Identity verification methods
Politically exposed persons and heads of international organisations
Suspicious transaction reporting
Record of reasonable measures
Record of credit arrangements
On June 29 2016 the federal government published the final version of the long-awaited regulations (amending regulations) to amend various regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.
The amending regulations came into force on June 30 2016; however, there is a delay of almost one year for the provisions that increase the regulatory burden, which will come into force on June 17 2017. An updated version of the amending regulations with corrected in-force provisions was published in the Canada Gazette on July 13 2016.
A draft version of the regulations was published in July 2015, and the amendments have changed little from the draft.
The methods for verifying identity in a non-face-to-face (NFTF) context have been amended to provide greater flexibility. This is an improvement over the permitted methods before the amendments, although it was hoped that the amendments would go further to allow the use of modern technologies that would make real-time NFTF verifications more practical and cost-effective.
The amendments allow reporting entities to verify identity using the following new NFTF methods:
- Single-source credit file method – refer to information in the person's credit file in Canada, which must have existed for at least three years, and verify that the name, address and date of birth are those of the person. The credit file method is the only single-source NFTF method available.
- Dual process method – do any two of the following:
- refer to information from a reliable source that contains the person's name and address and verify that the name and address are those of the person;
- refer to information from a reliable source that contains the person's name and date of birth and verify that the name and date of birth are those of the person; or
- refer to information that contains the person's name and confirm that the person has a deposit account, credit card account or other loan account with a financial entity, and verify that information.
When using a dual process method, two separate sources must be used; the same source cannot be used for the two sets of information. The guidance provides examples of reliable sources of information that may be used under the dual process method. In the regulatory impact analysis statement that accompanies the amending regulations, the government has indicated that no additional information gathering is expected in order to verify the information and that 'verifying' can simply mean comparing different pieces of identification documents.
The amending regulations provide that an entity that has already ascertained a person's identity in accordance with the regulations is not required to ascertain the person's identity again unless the entity has doubts about the information that was used. This is an improvement from the previous exemption which applied only if the entity recognises the person, as this exemption would not assist in the NFTF context.
The new identity verification methods took effect on June 30 2016; however, reporting entities may continue to use the methods set out in the regulations before the amendment until June 17 2017. From that date, only the new methods will be permitted.
Use of agents
The amendments provide additional flexibility in connection with the use of third parties, including agents, to verify identity on behalf of a reporting entity. In particular, a reporting entity may rely on measures previously taken by an agent in his or her own capacity or on behalf of another entity (in other words, the agent need not have been acting on behalf of the reporting entity at the time when the verification was carried out).
However, the Financial Transactions and Reports Analysis Centre of Canada (FinTRAC) has indicated that if information used to identify an individual has expired, it cannot be relied on, unless the agreement with the agent was entered into before the information expired. It is questionable whether these provisions are workable in practice, because it appears that records will have to be reviewed for each individual client. Further, the guidance does not address what it means for information obtained for NFTF verifications to expire. For example, credit files do not have a natural expiry date.
The definition of 'signature card' has been amended to allow signature cards to be signed electronically using "electronic data". The definition of 'signature' has been amended in a manner that gives reporting entities the flexibility to determine what electronic form(s) of signature they will accept.
Politically exposed persons and heads of international organisations
As expected, the amending regulations include requirements in respect of domestic politically exposed persons (PEPs) and heads of international organisations (HIOs). At present, the requirements apply only in respect of foreign PEPs.
A welcome change from the draft version of these regulations is that the lookback period to determine whether a person is a PEP has been reduced to five years from the previously proposed 20 years. This means that a person is a PEP if he or she holds one of the offices or positions set out in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act or has held such office or position within the previous five years. In addition, the amending regulations increase the time period for determining whether a person is a PEP from the existing 14 days to 30 days following account opening.
An important and potentially challenging change from the existing requirements is that in addition to PEP and HIO determinations, in certain circumstances entities will have to determine whether the client is a person who is "closely associated" with a PEP or a HIO. According to the regulatory impact analysis statement, a 'close associate' is defined as a personal or business relationship; however, no such definition is included in the legislation. At present, it is unclear how reporting entities are expected to make a determination whether a person is a close associate of a PEP; this may be clarified by additional guidance from FinTRAC.
The requirements regarding PEPs and HIOs will come into force on June 17 2017, along with the corresponding amendment to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act from the 2014 budget bill (Bill C-31) in respect of PEPs and HIOs.
Suspicious transaction reporting
A proposed change in the draft version of the amending regulations would have required reporting entities to send reports to FinTRAC within 30 days after the entity detects a fact that "could reasonably be expected to raise reasonable grounds" to suspect that the transaction is related to the commission of a money laundering or terrorist activity financing offence. In the consultation process, concerns were raised that the new proposed wording could lower the reporting threshold and lead to over-reporting. In response, the government has retained original wording of this provision. This is a welcome development as the proposed change may have caused confusion.
Some minor changes to the required contents of the suspicious transaction reporting form have been made and will come into force on June 17 2017.
The amending regulations add a requirement for reporting entities to keep a record of any reasonable measures that they have taken in circumstances where reasonable measures are required to determine certain information and they were unable to determine the information specified. Some examples of when reasonable measures must be taken are to:
- confirm the accuracy of information obtained regarding those that own or control more than 25% of an entity (colloquially referred to as 'beneficial ownership'); and
- identity a person who conducts or attempts to conduct a suspicious transaction.
To address this new requirement, reporting entities will need to document the measures taken to obtain or confirm:
- the information;
- the date on which each measure was taken; and
- the reasons why the measures were unsuccessful.
This new record-keeping requirement will likely require various procedural changes for reporting entities. This change will come into force on June 17 2017.
Financial entities will be required to keep a record for every credit arrangement that includes:
- the client's financial capacity;
- the terms of the credit arrangement; and
- if the client is an individual, the address of the client's business or place of work, in addition to the terms and conditions of the credit arrangement.
This new record-keeping requirement creates a positive obligation for financial entities to collect and keep a record each time they enter into a credit arrangement with a client. At present, such a record is required only if it is created in the normal course of business. This change will come into force on June 17 2017.
Reporting entities are required to implement a compliance programme that must include an assessment and documentation of risks of money laundering and terrorist financing that arise in the course of their activities. The amending regulations add a requirement for reporting entities to take into consideration in their risk assessments new developments and the impact of new technologies on their clients, business relationships, products, delivery channels and geographic location of activities. In addition, financial entities will be required to consider in their risk assessments the risks resulting from their affiliates' activities. These changes will be in force on June 17 2017.
Reporting entities will need to review the Amending Regulations and make changes to their anti-money laundering policies and procedures to address the amendments. The changes to the NFTF methods to verify identity are in effect immediately, although there is a transition period until June 17 2017, during which reporting entities may use previous methods. Reporting entities should therefore develop plans for transitioning to the new methods of identity verification, including possible changes to services obtained from third-party providers. Reporting entities that presently use only face-to-face identification methods may wish to consider whether the new NFTF methods could be useful in their operations.
For further information on this topic please contact Sharissa Ellyn at Norton Rose Fulbright Canada by telephone (+1 416 216 4000) or email ([email protected]). The Norton Rose Fulbright Canada website can be accessed at www.nortonrosefulbright.com/ca/en/.