Guide on harm done assessment for record keeping violations

Table of contents

  1. Introduction
  2. Violations related to keeping prescribed records
  3. Violations related to the retention period for prescribed records
  4. Violation related to the requirement to provide a record to an authorized person
  5. Repeated instances of a given violation

1. Introduction

This page presents how we assess the harm done and calculate the base penalty amount applied to record keeping violations.

1.1 Purpose of the guide

This guide presents how FINTRAC approaches the harm done criterion and the base penalty amount for violations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the Act) and its regulations. According to section 73.11 of the Act, FINTRAC must consider the harm done by a violation, that the purpose of an administrative monetary penalty (AMP) is to encourage compliance rather than to punish, and all other criteria prescribed in the regulations, including a reporting entity's (RE) history of compliance, when determining the amount of a penalty. Considerations for the non-punitive nature of an AMP and an REs' compliance history are assessed in another step in the penalty calculation and are outlined separately in FINTRAC's AMP policy.

1.2 Definition of harm

FINTRAC defines "harm" as the degree to which a violation interferes with achieving the objectives of the ActFootnote 1 or with FINTRAC's ability to carry out its mandateFootnote 2. Therefore, the consequences of non-compliance, when an AMP is imposed, are linked to its effects on Canada's efforts to combat money laundering and terrorist activity financing (ML/TF).

Compliance enforcement activities are undertaken to prevent and correct the harm that comes from non-compliance with the Act and regulations. REs' adherence to requirements such as record keeping and verifying client identity assists in the deterrence of ML/TF and supports investigations and criminal prosecutions. The requirements related to reporting ensure that FINTRAC is supplied with the high-quality, timely financial transaction reports it needs to produce the financial intelligence that helps with the investigation and prosecution of ML/TF offences.

1.3 Considering harm in AMP Calculations

When determining a penalty, FINTRAC considers the harm caused, that is, the degree to which the non-compliance interferes with the purpose of the Act and/or with FINTRAC's mandate. Non-compliance and harm are measured using the standards described in this guide, which outline the benchmark amounts for the corresponding levels of harm for a specific violation. FINTRAC considers the specific circumstances of each case, including the extent of the non-compliance and mitigating factors, which may further reduce the actual amounts applied.

2. Violations related to keeping prescribed records

Record keeping violations directly affect the objective set out in subparagraph 3(a)(i) of the PCMLTFA. Record keeping requirements are important to Canada's anti-money laundering and anti-terrorist financing (AML/ATF) regime because they compel the preservation of the information that is needed to achieve the objectives of the PCMLTFA and FINTRAC's mandate. The information that is required to be kept serves to identify individuals and entities that own or control funds, or conduct, direct or are beneficiaries to transactions. The required information also helps clarify financial transactions and activities for the purposes of following the flow of funds (such as transaction amounts, dates, currency types, etc.); of understanding clients (such as the nature of their business, occupation, intended use of accounts, etc.); of identifying relationships (such as third party information); of providing evidence for law enforcement investigations and prosecutions, and complying with the legislation.

Records that businesses are required to keep serve many purposes for your business as an RE, law enforcement and FINTRAC. Records with missing, incomplete, incorrect or inadequate information may affect your ability to submit high-quality and timely transaction reports to FINTRAC and to conduct effective risk assessments. They may also interfere with law enforcement investigations, and with FINTRAC's ability to ensure compliance with the Act and its regulations.

The tables below list the violations related to record keeping requirements under the Act and its regulations.

2.1 Violations related to large cash transaction records

The table below sets out the violations related to the requirement to keep a large cash transaction record.

Table 1—Violations related to large cash transaction records
Provision of the Act Provision of the PCMLTFR Description Classification of violation
6 13 Failure to keep a large cash transaction record in respect of every amount in cash of $10,000 or more that is received from a client in the course of a single transaction Minor
$1-$1,000
6 18
6 22
6 29
6 33.2(2)
6 36(2)
6 39(2)
6 39.3
6 39.7(2)
6 41(1)
6 48
6 19(1) Failure of a life insurance company or life insurance broker or agent to keep a client information record in respect of every annuity or policy for which $10,000 or more is paid Minor
$1-$1,000

2.2 Violation related to records on the purpose and intended nature of business relationships

The table below sets out the violation related to the requirement to keep a record of the purpose and intended nature of a business relationship.

Table 2—Violation related to records on the purpose and intended nature of business relationships
Provision of the Act Provision of the PCMLTFR Description Classification of violation
6 52.1 Failure to keep a record of the purpose and intended nature of a business relationship Minor
$1-$1,000

2.3 Violations related to client identification information records

The table below sets out the violations related to the requirement to keep prescribed client identity information.

Table 3—Violations related to client identification information records
Provision of the Act Provision of the PCMLTFR Description Classification of violation
6 64.1(3) Failure to have entered into a written agreement or arrangement with an agent or mandatary, to obtain from them the information that the agent or mandatary referred to in order to ascertain a person's identity and the information that the agent or mandatary verified as being that of the person and to be satisfied that the information is valid and current and that the person's identity was ascertained in the prescribed manner Minor
$1-$1,000
6 64.2 Failure of a person or entity that is required to ascertain a person's identity to keep prescribed information Minor
$1-$1,000
6 65(3) Failure of a person or entity who ascertains information in respect of a corporation by referring to an electronic version of a record to keep a prescribed record Minor
$1-$1,000
6 65(4) Failure of a person or entity who ascertains information in respect of a corporation by referring to a paper copy of a record to retain the record or a copy of it Minor
$1-$1,000
6 66(3) Failure of a person or entity who ascertains information in respect of an entity by referring to an electronic version of a record to keep a prescribed record Minor
$1-$1,000
6 66(4) Failure of a person or entity who ascertains information in respect of an entity by referring to a paper copy of a record to retain the record or a copy of it Minor
$1-$1,000

2.4 Violations related to third party information records

The tables below set out the violations related to the requirement to keep a record of prescribed third party information.

Table 4—Violations related to third party information records
Provision of the Act Provision of the PCMLTFR Description Classification of violation
6 8(2) Failure to keep a record of prescribed information respecting third parties Minor
$1-$1,000
6 9(2) Failure to keep a record of prescribed information respecting third parties Minor
$1-$1,000
6 10(2) Failure to keep a record of prescribed information when it is determined that the client is acting on behalf of a third party Minor
$1-$1,000
6 44(2) Failure of a casino to keep a record of prescribed information when it is determined that the client is acting on behalf of a third party Minor
$1-$1,000
Table 5—Violations related to suspected third party information records
Provision of the Act Provision of the PCMLTFR Description Classification of violation
6 8(3) Failure to keep a record of prescribed information respecting suspected third parties Minor
$1-$1,000
6 9(3) Failure to keep a record of prescribed information in respect of suspected third parties Minor
$1-$1,000
6 10(3) Failure to keep a record of prescribed information when there are reasonable grounds to suspect that the client is acting on behalf of a third party Minor
$1-$1,000
6 44(3) Failure of a casino to keep a record of prescribed information when there are reasonable grounds to suspect that the client is acting on behalf of a third party Minor
$1-$1,000

2.5 Violation related to inter vivos trust information records

The table below sets out the violation related to the requirement to keep a record of prescribed information concerning inter vivos trusts.

Table 6—Violation related to inter vivos trust information records
Provision of the Act Provision of the PCMLTFR Description Classification of violation
6 11 Failure of a trust company to keep a record of prescribed information concerning inter vivos trusts Minor
$1-$1,000

2.6 Violation related to records on beneficial ownership information

The table below sets out the violation related to the requirement to keep a record of prescribed beneficial ownership information, including measures taken to confirm its accuracy.

Table 7—Violation related to records on beneficial ownership information
Provision of the Act Provision of the PCMLTFR Description Classification of violation
6 11.1(3) Failure to keep a record of the prescribed information and the measures taken to confirm its accuracy Minor
$1-$1,000

2.7 Violation related to records on not-for-profit entity determination

The table below sets out the violation related to the requirement to keep a record of the not-for-profit determination.

Table 8—Violation related to records on not-for-profit entity determination
Provision of the Act Provision of the PCMLTFR Description Classification of violation
6 11.1(5) Failure to determine whether a not-for-profit organization is a prescribed entity and to keep a record of the determination Minor
$1-$1,000

2.8 Violations related to records for politically exposed persons and heads of international organizations

The table below sets out the violations related to the requirement to keep records related to politically exposed persons and heads of international organizations.

Table 9—Violations related to records for politically exposed persons and heads of international organizations
Provision of the Act Provision of the PCMLTFR Description Classification of violation
6 14

Failure to keep prescribed records
(Note: for Sections 14 and 14.1, specific to 14(n), 14(o) and 14.1(g))

Minor
$1-$1,000
14.1
23
6 20.1 Failure of a life insurance company or life insurance broker or agent to keep a record of prescribed information when a transaction is reviewed Minor
$1-$1,000
6 31 Failure of a specified money services business to keep a record of prescribed information when a transaction is reviewed Minor
$1-$1,000

Please refer to FINTRAC's published guidance for more information on requirements related to politically-exposed persons and heads of international organizations.

