Guideline 6E: Record Keeping and Client Identification for Securities Dealers

June 2015

This replaces the previous version of Guideline 6E: Record Keeping and Client Identification for Securities Dealers issued in February 2014. This version includes guidance on obligations, which came into effect June 19, 2015.

The changes made are indicated by a side bar to the right of the modified text in the PDF version.

Table of Contents

  1. General
  2. Record Keeping and Client Identification Obligations
  3. Records To Be Kept
  4. Client Identity
  5. Ongoing Monitoring of Business Relationship and Related Records
  6. Records about Beneficial Ownership and Control
  7. Third Party Determination and Related Records
  8. Politically Exposed Foreign Person Determination and Related Records
  9. Foreign Subsidiaries or Branches
  10. How Should Records Be Kept?
  11. Penalties for Non-Compliance
  12. Comments?
  13. How to Contact FINTRAC

Guideline 6E: Record Keeping and Client Identification for Securities Dealers (PDF version, 357 KB)

1. General

The objective of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act is to help detect and deter money laundering and the financing of terrorist activities. It is also to facilitate investigations and prosecutions of money laundering and terrorist activity financing offences. This includes reporting, record keeping, client identification and compliance regime requirements for securities dealers.

A securities dealer is an individual or entity authorized under provincial legislation to engage in the business of dealing in securities or any other financial instruments or to provide portfolio management or investment advising services,  other than persons who act exclusively on behalf of such an authorized person or entity.  This means that if you are an individual who is authorized to deal in securities or any other financial instruments, but you do so exclusively on behalf of another entity or individual who is a securities dealer, you are not considered to be a securities dealer under this definition.

If you are a securities dealer, this guideline has been prepared to help you meet your record keeping and client identification obligations, including those for certain foreign subsidiaries or branches.

This guideline uses plain language to explain the most common situations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act as well as the related Regulations. It is provided as general information only. It is not legal advice, and is not intended to replace the Act and Regulations.

Record keeping and client identification obligations for other types of reporting persons or entities are explained by sector in other versions of this guideline (financial entities; life insurance companies, brokers and agents; money services businesses; agents of the Crown that sell or redeem money orders; accountants; real estate; dealers in precious metals and stones; British Columbia notaries; and casinos).

For more information about money laundering and terrorist financing, or other requirements under the Act and Regulations applicable to you, see the guidelines in this series:

If you need more help after you read this or other guidelines, call FINTRAC's national toll-free enquiries line at 1-866-346-8722.

Throughout this guideline, several references are provided to additional information that may be available on external websites. FINTRAC is not responsible for the accuracy, reliability or currency of the information contained on those external websites. The links provided are based on information available at the time of publishing of this guideline.

Throughout this guideline, any references to dollar amounts (such as $10,000) refer to the amount in Canadian dollars or its equivalent in foreign currency. Furthermore, all references to cash mean money in circulation in any country (bank notes or coins). In this context, cash does not include cheques, money orders or other similar negotiable instruments.

Your policies and procedures may cover situations other than the ones described in this guideline, for purposes other than your requirements under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. For example, the regulator for your sector may require you to apply additional policies and procedures, the retention period for your records may vary for purposes other than what is described in this guideline, or you may have to request an individual's social insurance number for income tax purposes.

2. Record Keeping and Client Identification Obligations

As a securities dealer, you have to do the following:

There are some exceptions and these are explained throughout each section.

The use of personal information in Canadian commercial activities is protected by the Personal Information Protection and Electronic Documents Act (PIPEDA), or by substantially similar provincial legislation. You have to inform individuals concerning the collection of personal information about them. However, you do not have to inform individuals when you include personal information about them in any of the reports that you are required to make to FINTRAC. You can get more information about your responsibilities in this area from the following:

3. Records To Be Kept

As a securities dealer, in addition to the records described in sections 5 to 9, you have to keep the following records:

Details about each of these types of records are provided in subsections 3.2 through 3.5.

See section 4 for information about identification requirements that may be associated to the events triggering record keeping requirements.

3.1 General exceptions to record keeping

If you keep information in a record that is already readily available in any other record that you have kept under these rules (as described throughout this guideline), you do not have to keep that information again.

You do not have to keep any of the records described in subsections 3.3 to 3.5, or in section 8, when you open any of the following accounts:

In addition, you do not have to keep any of the records described in subsections 3.3 to 3.5, or in section 8, for a transaction that is part of a reverse mortgage or structured settlement. This includes opening an account for this type of transaction.

Accounts or transactions for a public body or very large corporation

If you open an account or conduct a transaction for a public body or a very large corporation, the record keeping requirements described in subsections 3.3 to 3.5 do not apply. The same is true regarding a subsidiary of either of those entities, if the financial statements of the subsidiary are consolidated with those of the public body or very large corporation.

In this context, a public body means any of the following or their agent:

Also in this context, a very large corporation is one that has minimum net assets of $75 million on its last audited balance sheet. The corporation's shares have to be traded on a Canadian stock exchange or on a stock exchange outside Canada that is designated by the Minister of Finance. The corporation also has to operate in a country that is a member of the Financial Action Task Force (FATF). For more information about stock exchanges outside Canada that are designated by the Minister of Finance, refer to the July 2, 2008 news release available in the News area of the Department of Finance's website (http://www.fin.gc.ca).

To find out which countries are members of the FATF, refer to its website (http://www.fatf-gafi.org).

3.2 Large cash transaction records

This is a record for every amount of cash of $10,000 or more that you receive from a client in a single transaction. For example, if your client purchases securities with $10,000 or more in cash, you have to keep a large cash transaction record. This type of transaction will also require a report to FINTRAC, as explained in Guideline 7: Submitting Large Cash Transaction Reports to FINTRAC.

If you know that two or more cash transactions of less than $10,000 each were made within a 24-hour period (that is, 24 consecutive hours), by or on behalf of the same client, these are considered to be a single large cash transaction if they add up to $10,000 or more. In this case, you would have to keep a large cash transaction record, and report the transaction to FINTRAC as explained above.

Do not keep a large cash transaction record or make a large cash transaction report to FINTRAC if the cash is received from a financial entity or a public body. In this context, a financial entity means any of the following:

For information about what is considered a public body in this context, see information in subsection 3.1 above, under the heading "Accounts or transactions for a public body or very large corporation."

Contents of a large cash transaction record

For any large cash transaction, the information you have to keep in a large cash transaction record includes the following:

Be as descriptive as possible regarding the business or occupation. Record information that clearly describes it, rather than use a general term. For example, in the case of a consultant, the occupation recorded should reflect the area of consulting, such as "information technology consultant" or "consulting forester." As another example, in the case of a professional, the occupation should reflect the nature of the work, such as "petroleum engineer" or "family physician."

If you have to ascertain the identity of the individual conducting the large cash transaction, see subsection 3.7 for additional information that is required on the large cash transaction record.

3.3 Account opening records

For every account that you open, you have to keep records. This includes signature cards, account operating agreements, account applications, copies of official corporate records (binding provisions) and other information, as described below.

If you have to ascertain the identity of an individual authorized to give instructions for the account, see subsection 3.7 for additional information required on the account opening record.

Signature cards, account operating agreements or account applications

You have to keep a signature card, an account operating agreement or an account application that shows the signature of the individual who is authorized to give instructions for the account.

In the case of a group plan account, you will not have to keep a signature card for any individual member of the plan if the plan's sponsor is an entity and you have already confirmed its existence. However, unless the plan is exempt from record keeping requirements as explained in subsection 3.1, you will have to keep a signature card for each individual member for whom a contribution is made that is other than a contribution made by payroll deductions or by the plan's sponsor.

Intended use

For every account you open, you will have to keep a record about the account's intended use. This record can also be used when recording the purpose and intended nature of a business relationship. For more information on business relationships, please consult section 5.

Examples of intended use for accounts include the following:

Accounts for corporations

If you open an account for a corporation, in addition to the signature card, account operating agreement or account application as explained above, you have to keep a copy of the part of the official corporate records showing the provisions that relate to the power to bind the corporation regarding the account. This could be a certificate of incumbency, the articles of incorporation or the bylaws of the corporation that set out the officers duly authorized to sign on behalf of the corporation, such as the president, treasurer, vice-president, comptroller, etc. If there were changes subsequent to the articles or bylaws that relate to the power to bind the corporation regarding the account and these changes were in effect at the time the account was opened, then the board resolution stating the change would be included in this type of record.

Accounts for individuals or entities other than corporations

If the account is opened for an individual or any entity that is not a corporation, in addition to the signature card, account operating agreement or account application as explained above, you have to keep a record of the name, address and principal business or occupation of the individual or entity. For more information about recording business or occupation, see subsection 3.2 under the heading "Contents of a large cash transaction record."

If the record is about an individual, it also has to include the individual's date of birth.

3.4 Certain records created in the normal course of business

You have to keep every one of the following records that you create in the normal course of business:

3.5 Client statements

You have to keep a copy of every statement that you send to your client.

3.6 Suspicious transaction report records

When you have to report a suspicious transaction to FINTRAC, you have to keep a copy of the report. See Guideline 3: Submitting Suspicious Transaction Reports to FINTRAC for more information about obligations related to this report.

3.7 Identification information on all records

If you have to ascertain the identity of an individual, as explained in section 4, in association with any of the records mentioned in section 3, you have to keep the individual's name with that record. You also have to keep the following with that record:

Identification documents

If you have to ascertain the identity of the individual using a document, the record has to include the type of document you used to confirm the individual's identity, its reference number and its place of issue.

Identification of clients not physically present

If you do not use an identification document but use methods for a client who is not physically present (as described in subsection 4.7), you have to include whichever of the following, according to the methods used:

4. Client Identity

4.1 When and how do you have to ascertain client identity?

As a securities dealer, you have client identification obligations. You have to take the following measures to ascertain the identity of individuals or to confirm the existence of entities (entities meaning: corporations, trusts, partnerships, funds, and unincorporated associations or organizations), subject to the general exceptions outlined in subsection 4.2.

If you cannot ascertain the identity of an individual or confirm the existence of an entity when you open an account according to the identification requirements, you cannot open the account. This means that no transaction other than an initial deposit can be carried out unless you are able to ascertain the identity of the individual or confirm the existence of the entity as explained in subsections 4.5 and 4.8. As well, if you suspect that the transaction is related to a money laundering or terrorist financing offence, you must file a suspicious transaction report, as explained in Guideline 3: Submitting Suspicious Transaction Reports to FINTRAC.

Subsections 4.3 to 4.6 explain the need to ascertain the identity of an individual when an event triggers the requirement. In these events, you must ascertain the identity of an individual, unless an exception applies as explained in subsection 4.2.

Refer to section 3 for information about record keeping requirements that may be associated to the events triggering identification requirements.

Once you have conducted two transactions with a client that require you to ascertain the identity of the client, you have entered into a business relationship with that client.  See section 5 for more information on business relationships and related records.

4.2 General exceptions to client identification

In addition to the exceptions explained throughout the rest of section 4, the following general exceptions apply to client identification requirements.

Existing clients

Once you have ascertained the identity of an individual as explained in this guideline, you do not have to ascertain their identity again if you recognize the individual (visually or by voice) at the time of a future event that would otherwise trigger the identification requirement. However, if you have any doubts about the identification information previously collected, you will have to ascertain that individual's identity again.

Once you have confirmed the existence of a corporation and confirmed its name, address and the names of its directors (as explained in subsection 4.8), you are not required to confirm that same information in the future.

Once you have confirmed the existence of an entity other than a corporation (as explained in subsection 4.8), you are not required to confirm that same information in the future.

You do not have to ascertain the identity of an individual as described in subsection 4.5, nor do the requirements described in subsection 8.1 for new accounts apply:

In this context, the life insurance company is affiliated with the entity if one fully owns the other or if they are both owned by the same other entity.

Certain types of accounts or transactions

You do not have to ascertain the identity of an individual as described in subsection 4.5 for the opening of a business account for which you have already identified three persons who are authorized to give instructions in respect of the account.

You do not have to ascertain the identity of an individual as described in subsection 4.5, nor do the requirements described in subsection 8.1 for new accounts apply for the opening of an account for the sale of mutual funds if you have reasonable grounds to believe that the client has been identified, as explained in subsection 4.7, by a securities dealer regarding the sale of mutual funds for which the account is opened or one of a series of several transactions that includes that sale.

You do not have to ascertain the identity of clients as described in subsections 4.5, 4.6 or 4.8, nor do the requirements described in section 5, 6 or 8 apply, in the following situations:

Accounts or transactions for a public body or very large corporation

If you open an account for a public body or a very large corporation, the requirements described in subsections 4.5 and 4.8 or in section 6, do not apply. The same is true regarding a subsidiary of either of those entities, if the financial statements of the subsidiary are consolidated with those of the public body or very large corporation.

For information about what is considered a public body or a very large corporation in this context, see subsection 3.1 under the heading "Accounts or transactions for a public body or very large corporation."

4.3 Client identity for large cash transactions

You have to ascertain the identity of any individual with whom you conduct a large cash transaction, at the time of the transaction, if you have to keep a large cash transaction record for it, as described in subsection 3.2. If the transaction is a deposit to a business account, you do not have to ascertain the identity of the individual conducting it. In this context, a business account is one that, at the time it was opened, was for a business or for a non-profit organization (that is, other than a personal or trust account).

As explained in subsection 4.2, once you have ascertained the identity of an individual, you do not have to ascertain their identity again if you recognize the individual. None of the other exceptions explained in subsection 4.2 apply in the case of large cash transactions.

See subsection 4.7 to find out how to ascertain the identity of an individual for a large cash transaction.

4.4 Client identity for suspicious transactions

When you have to send a suspicious transaction report to FINTRAC, you have to take reasonable measures, before the transaction is reported, to identify the individual who conducted or attempted to conduct the transaction. This does not apply in the following circumstances:

In this context, reasonable measures to ascertain the identity of an individual include using either Option 1 or Option 2 as explained in subsection 4.7 under the heading "Individual not physically present." They also include asking the individual for an identification document. However, reasonable measures exclude any method that you believe would inform the individual that you are submitting a suspicious transaction report.

It is important to remember that all suspicious transactions and attempted transactions, including transactions that are normally exempt from client identification requirements, require you to take reasonable measures to ascertain your client's identity. See Guideline 2: Suspicious Transactions for more information.

4.5 Client identity for accounts: individuals authorized to give instructions

You have to ascertain the identity of any individual who is authorized to give instructions for an account that you have to keep a record about (as explained in subsection 3.3, 3.4 or 3.5, or section 8). Ascertaining the identity of the individual has to be done before any transaction (other than the initial deposit) is carried out.

See subsection 4.7 to find out how to ascertain the identity of an individual authorized to give instructions for an account.

4.6 Client identity for group plan account individual members

In the case of a group plan account that is not exempt from identification requirements as explained in subsection 4.2, you have to ascertain the identity of any individual members for whom you have to keep a signature card as explained in subsection 3.3 under the heading "Signature cards." In this case, you have to ascertain the identity of individual members when they make contributions to the plan.

4.7 How to ascertain the identity of an individual

See subsection 3.7 for additional information that is required on certain records when you have to ascertain the identity of individuals.

To ascertain the identity of an individual, refer to the individual's birth certificate, driver's licence, passport, record of landing or permanent resident card or other similar document.

You can refer to an individual's provincial health card, but only if it is not prohibited by provincial or territorial legislation. For example, you cannot refer to an individual's provincial health card from Ontario, Manitoba, Nova Scotia or Prince Edward Island since health cards cannot be used for this purpose in these provinces. As another example, in Quebec, you cannot request to see a client's health card, but you may accept it if the client wants to use it for identification purposes. If you have questions about the use of health cards for identification, please contact the appropriate provincial issuer for more information.

For a document to be acceptable for identification purposes, it must have a unique identifier number. Also, the document must have been issued by a provincial, territorial or federal government. For example, a birth or baptismal certificate issued by a church would not be acceptable for this purpose. Also, an identification card issued by an employer for an employee (that is, an employee identification card) is not acceptable.

The document also has to be a valid one and cannot have expired. For example, an expired driver's licence would not be acceptable.

A social insurance number (SIN) card can be used to ascertain the identity of a client, but the SIN (that is, the number itself) is not to be provided to FINTRAC on any type of report. The Office of the Privacy Commissioner (http://www.priv.gc.ca) has produced a fact sheet concerning best practices for the use of SINs. Please consult it for more information on this topic.

Examples of other documents that can be used to ascertain the identity of a client include a certificate of Indian status or a provincial or territorial identification card issued by any of the following (or their successors):

Valid foreign identification, if equivalent to an acceptable type of Canadian identification document, would also be acceptable for the purposes explained in this guideline. For example, a valid foreign passport is acceptable.

When you refer to a document to ascertain the identity of an individual, it has to be an original, not a copy of the document. In cases where it is not possible for you to view the original yourself, you may choose to use an agent or mandatary to verify the original identification document on your behalf. Even if you use an agent or mandatary, you are responsible for making sure the identification requirements are met.

Use of an agent or mandatary

If you use an agent or mandatary for client identification, you have to enter into a written agreement or arrangement with the agent or mandatary outlining what you expect them to do for you. In addition, you have to obtain from the agent or mandatary the customer information that was obtained according to the agreement or arrangement.

Your agent or mandatary can ascertain the identity of your client for you using an identification document. In cases where your client is not physically present at the opening of an account or conducting of a transaction, your agent or mandatary can use the options explained below.

Individual not physically present

If you have to identify an individual who is not physically present you will have to use one or the other of the following options to confirm the identity of that individual.

OPTION 1: Affiliate or co-member

To ascertain the identity of an individual using this option, you have to first obtain the individual's name, address and date of birth. Then, you have to confirm that one of the following has ascertained the identity of the individual by referring to an original identification document:

To use this option, you have to verify that the individual's name, address and date of birth provided to you correspond with the information kept in the records of that other entity.

In this context, an entity is affiliated with you if you fully own it or it fully owns you, or you are both fully owned by the same entity.

OPTION 2: Combination of methods

To ascertain the identity of an individual using this option, you have to use a combination of two of the following methods. In each of the two methods you use, the individual's information has to be consistent with what you have in your records. The information also has to be consistent from one method to the other. For example, if each of the methods you use has the name, address and date of birth information about the individual, all of it has to agree with what you have in your records.

The methods below may not apply for all clients. For example, the methods would not be available to ascertain the identity of a client outside Canada who is opening an account with you, but has no Canadian credit history, no access to a Canadian guarantor and no deposit account with a financial entity. In this case, ascertaining the identity of the client using an identification document may necessitate the use of an agent or mandatary, as explained above.

Identification product or credit file method

You can use either of the following methods but you cannot combine them:

  • Refer to an independent and reliable identification product. It must be based on personal information as well as Canadian credit history about the individual of at least six months duration. This type of product can use a series of specific questions, based on an individual's credit file, to help you ascertain client identity.
  • With the individual's permission, refer to a credit file. The credit file must have been in existence for at least six months.

Products for either of these methods are available commercially, such as those used for credit ratings.

Attestation method

Obtain an attestation that an original identification document for the individual has been seen by a commissioner of oaths or a guarantor. The attestation must be on a legible photocopy of the document and include the following information:

  • the name, profession and address of the commissioner of oaths or the guarantor;
  • the signature of the commissioner of oaths or the guarantor; and
  • the type and number of the identifying document provided by the individual whose identity you must ascertain.

In this context, a guarantor has to be an individual engaged in one of the following professions in Canada:

  • a dentist, a medical doctor or a chiropractor;
  • a judge, a magistrate or a lawyer;
  • a notary (in Quebec) or a notary public;
  • an optometrist or a pharmacist;
  • an accredited public accountant (APA), a chartered accountant (CA), a certified general accountant (CGA), a certified management accountant (CMA), a public accountant (PA) or a registered public accountant (RPA);
  • a professional engineer (P. Eng., in a province other than Quebec) or engineer (Eng. in Quebec); or
  • a veterinarian.
Cleared cheque or deposit account method

You can use either of the following methods, but you cannot combine them.

  • Confirm that a cheque drawn on a deposit account that the individual has with a financial entity has cleared. This means a cheque that was written by the individual, cashed by the payee and cleared through the individual's account. It does not include pre-authorized payments as these are not cheques written by the individual.
  • Confirm that the individual has a deposit account with a financial entity. You could do this by viewing an original bank statement.

For either method, the account has to be with a financial entity, as described in subsection 3.2.

The account cannot be one that is exempt from identification requirements for the financial entity, such as a registered retirement savings plan or a reverse mortgage. For more information about accounts that cannot be used for the cleared cheque or deposit account methods, see Guideline 6G: Record Keeping and Client Identification for Financial Entities.

4.8 Client identity for accounts with corporations or entities

You have to confirm the existence of any corporation or other entity that opens an account with you. This has to be done within 30 days of opening the account. In the case of a corporation, in addition to confirming its existence, you also have to determine the corporation's name, address and the names of its directors within 30 days of opening the account.

When you have to confirm the existence of an entity, you also have to obtain and take reasonable measures to confirm the entity's beneficial ownership information, as explained in section 6.

Corporations

To confirm the existence of a corporation as well as the corporation's name and address, refer to the following documents:

You also have to determine the names of the corporation's directors. To do this, you may need to see the list submitted at the time of their application for incorporation. In the case of a corporation that is a securities dealer, you do not need to ascertain the name of the corporation's directors.

The record you use to confirm a corporation's existence can be paper or an electronic version. Although such information may be available verbally (such as by phone), it is not acceptable for these purposes, as you have to refer to a record. If the record is in paper format, you have to keep the record or a copy of it.

If the record is an electronic version, you have to keep a record of the corporation's registration number, the type and source of the record. An electronic version of a record has to be from a public source. For example, you can get information about a corporation's name and address and the names of its directors from a provincial or federal database such as the Corporations Canada database which is accessible from Industry Canada's website (http://www.ic.gc.ca). As another example, you may also get this type of information if you subscribe to a corporation searching and registration service.

Entities other than corporations

To confirm the existence of an entity other than a corporation, refer to a partnership agreement, articles of association or any other similar record that confirms the entity's existence. The record you use to confirm the existence of an entity can be paper or an electronic version. Although such information may be available verbally (such as by phone), it is not acceptable for these purposes, as you have to refer to a record. If the record is in paper format, you have to keep the record or a copy of it.

If the record is an electronic version, you have to keep a record of the entity's registration number, the type and source of the record. An electronic version of a record has to be from a public source.

4.9 Keeping client identification information up to date

Your compliance regime has to include an assessment, in the course of your activities, of the risk of money laundering or terrorist financing. Guideline 4: Implementation of a Compliance Regime provides more information about risk assessment requirements. According to this assessment, you have to keep client identification information up to date as part of your ongoing monitoring obligations.

Measures to keep client identification up to date include asking the client to provide information to confirm or update their identification information. In the case of an individual client, this can also include confirming or updating the information by using the same options that are available to ascertain the identity of individuals who are not physically present.

In the case of clients that are entities, measures to keep client identification information up to date include consulting a paper or electronic record as explained in subsection 4.8, or obtaining information verbally to keep client identification information up to date.

The frequency with which client identification information is to be kept up to date will vary depending on your risk assessment of your client. As part of your ongoing monitoring obligations, you have to keep all client identification information up to date. For high-risk clients, you must update client identification information more frequently and perform more frequent monitoring, as well as adopt any other appropriate enhanced monitoring measures (see examples in section 5).

If you have used one of the exceptions found in 4.2 (General exceptions to client identification) where you were not required to ascertain the identity of a client and therefore, do not have any client information in your records, there will be no client information to update as part of your ongoing monitoring obligations as described in section 5 (Ongoing Monitoring of Business Relationship and Related Records), but your other ongoing monitoring obligations still apply.

5. Ongoing Monitoring of Business Relationship and Related Records

Business relationship

A business relationship is a relationship that you establish with a client to conduct financial transactions or provide services related to those transactions.
For securities dealers, these relationships can be established within or outside of an account.

Account-based business relationship: You are in a business relationship with a client that holds an account with you. You enter into a business relationship when a client opens an account with you. For a new or existing client that has one or more accounts, the business relationship includes all transactions and activities relating to those accounts.

Non-account-based business relationship: If your client does not have an account, you enter into a business relationship when you conduct two or more transactions in which you have to:

In such a case, the business relationship only includes transactions and related activities for which you have to ascertain the identity of your client. See section 4 for more information on these transactions and activities.

If you use the exception to ascertaining the identity of a client where you recognize the individual (as described in 4.2 General exceptions to client identification) in the case of a second transaction that requires you ascertain the identity of a client, you have entered into a business relationship with that client nonetheless.  This is because it is the requirement to ascertain identity that triggers the business relationship.

You should determine that a business relationship has been established as soon as reasonably practicable following the second transaction requiring that the client's identity be ascertained. As a best practice, this should be done within 30 calendar days.

If you have a client without an account who conducts two or more suspicious transactions, you still enter into a business relationship with that client, even if you are unable to ascertain the identity of that client. This is because suspicious transactions require you to take reasonable measures to ascertain the identity of the client (subject to the circumstances described in section 4.4), and so two or more of these transactions will trigger a business relationship. You must treat this business relationship as high-risk, and undertake more frequent ongoing monitoring and any other appropriate enhanced measures (see examples under "Ongoing monitoring" below).

A business relationship is established when two transactions that require you to ascertain the identity of your client occur within a maximum of five years from one another. If a period of five years passes from the last transaction that required you to ascertain the identity of your client, the business relationship with that client ceases in the case of non-account-based business relationships. In the case of clients who hold an account, the business relationship ceases five years after the client closes that account.

Once the business relationship is established, you must also:

Ongoing monitoring

Ongoing monitoring means that you have to monitor your business relationship with a client on a periodic basis. Use your risk assessment of the client with whom you have a business relationship to determine how frequently you will monitor that business relationship. The risk assessment requires you to consider each one of your clients when assessing their risk for money-laundering and terrorist activities financing.  However, an individual written assessment is not required for each client, so long as you can demonstrate that you put your client in the correct risk category, according to your policies and procedures, and risk assessment.  You have to perform ongoing monitoring of each business relationship to:

The above-listed requirements do not need to follow the same timeframe, so long as you monitor your high-risk clients more frequently and with more scrutiny than you do your low-risk clients.

In order to keep client and beneficial ownership information up to date, you may ask clients with account-based business relationships to confirm the information you have on record periodically throughout your regular interactions with them.  For clients in non-account-based business relationships, you may update the information you have on record every time the client conducts a transaction that requires you to ascertain their identity.

As an example, you may choose to reassess the level of risk associated with a client's transactions and activities, and to determine whether the transactions or activities are consistent with the information you have on your client, for your low-risk clientele, every two years, while performing the same monitoring of your high-risk clients on a more frequent basis.  However, depending on the circumstances of your operations, a different ongoing monitoring period for low-risk clients may be appropriate.

In the context of monitoring on a periodic basis, your monitoring will vary depending on your risk assessment of your client. As part of your ongoing monitoring obligations, you must monitor all of your business relationships, and you must monitor business relationships you consider high-risk more frequently, as well as update client identification information and adopt any other appropriate enhanced measures.

Here is a non-exhaustive list of enhanced measures you could take to mitigate the risk in cases of high-risk business relationships:

If as a result of your ongoing monitoring you consider that the risk of a money laundering or a terrorist financing offence in a business relationship is high, your risk assessment in your compliance regime must treat that client as a high risk. In this case, you must conduct more frequent monitoring of your business relationship with that client, update that client's identification information more frequently, and adopt any other appropriate enhanced measures (see examples above).

Exception

The requirement to conduct ongoing monitoring does not apply to a group plan account held within a dividend or a distribution reinvestment plan if the sponsor of the plan is an entity that trades shares or units on a Canadian stock exchange and operates in a country that is a member of the Financial Action Task Force.

5.1 Business relationship record

When you enter into a business relationship with a client, you have to keep a record of the purpose and intended nature of the business relationship. You also have to review this information on a periodic basis and keep it up to date. This is done to ensure that you continue to understand your client's activities over time so that any changes can be used to assess or detect high-risk transactions and activities. This may lead you to increase the frequency of ongoing monitoring, update their client identification information more frequently, and adopt any other appropriate enhanced measures (see examples above).

The purpose and intended nature of the business relationship is information that should allow you to anticipate the transactions and activities of your client.

For clients who already hold accounts, you may use the information found in the intended use of the account record, in a client credit file, in a credit card account record or in an ongoing service agreement, as the purpose and intended nature of the business relationship with that client.  You do not need to create a new record if you are able to retrieve this information from the records you currently hold.  You must obtain this information at the opening of a new account.

For clients who do not hold an account but with whom you have a business relationship on the basis that they have completed two transactions that required you to ascertain their identity, or in the case of entities, to confirm their existence; you must document the purpose and intended nature of the business relationship that best describes your dealings with that client.

Here is a short, non-exhaustive list of examples of purpose and intended nature of a business relationship in your sector:

Retail:

Institutional/corporate:

Guideline 4: Implementation of a Compliance Regime provides more information about risk assessment requirements.

6. Records about Beneficial Ownership and Control

When you have to confirm the existence of an entity, at the same time, you have to obtain, take reasonable measures to confirm, and keep records of the information about the entity's beneficial ownership.  Beneficial ownership refers to the identity of the individuals who ultimately control the corporation or entity, and cannot be another corporation or another entity. You must search through as many levels of information as necessary in order to determine beneficial ownership. However, there may be cases where there is no individual who owns or controls 25% or more of an entity. You must still keep a record of the measures you took and the information you obtained in order to reach that conclusion.

In this context, reasonable measures to confirm the accuracy of beneficial ownership information would include asking the client to provide documentation. You can rely on the information provided by clients, but you should use discernment when determining if the documentation is appropriate. Documents and references that you obtain to confirm the information (such as the website where you found the information) have to be kept in your records.

Here is a short, non-exhaustive list of documents that could be provided by clients to confirm beneficial ownership information:

In the case of corporations:

In the case of entities other than corporations:

You have to obtain, take reasonable measures to confirm, and keep a record of the following beneficial ownership information:

The following is an example of ownership, control and structure of a corporation:
ABC Canada Inc. is a for-profit corporation with 100 privately traded shares in circulation. It is incorporated pursuant to the Canada Business Corporations Act.  John Brown owns 15 of the shares and Green Company Ltd. owns the remaining 85 shares.  James Smith is President of ABC's board of directors; his wife, Jane Smith, is ABC's Chief Financial Officer; and their three children make up the other members of the board.

In this example:

The trust deed will provide you the information on the control and structure of the trust. If you are unable to obtain the names and addresses of the trustees, beneficiaries or settlors of the trust, you must find the name of the senior managing officer of the trust, that is, the person in the trust company who is in fact responsible for the management of that trust, such as an account manager.

The following is an example of ownership, control and structure of an entity that is neither a corporation nor a trust:

Rainbow Money Services is a money services business (MSB) in Vancouver owned by Howard and Betty. Howard and Betty paid a lawyer to draft a partnership agreement for the business, which they both signed. According to the agreement, Howard will invest $100,000 in the partnership to buy equipment and rent space for the MSB, and Betty will be solely responsible for operating the MSB and performing its business. All decisions related to the partnership must be unanimous; in case of a disagreement, either partner can decide to end the partnership.  Howard and Betty will split the income from the MSB 50/50, and if they decide to end the partnership, Howard will get 85% of the proceeds of the sale of the business assets, while Betty will get 15%.

In this example:

If this information cannot be obtained or its accuracy cannot be confirmed, you have to:

You do not need to ascertain the identity of the most senior managing officer when there is no individual who owns or controls 25% or more of an entity.

In the context of this section, the senior managing officer of a corporation or an entity may include but is not limited to its director, chief executive officer, chief operating officer, president, secretary, treasurer, controller, chief financial officer, chief accountant, chief auditor or chief actuary, as well as any individual who performs any of those functions. It also includes any other officer who reports directly to the entity's board of directors, chief executive officer or chief operating officer. In the case of a sole proprietor or a partnership, the senior managing officer can be the owner or the partner.

In the context of this section, the senior managing officer of a trust is the trustee, that is, the person who is authorized to administer or execute on that trust.

To ascertain the identity of the most senior managing officer, use one of the methods described in section 4.7 or obtain it through public sources. You also have to keep a record of this information.

The requirement to confirm the existence of a corporation, trust or other entity at the opening of an account does not apply to a group plan account held within a dividend or a distribution reinvestment plan if the sponsor of the plan is an entity that trades shares or units on a Canadian stock exchange and operates in a country that is a member of the Financial Action Task Force.

Not-for-profit organization

If you have to confirm the existence of an entity that is a not-for-profit organization, you also have to do the following:

Keeping beneficial ownership information up to date

According to your compliance regime's assessment of risk, in all situations, you have to keep beneficial ownership information up to date. Measures to keep beneficial ownership information up to date include those explained at the beginning of section 6 that are applicable at account opening.

The frequency with which beneficial ownership information is to be kept up to date will vary depending on your risk assessment of your client. As part of your ongoing monitoring obligations, you have to keep all beneficial ownership information up to date. For high-risk clients, you must update beneficial ownership information more frequently and perform more frequent monitoring, as well as adopt any other appropriate enhanced monitoring measures (see examples in section 5).

7. Third Party Determination and Related Records

7.1 Third party determination

You have to make a third party determination in the following situations:

Exceptions to third party determination when opening accounts

In cases where a financial entity is the account holder, you do not have to make a third party determination. The same is true if the account holder is a securities dealer engaged in the business of dealing in securities in Canada.

When you are determining whether a "third party" is involved, it is not about who "owns" the money, but rather about who gives instructions to deal with the money. To determine who the third party is, the point to remember is whether the individual in front of you is acting on someone else's instructions. If so, that someone else is the third party.

In making a third party determination when employees are acting on behalf of their employers, they are considered to be acting on behalf of a third party. The only exception to this is when an employee deposits cash to the employer's account. In that case, the employee is not considered to be acting on behalf of a third party. This is only true if the employee deposited cash into the employer's business account.

Reasonable measures

What constitutes reasonable measures in making a third party determination will vary in accordance with the context in which they occur, and therefore could differ from one situation to the next. However, reasonable measures would include retrieving the information already contained in your files or elsewhere within your business environment, or obtaining the information directly from the client.

7.2 Third party records

If you determine that there is in fact a third party as explained above, you have to keep a record of the following information:

For more information about recording business or occupation, see subsection 3.2 under the heading "Contents of a large cash transaction record."

If you are not able to determine that there is in fact a third party, but you have reasonable grounds to suspect that there are instructions of a third party involved, you have to keep a record to indicate the following:

This record must also indicate details of why you suspect the individual is acting on a third party's instructions.

In cases where an account holder is a person or entity engaged in the business of dealing in securities outside Canada only, you do not have to keep a third party record relating to that account if any of the following conditions are met:

In addition, you do not have to keep a third party record for an account if the following conditions are met:

If an account is for or on behalf of future and unknown clients, employees, etc., of the individual or entity opening the account, you should keep a record indicating that the account is to be used by or for third parties who are not known at the time of account opening.

8. Politically Exposed Foreign Person Determination and Related Records

A politically exposed foreign person is an individual who holds or has ever held one of the following offices or positions in or on behalf of a foreign country:

A politically exposed foreign person also includes the following family members of the individual described above:

Exceptions

The requirements described in this section do not apply at the opening of accounts in the exceptions described under the heading "Certain types of accounts or transactions" in subsection 4.2.

8.1 Politically exposed foreign person determination

You have to take reasonable measures to determine whether you are dealing with a politically exposed foreign person for new or existing accounts.

Once you have determined that an individual is a politically exposed foreign person, you will not have to do it again. However, if you initially determined that an individual was not a politically exposed foreign person, you must still take reasonable measures to determine whether you are dealing with a politically exposed foreign person for every subsequent account opening or for prescribed electronic funds transfers, since the client's status may have changed.

New accounts

When you open an account for an individual, you have to take reasonable measures to determine whether you are dealing with a politically exposed foreign person. This has to be done within 14 days after the new account is activated.

If you determine that an individual is a politically exposed foreign person, you also have to do the following:

You have to make the determination and get senior management approval within a single period of 14 days. For example, if it takes you 5 days after the new account is activated to make the determination that you are in fact dealing with a politically exposed foreign person, you have 9 days left to get senior management approval to keep the account open.

Existing accounts

For existing account holders, you also have to take reasonable measures to determine whether you are dealing with a politically exposed foreign person. This is to be done based on your compliance regime's risk assessmentregarding situations considered to be higher-risk for money laundering or terrorist financing. Guideline 4: Implementation of a Compliance Regime provides more information about risk assessment requirements.

If you determine that an individual is a politically exposed foreign person for a current account, you also have to do the following:

Reasonable measures

In the context of this subsection, reasonable measures to determine whether or not you are dealing with a politically exposed foreign person include the following:

In establishing the source of funds, reasonable measures also include asking the client.

Senior management

Also in the context of this section, senior management means an individual who has the following:

8.2 Politically exposed foreign person records

Once an account has been approved as explained in subsection 8.1, you will have to keep a record of the following:

9. Foreign Subsidiaries or Branches

If you are a securities dealer that has foreign branches or foreign subsidiaries which carry out activities similar to those of a financial entity, securities dealer or insurance company; and that are wholly owned by you or have consolidated financial statements with you, you have the following requirements:

If you have a Board of Directors, they shall approve these policies.

You must ensure that your foreign branches or foreign subsidiaries apply these policies to the extent it is permitted by the laws of the country in which the foreign subsidiary or foreign branch is located. If they cannot implement these policies or part of them because they conflict with the laws of the country in which they are located, you must keep a record including the reasons why these policies cannot be implemented and provide a copy, within a reasonable time period, to your regulating body and FINTRAC.

Exceptions to definition of Foreign Subsidiaries

These requirements do not apply to subsidiaries of foreign subsidiaries.  For example,  if Securities Dealer A has a foreign subsidiary (Subsidiary A) and there is a Subsidiary B of Subsidiary A, then these requirements do not  apply to Subsidiary B.

These requirements do not apply to you if you are the Canadian subsidiary of a foreign entity, when the foreign entity has developed policies that are similar to Canada’s compliance regime requirements and also has in place policies to assess the risk of money laundering and terrorist activity financing.  For example, when Foreign Company A with subsidiaries A and B in Canada already has policies regarding client identification, record keeping and the establishment of a compliance regime, then these requirements do not apply to the Canadian subsidiaries A and B. 

For more information about the compliance requirements,  refer to Section 3 of Guideline 4: Implementation of a Compliance Regime for more information about Canadian compliance regime requirements. The Canadian record keeping and client identification requirements that would apply are those explained in this guideline, except that requirements concerning politically exposed foreign person determination and related records (see section 8) do not apply to a foreign branch or subsidiary.

Information Exchange between Domestic and Foreign Affiliated Entities

If you are a securities dealer that is affiliated with another entity or a foreign entity that carries out activities similar to those of a financial entity, securities dealer or insurance company, you must develop and apply policies and procedures in relation to the exchange of information between you and your affiliated entities. The purpose of this exchange of information is to help detect and deter money laundering and the financing of terrorist activities and to assess the risk of such an offence.

As part of your risk assessment, you may want to keep a record including the rationale as to why these policies cannot be implemented by the affiliated entities.

Affiliated entity means if one of you is wholly owned by the other, if both of you are wholly owned by the same entity or if your financial statements are consolidated.

10. How Should Records Be Kept?

You should maintain an effective record-keeping system to enable FINTRAC to have access to the records in a timely fashion. Your records have to be kept in such a way that they can be provided to FINTRAC within 30 days of a request to examine them.

For the requirements explained in this guideline, you can keep records in a machine-readable or electronic form, as long as a paper copy can be readily produced from it. For example, if you have a document imaging system, you do not have to produce the original document for these purposes, as long as you can print the imaged one.

The record keeping requirements explained in this guideline are about each record to be kept. Your record keeping system can store the information required for any one record separately, as long as you are able to readily retrieve and put the information together for the record whenever necessary.

Also, if you keep records electronically that require a signature on them, such as a signature card or an account operating agreement for example, an electronic signature of the individual who signed the record has to be retained. An electronic signature means an electronic image of the signature and does not include a personal identification number (PIN).

You are not required to keep a copy of the reports you make to FINTRAC (other than the suspicious transaction report as explained in subsection 3.6), but you may choose to do so. It is recommended that you keep the information that FINTRAC sends you in the acknowledgement message about each report processed. This provides the date and time the report was received along with its identification number.

Timeframe for keeping records

In the case of signature cards, account operating agreements, account application forms, records setting out the intended use of the account, and politically exposed foreign person records, these records have to be kept for five years from the day of closing of the account to which they relate. In the case of records to confirm the existence of an entity (including a corporation) and beneficial ownership records, they have to be kept for five years from the day the last business transaction was conducted.

In the case of a copy of a suspicious transaction report, the record has to be kept for a period of at least five years following the date the report was made.

In the case of all other records the records have to be kept for a period of at least five years following the date they were created.

Employees or contractors who keep records for you

Your employees who keep records (as described in section 3) for you are not required to keep those records after the end of their employment with you. The same is true for individuals in a contractual relationship with you, after the end of that contractual relationship. This means that you have to get and keep the records that were kept for you by any employee or contractor before the end of that individual's employment or contract with you.

11. Penalties for Non-Compliance

Failure to comply with your record keeping and client identification requirements can lead to criminal charges against you. Conviction of failure to retain records could lead to up to five years imprisonment, to a fine of $500,000, or both. Alternatively, failure to keep records or ascertain the identity of clients can lead to an administrative monetary penalty. For more information on penalties, you can also consult the "Penalties for non-compliance" section of FINTRAC's Web site.

12. Comments?

These guidelines will be reviewed on a periodic basis. If you have any comments or suggestions to help improve them, please send your comments to the mailing address provided below, or by email to guidelines-lignesdirectrices@fintrac-canafe.gc.ca.

13. How to Contact FINTRAC

For further information on FINTRAC and its activities, reporting and other obligations, please go to FINTRAC's website (http://www.fintrac-canafe.gc.ca) or contact FINTRAC:

Financial Transactions and Reports Analysis Centre of Canada
234 Laurier Avenue West, 24th floor
Ottawa ON  K1P 1H7
Canada

Toll-free: 1-866-346-8722
Date Modified: