Compliance program requirements under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations
Please note that FINTRAC's Guideline 4 has been replaced by “Compliance program requirements”.
This guidance on the compliance program requirements is applicable to all individuals and entities that are subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations.
Compliance program requirements
Establishing and implementing a comprehensive and effective compliance program is the basis for meeting all of your reporting, record keeping, client identification and know-your-client requirements under the PCMLTFA and associated Regulations.
There are five required elements of a compliance program. Each is considered to be a pillar of an effective anti-money laundering/anti-terrorist financing (AML/ATF) program. The five pillars are:
The appointment of a person who is responsible for the implementation of the compliance program - compliance officer;
The development and application of written compliance policies and procedures that are kept up-to-date, and include enhanced measures to mitigate high risks;
A risk assessment of your business activities and relationships;
The development and maintenance of a written ongoing compliance training program for employees, agents, and others authorized to act on your behalf; and
The institution and documentation of an effectiveness review of your compliance program (policies and procedures, risk assessment and training program) every two years (minimum) for the purpose of testing its overall effectiveness.
The level of detail and sophistication of your compliance program must reflect the size, complexity, structure and risk of exposure of your business to money laundering (ML) and terrorist activity financing (TF).
During a FINTRAC examination, it is important to demonstrate that:
- the required documentation is in place, applied, and is up-to-date;
- your compliance program is designed to effectively address your business's vulnerability to ML/TF threats and mitigates those that are high risk, if applicable; and
- employees, agents (employed by you), and others authorized to act on your behalf are trained.
1. Compliance officer
Your appointed compliance officer is responsible for effectively implementing all of the elements within your compliance program: policies and procedures, ongoing training, risk assessment, and effectiveness review conducted every two years (minimum).
Appointing a designated person to be your compliance officer alone does not fulfil your compliance program requirements or the overall objectives of the PCMLTFA and associated Regulations.
In order to implement an effective AML/ATF program your compliance officer needs to:
- have the necessary authority and access to resources in order to implement an effective compliance program and make any desired changes;
- have knowledge of your business's functions and structure;
- have knowledge of your sector's ML/TF risks and vulnerabilities as well as ML/TF trends and typologies; and
- understand your sector's legal requirements under the PCMLTFA and associated Regulations.
While the compliance officer is appointed, it is the reporting entity's responsibility to meet its compliance program requirements under the PCMLTFA and associated Regulations.
Depending on the size of your business, you could be the compliance officer or it could be another individual, such as:
- a senior manager, the owner or the operator of your small business; or
- someone from a senior level who has direct access to senior management and the board of directors of your large business.
If you are an individual, such as in the case of a sole proprietorship, you can appoint yourself as the compliance officer, or you may choose to appoint another individual to help you implement the compliance program.
As a best practice, the appointed compliance officer of a larger business should not be directly involved in the receipt, transfer or payment of funds.
A compliance officer may choose to delegate certain duties to other employees. For example, a compliance officer may delegate responsibility to an individual in another office or branch. However, where such a delegation is made, the compliance officer remains responsible for the implementation of the compliance program.
As a best practice, the compliance officer should have the ability to report compliance related issues to, and meet with the board of directors, senior management or owner/chief operator on a regular basis.
2. Compliance policies and procedures
Written compliance policies and procedures must be developed and applied by all individuals and entities subject to the PCMLTFA and associated Regulations. This is an important component of your overall compliance program as it will guide your decisions and actions with respect to how you will comply with your legislative obligations.
Your compliance policies and procedures must be:
- written and should be in a form/format that is accessible to its intended audience;
- kept up-to-date (several factors could trigger the need to update, such as changes in legislation, non-compliance issues, new services or products, or the two year effectiveness review); and
- approved by a senior officer, if you are an entity.
FINTRAC expects that your written policies and procedures outline all obligations applicable to your business under the PCMLTFA and associated Regulations and the corresponding processes and controls you have put in place, including:
- when your obligation is triggered;
- the information that must be reported/recorded or considered;
- the procedures created by you to ensure that you fulfill the obligation; and
- the timelines associated to your obligations and methods of reporting (if applicable).
Your policies and procedures, at a minimum, should cover the following requirements:
- Compliance program requirements covering your (a) risk assessment activities, including the risk mitigation measures you use, (b) your written ongoing compliance training program and (c) your two-year effectiveness review activities, which consist of reviewing the three cornerstones of your compliance program, namely your policies and procedures, ongoing training and risk assessment.
- Know your client and other requirements where applicable: verifying client identity, politically exposed persons, heads of international organizations, their family members and close associates requirements, beneficial ownership, and third party determination.
- Ongoing monitoring and business relationship requirements, as well as the special measures you have implemented based on your risk assessment. Your special measures instructions must address:
- taking enhanced measures to verify the identity or confirm the existence of high risk clients;
- taking enhanced measures to keep client information up-to-date;
- taking enhanced measures to keep beneficial ownership information up-to-date;
- taking enhanced measures to conduct ongoing monitoring of business relationships for the purposes of detecting transactions that are required to be reported under section 7 of the PCMLTFA (i.e., Suspicious Transaction Reports); and
- taking any other enhanced measures to mitigate the risks identified.
- Record keeping requirements, including, but not limited to, retaining copies of suspicious transaction reports and casino disbursement reports and maintaining large cash transaction records.
- Transaction reporting requirements, including all applicable report types. These include the filing of suspicious transaction reports, terrorist property reports, large cash transactions reports, electronic fund transfer reports and casino disbursement reports.
You must also document how you will handle ministerial directives and transaction restrictions, which are targeted measures issued by the Minister of Finance to protect Canada's financial system from being used for ML/TF purposes. You are not required to have a separate and distinct policy/procedure for this type of requirement. It is acceptable to detail how you will know or become aware that one has been issued and the process of what you will do when one is issued through your regular policies and procedures.
The level of detail in your policies and procedures depends on the size, structure and complexity of your business. It also depends on your level of exposure to ML/TF risks.
For example, the compliance policies and procedures of a small business may be less complex than those of a large business. It is important to note that, if your sector has an industry association or another governing body that has provided you with a generic set of policies and procedures, you must tailor them to your specific business and its inherent requirements (i.e. location, clientele, etc.).
The policies and procedures you develop will play a pivotal role in your compliance program as they set out the standards that employees, agents, and others authorized to act on your behalf must meet. They should be clearly communicated, understood and followed by all those authorized to act on your behalf, including employees, agents and any others that deal with clients, transactions or other activities.
For example, relevant employees need to know how to collect the required information to identify clients, keep records and report in accordance with the PCMLTFA and associated Regulations. Furthermore, relevant employees must know how to recognize, assess, escalate and report suspicious transactions.
All your policies and procedures should be easily accessible to the appropriate audience. It is important to note that FINTRAC will not only look at your policies and procedures, but will also focus on their completeness and will expect that you can demonstrate how they are effectively implemented during an examination.
3. Risk assessment
A risk assessment is an analysis of potential risks and vulnerabilities that could expose your business to ML/TF activities. This assessment will allow you to identify your inherent risk and will assist you and those authorized to act on your behalf in developing mitigation measures to deal with these risks.
The outcome of your risk assessment should reflect the reality of your business, be documented and as a best practice include all the elements, applicable to you, in FINTRAC's Guidance on the risk-based approach to combatting money laundering and terrorist financing. FINTRAC has also published risk-based approach workbooks that expand on the guidance to include a "how to" methodology to assist different sectors in implementing an effective risk-based approach cycle. Workbooks have been developed for the following sectors: accountants, British Columbia notaries, credit unions/caisses populaires, dealers in precious metals and stones, life insurance companies, brokers and agents, money services businesses, real estate, and securities dealers.
The complexity of your risk assessment will depend on the size and risk factors of your business. However you must consider the following:
- your clients and business relationships, including their activity patterns and geographic locations;
- the products, services and delivery channels you offer;
- the geographic location(s) where you conduct your activities;
- new technologies and their impacts on your clients, business relationships, and products or delivery channels of your activities;
- other relevant factors affecting your business (e.g. employee turnover, rules and regulations for your industry, etc.); and
- if you are a financial entity, life insurance company, or securities dealer, risks resulting from the activities of an affiliate that is also subject to the PCMLTFA and associated Regulations under these sectors, or that is a foreign affiliate that carries out activities similar to these sectors.
How do you document the risk assessment?
How you document your risk assessment will depend on what makes sense for your business. However, FINTRAC expects that you can demonstrate that you have considered all facets of your business's exposure to ML/TF activities. To do this, you can document all the risks you have considered and the mitigation measures you have developed for those that are high risk.
You also need to be able to demonstrate to a FINTRAC compliance officer that you have reviewed and, if necessary, updated your risk assessment and mitigation measures as applicable. For example, if you offer a new product, FINTRAC expects that you have considered and documented any potential or actual ML/TF risks associated with the new product and therefore, have identified and applied measures to deal with your identified risks.
What are enhanced measures?
Enhanced measures are the development and application of written policies and procedures to mitigate high risks identified within your business and your clients.
If you identify a client as posing a high-risk, you must:
- Take additional steps to identify those individuals and confirm the existence of those entities.
- Conduct enhanced ongoing monitoring of your business relationships for the purpose of:
- detecting suspicious transactions that are required to be reported to FINTRAC;
- keeping client identification information, beneficial ownership (if applicable), and the purpose and intended nature of the business relationship records up-to-date;
- re-assessing your client's risk level based on their documented transactions and activities; and
- determining whether the transactions or activities are consistent with "what you know" about that client.
- Take any other enhanced measure to mitigate the risks. This could include:
- obtaining additional information on a client (e.g. volume of assets, information available through public databases, Internet, etc.);
- obtaining information on the source of funds or source of wealth of a client;
- obtaining information on the reasons for attempted or conducted transactions;
- increasing the frequency of your monitoring of higher-risk transactions, products, services and channels;
- gathering additional documentation, data or information, or taking additional steps to verify the documents you have obtained;
- establishing transaction limits;
- increasing internal controls for high-risk business relationships;
- obtaining the approval of senior management for products and services that are new for clients; or
- any other measures you deem appropriate.
4. Ongoing compliance training program
The development, implementation and maintenance of an ongoing compliance training program is required if you have employees, agents or other individuals authorized to act on your behalf. Individuals who deal with clients and/or transactions must be trained in relation to their function/duties within your business.
Your training program must be in writing, must be reviewed and kept up to date. If you are a sole proprietor with no employees, agents or other individuals authorized to act on your behalf, you are not required to have a training program in place for yourself. However, you must still be able to demonstrate that you have all the other required elements of a compliance program.
All those authorized to act on your behalf need to be trained in relation to their specific duties/function that they are performing, so they understand:
- your obligations, as a reporting entity under the PCMLTFA and associated Regulations;
- how your business or profession could be vulnerable to ML/TF activities;
- the business's policies and procedures stemming from your obligations under the PCMLTFA and associated Regulations; and
- their roles in detecting and deterring ML/TF activities – these can range from day to day tasks to high-risk situations.
Who do I need to provide training to?
Your training program should be delivered and tailored to people who:
- have contact with clients such as front line staff or agents;
- are involved in client transaction activities;
- handle cash or funds in any way; and
- are responsible for implementing or overseeing the compliance program (such as senior management, information technology staff or internal auditors).
What do I need to provide training on?
At a minimum, FINTRAC expects that your training program will include:
- ML/TF concepts, and some background information on ML/TF in relation to your business, e.g. definitions of ML/TF, why criminals choose to launder money and how the process for ML/TF usually works.
- Helpful resources could include: FATF's Methods and Trends Publications.
- Your compliance policies and procedures for preventing and detecting ML/TF, including your reporting, client identification, know-your-client, and record keeping obligations.
- The responsibilities of your employees, agents or anyone else acting on your behalf when dealing with suspicious activities or transactions.
Your training materials should include examples of how your particular type of business could be used to launder illicit funds or fund terrorist activity. This should help with the identification of suspicious transactions and may provide you some assurance that your services are not being abused for ML/TF purposes.
Does my training have to be delivered in writing?
While your training program has to be documented, the method used to deliver your training does not have to be in writing. For example, you could deliver your training program using a software, information sessions, face-to-face meetings, attending conferences, etc. However, it is a requirement that you document the following elements in writing:
- who needs to be trained;
- what type of training is required and the topics covered;
- how training is provided;
- how often training is needed (timing and frequency, e.g. before handling transactions and yearly thereafter); and
- documentation showing that the training has taken place.
During an examination, FINTRAC may review the documentation you have in relation to your training program and may conduct interviews to assess the effectiveness of your training program, i.e. your staff's understanding of your policies and procedures, their knowledge of ML/TF activities in relation to your business, etc.
What training method should I use?
The method of training you choose (such as formal, on-the-job, external, etc.) will depend on the complexity and size of your business, but it is ultimately up to you to determine the method that is most suitable. For example, a business with hundreds of branches and thousands of employees will have different training needs than a business that has one location and two employees.
5. Two-year effectiveness review
A two-year effectiveness review is an evaluation that is conducted every two years (at a minimum) to test the effectiveness of the elements of your compliance program: policies and procedures, risk assessment and ongoing training program. The review must be started no later than 24 months from the start of the previous review and completed prior to the start of the next review.
The review must be designed to allow for the identification and documentation of any gaps and weaknesses within your compliance program to ensure that your business is effectively detecting and preventing ML/TF.
In the case of your policies and procedures and ongoing training program, a review is required to assess that you are effectively meeting your requirements under the PCMLTFA and associated Regulations.
In the case of your risk assessment, a review is required to determine whether your risk assessment is effective at identifying and mitigating the risks of ML/TF as it relates to the clients, affiliates, products, services, delivery channels and geographic locations where you do business.
The methods and scope used to test the effectiveness of your compliance program will depend on the nature, size and complexity of your business and must be documented as part of your review. The review should consider the completeness of all the components of your compliance program in addition to their effectiveness.
The findings, frequency and timing of your review must be sufficiently documented and identify the root cause of the deficiencies identified by your review, if any. If changes are necessary and could impact your compliance policies and procedures, risk assessment or training program (such as changes to your business model or the introduction of new products or services) you should ensure that all your compliance documents are up to date before your next planned review.
If your business is regulated at the federal or provincial level, your review may be triggered by requirements determined by your regulator.
When conducting the review, you will have to determine the design and application of testing and sampling as part of your methods.
Examples of what can be included in your review:
- Interviews with those handling transactions to evaluate their knowledge of your policies and procedures and related record keeping, client identification and reporting obligations.
- A review of your criteria and process for identifying and reporting suspicious transactions.
- A sample of your account opening records followed by a review to ensure that your client identification policies and procedures are being followed.
- A sample of large cash transactions followed by a review of the reporting of these transactions.
- A sample of electronic funds transfers followed by a review of the reporting of these transactions.
- A sample of your clients followed by a review to see if the risk assessment was applied correctly.
- A sample of your clients followed by a review to see if the frequency of your ongoing monitoring is adequate.
- A sample of high-risk clients followed by a review to ensure that enhanced mitigation measures were taken.
- A review of a sample of your records to ensure proper record keeping procedures are being followed.
- A review of your risk assessment to ensure it reflects your current operations.
- A review of your policies and procedures to ensure they are up-to-date with the current legislative requirements.
Who should conduct the review?
Your internal or external auditor must conduct the review. However, if you do not have such an auditor, you can conduct your own review, which should be done by an individual who is not directly involved in your compliance program activities, and who has an adequate working knowledge of your obligations under the PCMLTFA and its associated Regulations. Your documentation should also specify who conducted the review.
The effectiveness review must address whether your policies and procedures, risk assessment and training program are effective, and whether your practices comply with legislative and regulatory requirements, no matter who performs it.
Reporting your review results
For entities, the following must be reported in writing to a senior officer no later than 30 days after the completion of the review:
- the findings of the review (e.g. deficiencies identified, planned corrective actions, an implementation timeline, etc.);
- any updates that were made to your policies and procedures during the reporting period; and
- the status of the implementation of the updates made to your policies and procedures.
- Administrative monetary penalties (AMPs)
Civil penalties that may be issued to reporting entities by FINTRAC for non-compliance with the PCMLTFA and related regulations. (pénalité administrative pécuniaire [PAP])
An entity is affiliated with another entity if one of them is wholly owned by the other, if both are wholly owned by the same entity or if their financial statements are consolidated. (entité du même groupe)
- As soon as practicable
A time period that falls in-between immediately and as soon as possible within which a suspicious transaction report (STR) be submitted to FINTRAC. In this context, the report must be completed promptly, taking into account the facts and circumstances of the situation. While some amount of delay is permitted, it must have a reasonable explanation. The completion and submission of the report should take priority over other tasks. (aussitôt que possible)
- Attempted transaction
Occurs when an individual initiates a transaction and it does not result in the movement of funds or purchase or sale of an asset because the transaction is not completed. For example, a potential client walks away from conducting a $10,000 cash deposit because they do not want to provide their identification. (opération tentée)
In respect of a government-issued photo identification document that is used to verify identity, is genuine and has the character of an original, credible, and reliable document issued by the competent authority (federal, provincial, territorial government). (authentique)
- Beneficial Owner(s)
Beneficial owners are the actual individuals who are the trustees, and known beneficiaries and settlors of a trust, or who directly or indirectly own or control 25% or more i) of a corporation or ii) an entity other than a corporation or trust, such as a partnership. The ultimate beneficial owner(s) cannot be another corporation or entity; it must be the actual individual(s) who are the owners or controllers of the entity. (bénéficiaire effectif)
A beneficiary is the individual or entity who will ultimately benefit from a transaction and be the final recipient of the funds. (bénéficiaire)
A branch is a part of your own business at a distinct location other than your main office. (succursale)
- Certified translator
An individual that holds the title of professional certified translator granted by a Canadian provincial or territorial association or body competent under Canadian provincial or territorial law to issue such certification. (traducteur agréé)
- Clarification request
A clarification request is a method used to communicate with money services businesses when FINTRAC needs more information about their registration form. This request is usually sent by email. (demande de précisions)
A person or entity that engages in financial transactions through your business. (client)
- Competent authority
Any person or organization that has the legally delegated or invested authority, capacity, or power to issue criminal record checks. (autorité compétente)
- Completed transaction
Is a transaction initiated by a person or entity that results in the movement of funds or purchase or sale of an asset. (opération effectuée)
- Compliance officer
The individual, with the necessary authority, you appoint to be responsible for the implementation of your compliance program. (agent de conformité)
- Compliance policies and procedures
Written methodology outlining all of your obligations applicable to your business under the PCMLTFA and its associated Regulations and the corresponding processes and controls you have put in place to address your obligations. (politiques et procédures de conformité)
- Compliance program
All elements (compliance officer, policies and procedures, risk assessment, training program, effectiveness review) that you, as a reporting entity, are legally required to have under the PCMLTFA and its associated Regulations to ensure that you meet all of your reporting, record keeping, client identification, and know-your-client requirements. (programme de conformité)
Clarifies a set of circumstances or provides an explanation of a situation or financial transaction that can be understood and assessed. (contexte)
- Country of residence
The country where an individual has lived continuously for 12 months or more. The individual must have a dwelling in the country concerned. For greater certainty, a person only has one country of residence no matter how many dwelling places they may have, inside or outside of that country. (pays de résidence)
- Credit card acquiring business
A credit card acquiring business is a financial entity that has an agreement with a merchant to provide the following services:
- enabling a merchant to accept credit card payments by cardholders for goods and services and to receive payment for credit card purchases;
- processing services, payment settlements and providing point-of-sale equipment (such as computer terminals); and
- providing other ancillary services to the merchant.
In respect of a document or source of information that is used to verify identity, is up to date, and, in the case of a government-issued photo identification document, must not have been expired when the ID was verified. (à jour)
- Directing Services
The services offered by the person or entity take into consideration a Canadian audience (for example, needs, customs, wealth, laws, etc.). (diriger des services)
With respect to a financial transaction, the disposition is what the funds were used for. For example, an individual arrives at a bank with cash and purchases a bank draft. The disposition is the purchase of the bank draft. (répartition de fonds)
- Electronic funds transfer (EFT)
An electronic funds transfer (money transfer) means the transmission of instructions, for the transfer of funds, to or from Canada. An electronic funds transfer does not include the instructions for the transfer of funds from one place in Canada to another in Canada. (télévirement)
Can be a corporation, trust, partnership, fund, or an unincorporated association or organization. (entité)
Actual events, actions, occurrences or elements that exist or are known to have happened or existed. Facts are not opinions. For example, facts surrounding a transaction or multiple transactions could include the date, time, location, amount or type of transaction or could include the account details, particular business lines, or the client’s financial history. (faits)
- Financial account
Refers to deposit, credit card or other loan accounts held by a financial entity. This does not include investment accounts such as Registered Retirement Savings Plans (RRSPs). (compte financier)
- Financial entity
A financial entity includes:
- a bank that is regulated by the Bank Act;
- an authorized foreign bank, as defined in section 2 of that Act, in respect of its business in Canada;
- a cooperative credit society, savings and credit union or caisse populaire that is regulated by a provincial Act;
- an association that is regulated by the Cooperative Credit Associations Act;
- a financial services cooperative, a credit union central, a company that is regulated by the Trust and Loan Companies Act;
- a trust company or loan company that is regulated by a provincial Act; and
- a department or an entity that is an agent or mandatary of Her Majesty in right of Canada or of a province when it is carrying out an activity referred to in section 45 of the PCMLTFR.
- Financial transaction
A financial transaction can indicate one or more instances of an attempted or completed movement of funds or purchase or sale of an asset. (opération financière)
- Individual or person
A human being. (individu ou personne)
- Institutional trust
An institutional trust is a trust that is established by a corporation, partnership or other entity for a particular business purpose and includes pension plan trusts, pension master trusts, supplemental pension plan trusts, mutual fund trusts, pooled fund trusts, registered retirement savings plan trusts, registered retirement income fund trusts, registered education savings plan trusts, group registered retirement savings plan trusts, deferred profit sharing plan trusts, employee profit sharing plan trusts, retirement compensation arrangement trusts, employee savings plan trusts, health and welfare trusts, unemployment benefit plan trusts, foreign insurance company trusts, foreign reinsurance trusts, reinsurance trusts, real estate investment trusts, environmental trusts and trusts established in respect of endowments, foundations and registered charities. (fiducie institutionnelle)
- Inter vivos trust
Also known as a living trust, this is a trust that is not created by a will. This type of trust is established by a living individual for the benefit of another individual, such as a trust created by a parent for a child. Its assets can be distributed to the beneficiary during or after a settlor’s lifetime. (fiducie entre vifs)
- Listed person
A listed person means anyone on a list published in the Schedule of the Regulations Implementing the United Nations Resolutions on the Suppression of Terrorism issued under the United Nations Act.
A listed person includes an individual, a corporation, a trust, a partnership or fund or an unincorporated association or organization that is believed to:
- have carried out, attempted to carry out, participated in or facilitated a terrorist activity; or
- be controlled directly or indirectly by, be acting on behalf of, at the direction of, or in association with any individual or entity conducting any of the above activities.
- Marketing or Advertising
The person or entity uses promotional materials such as advertisements, graphics for websites or billboards, etc., with the intent to promote services and to acquire business from persons or entities in Canada. (marketing ou publicité)
- Minute book
A record that contains the corporate documents of a company. It can include documents such as the articles of incorporation, general operating by-laws, first director resolution, registers, forms, share certificates and minutes of shareholders and directors meetings. (registre des procès-verbaux)
- Money laundering and terrorist financing indicators (ML/TF indicators)
Potential red flags that could initiate suspicion or indicate that something may be unusual in the absence of a reasonable explanation. [Indicateurs de blanchiment d’argent (BA) et de financement du terrorisme (FT) (indicateurs de BA/FT)]
- Money laundering offence
Means an offence under subsection 462.31(1) of the Criminal Code. The United Nations defines money laundering as "any act or attempted act to disguise the source of money or assets derived from criminal activity." Essentially, money laundering is the process whereby "dirty money"— produced through criminal activity— is transformed into "clean money," the criminal origin of which is difficult to trace. (infraction de recyclage des produits de la criminalité [blanchiment d’argent])
- Money services business agent
An individual or organization authorized to deliver services on behalf of a money services business (MSB). It is not an MSB branch. (mandataire d’une entreprise de services monétaires)
- No apparent reason
There is no clear explanation to account for suspicious behaviour or information. (sans raison apparente)
The job or profession of a client. (profession ou métier)
In regards to completing a suspicious transaction report (STR), the likelihood that a transaction may be related to a money laundering/terrorist financing (ML/TF) offence. For example, based on your assessment of facts, context and ML/TF indicators you have reasonable grounds to suspect that a transaction is possibly related to the commission or attempted commission of an ML/TF offence. (possibilité)
- Principal business
The nature of the primary business of an entity. (entreprise principale)
The likelihood in regards to completing an suspicious transaction report (STR) that a financial transaction is related to a money laundering/terrorist financing (ML/TF) offence. For example, based on facts you have reasonable grounds to believe that a transaction is probably related to the commission or attempted commission of an ML/TF offence. (probabilité)
- Production order
A judicial order that compels a person or entity to disclose records to peace officers or public officers. (ordonnance de communication)
- Public body
- any department or agent or mandatary of Her Majesty in right of Canada or of a province;
- an incorporated city or town, village, metropolitan authority, township, district, county, rural municipality or other incorporated municipal body in Canada or an agent or mandatary in Canada of any of them; and
- an organization that operates a public hospital and that is designated by the Minister of National Revenue as a hospital authority under the Excise Tax Act, or an agent or mandatary of such an organization.
- Reasonable measures
Reasonable measures means that you must take steps to collect certain information, even if taking those steps did not result in the desired information being obtained. For example, this can include doing one or more of the following:
- asking the client,
- conducting open source searches, or
- consulting commercially available information.
In respect of information that is used to verify identity, means that the source is well known, reputable, and is considered one that you trust to verify the identity of the client. (fiable)
- Representative for service
An individual in Canada that has been appointed by a person or entity that is a foreign money services business (FMSB), pursuant to the PCMLTFA, to receive notices and documents on behalf of the FMSB. (représentant du service)
- Risk Assessment
Is an analysis and an application of policies and procedures of potential risks and vulnerabilities that could expose your business to money laundering/terrorist financing (ML/TF) activities. (évaluation des risques)
- Senior officer
A senior officer of an organization can be:
- a director who is also a full time employee;
- a chief executive officer, chief operating officer, president, secretary treasurer, controller, chief financial officer, chief accountant, chief auditor or chief actuary, or any individual who performs these similar duties; or
- any other officer who reports directly to the board of directors, chief executive officer or chief operating officer.
- Service agreement
With respect to money services businesses (MSBs), an agreement between you and another organization for you to provide them with any of the following MSB services on an ongoing basis:
- money transfers;
- foreign currency exchange; or
- issuing or redeeming money orders, traveller's cheques or anything similar.
A settlor is an individual or entity that creates a trust with a written trust declaration. The settlor ensures that legal responsibility for the trust is then given to a trustee and that the trustee is provided with a trust instrument document that explains how the trust is to be used for the beneficiaries. A settlor includes any individual or entity that contributes financially to that trust, either directly or indirectly. (constituant)
The issuer or provider of information or documents for verifying identification. (source)
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) network is a global member-owned cooperative and an international provider of secure financial messaging services. (SWIFT)
- Terrorist activity financing offence
A terrorist financing offence is knowingly collecting or giving property (such as money) to carry out terrorist activities. This includes the use and possession of any property to help carry out the terrorist activities. The money earned for terrorist financing can be from legal sources, such as personal donations and profits from a business or charitable organization or from criminal sources, such as the drug trade, the smuggling of weapons and other goods, fraud, kidnapping and extortion.(infraction de financement des activités terroristes)
- Third party
Any individual or entity that instructs someone to act on their behalf for a financial activity or transaction. (tiers)
- Training program
A written and implemented program outlining the ongoing training for your employees, agents or other individuals authorized to act on your behalf about all your obligations and requirements to be fulfilled under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and its associated Regulations. (programme de formation)
A right of property held by one individual or entity (a trustee) for the benefit of another individual or entity (a beneficiary). (fiducie)
A trustee is the individual or entity authorized to hold or administer the assets of a trust. (fiduciaire)
In the context of civil law, a person who has been lawfully appointed to the care of the person and property of a minor. (tuteur)
- Two year effectiveness review
A review, conducted every two years (at a minimum), by an internal or external auditor to test the effectiveness of your policies and procedures, risk assessment, and training program. (examen bisannuel de l'efficacité)
In respect of a document or information that is used to verify identity, appears legitimate or authentic and does not appear to have been altered or had any information redacted. The information must also be valid according to the issuer, for example if a passport is invalid because of a name change, it is not valid for FINTRAC purposes. (valide)
- Verify client identity
To refer to certain information or documentation to identify a client and ensure that their information matches what you know about them. (vérifier l’identité d’un client)
- Very large corporation
Very large corporation has minimum net assets of $75 million CAD on its last audited balance sheet. The corporation's shares have to be traded on a Canadian stock exchange or on a stock exchange outside Canada that is designated by the Minister of Finance. The corporation also has to operate in a country that is a member of the Financial Action Task Force (FATF). (personne morale dont l’actif est très important)
- Working days
A working day is a day between and including Monday to Friday. It excludes Saturday, Sunday, and a public holiday. (jour ouvrable)
- Date Modified: