FINTRAC Policy Interpretations

Ongoing Monitoring

Life insurance – ongoing monitoring of low risk clients

Question:

Is there a way to discharge the ongoing monitoring of low risk clients?

Answer:

Pursuant to section 123.1 of the PCMLTFR, ongoing monitoring means monitoring on a periodic basis, based on an assessment of the risk referred to in subsection 9.6(2) of the Act, that is undertaken in accordance with paragraph 156(1)(c), by a person or entity of their business relationship with a client for the purpose of:

  • (a)   detecting any transactions that are required to be reported in accordance with section 7 of the Act;
  • (b)   keeping client identification information and the information referred to in sections 138 and 145 up to date;
  • (c)   reassessing the level of risk associated with the client’s transactions and activities; and
  • (d)   determining whether transactions or activities are consistent with the information obtained about their client, including the risk assessment of the client.

A life insurance company’s compliance program policies and procedures must outline how it will conduct ongoing monitoring of its business relationships. How often it conducts this periodic review will be determined as a result of where its clients are placed in its risk assessment. While clients identified as posing a low risk may require less frequent monitoring, this cannot be never. As such, the obligation to keep client identification information up to date cannot be discharged for low risk clients.

That said, as part of a life insurance company’s policies and procedures it could outline that one part of its process for ongoing monitoring will be having clients assessed as low risk sign a statement to the effect that they will inform the life insurance company whenever there are changes to their client identification information. However, the life insurance company’s policies and procedures for ongoing monitoring must also outline the process it will follow to update information where it encounters an element of client identification information that is out of date (e.g. mailed statements being returned indicating an incorrect address). This could be a trigger, as outlined in its policies and procedures, requiring it to update this information. If the client is unwilling or reluctant to provide the updated information or avoids contact with the life insurance company, then this should be considered as part of its risk assessment of that client. 

Please note that updating client identification information could be completed as part of a life insurance company’s other ongoing monitoring activities, such as when it reviews transactional activity. For instance, the life insurance company might ask the client to confirm the information it has on record periodically through its interactions with the client and any updates could be recorded as part of any file the life insurance company maintains on that client.

Date answered: 2020-10-01

Answer updated on: 2021-08-20

PI Number: PI-11077

Activity Sector(s): Life insurance

Obligation(s): Ongoing Monitoring

Guidance: Ongoing monitoring requirements

Regulations: 123.1

Ongoing Monitoring - triggers vs. schedule

Question:

The guidance doesn’t specifically say how often we’re supposed to be doing ongoing monitoring, or on what schedule. Does it have to be on a specific schedule?

In our business, it makes more sense to put in place a system that makes us consider each part of ongoing monitoring at different times, based on certain triggering events or activities. For example, it doesn’t makes sense for us to update client identification information every time the client conducts a transaction with us, but every transaction is checked against the what we know about the client to see if we have to reassess their risk, and is considered for suspicious transaction reporting purposes.

Are we allowed to use triggers or alerts to determine when we should be considering each part of ongoing monitoring? Can these be different triggers for different reasons, at different points during the business relationship?

Answer:

As per section 123.1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), "a person or entity referred to in section 5 of the Act that enters into a business relationship with a client shall periodically conduct, based on a risk assessment referred to in subsection 9.6(2) of the Act that is undertaken in accordance with paragraph 156(1)(c) of these Regulations, ongoing monitoring of that business relationship for the purpose of

  • (a) detecting any transactions that are required to be reported in accordance with section 7 of the Act;
  • (b) keeping client identification information and the information referred to in sections 138 and 145 of these Regulations up to date;
  • (c) reassessing the level of risk associated with the client’s transactions and activities; and
  • (d) determining whether transactions or activities are consistent with the information obtained about their client, including the risk assessment of the client."

A record must be kept of the measures taken for ongoing monitoring and the information obtained as a result of the ongoing monitoring of the business relationship per subsection 146(1). The record for the measures taken can be part of your overall policies and procedures. However, if you use a different monitoring process, other than what is documented in the policies and procedures, you have to record these measures separately.

Any information obtained as a result of ongoing monitoring will generate its own record associated with the client for which ongoing monitoring was conducted.

Because you must monitor business relationships periodically, based on the risk assessment of the business relationship, keeping in mind the purpose of ongoing monitoring, periodic cannot be never.

The PCMLTFA and its associated Regulations do not, however, specify how to fulfill the ongoing monitoring requirements. While the ongoing monitoring process can be based on a set schedule, it can also be a process that relies on transactions, alerts or triggering events that signify when each element of the definition must occur. For example, you could have a system in place that relies on specific alerts or triggering events to signify when to assess a transaction to determine if an STR should be submitted to FINTRAC. The same type of triggering system may also work to identify when you need to reassess client risk and determine if their activities remain consistent with what is known about that client.

It is also possible to rely on a system of alerts or triggers to fulfil the requirements related to keeping client identification information, beneficial ownership information and the purpose and intended nature of the business relationship up to date. For example, it is possible for client identification information to be updated every time the client requests a new product or service, enters a branch, opens an account, or is queried as part of an online process, etc.

The use of this type of process, that relies on trigger events/alerts and allows ongoing monitoring to occur outside of a set frequency or schedule, would meet the requirement to conduct ongoing monitoring of a business relationship on a periodic basis.

Whether the process is based on a schedule, alerts, or triggering events, it must be comprehensive enough to address ALL four elements of ongoing monitoring for all of your business relationships. For example, if you are relying on triggers to keep client identification information up to date, you will be assessed on the comprehensive and consistent nature of these triggers across all business lines and how effective they are at prompting you to keep client identification information up to date. In the event that lower risk clients are not conducting any of the triggering activities that would prompt you to update client identification information, you are required to have a process in place to ensure that you update client identification information at some point within the duration of the business relationship.

Furthermore, it should be noted that if you consider there is a high risk of a money laundering or terrorist activity financing offence, then as per section 157 of the PCMLTFR you must take special measures to mitigate the risks identified. These measures include: keeping client identification information and beneficial ownership information up to date, conducting ongoing monitoring more frequently, and taking any other enhanced measure to mitigate the risks.

During an assessment, FINTRAC will look at overall ongoing monitoring processes to assess whether they are effective, provide adequate coverage, and are aligned with your risk-based approach. We will apply reasonability for lower risk clients that pose little risk of a money laundering offence or a terrorist activity financing offence, as long as you can demonstrate that your policies and procedures adequately capture how you monitor low-risk clients and that procedures cover and are effective across all of your business lines.

It is worth noting that the requirement to update client identification information does not require that you re-identify the client in accordance with the methods to ascertain identity; only that client identification information is to be kept up to date. The PCMLTFA and its associated Regulations do not specify the elements of client identification information that must be updated, but the elements that you update should be identified in your policies and procedures and need to support what is required for your documented risk-based approach.

For all elements of the ongoing monitoring requirement, the measures in place must be sufficiently comprehensive and provide coverage across all business lines, products and services to ensure that monitoring will occur for all clients.

Date answered: 2018-05-01

Answer updated on: 2021-08-20

PI Number: PI-8446

Activity Sector(s): Accountants, British Columbia notaries, Casinos, Dealers in precious metals and stones, Financial entities, Life insurance, Money services businesses, Real estate, Securities dealers

Obligation(s): Ongoing Monitoring

Guidance: Ongoing monitoring requirements

Regulations: 123.1, 146(1)

Date Modified: