limit what a reporting entity could consider when assessing the risk of a client or business relationship.

Date answered: 2014-03-07

PI Number: PI-6116

Activity Sector(s): Real estate

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 69(1)

Clarification of subsections 71.1(a)and 71.1(b)of the PCMLTFR

Question:

I wonder why, in the following interpretation, its application is limited to taking reasonable measures to "keep client information up to date" (which clearly does not refer to information regarding the client's ID information, but rather information about the client).

And yet, if the legislator had wanted to restrict the updating solely to information about the individual, the wording "keep client information record," as defined in the PCMLTFR, could have been used.

However, paragraph 71.1(a)uses the wording "keep client identification information" which, in my view, refers to the client's identity in its broadest sense, namely

a) certain pieces of nominative information that must be kept (as stipulated in the clauses pertaining to record-keeping in sections 12 to 49 of the PCMLTFR); and

b) the notion of ascertaining the client's identity provided for in this section, as described in sections 53 to 67 of the PCMLTFR.

Moreover, with experience, most reporting entities adopt a special client re-identification policy (rather than simply updating their name (?), address, date of birth (?), phone number and occupation).

This broader interpretation is also in line with section 3 of the Act, since a formal re-identification is a good way of detecting and deterring money laundering.

Answer:

Section 71.1 of the PCMLTFR was amended and the new version took effect on February 1, 2014. To this end, and in order to respond to your question, we decided to go back over the facts presented in Policy Interpretation 804 and to re-interpret them in light of the new section.

In its risk assessment, the Caisse populaire identified certain at-risk accounts. It adopted a series of measures targeting these accounts, including a monthly review of account transactions and the updating, when necessary, of its clients' information. To do so, it contacts members directly in order to check whether they are still living at the same address and still have the same phone number and the same job. The information on the ID is not checked. Consequently, clients who opened their account prior to the legislative requirements, even if they are high-risk clients, have no information on file regarding their ID information.

In order to update client identity information, should the Caisse meet with clients face-to-face to confirm the ID documents on file?

Section 71.1 of the PCMLTFR stipulates as follows: "The prescribed special measures that are required to be taken by a person or entity referred to in subsection 9.6(1) of the Act for the purpose of subsection
9.6(3) of the Act are the development and application of written policies and procedures for

a) taking enhanced measures based on the risk assessment undertaken in accordance with subsection 9.6(2) of the Act to ascertain the identity of any person or confirm the existence of any entity in addition to the measures required in sections 54, 54.1, 55, 56, 57, 59 and 59.1, subsection 59.2(1), section 59.3, subsection 59.4(1) and sections 59.5, 60 and 61; and

b) taking any other enhanced measure to mitigate the risks identified in accordance with subsection 9.6(3) of the Act, including

(i) keeping client identification information and the information referred to in section 11.1 up to date; and

(ii) in addition to the measures required in sections 54.3, 56.3, 57.2, 59.01, 59.11, 59.21, 59.31, 59.41, 59.51, 60.1 and 61.1, conducting ongoing monitoring of business relationships for the purpose of detecting transactions that are required to be reported to the Centre under section 7 of the Act.

According to the PCMLTFR, the reporting entity is required to keep the identity information of its clients up to date, not re-identify the clients. The reporting entity must develop and implement policies and procedures aimed at ensuring that the identity information of its clients is kept up to date. Once a client is identified by the reporting entity as being high-risk, the frequency of ongoing control and client identity updating activities must be increased and other, more rigorous measures, must be taken, as required.

Client identification information depends on the information that the reporting entity needs to confirm or obtain from its clients and the records it is required to keep. Client identification information that needs to be updated generally includes:
• for an individual, the individual’s name, address, telephone number and occupation or principal business;
• for a corporation, its name and address and the names of the corporation’s directors; and
• for an entity other than a corporation, its name, address and principal place of business.

Measures to keep client identification up to date include asking the client to provide information to confirm or update their identification information. In the case of an individual client, measures also include confirming or updating the information through the options available to ascertain the identity of individuals who are not physically present. In the case of clients that are entities, reasonable measures to keep client identification up to date include consulting a paper or an electronic document to confirm information, or obtaining the information verbally from the client. The reporting entity may also decide to update the information in other appropriate manners.

In the case of clients who opened their accounts prior to the legislative requirements, we have already indicated in previous policy interpretations, and we continue to affirm, that there are no legislative requirements that oblige the identification of clients who opened their accounts prior to the coming into force of our Act and its associated regulations, the reason being that legislative requirements cannot be retroactively applied. However, the reporting entity must nevertheless keep the information it has on these clients up to date.

To summarize:
71.1(a) is solely for verifying the identity of an individual or the existence of an entity. Hence, when verifying a client's identity, either face-to-face or by means of a combination of identification methods if the person is not physically present, the reporting entity must take additional measures (over and above those already in place for client identification) to verify the identity and, to this end, can use the examples provided in section 6.4 of our Guideline 4.

71.1(b) is simply designed to mitigate identified client risks by keeping client identification information (name, address, phone number and occupation or primary business) up to date.

Date answered: 2014-03-07

PI Number: PI-6115

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71.1

Training Certification

Question:

We have now begun the process of incorporating a separate entity for the purposes of our planned MSB service and registering that new entity with FINTRAC. We intend to train compliance staff from within our existing personnel and then have them trained by a third-party compliance training provider. Are there any compliance training programs and/or compliance certifications that you recommend our compliance officers to obtain?

Answer:

FINTRAC cannot endorse or provide access to external resources or materials for training certification purposes.

We strongly encourage you to review the “Guidelines” section of FINTRAC’s Web. Here you will find guidance specific to the reporting, record-keeping and identification obligations of money services businesses in Canada. In addition, Guideline 4 (Implementation of a Compliance Regime) outlines various considerations with respect to ongoing compliance training.

Date answered: 2014-02-04

PI Number: PI-5691

Activity Sector(s): Money services businesses

Obligation(s): Compliance Regime

Guidance: 4

Training requirement - Sole shareholder corporation

Question:

I would like clarifications on the requirement according to which a reporting entity with employees has to develop a written ongoing compliance training program. The entity in question is a dealer in precious metals and stones that has a single employee who is also the sole shareholder of the business. The business does not currently have a compliance regime.

Answer:

Subsection 9.6(1) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the Act) made it a requirement for every person or entity referred to in section 5 to establish and implement, in accordance with the regulations, a program intended to ensure their compliance with Part 1 of the Act. Paragraph 71(1)(d) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (the Regulations) stipulates that:

• 71. (1) For the purpose of subsection 9.6(1) of the Act, a person or entity referred to in that subsection shall, as applicable, implement the compliance program referred to in that subsection by
(d) if the person or entity has employees, agents or other persons authorized to act on their behalf, developing and maintaining a written ongoing compliance training program for those employees, agents or persons;

In the above scenario, it is a matter of determining whether the sole stakeholder is an employee of the business. For example, does he or she receive a salary or another form of compensation, not including dividends paid from shares in the company. If he or she is considered as an employee, then a training program pursuant to paragraph 71(1)(d) of the Regulations must be developed and updated. However, we recommend that the training program be proportionate to the entity, i.e., if there is only one employee, there is no reason for the entity to develop an extensive training program. A simple program would suffice in this case.

Date answered: 2013-12-19

PI Number: PI-5666

Activity Sector(s): Dealers in precious metals and stones

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(d)

Act: 9.6(1)

The Caisse - SWIFT electronic fund transfer compliance regime

Question:

As concerns the relationship between the Caisse and its members with respect to electronic fund transfers, the Caisse has confirmed that the Caisses populaires do not have an account at the Caisse. They do, however, have the option of opening foreign currency accounts in the books of the Caisse. Whenever an electronic fund transfer request is sent to the Caisse, the Caisse populaire must debit the member's account and credit this amount in their liquidity fund. If the member has a foreign currency account other than CAD or USD, however, the Caisse populaire does not need to debit the member's account. Once the electronic funds transfer is processed, the Caisse debits the liquidity fund in question or the member's foreign currency account, which is on the books of the Caisse.

If the transfer request is made through businesses or individuals accounts, the member's account is debited once the transaction is confirmed/signed. At the current time, the Caisse populaire receives a credit in the CAD or USD liquidity fund, which is debited once the electronic funds transfer is processed by the Caisse. Only in the case of a business account does the financial settlement take place at the Caisse.

Who is responsible for implementing a compliance regime for SWIFT electronic funds transfers?

Answer:

As regards the implementation of a compliance regime, FINTRAC expects the documentation, such as policies and procedures, as well as the risk-based approach, etc., to reflect the reality of each reporting entity, by taking into account the products and services that it provides for its clients. In other words, the Caisse needs to have a compliance regime that reflects the obligations associated with its SWIFT electronic funds transfer activities when it sends these funds on behalf of its clients (such as the Caisses populaires). It also means that the Caisses populaires must have a compliance regime that reflects the obligations associated with their electronic funds transfer activities when they forward, to the Caisse, electronic funds transfer requests from their clients (business clients or individuals).

In terms of responsibility for reporting electronic funds transfers, subsection 12(1)(b) of the Regulations reads as follows: "Subject to section 50 and subsection 52(1), every financial entity shall report the following transactions and information to the Centre (...) the sending out of Canada, at the request of a client, of an electronic funds transfer of $10,000 or more in the course of a single transaction, together with the information referred to in Schedule 2 or 5, as the case may be."

On the other hand, subsection 12(3) of the Regulations notes that "Paragraph (1)(b) applies in respect of a financial entity that orders a person or entity, to which subsection (1), 28(1) or 40(1) applies, to send out of Canada an electronic funds transfer made at the request of a client, unless it provides that person or entity with the name and address of that client." Hence, the Caisse populaire is not obliged to report the electronic funds transfer if it provides the Caisse with the client's name and address. In such cases, the electronic funds transfer is reported as a SWIFT electronic funds transfer by the Caisse, which must complete the following fields:

Outgoing SWIFT messages report information

Part A – Transaction Information
Part B – Information on Client Ordering Payment of Electronic
Funds Transfer (in this case, an individual who is a client of the Caisse populaire)
Part C – Information on Person or Entity Sending Electronic
Funds Transfer (in this case, the Caisse)
Part D – Information on Person or Entity Ordering Electronic
Funds Transfer on Behalf of a Client (in this case, the Caisse populaire)
Parts E, F, G, H, I or J – As applicable
Part K – Information on Client to Whose Benefit Payment is
Made
Part L – As applicable

Date answered: 2013-12-02

PI Number: PI-5656

Activity Sector(s): Financial entities

Obligation(s): Reporting, Compliance Regime

Guidance: 4

Regulations: 12(1)(b), 12(3)

Caisse - Risk assessment

Question:

Who is responsible for assessing the risks associated with business relationships with clients?

Answer:

As per paragraph 71(1)(c) of the Regulations, "For the purpose of subsection 9.6(1) of the Act, a person or entity referred to in that subsection shall, as applicable, implement the compliance program
referred to in that subsection by (...) assessing and documenting, in a manner that is appropriate for the person or entity, the risk referred to in subsection 9.6(2) of the Act, taking into consideration

(i) the clients and business relationships of the person or entity;
(ii) the products and delivery channels of the person or entity;
(iii) the geographic location of the activities of the person or entity; and
(iv) any other relevant factor.

This obligation applies to both reporting entities. The Caisse must assess the risks associated with its clients and business relationships (including the Caisses populaires), and the Caisses populaires must also assess the risks associated with their clients and business relationships (including individuals and business clients).

Date answered: 2013-12-02

PI Number: PI-5652

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(c)

EFT and STR requirements

Question:

Since July 31, 2010, the Caisse populaire has positioned itself as a reporting entity. It is no longer a simple service provider.

One of the reasons for this change in status is the way SWIFTs are reported at FINTRAC. Prior to July 31, 2010, all SWIFT transfers received by FINTRAC were reported under the number of the reporting entity requesting the transfer for all 377 caisses populaires. Since July 31, 2010, all SWIFTs without exception have been entered under reporting entity number 1234.

Following one of our meetings as part of the review we are currently conducting for the entity, we confirmed that requests for SWIFT transfers can be done in three ways:

-ABC (Online for clients who have an account at a credit union. This service is offered for clients with business or personal accounts)
-In person at the credit union
-Between caisses populaires (a client can go to a caisse populaire other than the one that holds his/her portfolio)

It should be noted that in all three ways of initiating the SWIFT, the Caisse populaire never meets with clients in person.

Our questions are as follows:

1. Under these circumstances, which reporting entity is responsible for reporting suspicious transactions?

2. Under these circumstances, which reporting entity is responsible for keeping records for each electronic funds transfer, as prescribed by subsection 66.1(2), in an amount of $1,000 or more sent at the request of a client?

3. Under these circumstances, does the reporting entity have to add something to its policies and procedures, risk-based approach, etc?

Answer:

Section 7 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act stipulates that, "Subject to section 10.1, every person or entity referred to in section 5 shall report to the Centre, in the prescribed form and manner, every financial transaction that occurs or that is attempted in the course of their activities and in respect of which there are reasonable grounds to suspect that
(a) the transaction is related to the commission or the attempted commission of a money laundering offence; or
(b) the transaction is related to the commission or the attempted commission of a terrorist activity financing offence."

If the Caisse populaire have reasonable grounds to suspect that a financial transaction that occurs or that is attempted in the course of their activities is related to the commission or the attempted commission of a money laundering offence or a terrorist activity financing offence, a suspicious transaction report must be submitted to FINTRAC. They may have differing reasonable grounds to suspect.

2. Subsection 14(m) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (the Regulations) stipulates that, "Subject to subsection 62(2), every financial entity shall keep the following records in respect of a transaction or the opening of an account other than a credit card account: [...] where, at the request of a client, it sends an electronic funds transfer, as prescribed by subsection 66.1(2), in an amount of $1,000 or more, a record of

(i) if the client is a person, their name, address, date of birth and telephone number and the nature of their principal business or their occupation, as applicable,
(ii) if the client is an entity, the name, address, date of birth and telephone number of the person initiating the transaction on behalf of the entity and the nature of that person’s principal business or their occupation, as applicable,
(iii) the relevant account number, if any, and the reference number, if any, of the transaction and the date of the transaction,
(iv) the name or account number of the person or entity to whom the electronic funds transfer is sent, and
(v) the amount and currency of the transaction."

This requirement applies to both reporting entities involved in the transaction because both reporting entities have each sent an electronic funds transfer. While the electronic funds transfer was reported by the Caisse populaire centrale (because it received the name and address from the caisse populaire), the caisse populaire still has to comply with its record keeping requirements.

3. FINTRAC expects documents, such as policies and procedures, the risk-based approach, etc, to reflect the reporting entity's situation by taking into account the products and services it offers to its clients.

Date answered: 2013-09-13

PI Number: PI-5613

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 2, 4, 6G

Regulations: 14(m), 66.1(2)

Act: 7

Life Insurance Company

Question:

This RE is registered as XYZ Inc., she offers only Life insurance products from Insurance ABC. What are her obligations under the act? Does she need a Regime? She has a contract with Insurance ABC whereby she can only provide their services. It is apparently written in their contract. She is however not an employee of Insurance ABC. This is where my issue lies. I am not quite sure if she is covered.

Answer:

The legislative requirements under the PCMLTFA are applicable to life insurance companies, brokers or independent agents. However, if XYZ inc. is a life insurance agent or an employee of a life insurance company or broker, these requirements are the responsibility of the life insurance company except with respect to reporting suspicious transactions and terrorist property, which is applicable to both.

Life insurance broker or agent is defined under our legislation as a person or entity that is registered or licensed under provincial legislation to carry on the business of arranging contracts of life insurance. A life insurance company means a life company or foreign life company to which the Insurance Companies Act applies or a life insurance company regulated by a provincial Act.

Date answered: 2013-05-03

PI Number: PI-5543

Activity Sector(s): Life insurance

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 1(2)

Two year review

Question:

I am writing to you to obtain clarification on the Compliance program element requiring a reporting entity to institute and document a review of the policies and procedures, the risk assessment and the training program for the purpose of testing their effectiveness, which review is required to be carried out every two years by an internal or external auditor of the person or entity, or by the person or entity if they do not have such an auditor.

The Internal Audit methodology at the Bank requires the conduct of audits of its businesses at regular intervals which intervals are dependent on various contributing factors. We recognize that the review of specific elements of the AML Compliance regime of the Bank's various reporting entities must be conducted, in accordance with subsection 71(1) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations, every two years by Internal Audit. There are a few ways in which the 2 year interval can be interpreted:

1. If an Audit of a reporting entity commenced in January 2009, regardless of when the Audit Report was issued as that date is impacted by several factors, some of which will be unforeseen at the outset of the Audit, and the next Audit commenced in January 2011, again, regardless of the date of the issuance of the Audit Report, it would appears that the "two year" requirement has been met. Can you please confirm?

2. If an Audit of a reporting entity commenced in January 2009 and the next Audit commenced in September 2011 in order to meet a 2 year fiscal year audit requirement, it would appear that the "two year" requirement has been met. Can you please confirm?

Answer:

Paragraph 71(1)(e) of the Proceeds of Crime Money Laundering) and Terrorist Financing Regulations (PCMLTFR) states that a person or entity shall implement the compliance program by “instituting and documenting a review of the policies and procedures, the risk assessment and the training program for the purpose of testing their effectiveness, which review is required to be carried out every two years by an internal or external auditor of the person or entity, or by the person or entity if they do not have such an auditor”.

To add to this, subsection 37(1) of the Interpretation Act defines the expression “year” by “any period of twelve consecutive months”.

Based on the above, our position is that a review must be started no later than 24 months from the start of the previous one and completed prior to the start of the next review.

Date answered: 2013-05-02

PI Number: PI-5538

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(e)

Two-Year Review Clarification

Question:

The Vice President of Compliance for Company ABC (in Canada and USA) asked the following question, which I believe warrants an interpretation. He explained that Company ABC has been in Canada since March 2011, but didn't actually "open its doors" and start trading until August 2012, and the trades conducted are only done with the affiliate Company ABC in USA.

His question is in relation to the Compliance Regime, specifically the Two Year Review. Because the business was registered with IIROC in March 2011, should the review be conducted in March 2013, or, because they didn't “open their doors” and start to trade until August 2012, would FINTRAC recognize that date as the start of the requirement to have a regime, therefore pushing back the date for the review to August 2014?

He stated that a regime has been in place since March 2011, although it has been revised numerous times leading up to August 2012 when they officially started trading. He also explained that IIROC had communicated with him and stated that the review should be completed this March but to speak to FINTRAC regarding an extension.

Answer:

Paragraph 71(1)(e) of the Proceeds of Crime Money Laundering) and Terrorist Financing Regulations (PCMLTFR) states that a person or entity shall implement the compliance program by “instituting and documenting a review of the policies and procedures, the risk assessment and the training program for the purpose of testing their effectiveness, which review is required to be carried out every two years by an internal or external auditor of the person or entity, or by the person or entity if they do not have such an auditor”.

To add to this, subsection 37(1) of the Interpretation Act defines the expression “year” by “any period of twelve consecutive months”. Based on the above, our position is that a review must be started no later than 24 months from the start of the previous one and completed prior to the start of the next review.

The day where Company ABC Canada was “authorized under provincial legislation to engage in the business of dealing in securities or any other financial instruments, or to provide portfolio management or investment advising services”, as per subsection 5(g) of the PCMLTFA, is the day where Company ABC Canada was considered a securities dealer.

Date answered: 2013-03-19

PI Number: PI-5521

Activity Sector(s): Securities dealers

Obligation(s): Compliance Regime

Guidance: 4.8

Regulations: 71(1)(e)

Act: 37(1), 5(g)

Account holder - Risk Rating of a MSB

Question:

A credit union has asked for assistance with risk rating (as per Guideline 4) their member who is a Money Services Business. They have heard that Money Services Businesses should be risk rated as high risk. Is that the common rating or is it up to the credit union discretion?

Answer:

Paragraph 71(1)(c) of the PCMLTFR states that “for the purpose of subsection 9.6(1) of the Act, a person or entity referred to in that subsection shall, as applicable, implement the compliance program referred to in that subsection by […] assessing and documenting, in a manner that is appropriate for the person or entity, the risk referred to in subsection 9.6(2) of the Act, taking into consideration

(i) the clients and business relationships of the person or entity,
(ii) the products and delivery channels of the person or entity,
(iii) the geographic location of the activities of the person or entity, and
(iv) any other relevant factor”.

Subsection 9.6(2) of the PCMLTFA states that “the program shall include the development and application of policies and procedures for the person or entity to assess, in the course of their activities, the risk of a money laundering offence or a terrorist activity financing offence”.

The analysis of the risk must draw conclusions as to potential threats and vulnerabilities the reporting entity is exposed based on their products, services, delivery channels, geographic locations, clients and business relationships, and any other relevant factors.

At this time, we should not comment on whether or not MSBs are, de facto, high risk. I do not believe we have publicly said that MSBs are high risk. It is up to the reporting entity to determine the risk of its client and business relationship.

Date answered: 2013-02-12

PI Number: PI-5497

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(c)

Act: 9.6(1), 9.6(2)

Ongoing Training Program

Question:

If an entity gives its employees a copy of its compliance policies and procedures and asks them to sign a letter certifying that they are aware of those policies and procedures, could it be considered as “ongoing training” within the meaning of paragraph 71(1)(d) of the Regulations?

Answer:

The Regulations, at paragraph 71(1)(d), state that the reporting entity must develop and maintain a written ongoing compliance training program, without specifically indicating what exactly must be written. The Guidelines are more explicit in providing that the training program must be in writing and kept up to date. This means that, although the program must be in writing, the training does not necessarily have to be given in writing. For example, the reporting entity may give the training using a software program or by organizing information sessions or in-person meetings. The entity is responsible for reviewing the program and making changes as required to ensure that the program reflects its needs. Consequently, the training procedure and timeline (e.g. the training plan) must be in writing, but not necessarily the actual training content (e.g., the material). A written ongoing compliance training program must include the following: 1. Proof that the training has been given. 2. A written training plan for the delivery of training. Furthermore, periodic updates should be conducted in order to ensure that relevant employees and agents are aware of changes made to the Act and its associated regulations, as well as changes in the Entity’s policies and procedures. In addition, the individuals required to take the training must all be aware of the most recent developments and changes that could have an impact on their work and the regulatory requirements that must be met. If the reporting entity decides to use its own policies and procedures as training material, and has indicated its intention to do so in the written training plan, along with the other details mentioned above, then the requirements of paragraph 71(1)(d) would be met. If, however, during an examination, it is determined that one of the employees, agents or mandataries, or anyone else authorized to act on behalf of the reporting entity, is unaware of, or does not understand the obligations stemming from our Act and Regulations, it could be a strong indication that the training program was not effectively maintained in accordance with paragraph 71(1)(d).

Date answered: 2012-10-30

PI Number: PI-5462

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(d)

Act: 9.6(1)

Insurance broker and compliance

Question:

I am a life insurance broker that only sells group life insurance. I would like to know if I must have a compliance regime in place.

Answer:

The legislative requirements under the PCMLTFA are applicable to life insurance companies, brokers or independent agents. However, if you are a life insurance agent and an employee of a life insurance company or broker, these requirements are the responsibility of the life insurance company except with respect to reporting suspicious transactions and terrorist property, which is applicable to both.
Life insurance broker or agent is defined under our legislation as a person or entity that is registered or licensed under provincial legislation to carry on the business of arranging contracts of life insurance. A life insurance company means a life company or foreign life company to which the Insurance Companies Act applies or a life insurance company regulated by a provincial Act.

If you fall within one of these definitions, you are covered under the PCMLTFA and have the following obligations, regardless of the type of product you offer. You must report any large cash transaction of $10,000 or more you receive and have record keeping obligations in regards to that transaction. You must also report any suspicious transactions, as well as terrorist property reports. You also have a number of other record keeping obligations, ascertaining identity in certain situations, PEFP determination, third party determination, and finally you must also implement a compliance regime.

However, there are general exceptions that apply to client identification requirements in the following situations: the purchase of a policy that is an exempt policy (i.e., a policy issued for insurance protection and not for significant investment purposes as defined in subsection 306(1) of the Income Tax Regulations); the purchase of a group life insurance policy that does not provide a cash surrender value or a savings component; the purchase of an immediate or deferred annuity paid for entirely with funds directly transferred from a registered pension plan or the proceeds of a group life insurance policy; the purchase of a registered annuity policy or a registered retirement income fund; a registered plan, including a locked-in retirement plan, a registered retirement savings plan, a group registered retirement savings plan, a registered education savings plan and any other registered plan; where the account holder or settlor is a federally or provincially regulated pension fund; or a transaction that is part of a reverse mortgage or structured settlement;

I would again refer you to our website to consult the legislation, as well as the guidelines that use plain language to explain the most common situations under the PCMLTFA and Associated Regulations, and more specifically Guideline 6A: Record Keeping and Client Identification for Life Insurance Companies, Brokers and Agents.

Date answered: 2012-09-27

PI Number: PI-5458

Activity Sector(s): Life insurance

Obligation(s): Compliance Regime

Guidance: 4, 6A

Regulations: 1(2), 16, 17, 18, 19, 20, 20.1, 20.2, 56, 62, 63

Act: 5(c)

Ongoing Monitoring- para. 71.1(b) of Regulations

Question:

Further to its risk assessment, the CP identified John Doe as a high-risk client. In making this determination, the CP applied the methodology proposed by FINTRAC, and it was the combination of risk factors linked to the products, geographical location and client features that allowed the CP to conclude that John Doe was, overall, a high-risk client.

Among his products, John Doe has a chequing account, a line of credit and an investment account, as well as a business plan and a commercial mortgage for his company, ABC.

QUESTION:

When conducting ongoing monitoring of John Doe's transactions, should the CP take into account all the products used by its client, i.e., not only the personal accounts but also the business accounts, or should it focus on the high-risk products (e.g., the business account vs. the personal account)?

Answer:

Guideline 4 reads as follows: “You have to take reasonable measures to conduct ongoing monitoring of financial transactions that pose high risks of money laundering and terrorist financing to detect suspicious transactions.”

Even though, by definition, some of John Doe's accounts are low or moderate risk, they cannot be isolated and excluded from the monitoring provided for under section 71.1(b). Since it is the client, through a combination of factors, who presents a high risk, the various financial transactions that he carries out, through both his personal and business accounts, make up an integral part of his risk profile and must be monitored on an ongoing basis for the purpose of identifying the relevant transactions.

Date answered: 2012-09-26

PI Number: PI-5456

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71.1 (b)

2 year review

Question:

I am trying to obtain clarification on the specific time requirements for completion of the Bi-annual Review. Guideline 4 indicates the following:.
“Another component of a comprehensive compliance regime is a review of your compliance policies and procedures to test their effectiveness. The review has to be done every two years. It has to cover ……………”

One of the services ABC Ltd offer credit unions is an Effectiveness review of their Compliance Regime. Many credit unions completed their review in June of 2010. There is an unwritten understanding that the review must be completed by June 2012.

Is there any flexibility to have the review completed within the calendar year ie in Sept 2012, November 2012 or must the review be completed by June 23, 2012. Our concern, and the concern of our client credit union, is non-compliance and their desire to be compliant with Regulations. If the review is completed within the calendar year, would this be considered compliant.

Any clarification that you can provide would be greatly appreciated.

Answer:

Paragraph 71(1)(e) of the Proceeds of Crime Money Laundering) and Terrorist Financing Regulations (PCMLTFR) states that a person or entity shall implement the compliance program by “instituting and documenting a review of the policies and procedures, the risk assessment and the training program for the purpose of testing their effectiveness, which review is required to be carried out every two years by an internal or external auditor of the person or entity, or by the person or entity if they do not have such an auditor”.

To add to this, subsection 37(1) of the Interpretation Act defines the expression “year” by “any period of twelve consecutive months”.

Based on the above, our position is that a review must be started no later than 24 months from the start of the previous one and completed prior to the start of the next review.

Date answered: 2012-07-19

PI Number: PI-5430

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(e)

MLS Listings

Question:

Here is a summary:
- We are a new real estate brokerage (no clients yet)
- We will only offer $169 flat fee listings for private seller types
- In the Listing Agreement, the seller agrees that the seller's lawyer will act as agent to negotiate offers, pay commission and hold deposits
- Our sole responsibility is to maintain the MLS listing (we have no role in the offer process)

In our business model, then, the real estate lawyer acts as agent for the seller.

Since the real estate lawyer must collect FINTRAC information from the seller, do we still need to do it?

Answer:

If you are a real estate broker, you are subject to legislative obligations under the PCMLTFA when you act as an agent regarding the purchase or sale of real estate.

However, if your sole responsibility is to maintain the MLS listing, and if the agreement outlines that the mere poster is not acting as an agent in respect of the purchase or sale of real estate for the seller of the property, then the mere poster is not subject to the PCMLTFA and its associated Regulations.

Date answered: 2012-07-10

PI Number: PI-5426

Activity Sector(s): Real estate

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 1(2)

Act: 5(j)

71.1(a) of the PCMLTFR

Question:

As part of its risk assessment, the Caisse populaire identified certain at-risk folios. In the case of these folios, it is implementing a series of measures, which include the monthly review of account transactions and the updating of client information, if necessary. To do so, the CP contacts members directly to find out whether they are still living at the same address, have the same phone number and hold the same job. There is no confirmation of the information on the pieces of ID. As a result, clients who had opened their accounts before the legislative requirements took effect, even if they are considered to be high-risk clients, would have no information on these pieces of ID in their file.

QUESTION:
1) For the purpose of updating client identification information, should the CP meet with the clients in person in order to confirm the pieces of ID on file?

Paragraph 71.1(a) of the Regulations stipulates that the entity must take “reasonable measures to keep client identification information up to date.” However, there is not a prescriptive list of the information referred to. Further to sections 14, 54 and 67, it can de deduced that the information on the signatory's piece of ID is an integral part of the “client identification information.”

Answer:

In response to your question, paragraph 71.1(a) of the Regulations stipulates that the person or entity referred to in subsection 9.6(1) of the Act must take “reasonable measures to keep client identification information and the information referred to in section 11.1 up to date.”

The updating of client identification is not required under the Act, except in the case of high-risk clients. Furthermore, in the case of clients who present a high risk, although the Act requires that the entity keep identification information up to date, it does not require the entity to re-authenticate these clients.

This having been said, the nature of the client identification information depends on the nature of the documents that are normally kept. These generally include the client's name, address, phone number, date of birth and occupation or principal company.

I would like to add a few remarks about clients who opened their accounts before the legislative requirements took effect. In previous policy interpretations, we have already noted that there are no legislative provisions requiring the identification of clients who opened their accounts prior to the coming into force of our Act and Regulations, the reason being that legislative requirements cannot be applied retroactively. Should such a client be deemed high-risk, the information on his/her pieces of ID on file cannot be updated since there is no such information.

The two documents are indeed complementary and applicable. However, I see a distinction. I repeat that, in the case of a client deemed high-risk, the information on his/her pieces of ID on file cannot be updated since there is no such information. I should have added, however, that in the case of a client deemed high-risk under paragraph 71.1(a), reasonable measures must be taken to keep the client's information up to date (obviously, not information pertaining to the pieces of ID but rather information about the individual).

Date answered: 2012-06-15

PI Number: PI-5413

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71.1 (a)

Act: 9.6(1)

Review of section 71(1)(b)

Question:

Following an internal review (mechanism review) in 2010, the internal audit team of an entity noted some weaknesses in the compliance regime.

They were included in an initial action plan for the adoption of corrective measures within a certain time frame.

However, a second internal review, in 2012, reaffirmed the existence of these initial weaknesses and recommendations, because they had not been corrected.

QUESTIONS:

1) Can the following discrepancy be noted under section 71(1)(e) Regulations?

Discrepancy: Failure to take the corrective measures proposed in response to weaknesses identified during a review with regard to the following aspects of the compliance regime:

- ongoing training: lack of training for all employees targeted by activities/operations subject to the PCMLTF;
- risk-based approach: lack of measures to mitigate risks;
- review: no review of policies and procedures or directives accompanying the policy.

OR

2) Can this same discrepancy be noted as "failure to implement compliance measures" under section 71(1)(b) of the Regulations (making the necessary adjustments)?

If not, is it accurate to state that there is a lack of clarification in paragraph 71(1)(e) of the Regulations to enable us to describe such a situation:

Paragraph 71(1)(e): "[ … ] documenting and applying the proposed corrective measures within a reasonable time frame."

Answer:

Paragraph 71(1)(b) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations states that every person or entity referred to in subsection 9.6(1) of the Act must "develop and apply written compliance policies and procedures that are kept up to date and, in the case of an entity, are approved by a senior officer".

You would thus be able to mention a discrepancy in the case of an entity or person without adequate compliance policies and procedures, following YOUR review and not following a review conducted by an entity's internal audit team.

Date answered: 2012-06-11

PI Number: PI-5411

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(b)

Agent/principal relationship

Question:

I have set out below the plans that are in place (or currently being negotiated)

1) Current Position
ABC Inc. Canada is a Money Service Business and is registered under FINTRAC until November 2013.
We have a store handling full buy/sell foreign transactions and 230 plus stores/agents registered which are offering foreign currency pre order services along with 27 ATM's (offering four currency solutions a combination of CAD$, USD$, GBP, Euro and Mexican Peso) across Canada

We have a full operational and money laundering training program in place for our store network which is ongoing
We have a Compliance Manager and conduct audits of the stores to evaluate their level of compliance and take remedial action accordingly.
We have an action plan in place following an audit by FINTRAC in November 2011 and also have completed a Risk Document.

2) Proposed Position

We are proposing to outsource the entire foreign exchange business to two separate organisations under a licensing agreement where they would continue to provide the services under the ABC Inc. brand name

The full buy/sell store (one location only) would be managed by XYZ Inc. who already operates as a Money Service Business and would take over the administration and operation of the site including the FINTRAC regulation and training (The site is within ABC Inc. corporate building but a fully enclosed separate unit). All regulation and operation requirements would fall under the XYZ Inc. operation as they would take over the site and introduce their policies and procedures

The existing pre order service through 230 plus locations along with the 27 ATMs would be managed by our current ATM provider (123 Technologies Inc) who currently have dealings with FINTRAC for ATM deployment but does not hold a Money Service Business arrangement for selling foreign currency services. This application is now being arranged

123 Technologies Inc would take over the administration and operation of the pre order locations and take over the current policies and procedures introduced by ABc Inc. Canada as referred above (including all operational and compliance procedures, audits and risk documentation - two members of staff currently running the ABC Inc. Canada operation would join 123 Technologies Inc with one being the Compliance Manager

It is envisaged that this licensing agreement will be initiated from 1 July 2012

3) Clarification - with effect from 1 July 2012
123 Technologies Inc will now register all the locations in FINTRAC under their registration and complete all other information required on the company to complete FINTRAC documentation?

ABC Inc. Canada will remove all locations under their FINTRAC registration?

123 Technologies Inc will take responsibility and as part of the transition, ownership of all administration, operation, money laundering training, audit and risk assessment as relates to the stores operated under ABC Inc. Cook. This will be set out in the licensing agreement between ABC Inc. Canada and 123 Technologies Inc

To summarize the employers at the pre order locations currently under ABC Inc. Canada FINTRAC registration will still be employed by ABC Inc. Canada, but all the functions associated with running that operation including the regulation will now be managed and the responsibility of 123 Technologies Inc. Please can you confirm the above steps are correct or what actions we will need to take between now and 1 July on 1 July and post 1 July that ensure all the correct details are filed with FINTRAC

Answer:

It would depend on the nature of the contractual relationship between ABC Inc. Canada and the “two separate organisations under a licensing agreement”. As always, it is a question of fact.

As per paragraph 6(2) of the PCMLTFR, if there is an agent/principal relationship between ABC Inc. Canada and the two separate organizations, ABC Inc. Canada is still responsible to meet all requirements of the Act:

“where a person or entity who is subject to the requirements of these Regulations, other than a life insurance broker or agent, is an agent of or is authorized to act on behalf of another person or entity referred to in any of paragraphs 5(a) to (l) of the Act, it is that other person or entity rather than the agent or the authorized person or entity, as the case may be, that is responsible for meeting those requirements”.

If the contract makes the two separate organizations ABC Inc. Canada's agents (the two separate organizations will be the employees of ABC Inc. Canada), then ABC Inc. Canada would remain on the hook for the obligations (i.e. the usual rules for agents and employees, with the usual exception that the agent or employee might have a personal obligation to report STRs for which they have reasonable grounds themselves). ABC Inc. Canada must contact FINTRAC to list the two separate organizations as their agents.

If the contract states that the two separate organizations will provide services (i.e. reporting), then ABC Inc. Canada is still on the hook for all obligations. ABC Inc. Canada (or may be the two separate organizations) must contact FINTRAC to enter the two separate organizations as their service providers.

In addition, I would like to make a comment with respect to the training responsibility that will be “pass on” to the two separate organizations: paragraph 71(1)(d) of the PCMLTFR states that if ABC Inc. Canada “has employees, agents or other persons authorized to act on their behalf”, shall develop and maintain “a written ongoing compliance training program for those employees, agents or persons”.

Date answered: 2012-05-03

PI Number: PI-5405

Activity Sector(s): Money services businesses

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 6(2), 71(1)(d)

Deposit broker- Client ID

Question:

Company is a deposit broker for various Banks, Trust Companies and Credit Unions. We introduce client-name deposit type instruments (Guaranteed Investment Certificates / GICs) to our clients for these Financial Institutions.

1. Can you confirm if we are required to have a compliance regime to act as a deposit broker for the financial entities?

2. Does FINTRAC require a photocopy of the documents used to identify individuals be kept, when we are identifying individuals as part of the record keeping and identification obligations of the Financial Institutions?

3. Can you confirm if we are required to identify the client/individual, record the details and provide identification to the financial entities for GICs bought for our clients in registered plans (ex: RRSP GICs, RRIF GICs in client name)?

4- Lastly, with respect to record keeping and client identification, where an exemption does not exist and a client is being identified, is the name, address, and phone number of the individual's employer required?

Answer:

1- An agency agreement must be in place between the deposit broker and financial institutions. Identification responsibilities must be clearly documented in this agreement and ultimately lie with the financial institution. In fact, subsection 64.1(1) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), with respect to the delegation of the ascertaining identity requirements to an agent or mandatary, states that:

64.1 (1) A person or entity that is required to take measures to ascertain identity under subsection 64(1) or (1.1) may rely on an agent or mandatary to take the identification measures described in that subsection only if that person or entity has entered into an agreement or arrangement, in writing, with that agent or mandatary for the purposes of ascertaining identity.

2- Section 67 of the PCMLTFR does not require the reporting entity to make a photocopy of the documents used to identify individuals, but to keep a record of the information.

3- The following guideline 6G: Record Keeping and Client Identification for Financial Entities provides guidance with respect to your obligations of record keeping and client identification. I refer you to section 3.1 General exceptions to record keeping, and section 4.2 General exceptions to client identification for more information.

4-Under our Act and Regulations, the information regarding the individual’s employer is required only if the individual is acting on behalf of a third party, and only if it was determined that this third party is the individual’s employer.

Subsection 9. (1) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLFR) indicates that “every person or entity that is required to keep a signature card or an account operating agreement in respect of an account under these Regulations shall, at the time that the account is opened, take reasonable measures to determine whether the account is to be used by or on behalf of a third party”.

Subsection 9. (2) of the PCMLTFR indicates that “subject to subsections (5) and (6), where the person or entity determines that the account is to be used by or on behalf of a third party, the person or entity shall keep a record that sets out
(a) the third party’s name, address and date of birth and the nature of the principal business or occupation of the third party, if the third party is an individual;
(b) if the third party is an entity, the third party’s name and address and the nature of the principal business of the third party, and, if the entity is a corporation, the entity’s incorporation number and its place of issue; and
(c) the nature of the relationship between the third party and the account holder.

Date answered: 2012-03-01

PI Number: PI-5387

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4, 6G

Regulations: 9, 64.1, 67

DPMS triggering activities

Question:

Operating as a secondhand/ pawnbroker for over 20 years. We loan money on numerous types of articles such as musical instruments, tools, audio/ video equipment as well as gold and precious metals in the form of jewellery.

The City of Edmonton has a bylaw in place whereas we are required to report any and all transactions (no matter how small or large) to the Edmonton Police Services. A report is transmitted to the police daily for their review. The information required to be reported is:
Full name, address, date of birth, description of person as well as the information from 2 pieces of government issued identification. A complete description of the article(s) received including serial numbers and or distinguishing markings. Also, the price paid for each article.

Since I have been in business I have never done a jewellery transaction (buying or selling) to an individual for even close to the $10,000 amount. Our records show the average transaction for the acquisition of jewelry to be less than $75.00 per transaction and the average jewellery sale to be under $200.00.

However, over the course of many years we have acquired a considerable amount of scrap jewellery. The only effective way of converting this inventory into revenue is to sell it in its present form to a licensed refiner.

So, my question is simple.
Am I subject to the reporting requirements of the legislation if I sell scrap jewellery to a refiner in excess of $10,000.00 in a single transaction.

Answer:

A dealer in precious metals and stones means an individual or an entity that buys or sells precious metals, precious stones or jewellery, in the course of its business activities. It is subject to the requirements (see 39.2, 39.3 of the RCMLTFR) if it is ever engaged in the purchase or sale of precious metals, precious stones or jewellery in an amount of $10,000 or more in a single transaction. In other words, it is not subject to these requirements if it is engaged only in purchases or sales of less than $10,000 per transaction.

If the entity conducts a single transaction of +10,000$ relating to the purchase or the sale of precious metals/stones, it becomes a DPMS.

The purchases or sales referred to above exclude those carried out for, connected with, or for the purpose of:

• manufacturing jewellery;
• extracting precious metals or precious stones from a mine; or
• cutting or polishing precious stones.

In other words, if all of its purchases and sales are related to these manufacturing, extracting, cutting or polishing activities, it is not subject to these requirements.

To clarify the exemption to the triggering activities to become a DPMS, we look at the exception prescribed in s. 39.1 of the regulations:

"... other than such a purchase or sale that is carried out in the course of, in connection with or for the purpose of manufacturing jewellery, extracting precious metals or precious stones from a mine or cutting or polishing precious stones, is subject to Part 1 of the Act."

Although the purpose of the sale described below is not "in the course of" or "for the purpose of" manufacturing for the entity's business, it is still considered "in connection with". Therefore, the exception applies to this entity if it does its due diligence to confirm that the customer will be using the precious metals for the purpose of manufacturing jewellery.

It is important to note that it is a question of fact to determine the nature of the transaction and not only the nature of its customers' business.

If the customer is a manufacturer but does not intend to use the purchase for manufacturing purposes, the exception does not apply.

So it is important for the entity to determine if the transaction is related to manufacturing jewellery, extracting precious metals or precious stones from a mine or cutting or polishing precious stones.

Date answered: 2012-02-20

PI Number: PI-5385

Activity Sector(s): Dealers in precious metals and stones

Obligation(s): Compliance Regime

Guidance: 4, 6I

Regulations: 1(2), 39.1

Store credit card

Question:

The caller manages a store – part of a national chain that has its own credit card. Recently, the credit card was acquired by a new bank; the chain sent out letters to each store saying that the employees now needed to be trained in PCMLTFA regulations (specifically, STR reporting regulations); if this training was not completed, the store would no longer be able to accept the credit card as a form of payment. The caller wants to know whether he is indeed obligated to train his employees.

There was a similar situation with another store credit card. In that case, I understand that store employees were not required to receive training. Would the case be similar here? From the caller’s description, this credit card seems to work as a standard store credit card. I’m not sure of what a retail employee’s obligations would be in this instance. Are they considered an agent? And, if so, whose responsibility is it to train the employees – the store manager’s, the national management of the chain, or the bank that issues the credit card?

Answer:

FINTRAC is not extending the application of the legislation to these stores. FINTRAC is applying the legislation as it is written to the financial institution, namely the Bank. It is the Bank that emits the credit cards, not the stores. The Bank is a reporting entity.

At this point, it is not possible to establish if there is a principal/agent relationship between the parties, because it is a question of facts. I would need to see the agreement or arrangement they have in writing to be able to determine what are the obligations of each party.

However, to answer your question, the PCMLTFR indicates that:

71. (1) For the purpose of subsection 9.6(1) of the Act, a person or entity referred to in that subsection shall, as applicable, implement the compliance program referred to in that subsection by

(d) if the person or entity has employees, agents or other persons authorized to act on their behalf, developing and maintaining a written ongoing compliance training program for those employees, agents or persons; and

Therefore, in case there is a written agreement or arrangement establishing a principal/agent relationship, the principal (the Bank) is required to develop and maintain a training program for its agents (the stores).

In case there is NO principal/agent relationship between the parties, I would not expect the Bank to train the company’s personnel.

Date answered: 2012-02-07

PI Number: PI-5383

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(b)

Act: 9.6(1)

Business model review - the obligations of the bank and the US service provider

Question:

The Bank is dealing with a US credit card company.

Business model
ABC Bank has entered into an agreement with a US supplier for the issuing of credit cards for Canadians. Through this agreement, the Bank is sponsoring the supplier for the issuance of credit cards bearing the Bank's identifier.

Under the agreement, it is the service provider that is responsible for setting up the policies, procedures and systems for the issuance and management of the credit cards, in accordance with applicable legislation and regulations, including the PCMLTF Act and Regulations.

Essentially, the roles and responsibilities are shared as follows:
- The Bank is the card issuer.
- Credit cards issued are the property of ABC Bank.
- The ABC Bank must be identified as the issuing bank on all the cards.
- The supplier is responsible for client relations, in accordance with applicable legislation, including the PCMLTF Act and Regulations.
- The supplier is responsible for enforcing policies and procedures to ensure compliance with regulations.

Hence, as we see it, although the Bank is responsible for the program to tackle PCMLTF within the framework of this agreement, it is the supplier who is in charge of managing the day-to-day operations, under the Bank's supervision.

Answer:

In response to the question from ABC Bank regarding the business model submitted by ABC Bank outlining the obligations of the bank and the US service provider (for the issuance of credit cards for Canadians).

The bank wants its supplier to 1) set up all the policies, procedures and systems for the issuance and management of the credit cards, in accordance with applicable legislation and regulations, including the PCMLTF Act and Regulations; 2) develop a written program to tackle CMLTF; and 3) be duly registered with FINTRAC as the bank's agent so that the supplier can report suspicious transactions (STRs) directly to FINTRAC.

Section 6(2) of the Regulations stipulates that

“ (...) where a person or entity who is subject to the requirements of these Regulations, other than a life insurance broker or agent, is an agent of or is authorized to act on behalf of another person or entity referred to in any of paragraphs 5(a) to (l) of the Act, it is that other person or entity rather than the agent or the authorized person or entity, as the case may be, that is responsible for meeting those requirements.”

Furthermore, according to paragraph 71(1) (d) of the Regulations, if an entity

“ (...) has employees, agents or other persons authorized to act on their behalf” it is responsible for “developing and maintaining a written ongoing compliance tracking program for those employees, agents or persons.”

It should be noted that a service provider cannot sort STRs. STRs, and the obligation to report them, are the responsibility of the reporting entity, in this case, the bank. It is up to the bank to decide whether or not they should be reported, and whether or not the transaction is suspicious.

However, if there is a clear delegation specifically dealing with STRs, and if the reporting entity chooses its delegate, this delegate may be responsible for reporting STRs to FINTRAC. Obviously, a service provider without delegation cannot sort STRs.

It is important to remember that, at the end of the day, responsibility lies with the reporting entity.

The bank must register its service provider with FINTRAC and declare it as being its agent or mandatory.

Date answered: 2012-01-13

PI Number: PI-5375

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 3A, 4

Regulations: 6(2), 71(1)(d)

What obligations apply to Credit Union Centrals

Question:

Do all obligations under the Compliance Regime, including record keeping, reporting, ascertaining identity, 3rd Party Determination and PEFP determination apply to all accounts, other than a financial entity member of that credit union central? In the case of financial services cooperatives, to all accounts.

Answer:

The obligations apply as they would to all FEs, and which obligations apply is based on the transaction at hand.

Date answered: 2010-04-28

PI Number: PI-5356

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 2.1(2)

Act: 5

Appropriate approval of policies and procedures by Board of Directors

Question:

Are all changes to credit union central PCMLTFA procedures required to be reported and/or approved by the Board of Directors within 30 days?

Answer:

In 71(1) it is indicated that the policies and procedures must be approved by a senior officer (not the Board of Directors). As well in 71(2) the 2-year review findings must be reported in writing to a senior officer (again not to the Board of Directors).

Date answered: 2010-04-28

PI Number: PI-5355

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71

Appropriate approval of policies and procedures

Question:

Regarding 71 (1) (b) P&Ps approved by a senior officer.

I'm conducting an exam with a credit union and they have sent me their P&Ps but there is no indication it was approved by a senior officer. The Compliance Officer is a Senior Manager and reports to the VP of Risk Management.

The question is what is the meaning of "approved". Is verbal, email sign off on P&Ps or the minutes of a meeting with the Board of directors approval of their P&Ps acceptable approval?

Answer:

71(1)(b) indicates that the P&Ps must be developed and applied, kept up to date and approved by a senior officer.

The definition in s. 1(2) of a Senior Officer in respect to an entity means (if applicable) - a full time director employed by the entity; the CEO, the chief operating officer, president, secretary, treasurer, controller, CFO, chief accountant, chief auditor or chief actuary, or any person who performs those functions or any other officer who reports directly to the entity's board of directors, CEO or chief operating officer. As long as the compliance officer fits in this definition, then he can approve the policies and procedures.

71(1)(b) does not specify what type (as in written, signed off etc.) of approval is required from the senior officer. Therefore, I believe that the approval may take any form... however, the burden of proof that it was effectively approved by a senior manager rests on the reporting entity.

As you are ensuring compliance with the Act, I feel that a signature, an email, or a paper trail would permit the regional officers to ensure that there was approval from a senior officer, especially in light of the fact that the policies and procedures are in writing.

Date answered: 2010-04-28

PI Number: PI-5354

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 1(2), 71(1)b)

Responsibilities Under the PCMLTFA in case of financial institution failure.

Question:

In relation to CDIC operating as a Reporting Entity. This can happen in rare circumstances.
In the event of a failure of a financial institution, CDIC takes over the entity and operates to close out its accounts.
They are trying to anticipate what compliance obligations that they might have in the event they are operating a financial institution and the institution has poor compliance with the PCMLTFA. If the entity has clients who's name matches the UN List. Are they responsible to hold the money under the PCMLTFA as the reporting entity or do they pay it out?

Answer:

As long as the financial institution is still in existence (i.e. has not yet been liquidated by CDIC), then the financial institution is the reporting entity and is responsible under our legislation.

However, if the financial institution is non compliant with our legislation, and CDIC approves or acquiesces, then CDIC may be held responsible in criminal proceedings

Date answered: 2010-03-11

PI Number: PI-5333

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 12, 71(1)

Clarification of how Centrals are covered

Question:

If a central offers services only to a handful of clients, is the central covered for activities ONLY related to that handful of clients or to ALL its clients?

Answer:

The new Regulations are clear in terms of what falls within the new financial entity definition. There is no determination to be made by the Centrals. If the entity falls within the definition of a Financial Entity then they are exempted.

As for the Centrals' compliance regime - the Risk Base Assessment would cover only the Centrals' clients as per subsection 2.1(2) of the Regulations. Same would also apply to Suspicious Transaction Reports.

The new subsection 2.1(2) of the Regulations reads: "Every credit union central is subject to Part 1 of the Act when it offers financial services to a person or entity other than a financial entity that is a member of that credit union central" - in other words, Part I
applies to the Central only for the financial services offered to a person or entity other than a FE member.

Date answered: 2010-03-11

PI Number: PI-5332

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 2.1(2)

Act: 5

Compliance Regime ready made

Question:

Written ongoing compliance training program: If a RE uses a general Central Compliance Program written plan and decides to give some of the training suggested (but not all that is found on the standardized Central plan) and that at the same time it is providing additional CP training, should the Compliance Program be cited for a deficiency?

Answer:

Three items should be found in regards to a written ongoing training program:
1. Written training material
2. Indications that the training was given (e.g. interviews of front line staff for example), and
3. Written training plan

The Compliance Program has a written plan and gives out training.
The CP should not be cited for a deficiency. As best practice, we may want to suggest that the RE updates the Central's standardized written plan to include their respective training and to better reflect their actual training.

Date answered: 2010-02-09

PI Number: PI-5309

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)

Confirmation of compliance deadlines

Question:

Could you please confirm the date that homebuilders must have their written audit on their compliance regime in place would it be Feb of 2011?

Answer:

RED/homebuilders - February 2011 (again no deficiency before Feb. 20th, 2011).

Date answered: 2010-01-06

PI Number: PI-4762

Activity Sector(s): Real estate

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71.(1)(e)

Confirmation of compliance deadlines

Question:

Could you please confirm the date that DPMS must have their written audit on their compliance regime in place - would it be Dec of 2010 or into 2011?

Answer:

For DPMS - review every two years i.e. as of December 2010 (so we would not cite for any deficiency in the absence of a review before Dec. 30th 2010).

Date answered: 2010-01-06

PI Number: PI-4761

Activity Sector(s): Dealers in precious metals and stones

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71.(1)(e)

Agent obligations in regards to training

Question:

Various entities are using or in the process of using agents or mandataries under 64.1. For example, the entire CPs network is in the process of implementing 64.1 with a myriad of car dealerships. Does 71(1)(d) apply to agents under 64.1? Section 71(1)(d) uses the word "agent" and "any other person authorized to act on their behalf". Section 64.1 does also use the word "agent". We would like to know if 71(1)(d) applies to 64.1?

Answer:

No, subsection 71(1)(d) does not apply to agents referred to in subsection 64.1. Unfortunately, subsection 64.1 refers to the term agent, however, the term utilized does not have the same meaning as the word agent in the context of subsection 71(1)(d) and training.

The term agent that is used within subsection 64.1 is only for the purpose of identifying on your behalf and represents only a very limited mandate that you give to someone else (and that person or entity does not act on your behalf... they only identifies for you). The term agent used in 71(1)(d) has a broader mandate as that person or entity that acts on your behalf.

Date answered: 2010-01-04

PI Number: PI-4759

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4, 6

Regulations: 71(1), 64.1

Old Accounts

Question:

Does an MSB need to include clients who have not conducted a transaction over the last year (but previously was an ongoing client) in their risk assessment?

Answer:

It would be up to the reporting entity to assess which clients should be part of their risk assessment. The rationale being that the entity knows its business, and will also know if the client will either come back to conduct transactions or not, or should be assessed or not.

Date answered: 2009-11-25

PI Number: PI-4737

Activity Sector(s): Money services businesses

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(c)

Life insurance brokers vs life companies

Question:

If a life insurance agent is licenced, but not selling life insurance - are they responsible for having a compliance regime?

Answer:

The life insurance brokers and companies are simply covered because they are life insurance brokers or companies (as opposed to other sectors that either have triggering activities or because they hit a threshold and then they are covered..)

Therefore even though they are not selling life insurance or have no clients per se, they would still have to put in place a compliance regime and report STRs. However, their compliance regime would be somewhat very limited if they have no clients and do not sell life insurance, i.e. probably very brief P&P's on STRs for example, a compliance officer and next to nothing in regards to their risk assessment.

Date answered: 2009-11-13

PI Number: PI-4725

Activity Sector(s): Life insurance

Obligation(s): Compliance Regime

Guidance: 2.2, 4.5

Regulations: 1(2)

Act: 5c)

Venture Capital Entities

Question:

Do the ABC entities – who are exempted from registering still considered to be securities dealers under the Act?

Suggested answer: Yes, because the definition of a securities dealer does not refer to registration but rather to being “authorized” to provide investment management services or advice. Therefore, the fact that one is exempted assumes that a provincial authority “authorizes” the entity to operate without being registered.

Therefore, exempted entities must implement a compliance regime (for which certain requirements may or may not apply).

Answer:

ABC entities are covered.

Date answered: 2009-10-29

PI Number: PI-4707

Activity Sector(s): Securities dealers

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 1(2)

Principal-agent relationship

Question:

The financial entity has a contract with an MSB to sell their Pre-paid credit Cards, they are entering into a contract with a company that is not an entity covered under the PCMLTFA i.e.: retail front to sell our prepaid cards.

As the financial entity has a contractual agreement directly with the MSB which allows the MSB to distribute their cards at different locations, does the financial entity have any obligations to / with the retail agent?

Answer:

A financial entity is covered for all its activities (including prepaid). On the other hand, MSBs are covered for their money services business activities only (which do not include pre-paid cards) - but a word of caution - in regards to STRs, MSBs are covered for STRs for all their activities (i.e. those enumerated under 5(h) of the Act and any other activities that are not considered money services business activities (including prepaid cards).

In this case, the Bank is responsible as the principal. The MSB is the agent of the Bank and the MSB, in turn, is distributing the Bank's products via their own agents. Since they are all true agents in both cases, ultimately the principal (in this case the Bank) is responsible.

Date answered: 2009-10-16

PI Number: PI-4704

Activity Sector(s): Financial entities, Money services businesses

Obligation(s): Compliance Regime

Guidance: 2, 4

Regulations: 12.1

Act: 5(h)

Corresponding banking agreements

Question:

In this context, a correspondent banking relationship includes only an arrangement (as described above) that you, as a bank, credit union, caisse populaire or trust company, have directly with a foreign financial institution. It does not include access to your services through an arrangement that the foreign financial institution has with another financial entity or with an association of yours, such as your credit union central.

As I understand the correspondent banking relationship, it is defined in section 9.4 of the PCMLTFA. That section refers to specific paragraphs ((a), (b), (d) and (e)) of section 5. Then, in the PCMLTF regulations, sections 55.1 and 55.2 refer to a financial entity, which will include, in its expanded definition, the credit union centrals and the financial services cooperatives.

Would it be correct to include the credit union centrals and the financial services cooperatives in the correspondent banking relationships and if so, what would be the legislative reference to include them?

Answer:

In my opinion credit union centrals and financial services cooperatives will be subject to the correspondent banking relationship provisions when the relevant amendments that make them financial entities come into force in 2010.

The regulatory obligations in respect of corresponding banking relationships that apply to financial entities (including the centrals by definition) such as those of 15.1, 55.1 and 55.2 will apply by reason of the combination of the definition of "financial entity" in the Regulations and the substantive requirements of those provisions.

Date answered: 2009-10-15

PI Number: PI-4703

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4, 6G

Regulations: 2, 8.1, 15.1, 55.1, 55.2

Act: 9.4

Selling company shares

Question:

Here is the specific case:

Entity A, headquartered and having its principal place of business in the Cayman Islands (and having no place of business in Canada) wants to offer Canadian subscribers (chiefly corporations) stock in the company. The transactions are subject to the Securities Act but because of the nature of the transactions, Entity A is not obliged to register as an adviser or a dealer.

Each transaction would have a value of over $10,000 and the money would flow through a bank registered under Canada’s Bank Act.

On reading the Act and Regulations, Entity A would not be obliged to disclose these transactions to FINTRAC. Can you confirm our interpretation?

Answer:

No, whether the corporation is located in the Cayman Islands or in Canada, it does not change the issue; the entity would not have any obligations under our legislation. It is not a securities dealer - this entity is solely selling their shares to eventual shareholders

Date answered: 2009-10-14

PI Number: PI-4701

Activity Sector(s): Securities dealers

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 1(2)

Citing over-reporting LCTR

Question:

Can we cite a Reporting Entity for inadequate training or policies and procedures where the Reporting Entity over-reports large cash transaction reports to FINTRAC?

Answer:

No. We cannot cite at this time for over-reporting as a general rule and, by ricochet, we would not be in a position to cite the entity for over-reporting by citing them for the application of their Policy & Procedures or via their training obligations.

Date answered: 2009-10-07

PI Number: PI-4699

Obligation(s): Compliance Regime

Guidance: 4

Real estate agents or principals

Question:

Are individual real estate agents expected to have the full written compliance regime in place - or would it be the company they belong to (i.e royal lepage, remax etc...)?

Answer:

I concur. It is a question of fact. We would need to determine the type of relationship existing between the broker and the brokerage firm (to see if the broker is effectively independent from the company in which case the obligation would lie with the independent broker).

Date answered: 2009-10-07

PI Number: PI-4698

Activity Sector(s): Real estate

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 6(2), 71

Training Expectations for Reporting Entities

Question:

Paragraph 71(1)(d) of the PCMLTFR states "...developing and maintaining a written ongoing compliance training program..." 1- What exactly is meant by "WRITTEN ongoing program"? The issue is with the notion of "written program". 2- Is a written syllabus/curriculum/outline of the “what (subject-high level- not actual content), when, who, and how “of the ongoing training that "will be" or "is" offered sufficient? For example, if the RE provides a document with generic terms such as "when" training is given (e.g. yearly for regular staff, within 1 week new staff), the "what" that will be covered (subject- high level-heading/themes, but not the actual training material), the "who", etc., is that enough in terms of the "written program" portion of the question? Guideline 4 seems to allude to the fact that the RE should develop such a plan and that is sufficient for the "written program" obligation. Would it be correct to assume that an RE showing us what they did in terms of training is not a "program". It just shows what the RE has done in terms of implementing its ongoing training program, but it is not a "program or plan" per se.

Answer:

Effective June 23, 2008, your training program has to be in writing and you have to maintain it. This means that the program itself has to be in writing, but the way the training is delivered does not have to be in writing. For example, you could deliver your training program using computer-based software, information sessions, face-to-face meetings, etc. You also have to ensure that your training program is reviewed and adjusted in a timely manner to reflect your needs. Therefore, the process and the schedule (i.e. the plan) of the training should be in writing, however, not necessarily the training itself (i.e. the material). A reporting entity is required to have a written plan of their training program and having written training material would not be sufficient.

Date answered: 2009-09-21

PI Number: PI-4685

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(d)

Citing for training and PPs obligations and automatedly implemented procedures.

Question:

In regards to section 71(1)(b) "developing" and "applying" written compliance policies and procedures that are kept up to date and, in the case of an entity, are approved by a senior officer. " should the RE be cited for 71(1)(b) on the basis of not having "applied" the PPs if the entity's Compliance Officer and staff(team) responsible for compliance are not familiar with the PPs or is it that even if the CO and staff(team) responsible for compliance are not familiar with the PPs document "developed" for/by them, but that in practice (due to automation or simple unrelated everyday processes and procedures) the FINTRAC examination of record keeping and client ID shows little or moderate deficiencies, that this demonstrates that the RE is "applying" the PPs?

Answer:

Yes you can cite, as they are two separate requirements (although found in the same section) to develop and to apply!
The relevant staff (such as the front line staff) absolutely should know the policies and procedures. However, as for the CO or other staff that are not deemed front line - do not have to be that familiar with the PPs. The rationale behind this being that the front line staff are the ones that need to apply the PPs in the end. A compliance officer is not required to know the P&Ps, however they are responsible to implement them - whether they do it themselves or outsources it is not important, as long as they are in place and effective. As for the training part, the compliance officer again is not required to know what the training entails, but he is responsible to ensure that there is training (the CO may very well outsource the training for example) as part of the compliance program. If the policies and procedures are "automatically" or "automatedly" applied --of course respect the legislative requirements-- the front line staff would not necessarily need to know them. However, the front line staff would still need to receive adequate training to do what they need to do (i.e. what the automated system requires them to do to file out the forms or client identification requirement). Furthermore, if the front line staff do not file the LCTRs, then they would not need to be trained on it. Importantly, in regards to STRs, because it is subjective, and because of Part G (i.e. the "story" behind the suspicious grounds) the front line staff would need to be trained on it as the system cannot be relied upon for the "subjectivity" attached
to STRs.

Date answered: 2009-09-14

PI Number: PI-4681

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(b)

Policies and Procedures application requirements

Question:

If the CO and staff are not familiar with the PPs document "developed" for them or by them, but that in practice (due to automation or simple unrelated everyday processes and procedures) the FINTRAC examination of record keeping and client ID shows little or moderate deficiencies, that this demonstrates that the RE is "applying" the PPs.

Answer:

If the policies and procedures are "automatically" or "automatedly" applied and of course respect the legislative requirements, the front line staff would not necessarily need to know them. However, the front line staff would still need to receive adequate training to do what they need to do (i.e. what the automated system requires them to do to file out the forms or client identification requirement).

Furthermore, if the front line staff do not file the LCTRs, then they would not need to be trained on it.

A word of caution - in regards to STRs, because it is subjective, and because of Part G (i.e. the "story" behind the suspicious grounds) the front line staff would need to be trained on it ... the system cannot be relied upon for the "subjectivity" attached to STRs.

Date answered: 2009-09-14

PI Number: PI-4680

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)b

Act: 9.6

Citing on application of policies and procedures

Question:

When the Compliance Officer is not familiar with the PPs that have been "developed" for the PPs, can we cite the RE for 71(1)(b) on the basis that the RE has not "applied" the PPs?

Answer:

Yes you can cite, as they are two separate requirements (although found in the same section) to develop and to apply!

Date answered: 2009-09-14

PI Number: PI-4679

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(b)

Act: 9.6

Advising an employee of a non-compliant company

Question:

I am writing to you because I am hoping to get some guidance on what my personal obligations are as an employee of a reporting entity.

I have some concerns that the compliance regime of this reporting entity is not as rigorous as it should be. I would not go so far as to say that the company does not want to comply at all. The company has taken some proactive measures to be compliant. For example:

The company is currently filing its required reports
The company has some internal procedures in place instructing employees on how to recognise and report suspicious transactions, efts etc.
The company has taken some pro-active measures in educating its workforce on proper compliance.
The company appointed a compliance officer

I believe that the company may be lacking in the following areas:

Implementing appropriate policies
Filing all required reports in a timely fashion. (There is currently one person reporting but there are so many transactions, that the person is having problems keeping up. Those in charge are aware of the issue)
It seems like people in charge may be dragging their feet on doing things such comparing the terrorist watchlists, and taking a risk-based approach as far as determining which clients represent the highest risk because of concern for the bottom line.
Very soon the person who is filing all the reports will be moving to another position, so this may be a cause for additional concern. The person who is filing is conscientious and would rather not stop reporting until someone else has taken on this duty. Others who are responsible seem like they would rather not do so because of the costs and time involved.

Please advise me on the best course of action to take.

Answer:

Organizations that have obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act have many obligations which include the establishment and ongoing maintenance of a compliance regime and reporting.

As an employee of a reporting entity, it is recommended that you discuss your concerns with your Compliance Officer as your management and the compliance officer might find your findings to be helpful. We would suggest that your compliance officer may want to consult and utilize ( You can suggest that they use ) the tools found on our website such as the FINTRAC guidelines, our on-line e-learning module on Terrorist Financing and that they may want to (as well even recommend that if they wish, they can) contact FINTRAC so that we can assist them in reaching full compliance.

Date answered: 2009-09-11

PI Number: PI-4677

Obligation(s): Compliance Regime

Guidance: 4

Requirement for how compliance regime is documented.

Question:

Section 71(1)(d) requires that training includes "developing and maintaining a written ongoing compliance training program". What exactly do we mean by "written"? Is a written syllabus/curriculum/outline of what (subject-high level- not actual content), when, who, how, etc of the ongoing training that "will be" or "is" offered be sufficient? Or rather does having written documentation of the training content such as written documents, powerpoint slides, or videos, pamphlets, audio, etc. satisfy the "written" portion of the regulations?

Answer:

The regulations only indicate that the RE must develop training and maintain a written ongoing training as per subsection 71(1)(d), without giving much indication as what must be in writing exactly.

The guidelines however are more explicit and indicate the following:

Effective June 23, 2008, your training program has to be in writing and you have to maintain it. This means that the program itself has to be in writing, but the way the training is delivered does not have to be in writing. For example, you could deliver your training program using computer-based software, information sessions, face-to-face meetings, etc. You also have to ensure that your training program is reviewed and adjusted in a timely manner to reflect your needs.

Therefore, the process and the schedule (i.e. the plan) of the training should be in writing, however, not the training itself (i.e. the material).

Date answered: 2009-09-11

PI Number: PI-4676

Activity Sector(s): Real estate

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(d)

Compliance Training Program for Sole Proprietors

Question:

Does a RE have to have a documented training program in place if the MSB was incorporated and its sole employee was also the RE's sole shareholder? As a documented training program would need to be put in place for shareholders/employees receiving compensation, what if the shareholder is only receiving dividends and not a salary and yet performs all the tasks inherent to an employee (conducts fx/EFT transactions) but receives his compensation via dividends (which are paid out to shareholders and not employees)? Does the RE still need to have a documented training program since the person carries out the functions of an employee but is compensated as a shareholder? There are instances where corporations with one or two shareholders who also happen to be the corporation's sole employees simply provide their shareholders with advances, which are not taxable as long as they are repaid within two years; in such a case, would the said shareholders be still considered employees, ergo the need to document the training?

Answer:

Training of Employees:
If the person or entity (be it that entity is incorporated or otherwise) has employees, which means one or more, then they have to develop and maintain a written ongoing compliance training program. If the sole shareholder is also the sole "employee", which is a question of fact, then yes they would need to develop and maintain a written ongoing compliance training program. However, our guidance has always been that the training program needs to be proportionate to that entity. If only one employee we wouldn't expect a six-inch binder and DVD of a training program. But keep in mind though that the regulations do not provide an exemption because the entity only has one employee who might also be the only shareholder. The only exemption applicable is in the case of a "sole proprietorship". After enquiring and exercising appropriate due diligence to answer the employee "question of fact" if we feel we should cite then it would be up to the RE to provide information (via an action plan) as to why they are not an employee.

Corporation and Shareholders in relation to training:
We want to point out that in regards to the compliance regimes/training component, it is irrelevant who are the shareholders. Once you have determined that it is an incorporated business i.e. a corporation and not a sole proprietorship, then you must look if there is a training program in place for all their employees, agents and persons authorized to act on behalf of that corporation. So even if there is only one employee, there must be a training program in place.Whether that employee is a shareholder of the corporation or not, is irrelevant. What is important to determine is the following: Is he/she an employee, agent or person authorized to act on behalf of that corporation? if so, he/she must be trained.

Date answered: 2009-09-03

PI Number: PI-4669

Activity Sector(s): Accountants, Life insurance, Money services businesses, Real estate

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(d)

Citing - Risk Assessment

Question:

If a reporting entity has not documented the risk assessment it has adopted, can FINTRAC cite it? In one case, the introduction letter sent by the RE explained in details their business operations, types of clientele, etc. outlining that they are not at risk given different factors. In the second case, the conclusion regarding if the RBA was conducted or not was inferred by one of the recruits. The conclusion was that there was a RBA based on factors mentioned "here and there" in the introduction letter sent by the RE, the internal review and the P&P's. This means that "we had to find the criteria by ourselves" to conclude if there is a RBA or not.

Answer:

If in both cases you have asked for their written risk assessment and they have not provided one taking into account the required factors as per legislation then they are deficient. The 2 year review deficiency would also not be appropriate as they do not have a RBA, they also would not have included a review process for something that is not in place.

Date answered: 2009-08-24

PI Number: PI-4662

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(e)

Brokerage Firm vs brokerage licence

Question:

A broker has a brokerage licence under an entity (as a separate entity - let's call him Entity A) however, does not really operate a brokerage firm as he is just the sole broker of this entity. However, the real "franchisee" is another separate entity Entity B that houses Entity A.

This broker claims that Entity B is the one that has the P&Ps and he just uses those, same with the RBA etc...

Can they cite Entity A as a separate brokerage firm (that is not really one) or the broker himself under Entity B?

Answer:

It would be really important in this particular case to determine who is the reporting entity, as well as what is the relationship between the different entities.

The questions that need clarifications are the following:

1) Is the broker the reporting entity? and in order to determine if he is;
2) Is the broker an agent or the employee of the bigger brokerage firm?
3) Does the broker have a contract with the bigger brokerage firm? and what type of agreement does he have with the firm?

It is all a question of fact, and if you determine the relation between the sole broker and the bigger brokerage firm, then that will give you the answer as to who is responsible ultimately for all the legislative obligations under our Act and then who should be examined.

Date answered: 2009-08-11

PI Number: PI-4650

Activity Sector(s): Real estate

Obligation(s): Compliance Regime

Guidance: 4

Non-documented ongoing training

Question:

When there is a sole proprietor with no other employees, there is an implicit exception for documenting the training program under 71(1)(d). However, does this exception include situations where the business is not a sole proprietor but incorporated with no "employees" other than the owner, i.e. will there always be at least one person authorized to act on behalf of any corporation, even where that individual may be the lone single owner of the business? This is very relevant given the large numbers of MSBs to be desk examined presently and going forward.

Answer:

In the case of a sole proprietor, you are right, you are not the employee of yourself, therefore you do not need to document a training program. However, in that particular case we would certainly scrutinize the policies and procedures and ensure that they are updated and that when he does his 2 year review, that they are effective.

As for a corporation, it would be a question of fact to determine if the "owner" is also the employee of the corporation or business (such as he receives a salary for example or some form of compensation other that would qualify him as an employee), and if that is the case, then a training program under 71(1)(d) would need to be documented and in place.

Date answered: 2009-08-10

PI Number: PI-4648

Activity Sector(s): Accountants, Financial entities, British Columbia notaries, Casinos, Dealers in precious metals and stones, Life insurance, Money services businesses, Real estate, Securities dealers

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(d)

Pre-authorized remittance

Question:

We have a situation where we have a number of Filipino contract workers who are working in remote areas and do not have access to a remittance service. These workers need to remit funds to their families in the Philippines on a monthly basis. These workers have requested the recruitment agency to do the remittance on their behalf. The workers will authorize their employer to deduct from their salaries the amount they intend to remit to their families. These funds will in turn be sent to the agency for remittance.

The agency came to us for assistance in implementing this plan. After assessing the risks involved and KYC requirements we have come up with the following suggested resolution:

-ABC will appoint the agency to act as an agent for the workers.
-the agency (agent) will require all workers to complete an ABC First Time Remitter Form, which will contain complete information on the worker. These info will also include a government issued ID. The agent will keep a copy of this form for his files and send another copy to ABC for our files.
-for the first remittance transaction, each worker will be requested to complete and sign a remittance transaction form. This includes info on both the sender and recipient. For subsequent remittance transactions, a remittance transaction form will be completed by the agent based on instructions from the worker. All these forms will be signed by the agent and faxed to ABC for processing.
-funds will be remitted to ABC by the agent.

Could you kindly review and analyze the foregoing and advise if it is acceptable for us to implement?

Answer:

Yes we agree with you that this entity appointed in the Philippines would be an agent of the principal MSB i.e. ABC. However, under our legislation, the principal has to list only its Canadian agents, and in this case, this agent is based in the Philippines (therefore would not have to be listed under our laws).

ABC as the principal MSB is responsible for the reporting and record keeping obligations, and they have to train their Canadian agents. However the principal has no obligation under our legislation to train their foreign agents (i.e. the agents that operate outside Canada). Having said this, to ensure that their agents working outside the country collect and report back the correct information, it would be a best practice for the principal to "train" or "instruct" their foreign agents on what is expected of them and what information should be collected by them, as ultimately the principal MSB will be responsible for all the legislative requirements.

In regards to client identification, they do not need a written agreement to that effect (as this is a MSB/agent relationship and not a mandate given to an "agent" to identify on your behalf).

Date answered: 2009-07-03

PI Number: PI-4621

Activity Sector(s): Money services businesses

Obligation(s): Compliance Regime

Guidance: 4, 6C

Relevance of obligations for a life insurance company who doesn't sell life insurance

Question:

If a life insurance agent is licenced, but not selling life insurance - are they responsible for having a compliance regime?

Answer:

The life insurance brokers and companies are simply covered because they are life insurance brokers or companies (as opposed to other sectors that either have triggering activities or because they hit a threshold and then they are covered..)

Therefore even though they are not selling life insurance or have no clients per se, they would still have to put in place a compliance regime and report STRs. However, their compliance regime would be somewhat very limited if they have no clients and do not sell life insurance.

Date answered: 2009-05-08

PI Number: PI-4584

Activity Sector(s): Life insurance

Obligation(s): Compliance Regime, Reporting

Guidance: 4

Regulations: 16

Act: 3(i), 5(c)

FINTRAC Guidelines - intended use of account

Question:

One of the changes effective June 23, 2008 was for Dealer Members to record the intended use of each new account opened. I believe that the spirit of this requirement was to provide the registrant and firm with some insight into the client’s intentions at the account opening stage, and then monitor the client’s activity against their stated intentions to detect any material variances (and if the variances relate to an AML or terrorist financing offence).

A reporting entity requires the client to acknowledge “that the intended use of your Account is for investing purposes.” It’s my view that this approach is inappropriate as the firm, and not the client, is describing what the intended purpose of the account is. Further, I feel that the reason stated – “investing purposes” – is too broad as there would be little or no ongoing valuable monitoring occurring.

I believe a more reasonable approach would be to include a space for the clients to describe their intended reason for opening the account or have a series of checkboxes stating “Savings for Future Purchase (describe), “Emergency Funds”, “Retirement Savings”, “Estate Planning”, etc. Of course, should not make any formal suggestions in this regard, however, I do feel that the firm’s current approach does not address the requirements. Would this fulfill the requirements or not?

Answer:

Although the disclaimer would be sufficient enough (i.e. that we would not cite the entity as deficient if they use that method), we would strongly suggest that as a best practice the securities brokers or firms request from their clients a more specific purpose of investments (either by a drop down menu with various categories that the client could choose from such as retirement savings, emergency fund, future savings etc.) and in last resort if none of the above category are chosen, a more general one such as "investment purpose".

Date answered: 2009-05-08

PI Number: PI-4425

Activity Sector(s): Financial entities, Securities dealers

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 23(1)(a.1)

Licensed agent's obligations

Question:

Q1. If a life insurance agent is licensed, but not selling life insurance - are they responsible for having a compliance regime?

Q2. When a life insurance agent/brokerage or company sells property and casualty insurance - as well as life insurance - my understanding is that you have given guidance indicating that the entity is responsible for the compliance regime STR/LCTR/TPR aspects of those products also, but that the client identity and record keeping obligations were not an issue. Am I correct?

Answer:

A1. The life insurance brokers and companies are simply covered because they are life insurance brokers or companies (as opposed to other sectors that either have triggering activities or because they hit a threshold and then they are covered.)

Therefore even though they are not selling life insurance or have no clients per se, they would still have to put in place a compliance regime and report STRs. However, their compliance regime would be somewhat very limited if they have no clients and do not sell life insurance, i.e. probably very brief P&P's on STRs for example, a compliance officer and next to nothing in regards to their risk assessment.

A2. The entity is responsible for the compliance regime, STR and TPR - but not for the LCTR.

Date answered: 2009-04-29

PI Number: PI-4571

Activity Sector(s): Life insurance

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 6(2), 71(1)

Life Insurance Policy Question

Question:

I have a scenario where a credit union is selling general insurance (P&C) and not life insurance. The credit union indicated that the insurance portion of the business is run as a subsidiary of the credit union, but that this subsidiary is not a separate legal entity.

Would they require a full compliance regime for their general insurance products?

Answer:

A credit union is a financial entity as defined in Subsection 1(2) of the Regulations. Therefore, all its activities are covered for LCTRs and STRs and TPRs. However, we don't believe that when the CU is selling general insurance, that the CU would open an account. In this specific case, there would not be a client identification requirement for that activity nor client identification related to record keeping.

Date answered: 2009-04-29

PI Number: PI-4570

Activity Sector(s): Life insurance

Obligation(s): Compliance Regime

Guidance: 4, 6G

Regulations: 1(2)

Life Insurance Policy Question

Question:

If a life insurance agent is licensed, but not selling life insurance – is he responsible for having a compliance regime?

Answer:

The life insurance brokers and companies are simply covered because they are life insurance brokers or companies (as opposed to other sectors that either have triggering activities or because they hit a threshold. In these cases, they are covered.

Even if they are not selling life insurance nor do they have any client per se, they would still have to put in place a compliance regime and report STRs. However, their compliance regime would be somewhat very limited taking into account their particular circumstances, i.e. probably very brief P&P's on STRs, a compliance officer and next to nothing in regards to their risk assessment.

Date answered: 2009-04-29

PI Number: PI-4422

Activity Sector(s): Life insurance

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)

Act: 5c)

Accountants, triggering activities vs public body

Question:

The firm conducts the triggering only for one client. The thing is that this client is a public body.

Now, taking into account that paragraph 36(1)(a) of the PCMLTFR states that an accounting firm does not have to keep a Receipt of funds record when the amount is received from a financial entity or a public body;
Taking into account this means there is no ID requirement for this client in this case according to section 59.1 since this reporting entity does not have to keep a Receipt of funds record;
Taking into account subsection 36(2) of the PCMLTFR that states that an accountant firm does not have to keep a Large Cash Transaction Record when the amount is received from a financial entity or a public body;
Taking into account this means there is no ID requirement for this client in this case according to section 53 since this reporting entity does not have to keep a Large Cash Transaction Record;
Taking into account there is no LCT reporting requirement (section 35) if 10 000$ in cash is received from a public body.

The question is: does this reporting entity still need to have a compliance regime in place?

Answer:

Yes. As soon as a RE is conducting one of the triggering activities, it has to implement a compliance regime. STR and TPR requirements still apply. A RBA (among the other compliance regime elements) is also required despite the fact that the risk of ML/TF can be seen as minimal. However, the nature,complexity and size of the business should be considered in designing the regime.

Date answered: 2009-04-17

PI Number: PI-4411

Activity Sector(s): Accountants

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 35, 36(1)(a), 36(2), 53, 59.1, 71

Accountants Sector - secondary signer & POA related issue

Question:

Accounting firm B has been appointed as the power of attorney for the client's personal account a while ago. However, they haven't exercised the power since they were appointed. Meantime, are they still subject to the Act (assuming this is the only potential triggering activity) & are required to have a compliance regime in place or are they only covered when the POA is exercised & funds are paid?

Answer:

No they are not covered by our Act, because the accounting firm has not yet been engaged in any of the triggering activities of subsection 34(1).

Date answered: 2009-03-06

PI Number: PI-4537

Activity Sector(s): Accountants

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 34(1)

A pool of REs (CUs) assigning responsibilities to one Compliance Officer

Question:

1. Can a pool of Credit Unions (REs- example 8 REs) (each independent of one another) assign one compliance officer in order to carry out the PCMLTFA obligations for each Credit Union?

2. If the REs can assign the same person, is there any special agreement that is needed to ensure that Fintrac is not engaging in unauthorized disclosures when dealing with the CO that is responsible for many REs?

For example, would the REs have to each sign our "authorization for a representative" in our handbook or would the CO have to be employed, legally, by all the REs, or are there any other legal criteria that would have to be satisfied, if any, for Fintrac to be able to communicate with the CO? Recall, the CUs are independent and distinct REs.

The CO could be an existing employee of one of the participating CUs and the salary/benefits shared; or a new joint agreement hire;
The CO would have access to all the required acct info(all credit unions are on the same banking system) and report on behalf of all the participating credit unions.
A confidentiality agreement will be signed, whether employed by one credit union or joint agreement hire by all participating credit unions.
ABC system will be used.
The CO will be responsible to ensure the compliance regime is completed; appropriate policy is passed by Board of Directors; and he/she will report to each Board annually;
Each CU will have same policy, training of Board and staff; written policies and procedures, etc...
The AML training of staff and Board will be reviewed annually, with written report of the reviews to the BofD;
ABC system will be used to perform RBA of members in all locations and each CU will perform a RB assessment of the entity itself. will be completed annually or in the event there are new products and services.

Answer:

Q1 - Yes a pool of CUs can assign one compliance officer. Our regulations are silent on who can be appointed as a compliance officer, and on the conditions or qualifications of a compliance officer, therefore, anyone can be appointed as a compliance officer and in any way.

Q2 - There is a template that exists on unauthorized disclosures I believe. However, in the case, of a "joint" CO, the fact that the REs elected to one single CO, combined with the written authorization for a representative that the CO is the contact person, would be sufficient. Because you would be examining each and every one CUs individually I presume, then yes, you would need an authorization of representative signed by each (either an individual authorization from each REs, or a joint one signed by all the REs).

Date answered: 2009-01-09

PI Number: PI-4488

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71.1(a), 55.1

Act: 9.6

Registered MSB that doesn't do triggering activities

Question:

I recently conducted a MSB exam, for a Registered MSB that claims they have never conducted a FX transaction. They have an A-Frame sign outside their store stating: "US Dollars - Buy and Sell". There MSB application states the estimated annual FX was $100. Onsite, they claimed they don't even know what exchange rate to use. Of course, I explained onsite that if they don't want to do be considered a MSB and they don't do transactions, they should remove the advertisement and de-register.

Since MSBs are defined by triggering activities, can we deficiency them on not having a compliance regime?

Answer:

Yes, you could cite them as deficient if they do not have a compliance regime in place.

As per our FIN no. 1 (interpretation notice on the criteria for engaged in a money services business), we indicate that you are considered a money services business if any of the following apply to you:
You advertise (by means of newspaper, television, yellow pages, internet, any other media, or by an interior or exterior sign) the fact that you engage in any of the above-mentioned money services business activities.

So therefore if they advertise that they are a MSB, they are engaged in a money services business and therefore should comply with our legislative requirements

Date answered: 2008-11-27

PI Number: PI-4457

Activity Sector(s): Money services businesses

Obligation(s): Compliance Regime

Guidance: FIN-1, 4

Act: 5(h)

Review of PPs- "for the purpose of "testing" their effectiveness"

Question:

In regards to 71(1)(e) ,specifically regarding the review of PPs according to 71(1)(e), does the statement in the section "for the purpose of "testing" their effectiveness" include the sampling (testing) of records (transactions) to determine if the PPs are properly put into execution?

Answer:

In regards to the "testing" of the effectiveness of the PPs, here are a few comments.

It has been FINTRAC's policy to leave the testing up to the reporting entity - they can therefore decide how they want to test the effectiveness (either by sampling or any other method). For us, as long as the reporting entity can demonstrate that their policies and procedures are effective, how they prove or demonstrate it is up to them!

Date answered: 2008-09-16

PI Number: PI-4348

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(e), 71(2)

Reporting to board of directors

Question:

Is there a rule that states as a financial institution we need to report at least quarterly to our board of directors of money laundering activities reported to FINTRAC. If this is a regulation can you direct me to where it states this.

Answer:

In terms of legislative requirements and senior approval required, here are the legislative requirements:

Under 71(2), the entity needs to report to a senior officer (not necessarily to the board of directors) in writing on the following - review, updates made to the policies and procedures, and status of implementation of those updates.

As well, initially, under 71(1)(b) the written policies and procedures have to be approved by a senior officer.

The other mention is when an individual is determined to be a PEFP then, senior management approval is required to keep the account open (67.1(1)(b)).

And finally the other mention of senior officer is in 50(4)(b) however that applies to clients referred to in section 50(1) (North American Industry Classification System).

Date answered: 2008-09-08

PI Number: PI-4336

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(b), 71(2), 67.1(1)(b)

Coverage of Life Insurance Companies under the Act and Regs for compliance regime, STRs and RBA

Question:

Can you confirm if the statements below are accurate? Specifically, it is our understanding that since life insurance companies offer accident and sickness products, they are covered under the PCMLTFA and its associated Regulations for compliance regime, STRs and RBA. However, as accident and sickness products are not life insurance, they would not be subject to client identification or record-keeping obligations.

Large cash transactions – every time a company, agent or broker receives $10,000 or more in cash they need to report it to the centre as per section 17 of the PCMLTFR and keep a large cash transaction record as per section 18 of the PCMLTFR. This obligation applies to life companies, agents and brokers regardless of the type of product purchased.

Client information record – every life insurance company, agent or broker shall keep a client information record for every purchase from them of an immediate or deferred annuity or of a life insurance policy for which the client may pay $10,000 or more over the duration of the annuity or policy, regardless of means of payment. This is stated in section 19(1) of the PCMLTFR and would exclude any policies that are exempt. The wording above is important as it states that the obligation only applies to annuities and life insurance policies. As accident and sickness products are not life insurance policies, this would indicate that client information record obligations do not apply to accident and sickness products like extended health care, long term care, long term disability or critical illness.

Client identification – every life insurance company, agent or broker shall ascertain the identity of every person who conducts, on the person’s own behalf or on behalf of a third party, a transaction with that insurance company or life insurance broker or agent for which a client information record is required to be kept under section 19 of the PCMLTFR. As the requirement to identify a client is tied directly to the requirement to create a client information record, client identification requirements apply only to annuities and life insurance policies other than those that are exempt.

Answer:

In regards to the statement below:

1) No, the statement below that LCTR reporting and record keeping requirements applies regardless of the type of product purchased is not true - in section 17b) it is indicated that the reporting requirements applies when $10,000 is received in cash except in respect of transactions referred to in subsection 62(2) - the transactions found in 62(2) are: exempt policies as defined in subsection 306(1), group life insurance policy that does not provide for a cash surrender value, etc...

18b) refers to the LCT record keeping obligation - again the LI transactions found in 62(2) are exempted.

So, in other words, the LCTR (reporting and record keeping) obligations do not apply to all life insurance products.

2) Again section 19(1) is subject to the exceptions found in section 62(2) - and the products in 19(1) are explicitly stated - immediate or deferred annuity or of a life insurance policy. So yes, this would indicate that client information record obligations do not apply to accident and sickness products like extended health care, long term care, long term disability or critical illness.

3) Again the exemptions to client identification in relation to the real estate sector are found in section 62(2) - so yes client identification for which a client information record is to be kept under section 19 subject to section 20.2 (reinsurance) and 62(2) exceptions.

Date answered: 2008-08-25

PI Number: PI-4319

Activity Sector(s): Life insurance

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 62(2), 20.2, 17,18(b),19(1)

Review of PPs by Regulator

Question:

Paragraph 71(1)e) of the PCMLTFR states that "instituting and documenting a review of the policies and procedures, the risk assessment and the training program for the purpose of testing their effectiveness, which review is required to be carried out every two years by an internal or external auditor of the person or entity, or by the person or entity if they do not have such an auditor".

Can the examination of a Regulator, with which we have a MOU, satisfy paragraph 71(1)(e) of the PCMLTFR?

Answer:

No, the regulator is not an auditor (if so, then reporting entities might be tempted to argue that since FINTRAC also does examination, that the FINTRAC examination would satisfy their obligation under 71 (1)(e) as well !! - the examinations and the review/audit to test the effectiveness under section 71 (1)(e) do not scope the same activities, nor to the same extent).

Date answered: 2008-07-18

PI Number: PI-4282

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(e)

Meaning of test effectiveness

Question:

Paragraph 71(1)e) of the PCMLTFR states that "instituting and documenting a review of the policies and procedures, the risk assessment and the training program for the purpose of testing their effectiveness, which review is required to be carried out every two years by an internal or external auditor of the person or entity, or by the person or entity if they do not have such an auditor".

What do you mean by testing the effectiveness?

Answer:

It depends on the sector, and how complicated the sector is. Although sampling is not required, for a specific sector, it may be something that they would want to do in order for them to have a better picture on the effectiveness of their policies and procedures, in regards to their record keeping obligations and their compliance regime in general. Because again the regulations do not specify what a review entails, it would be up to the reporting entity to determine the scope of their review.

Date answered: 2008-07-18

PI Number: PI-4281

Activity Sector(s): Financial entities

Obligation(s): Compliance Regime

Guidance: 4

Regulations: 71(1)(e)

Date Modified: