Effective February 1, 2014, the general regulations (the “Regulations”) under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada) (the “Act”) were amended to address a number of deficiencies identified by the Financial Action Task Force (“FATF”) in the customer identification and due diligence provisions of the Regulations. The Financial Transactions and Reports Analysis Centre of Canada (“FINTRAC”) published amended guidelines (the “Guidelines”) to clarify the amendments.
Ongoing Monitoring and Record-Keeping of Business Relationship
The amended Regulations require reporting entities (“RE’s”) (including, but not limited to securities dealers, financial institutions, life insurance companies or life insurance brokers or agents or legal counsel or legal firm including, but not limited to money services businesses, Crown agents that sells or redeems money orders, accountants/accounting firms, real estate developers/brokers/sales representatives, casinos, dealers in precious metals/stones and British Columbia notaries) to conduct ongoing monitoring of business relationships with clients, using a risk-based approach, and to keep a record of the monitoring measures taken/information obtained. RE’s are also required to maintain records of the purpose and intended nature of the business relationship.
Business Relationship Definition
A definition for the term “business relationship” is introduced, clarifying when the ongoing monitoring and record-keeping requirements will apply. “Business relationship” is defined as any relationship with a client to conduct financial transactions or provide services related to those transactions, and if the client:
- holds one or more accounts with that RE, all transactions and activities relating to those accounts; or
- does not hold an account, only those transactions and activities in respect of which the RE is required to ascertain the identity of a person or confirm the existence of an entity under the Regulations.
The Guidelines clarify that a business relationship arises for non-account-based business relationships if, within five (5) years, a RE conducts two or more transactions that require it to confirm the existence of an entity and ascertain the identity of an individual client pursuant to the Regulations. RE’s should identify the existence of a business relationship as soon as reasonably practicable after the second transaction, and in any event, within 30 days.
Purpose and Intended Nature of Business Relationship
The Guidelines state that a record of the purpose and intended nature of the business relationship is required to ensure RE’ s understand clients’ activities as time passes and are able to anticipate clients’ transactions and activities. The Guidelines also provide that, for existing clients, certain information already held may be used to fulfill the record-keeping requirement, but for new accounts opened, records establishing the purpose and intended nature of the business relationship must be obtained. The Guidelines provide some examples of the purpose and intended nature of business relationships.
Ongoing Monitoring Definition
A definition for “ongoing monitoring” is also introduced and is defined as monitoring on a periodic basis, based on the level of risk of money laundering or terrorist financing attributed to accounts and transactions, for the purpose of:
- detecting transactions required to be reported to FINTRAC;
- keeping client identification information, beneficial ownership information, and a record setting out the purpose and nature of the business relationship up to date;
- reassessing the level of risk associated with the client’s transactions/activities; and
- determining whether transactions and activities are consistent with information obtained about the client (including its risk assessment).
The Guidelines clarify that the frequency of monitoring must be based on the RE’s risk assessment and that monitoring for each purpose listed above need not follow the same timeframe, as long as high-risk clients are monitored more frequently/with more scrutiny, than low-risk clients. The Guidelines state that an individual written assessment is not required for each client, as long as clients are placed in the correct risk category according to the RE’s policies and procedures and risk assessment.
Notably, the ongoing monitoring requirement does not apply to a group plan account held within a dividend or a distribution reinvestment plan if the sponsor of the plan is an entity that trades shares or units on a Canadian stock exchange and operates in a member country of the FATF.
Beneficial Ownership Rules
The beneficial ownership rules under the Regulations have been amended such that any security dealers, financial entities, life insurance company, life insurance broker or agent, legal counsel or legal firms and money services businesses that must confirm client existence under the Regulations will be required to obtain information regarding the identity of those who control the entity, as follows:
- for corporations – the names of all directors and the names and addresses of all persons who directly or indirectly, own or control 25% or more of the shares;
- for trusts – the names and addresses of all trustees and known beneficiaries and settlors;
- for all other entities – the names and addresses of all persons who, directly or indirectly, own or control 25% or more of the entity;
- information establishing ownership, control and structure of the entity.
RE’s are required to take “reasonable measures” to confirm the accuracy of such information. The Guidelines provide that reasonable measures include asking the client to provide documentation. RE’s must maintain records confirming the beneficial information obtained and the measures taken to confirm its accuracy.
High-Risk Customer Due Diligence
RE’s are now mandated to have policies and procedures in place with enhanced measures to ascertain the identity and confirm the existence of a client based upon their risk assessment, and where the risk is considered high, the policies and procedures must set out enhanced measures to mitigate the risk.
The Guidelines clarify that the risk-based process includes: (i) a risk assessment; (ii) risk mitigation of identified risks; (iii) keeping client identification, beneficial ownership and business relationship information updated; and (iv) ongoing monitoring of business relationships. In other words, where a client or activity is found to be high-risk, a RE must develop written risk mitigation strategies within its policies and procedures and apply them to high-risk situations. The Guidelines provide a list of mitigation measures that may be implemented in the RE’s policies and procedures.
The costs and resources required to comply with the amended Regulations may be of concern for some businesses. The amended Regulations require RE’s to implement updated risk-based documentation, procedures, policies and training to be compliant with the new monitoring and record-keeping requirements. Non-compliance may lead to administrative fines, or criminal charges resulting in imprisonment and/or hefty fines.
On March 28, 2014, Bill C-31, the Economic Action Plan 2014 Act, was introduced with further proposed amendments to the Act. Bill C-31 is only in its first reading stage but stay tuned for further updates.