2.9 Violations related to correspondent banking records

The table below sets out the violations related to the requirement to keep records related to correspondent banking.

Table 10—Violations related to correspondent banking records
Provision of the Act Provision of the PCMLTFR Description Classification of violation
9.4(1)(a) 15.1(1) and (2) Failure of a specified entity entering into a correspondent banking relationship with a prescribed foreign entity to keep a prescribed record Minor
$1-$1,000
9.4(1)(d) 15.1(1) Failure of a specified entity entering into a correspondent banking relationship with a prescribed foreign entity to set out in writing their obligations and those of the foreign entity in respect of the correspondent banking services Minor
$1-$1,000

2.10 Violations related to foreign branches or subsidiaries records

The table below sets out the violations related to the requirement to keep records related to foreign branches or subsidiaries.

Table 11—Violations related to foreign branches or subsidiaries records
Provision of the Act Provision of the PCMLTFR Description Classification of violation
9.7(4) N/A Failure to keep and retain a record of the fact that a foreign branch or foreign subsidiary cannot apply a policy and of the reasons why it cannot do so or to notify the Centre and the principal supervisory or regulating agency or body within a reasonable time Minor
$1-$1,000
11.44(2) N/A Failure to keep and retain a record of the fact that a foreign branch or foreign subsidiary cannot comply with a ministerial directive and of the reasons why it cannot do so or to notify the Centre and the principal supervisory or regulating agency or body within a reasonable time Serious
$1-$100,000

2.11 Violations related to keeping a copy of a report submitted to FINTRAC

The table below sets out the violations related to the requirement to keep a record of a prescribed report.

Table 12—Violations related to keeping a copy of a report submitted to FINTRAC
Provision of the Act Provision of the PCMLTFR Description Classification of violation
6 43 Failure to keep prescribed records
(Note: specific to 43(g) for casino disbursement reports)
Minor
$1-$1,000
6 12.1 (STR RegulationsFootnote 3) Failure of a person or entity to keep a copy of a report submitted to the Centre Minor
$1-$1,000

2.12 Violations related to other prescribed records

The table below sets out the violations related to the requirement to keep records other than those listed above that are required to be kept under the Act and its regulations.

Table 13—Violations related to other prescribed records
Provision of the Act Provision of the PCMLTFR Description Classification of Violation
6 14 Failure to keep prescribed records Minor
$1-$1,000
6 14.1
6 15
9.4(1)(a) 15.1(1) and (2)
6 20
6 30
6 32
6 33.2(1)
6 36(1)
6 39(1)
6 39.7(1)
6 43
6 49

2.13 Harm done in the case of violations related to keeping prescribed records

Accurate and complete record keeping is fundamental to the detection, prevention, deterrence, investigation and prosecution of ML/TF offences. Without the prescribed records, REs and government agencies would not be able to identify the individual or entity that owns or controls the funds, or conducts, directs or is a beneficiary of the financial transactions. Information could be lacking on individuals or entities involved in the financial transactions, on their relationships, and on the flow of funds. Failing to comply with record keeping requirements could lead to being non-compliant with transaction reporting requirements and having inadequate risk assessments. This could result in FINTRAC missing key information for its analysis. This could also lead to situations where law enforcement would not be able to collect critical evidence in their investigations and prosecutions of ML/TF offences.

When a record is not kept, or if the information contained in a record is missing, unclear, incomplete or inaccurate, REs, FINTRAC and law enforcement agencies may be prevented from performing their functions effectively and contributing to the objectives of the PCMLTFA.

2.14 Penalty determination for violations related to keeping prescribed records

The Proceeds of Crime (Money Laundering) and Terrorist Activity Financing Administrative Monetary Penalties Regulations (AMP Regulations) allow a penalty ranging from $1 to $1,000 for violations related to record keeping.

FINTRAC has identified four levels of harm related to these violations by considering the intended purpose of the information that must be kept and the consequences of not complying with the requirements on Canada's AML/ATF regime. Levels of harm are also based on our ability to use the information to identify individuals, entities, transactions and the flow of funds, to understand ML/TF risks, and to ensure compliance as described below. The penalty range of $1 to $1,000 is divided into four even intervals. Each level of harm incurs a maximum penalty of either: $1,000, $750, $500 or $250.

The highest level of harm (Level 1), which incurs a penalty of $1,000, is for violations that would have the greatest negative impact on the achievement of the objectives of the PCMLTFA and on FINTRAC's mandate. The lowest of the four levels of harm (Level 4) incurs a penalty of $250. Penalty amounts may be reduced if there are mitigating factors. All factors that may reduce a penalty will be considered, potentially lowering the penalty to the $1 minimum set out in the AMP Regulations.

The information that must be kept under the Act and its regulations can serve one or more purposes. Therefore, non-compliance with one record keeping requirement can cause various harm to the achievement of the objectives of the Act and FINTRAC's mandate. The table below lists the levels of harm, the types of non-compliance and the descriptions of harm along with their corresponding penalty.

Table 14—Levels of harm and penalties for violations related to keeping prescribed records
Level of harm Type of non-compliance Description of harm Penalty (not considering mitigating factors)
Level 1 Information that identifies individuals or entities that conduct, own, direct, control or benefit from funds and transactions; OR information that identifies the flow of funds/transactions is non-compliant Prevents the identification of individuals or entities that conduct, own, direct, control, or benefit from funds or financial transactions; OR prevents FINTRAC from identifying the flow of funds/transactions $1,000
Level 2 Information that identifies relationships or other parties to a transaction is non-compliant Prevents the identification of relationships $750
Level 3 Information that can be used to assess ML/TF risks posed by individuals and entities is non-compliant Prevents the understanding of an individual or entity, including the expected activity, in order to assess ML/TF risk $500
Level 4 Information to ensure compliance and efficiency in use of records is non-compliant Reduces the ability to analyze or use the information for risk assessment, intelligence, compliance and investigation purposes in a timely manner $250

2.14.1 Level 1 harm: Information that identifies individuals/entities or the flow of funds/transactions is non-compliant

When there is no information on the flow of funds or transactions, it is not possible to pursue ML/TF offences. Those who are responsible for these offences must be held accountable or prevented from committing the crime, so it is equally important to have the information identifying the individuals and entities that conduct, own, direct, control, or benefit from the funds or transactions.

The records that are required for purposes of identifying individuals and entities, transactions and the flow of funds may be the only proof that a transaction was conducted and may be the only way to confirm the involvement of individuals and entities. Without this information, there can be no meaningful risk assessment, no transaction reporting, no analysis, and no investigation and prosecution. If the record is insufficient for use by law enforcement as evidence, the investigation or prosecution of an ML/TF offence may be dropped. Because this poses the highest level of harm, when records that contain information identifying individuals, entities or transactions are not kept, or if the information in the records is unclear, incomplete or inaccurate, the penalty is determined at the maximum of $1,000 per record.

2.14.2 Level 2 harm: Information that identifies relationships or other parties to a transaction is non-compliant

The information that identifies the relationships between the individuals and entities that conduct, own, direct, control, or benefit from the funds or transactions can be used for risk assessment, transaction reporting, analysis, and investigations and prosecutions of ML/TF offences. This information indicates to FINTRAC the type and level of involvement of individuals and entities in transactions and is used to prioritize analysis work. When relationship information is missing, FINTRAC's ability to follow the flow of funds can be significantly limited. When the information that serves to identify relationships is not kept, or when the information is unclear, incomplete or inaccurate to the point of being useless, the penalty is $750 per record.

2.14.3 Level 3 harm: Information that can be used to assess ML/TF risks posed by individuals/entities is non-compliant

The Act and its regulations require that information on the background of individuals and entities be kept on record. This information helps understand individuals or entities by supplementing identity information, transaction and relationship information. It gives REs more in-depth knowledge of clients which lets them conduct comprehensive assessments of ML/TF risks that go beyond the client identity, transaction and relationship information that must be kept. While this information may not be required in prescribed transaction reports (Large Cash Transaction Reports, Electronic Funds Transfer Reports, Casino Disbursement Reports), it may support the detection of suspicious transactions that must be reported to FINTRAC, or the identification of activities and areas of higher risk that require enhanced monitoring. If a suspicious transaction report (STR) is submitted, this information could form part of the grounds for suspicion, be included in the report, analyzed by FINTRAC, and disclosed to law enforcement. Therefore, when a record containing this information is not kept, or when the information is unclear, incomplete or inaccurate to the point of being useless, the penalty is $500 per record.

2.14.4 Level 4 harm: Information to ensure compliance and the efficient use of records is non-compliant

Certain records are used to verify compliance or to enhance efficiency. They may help support law enforcement investigations, but are not critical for risk assessment or financial analysis. For example, the requirement to record a date could confirm that an RE has carried out a regulatory requirement within the prescribed period. Although this type of information is not critical, it is useful to assess compliance and consequently, the penalty for non-compliance is $250 per record.

2.15 Mitigating factors

In all the cases described above, mitigating factors will be considered and may reduce the penalty. For example, a financial entity that opens an account is required to keep a signature card for each account holder. Failure to keep a signature card poses harm at the highest level (Level 1) because the information that identifies a person is non-compliant. The penalty is $1,000 in this case. However, if the non-compliance is discovered and corrected before transactions are conducted, the penalty could be reduced to $250 (consistent with Level 4), if, considering the circumstances, the non-compliance's only impact is to the use of the record (or the information) for its intended purpose.

2.16 Non-compliance in the case of records that serve more than one purpose

Most of the required records can be useful for more than one of the purposes described above. For this reason, when determining the penalty amount for non-compliant record keeping that results in more than one level of harm, the penalty is determined at the amount corresponding to the highest level of harm. When assessing the level of harm and determining a penalty, FINTRAC takes the entire record into consideration.

3. Violations related to the retention period for prescribed records

The table below sets out the violations related to the retention period for prescribed records.

Table 15—Violations related to the retention period for prescribed records
Provision of the Act Provision of the PCMLTFR Description Classification of violation
6 69(1) Failure of a person or entity that is required to obtain, keep or create records to retain those records for a period of at least five years Minor
$1-$1,000
6 12.3(1) (STR RegulationsFootnote 4) Failure of a person or entity to keep a copy of a prescribed report for the prescribed period Minor
$1-$1,000

3.1 Harm done in the case of violations related to the retention period for prescribed records

Accurate and complete records are fundamental when it comes to supporting the detection, deterrence and prevention of ML/TF offences. Therefore, records must be available when required to assess compliance, or in support of investigations and prosecutions of ML/TF offences. Not keeping a record for the prescribed retention period poses the same harm as not having kept the record at all. If records are not retained for the required five-year period, they cannot be accessed to conduct risk assessments, reporting and to ensure compliance. Most importantly, missing records may impact law enforcement investigations of ML/TF offences negatively due to lack of evidence.

3.2 Penalty determination for violations related to the retention period for prescribed records

Since not keeping a record for the required five years poses the same harm as not keeping a record, the penalty is the same, $1,000 per instance. Penalty amounts may be reduced if there are mitigating factors.

4. Violation related to the requirement to provide a record to an authorized person

The table below sets out the violation related to the requirement to retain records in such a way that they can be provided to FINTRAC within 30 days after their request.

Table 16—Violation related to the requirement to provide a record to an authorized person
Provision of the Act Provision of the PCMLTFR Description Classification of violation
6 70 Failure to retain records in such a way that they can be provided to an authorized person within 30 days after their request Minor
$1-$1,000

4.1 Harm done in the case of a violation related to the requirement to provide a record to an authorized person

The Act and its regulations require records to be kept in a format that can be produced within 30 days when FINTRAC requests to examine it.Footnote 5 Failing to comply with this requirement interferes with

FINTRAC's ability to efficiently and effectively ensure compliance with Parts 1 and 1.1 of the PCMLTFA, in accordance with paragraph 40(e) of the PCMLTFA.

4.2 Penalty determination for a violation related to the requirement to provide a record to an authorized person

As failing to comply with this obligation would impact FINTRAC's ability to verify compliance with regulatory requirements in a timely manner, the penalty is set at $250 per record produced after the prescribed period. This is consistent with the amount corresponding to "Information to ensure compliance and efficiency in use of records is non-compliant" (Level 4), as shown in Table 14. When a record is not produced after an extensive delay beyond the prescribed 30-day period, FINTRAC may consider that there is a violation for failing to keep a prescribed record. Penalty amounts may be reduced if there are mitigating factors.

5. Repeated instances of a given violation

When a particular violation occurs multiple times, FINTRAC will consider its underlying cause, its type and other relevant facts to assess whether the level of harm should be reduced for the subsequent instances of that violation. For example, should repeated instances of a given violation affect only the efficiency of FINTRAC's analysis, it may be appropriate to assess its recurring instances at the base penalty of $250 each (Level 4 harm), regardless of the level of harm of the first occurrence.

Date Modified: