When to verify the identity of persons and entities—Financial entities

June 2017

When to identify individuals and confirm the existence of entities – Financial entities

June 2017

This guidance on client identification is applicable to financial entities that are subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations.

Details on how to identify individuals and confirm the existence of entities is available in FINTRAC’s guidance Methods to identify individuals and confirm the existence of entities.

Throughout this guidance, references to dollar amounts (such as $10,000) are in Canadian dollars. Furthermore, all references to cash mean money in circulation in any country (bank notes or coins) and does not include cheques, money orders or other similar negotiable instruments.

The Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) specify when you must identify an individual or confirm the existence of an entity, and how you must do this. The point at which you identify a client will vary depending on the activity or transaction that is carried out. Knowing your client includes identifying them in accordance with the Regulations, but you also have further obligations in this regard, such as requirements related to the ongoing monitoring of business relationships, the determination of politically exposed persons or heads of international organizations, beneficial ownership and third party determination.

**Note: Exceptions to your client identification requirements are listed in the last section of this guidance.

Identifying clients

As a financial entity, you must identify individuals and confirm the existence of entities for certain activities and transactions, as listed below. Entities can be corporations, trusts, partnerships, funds, and unincorporated associations or organizations.

When you have to confirm the existence of an entity that is a corporation, you also have to verify its name and address, and the names of the corporation’s directors.

The formation of a business relationship and the ensuing obligations are tied to your requirements to identify clients. You are in a business relationship with every individual or entity that holds an account with you. For non-account-based relationships, you are considered to be in a business relationship with every individual you have had to identify at least twice, and with every entity whose existence you have had to confirm at least twice. If you have not identified an individual or confirmed the existence of an entity because an exception applied, you are still considered to be in a business relationship and must conduct ongoing monitoring and keep certain records.

You are also required to take reasonable measures to determine if a client is acting on the instruction of a third party when creating an account operating agreement, a signature card or conducting a large cash transaction. In this case, reasonable measures may include asking the individual, or relying on information you may already have about the individual. If you determine that the individual in front of you is acting on someone else's instructions, that “someone else” is the third party.

As a financial entity you are responsible for identifying clients for:

  1. Account openings and signature card creation

  2. Credit card account opening

  3. Settlors or co-trustees of a trust

  4. Large cash transactions

  5. Suspicious transactions

  6. Electronic funds transfers of $1,000 or more

  7. Foreign currency exchange of $3,000 or more

  8. Issuing or redeeming $3,000 or more in money orders, traveller’s cheques or other similar negotiable instruments

1. Account openings and signature card creation

You must identify all individuals that you create a signature card for in relation to an account that you open. A signature card is a document signed by an individual authorized to give instructions on an account, or electronic data that constitutes a signature. It can include the hand written signature of an individual or an electronic signature that is created or adopted by an individual. The electronic signature can be numeric, character-based, or biometric as long as it is unique to the individual and a record can be kept. This must be done before any transaction is carried out on the account other than an initial deposit.

When you open an account for an entity, you must:

  • confirm its existence;

  • obtain the beneficial ownership information; and,

  • in addition, for an entity that is a corporation, you must also verify its name and address, and the names of its directors.

All of this must be done before the first transaction occurs on the account, other than the initial deposit.

When you open a business account, you do not have to identify every individual for whom you create a signature card if you have created a signature card for more than three individuals and have identified at least three of these individuals. These individuals must be identified before the first transaction occurs on the account, other than the initial deposit.

If you cannot identify an individual or confirm the existence of an entity in connection with the opening of a new account, you cannot open the account.

You also must identify individual members of a group plan account for whom you have to keep a signature card. The signature card is required for individual members when the member’s contributions are not made by payroll deduction or by the plan sponsor, or when the existence of the plan sponsor is not confirmed. This verification has to take place at the time of the contribution.

2. Credit card account opening

You must identify individuals who open credit card accounts before the credit cards can be activated. If credit cards are issued for individuals other than the account-holder, you must record their information but you do not have to identify them. For example, a mother applying for a credit card account requests that a credit card be issued on that account for her son and daughter. In this example, the mother has to be identified as she is the account-holder, but her son and daughter do not.

If there are two or more co-applicants for a credit card account (in other words, if a credit card account is opened in the name of more than one individual), the identification requirement applies to all co-applicants.

When you open a credit card account for an entity, you must confirm its existence and obtain the beneficial ownership information before the credit card can be issued. If that entity is a corporation, you must also verify its name and address as well as its directors’ names.

3. Settlors or co-trustees of a trust

If you are a trust company, in addition to your requirement to identify clients at account opening, you must also identify every individual who is the settlor of an inter vivos trust for which you are a trustee.

If an entity is the settlor of an institutional trust for which you are a trustee, you must confirm its existence. If the entity is a corporation, you must also verify its name and address and obtain the names of its directors.

You must identify any individual that is authorized to act as a co-trustee of a trust.

If an entity is authorized to act as the co-trustee of a trust, you must confirm its existence and identify at least three individuals authorized to give instructions on its behalf. If the entity is a corporation, you must also verify its name and address, and the names of its directors.

Identifying an individual or confirming the existence of an entity all have to be done within 15 days of a trust company becoming trustee.

4. Large cash transactions

You must identify every individual who conducts a large cash transaction at the time the transaction takes place. A large cash transaction occurs when you receive $10,000 or more in cash in a single transaction. A large cash transaction also occurs when there are multiple cash transactions of less than $10,000 each that total $10,000 or more within a 24-hour period, when you know that they are conducted by, or on behalf of, the same individual or entity.

5. Suspicious transactions

You must take reasonable measures to identify individuals who conduct or attempt to conduct suspicious transactions before sending a Suspicious Transaction Report. Reasonable measures in this case may include asking the individual to provide photo identification.

All suspicious transactions and attempted suspicious transactions, including transactions that are normally exempt from client identification requirements, require you to take reasonable measures to identify your clients.

6. Electronic funds transfers of $1,000 or more

When you send $1,000 or more through an electronic funds transfer (EFT), you have to identify the individual who makes the request at the time the transaction takes place.

An EFT means the transmission of instructions, through any electronic, magnetic or optical device, telephone instrument or computer, for the transfer of funds to or from Canada. In the case of messages sent through the SWIFT network, only SWIFT MT 103 messages are included. An EFT includes any transmission of instructions for the transfer of funds within Canada that is a SWIFT MT 103 message.

If you transmit an EFT of any amount at the request of a client, including an EFT sent within Canada that is a SWIFT MT 103 message, you must include the originator information.

If you receive an EFT of any amount, including an EFT sent within Canada that is a SWIFT MT 103 message, you must take reasonable measures to ensure it includes the originator information. In this context, reasonable measures may include contacting the institution that sent the payment instructions.

7. Foreign currency exchange of $3,000 or more

For a foreign currency exchange of $3,000 or more, you must identify the individual conducting the transaction at the time the transaction takes place.

8. Issuing or redeeming $3,000 or more in money orders, traveller’s cheques or other similar negotiable instruments

You have to identify any individual who conducts a transaction for the issuance or redemption of negotiable instruments, such as traveller’s cheques or money orders of $3,000 or more, at the time the transaction takes place.

Keeping client identification information up to date

You must update client information at a frequency that will vary based on your risk assessment. As part of your ongoing monitoring requirements, you must keep all client identification information up to date. High-risk clients’ identification information must be updated more frequently, and you must take any other appropriate enhanced measures.

To keep client identification information up to date, you must take measures such as asking the client to provide information to confirm or update their identification information. In the case of an individual, this may include confirming or updating the information by using the options that are available to identify individuals who are not physically present.

In the case of clients that are entities, measures to keep client identification information up to date may include consulting a paper or electronic record or obtaining information verbally.

Exceptions

General exception

You do not have to re-identify an individual or re-confirm the existence of an entity if you previously did so using the methods specified in the Regulations in place at the time and kept the associated records, so long as you have no doubts about the information used.

If you are carrying on activities as a credit card acquiring business, client identification requirements do not apply.

When creating a signature card for an account or opening a credit card or trust account, you can apply an exception to identifying an individual or confirming the existence of an entity if the account is for a public body or a very large corporation. The same is true regarding a subsidiary of either of those types of entities, if the financial statements of the subsidiary are consolidated with those of the public body or a very large corporation.

You do not have to identify an individual who is authorized on a business account, so long as you have identified at least three individuals authorized to give instructions on the account. If one of the three identified individuals leaves the business, you must identify another individual authorized on the account.

You do not have to identify an individual or confirm the existence of an entity if the account is opened in the name of an affiliate of a financial entity, if that affiliate carries out activities that are similar to those of financial entities, life insurance companies, agents or brokers, or securities dealers.

You do not have to identify an individual who already holds an account with you, or who is authorized to give instructions on an account held with you, when that individual:

  • is issued or redeems money orders, traveller’s cheques or other similar negotiable instruments of $3,000 or more;

  • conducts an EFT of $1,000 or more; or,

  • conducts a foreign currency exchange transaction of $3,000 or more.

You do not have to identify an individual who conducts a large cash transaction, if the cash is:

  • received from a financial entity or a public body; or

  • deposited into a business account (including a quick drop or night deposit) or through an automated banking machine.

You do not have to take reasonable measures to identify the individual who conducts or attempts to conduct a suspicious transaction only if:

  • you have already identified the individual as required and have no doubts about the identification information; or

  • you believe that identifying the individual would inform them that you are submitting a Suspicious Transaction Report.

Account openings including credit cards and trust accounts

There are specific exceptions that apply to your requirements to identify clients. You do not have to identify an individual or confirm the existence of an entity that opens an account, in respect of the following:

  • the opening of an account for the sale of mutual funds where there are reasonable grounds to believe that identify has been ascertained in accordance with subsection 64(1) by a securities dealer in respect of:

    • the sale of the mutual funds for which the account has been opened, or

    • a transaction that is part of a series of transactions that includes that sale;

  • the opening of an account by an entity for the deposit of a death benefit under a life insurance policy or annuity by a life insurance company affiliated with that entity of a death benefit under a life insurance policy or annuity, so long as:

    • the account is opened in the name of a beneficiary that is an individual

    • only the death benefit may be deposited in the account, and,

    • the policy or annuity contract, under which the claim was made for the death benefit has been in existence for a period of at least two years before the day on which the claim for the death benefit was made;

  • an individual who already has an account with you and opens a subsequent account;

  • the purchase of an exempt policy as defined in subsection 306(1) of the Income Tax Regulations;

  • the purchase of a group life insurance policy that does not provide for a cash surrender value or a savings component;

  • for the purchase of an immediate or deferred annuity that is paid for entirely with funds that are directly transferred from a registered pension plan or from a pension plan that is required to be registered under the Pension Benefits Standards Act, 1985 or similar provincial legislation;

  • for the purchase of a registered annuity policy or a registered retirement income fund;

  • for the purchase of an immediate or deferred annuity that is paid for entirely with funds from the proceeds of a group life insurance policy;

  • for a transaction that is part of a reverse mortgage (a loan based on the equity of your home) or a structured settlement (a financial or insurance arrangement to resolve a personal injury claim);

  • the opening of an account for the deposit and sale of shares from a corporate demutualization or the privatization of a Crown corporation;

  • the opening of an account in the name of an affiliate of a financial entity, if that affiliate carries out activities that are similar to those of the individuals and entities referred to in paragraphs 5(a) to (g) of the Act;

  • the opening of a registered plan account, including a locked-in retirement plan account, a registered retirement savings plan account, and a group registered retirement savings plan account;

  • the opening of an account established pursuant to the escrow requirements of a Canadian securities regulator or Canadian stock exchange or any provincial legislation;

  • the opening of an account where the account holder or settlor is a pension fund that is regulated by or under an Act of Parliament or of the legislature of a province;

  • the opening of an account in the name of, or in respect of which instructions are authorized to be given by, a financial entity, a securities dealer or a life insurance company or by an investment fund that is regulated under provincial securities legislation;

  • an account is opened solely to provide customer accounting services to a securities dealer; and,

  • an account or credit card account is opened for a corporation that is a securities dealer; in this case, you do not have to verify the names of the corporation’s directors.

If you open a group plan account, other than those identified above, you do not have to identify, or keep a signature card for individual members of the plan if:

  • the existence of the entity that is the plan sponsor has been confirmed; and,

  • the individual member contributions are made by the sponsor of the plan or by payroll deduction.

March 2021

When to verify the identity of persons and entities—Financial entities

March 2021

This guidance comes into effect on June 1, 2021.

This guidance on client identification describes when financial entities (FEs) must verify the identity of persons and entities as required by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations. Details on how to verify the identity of persons and entities are available in FINTRAC's Methods to verify the identity of persons and entities guidance.

This document answers the following questions:

  1. When do I have to verify the identity of persons and entities?
  2. What is the difference between verifying identity and keeping client identification information up to date?
  3. What are the exceptions to client identification requirements?

**Note: Throughout this guidance, references to dollar amounts (such as $10,000) are in Canadian dollars.

1. When do I have to verify the identity of persons and entities?

As an FE, you must verify the identity of clients for the following:

  1. Large cash transactions
  2. Large virtual currency transactions
  3. Suspicious transactions
  4. Issuing or redeeming money orders, traveller's cheques or other similar negotiable instruments of $3,000 or more
  5. Initiating an international electronic funds transfer (EFT)—or any other EFT that is a SWIFT MT-103 message or its equivalent—of $1,000 or more
  6. Remitting funds to the beneficiary of an international EFT of $1,000 or more
  7. Transferring VC in an amount equivalent to $1,000 or more
  8. Remitting VC to a beneficiary in an amount equivalent to $1,000 or more
  9. Foreign currency exchange transactions of $3,000 or more
  10. VC exchange transactions in amounts equivalent to $1,000 or more
  11. Accounts—account holders and persons authorized to give instructions
  12. Credit card accounts—account holders
  13. Prepaid payment product (PPP) accounts
    • Account holders
    • Authorized users
    • Payments of $1,000 or more to PPP account
  14. Trusts—settlors or co-trustees of a trust

a. Large cash transactions

You must verify the identity of every person or entity from which you receive $10,000 or more in cash when the transaction takes place.Footnote 1 This includes a situation where you are deemed to have received cash because you have authorized another person or entity to receive it on your behalf. Footnote 2

**Note: This obligation is subject to the 24-hour rule.Footnote 3

b. Large virtual currency transactions

You must verify the identity of every person or entity from which you receive virtual currency (VC) in an amount equivalent to $10,000 or more when the transaction takes place.Footnote 4 This includes a situation where you are deemed to have received virtual currency because you have authorized another person or entity to receive it on your behalf.Footnote 5

**Note: This obligation is subject to the 24-hour rule.Footnote 6

c. Suspicious transactions

You must take reasonable measures to verify the identity of every person or entity that conducts or attempts to conduct a suspicious transaction, regardless of the transaction amount, and including transactions that would normally be exempt from client identification requirements, before sending a Suspicious Transaction Report (STR).Footnote 7

d. Issuing or redeeming money orders, traveller's cheques or other similar negotiable instruments of $3,000 or more

You must verify the identity of every person who requests that you issue or redeem money orders, traveller's cheques or similar negotiable instruments of $3,000 or more when the transaction is being requested. Footnote 8

e. Initiating an international electronic funds transfer (EFT)—or any other EFT that is a SWIFT MT-103 message or its equivalent—of $1,000 or more

You must verify the identity of every person who requests the initiation of an international EFT or any other EFT that is a SWIFT MT-103 or its equivalent, including domestic SWIFT MT-103, of $1,000 or more when the transaction is being requested.Footnote 9

f. Remitting funds to the beneficiary of an international EFT of $1,000 or more

You must verify the identity of every person you remit funds to who is the beneficiary of an international EFT of $1,000 or more when the transaction takes place.Footnote 10

g. Transferring VC in an amount equivalent to $1,000 or more

You must verify the identity of every person who requests the transfer of VC in an amount equivalent to $1,000 or more when the transaction is being requested.Footnote 11

h. Remitting VC to a beneficiary in an amount equivalent to $1,000 or more

You must verify the identity of every person you remit VC to as the beneficiary of a transfer that is equivalent to $1,000 or more when the transaction takes place.Footnote 12

i. Foreign currency exchange transactions of $3,000 or more

You must verify the identity of every person who requests a foreign currency exchange of $3,000 or more when the transaction takes place.Footnote 13

j. VC exchange transactions in amounts equivalent to $1,000 or more

You must verify the identity of every person who requests that you exchange VC for funds, funds for VC, or one VC for another, in an amount equivalent to $1,000 or more when the transaction is being requested.Footnote 14

k. Accounts—Account holders and persons authorized to give instructions

Account holders

You must verify the identity of every person, corporation, and entity other than a corporation for which you open an account.Footnote 15 You must do this before the first transaction other than when the initial deposit is carried out.Footnote 16

Persons authorized to give instructions

You must verify the identity of every person authorized to give instructions on an account before the first transaction, other than the initial deposit, is carried out on the account.Footnote 17

This includes verifying the identity of the individual members of a group plan account who are authorized to give instructions, when a contribution to the plan is made in respect of the member.Footnote 18

You cannot open an account for a person, corporation, or other entity if you cannot verify their identity in accordance with the Regulations.Footnote 19

l. Credit card accounts—account holders

You must verify the identity of every person, corporation, and other entity for which you open a credit card accountFootnote 20 before the credit card can be activated.Footnote 21 If credit cards are issued for persons other than the account holder, you must record their information if they are authorized to give instructions on an account, but you do not have to verify their identity.

For example, a parent applying for a credit card account requests that a credit card be issued on that account for their child, and that child be authorized to give instructions on that account. In this example, the parent's identity has to be verified because the parent is the account holder, the child's identity does not need to be verified.

If there are two or more co-applicants for a credit card account (in other words, if a credit card account is opened in the name of more than one person), the identification requirement applies to all co-applicants.

m. Prepaid payment product (PPP) accounts

Account holders

You must verify the identity of every person, corporation, and other entity for which you open a PPP accountFootnote 22 before the PPP account is activated.Footnote 23

Authorized users

You must also verify the identity of every authorized user of the PPP accountFootnote 24 before the first transaction is carried out.Footnote 25

Payments of $1,000 or more to PPP Accounts

You must verify the identity of every person, corporation, and other entity that makes a payment of $1,000 or more to a PPP accountFootnote 26 when the transaction takes place.Footnote 27

n. Trusts—settlors or co-trustees of a trust

If you are a trust company, you must verify the identity of every person who is the settlor of an inter vivos trust for which you are a trustee.Footnote 28

You must also verify the identity of a corporation or an entity other than a corporation that is the settlor of an institutional trust for which you are a trustee.Footnote 29

You must verify the identity of any person who is authorized to act as co-trustee of a trust.Footnote 30 If an entity is authorized to act as co-trustee of a trust, you must verify its identity and the identity of all persons authorized to give instructions on its behalf (up to three).Footnote 31

You must verify the identity of a person or an entity within 15 days after the day on which the trust company becomes the trustee.Footnote 32

2. What is the difference between verifying identity and keeping client identification information up to date?

As part of your ongoing monitoring requirements for business relationships, you must keep client identification information up to date, at a frequency that will vary based on your risk assessment, and as outlined in your policies and procedures.Footnote 33 This does not require you to re-identify clients in accordance with the methods to verify identity. As explained in the ongoing monitoring guidance, the requirement is only for you to keep client identification information up to date. This is understood to be information that you have about your client such as their name and address. In the case of a person, this would also include, but is not limited to, the nature of their principal business or their occupation; and in the case of an entity, the nature of its principal business.

3. What are the exceptions to client identification requirements?

You do not have to re-identify a person or an entity if you previously did so using the methods specified by the Regulations in place at the time, and kept the associated records, so long as you have no doubts about the information used.Footnote 34

Large cash transactions

You do not have to verify the identity of a person or entity that conducts a large cash transaction if:

  • you receive the cash from another FE or a public body, or from a person who is acting on behalf of a client that is an FE or a public body;Footnote 35 or
  • the amount received is deposited to a business account or is deposited in an automated banking machine (including a quick drop or night deposit).Footnote 36

Large VC transactions

You do not have to verify the identity of a person or entity that conducts a large VC transaction if you receive the VC from a client that is an FE or a public body, or from a person acting on behalf of a client that is an FE or public body.Footnote 37

When you transfer or receive VC as compensation for the validation of a transaction that is recorded in a distributed ledger or you exchange, transfer or receive a nominal amount of VC for the sole purpose of validating another transaction or a transfer of information – you do not need to keep a large VC transaction record and do not need to verify identity.Footnote 38

Suspicious transactions

You do not have to take reasonable measures to verify the identity of the person or entity that conducts or attempts to conduct a suspicious transaction if:

  • you have already verified the identity of the person or entity and have no doubts about the identification information;Footnote 39 or
  • you believe that verifying the identity of the person or entity would inform them that you are submitting an STR.Footnote 40

Payment card processing activities

Client identification requirements do not apply to processing credit card or PPP payments on behalf of a merchant.Footnote 41

Public bodies, very large corporations and trusts

When opening an account, including a credit card account, PPP account or trust account, you do not have to verify the identity of a person or entity if it is for:Footnote 42

  • a public body;
  • a very large corporation or trust; or
  • a subsidiary of those types of entities, if the financial statements of the subsidiary are consolidated with those of the public body, or very large corporation or trust.

Account openings

You do not have to verify the identity of the person that opens an account, is authorized to give instructions in respect of an account, opens a credit card account, or is the settlor or co-trustee of a trust in the following circumstances:Footnote 43

  • if the person already has an account with you and opens a subsequent account;
  • if the person is authorized on a business account, so long as you have verified the identity of at least three persons authorized to give instructions on the account. If one of the three identified persons leaves the business, you must verify the identity of another person authorized on the account;
  • an account that is opened for the sale of mutual funds where there are reasonable grounds to believe that the client's identity has been verified by a securities dealer in accordance with the Regulations in respect of:
  • the sale of the mutual funds for which the account has been opened, or
  • a transaction that is part of a series of transactions that includes that sale; and
  • an account that is opened at the request of an entity for the deposit, by a life insurance company affiliated with that entity, of a death benefit under a life insurance policy or annuity where:
    • the account is opened in the name of a beneficiary that is a person;
    • only the death benefit may be deposited in the account, and;
    • the policy or annuity contract, under which the death benefit claim was made, has been in existence for at least two years before the death benefit claim was made.

Other activities exempted from client identification requirements

You do not have to verify the identity of persons and entities, as listed in this guidance, for the following:Footnote 44

  • the sale of an exempt policy as defined in subsection 306(1) of the Income Tax Regulations;
  • the sale of a group life insurance policy that does not provide for a cash surrender value or a savings component;
  • the sale of an immediate or deferred annuity that is paid for entirely with funds that are directly transferred from a registered pension plan or from a pension plan that must be registered under the Pension Benefits Standards Act, 1985 or similar provincial legislation;
  • the sale of a registered annuity policy or a registered retirement income fund;
  • the sale of an immediate or deferred annuity that is paid for entirely with funds from the proceeds of a group life insurance policy; 
  • a transaction that is part of a reverse mortgage (a loan based on the equity of a home) or a structured settlement (a financial or insurance arrangement to resolve a personal injury claim);
  • the opening of an account for the deposit and sale of shares from a corporate demutualization or the privatization of a Crown corporation;
  • the opening of an account in the name of an affiliate of an FE, if that affiliate carries out activities that are similar to those of persons and entities referred to in paragraphs 5(a) to (g) of the Act;
  • the opening of a registered plan account, including a locked-in retirement plan account, a registered retirement savings plan account, and a group registered retirement savings plan account;
  • the opening of an account established pursuant to the escrow requirements of a Canadian securities regulator or Canadian stock exchange or any provincial legislation;
  • the opening of an account where the account holder or settlor is a pension fund that is regulated under federal or provincial legislation;
  • the opening of an account in the name of, or in respect of which instructions are authorized to be given by an FE, a securities dealer, a life insurance company, or an investment fund that is regulated under provincial securities legislation; and
  • the opening of an account solely to provide customer accounting services to a securities dealer.

These exceptions do not apply to large cash transactions, large VC transactions, or suspicious transactions.

Group Plans

If you open a group plan account, other than those for which exceptions already apply, you do not have to verify the identity of the individual members of the plan if:

  • the identity of the entity that is the plan sponsor has been verified; and
  • the individual member contributions are made by the sponsor of the plan or by payroll deduction.Footnote 45
Date Modified: