Many people celebrate Dr. Seuss’s birthday by reading aloud. At AUM Law, we’ve been reading FINTRAC’s new Assessment Manual (Manual) and its revised Administrative Monetary Penalties (AMPs) Policy, which were published earlier this month along with several other policy documents. FINTRAC intends these documents to provide more transparency and guidance to firms regarding its approach to compliance, examinations, and enforcement.
The Assessment Manual includes practical information on all aspects of the examination process, including how FINTRAC plans and defines the scope of exams, notifies firms of a planned on-site or desktop exam, conducts the exam itself, and develops and communicates its conclusions. Of particular interest, we noted the following:
- Prepare to be second-guessed on your suspicious transaction report (STR) decisions: STRs are critical to FINTRAC’s financial intelligence function and, therefore, firms can expect FINTRAC staff to review the merits of specific STR filing decisions as well as the effectiveness of a firm’s STR processes as a whole. This means that firms should have adequate documentation for specific decisions (including decisions not to file an STR) and be prepared for FINTRAC staff to show little or no deference to the firm’s judgment. Keep in mind that FINTRAC staff may know more than you do (i.e., that a custodian filed an STR in a situation where your firm didn’t). Find out more about FINTRAC’s STR regime in the article we published in last month’s bulletin.
- FINTRAC probably will second-guess your risk assessments, too: Registrants are required to carry out and document risk assessments of their business-based and relationship-based risks. Expect FINTRAC to verify whether you have adequately assessed the relevant risks, documented your assessment, and implemented controls and a compliance program that are consistent with your risk assessment.
- Clean up ASAP after voluntary self-disclosures: FINTRAC has published a notice that encourages firms to voluntarily report non-compliance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and describes how and what firms should report. The Manual also indicates that as part of an exam, FINTRAC staff will review a firm’s past, voluntary self-disclosures to confirm that the firm has rectified any issues as soon as it is reasonably possible to do so.
- Use public information from credible sources in your compliance program: FINTRAC will review how a firm uses publicly available data to inform its compliance program, including as part of its risk assessment, monitoring and STR processes. Expect FINTRAC to examine whether you have taken reasonable steps when you discover something of interest about a client and inquire about your reasons if you do not act on relevant, publicly available information. According to FINTRAC, publicly available information includes news releases from industry regulators, police and other law enforcement agencies, mainstream media and “other credible sources”. FINTRAC hasn’t defined “other credible sources” and so we will have to wait and see whether this means, for example, that FINTRAC expects firms to use sources such as Facebook or LinkedIn to research their clients. Depending on the types of information that FINTRAC expects firms to collect and retain about their clients, privacy law considerations may arise.
- Your employees and agents should be prepared for pop quizzes: FINTRAC will look for documentation about who receives training, which topics are covered, when and how often training takes place, and how training is delivered. Be prepared for FINTRAC staff to interview employees (including your chief compliance officer) and agents to confirm that they understand the law’s requirements relative to their responsibilities, follow the policies and procedures, and have received adequate training.
FINTRAC Ready to Issue AMPs Again: FINTRAC revised its AMPs Policy to address findings in several cases a few years ago that its penalty decisions did not adequately explain how it calculated the AMPs it had imposed. For three years (running from the date of those cases until the publication of the revised AMPs Policy), FINTRAC did not issue any AMPs. Now that its approach to determining and imposing AMPs has been published, firms can expect FINTRAC to levy penalties when warranted.
Please contact us if you would like to discuss FINTRAC’s new guidance or any other matter relating to your obligations under the PCMLTFA. We can help you review and update your compliance program, advise you on business-based and relationship-based risk assessments, organize and deliver training for your employees and agents, help you prepare for a FINTRAC compliance exam before it is announced, and/or advise you during an exam. We also can assist you in circumstances where a voluntary self-declaration of non-compliance is being contemplated and/or assist you in developing a rectification plan.