Recent changes to regulations governing anti-money laundering (AML) requirements are likely to increase the cost and burden of compliance for financial institutions, insurance companies, real estate developers, and many others subject to the AML regime.
The government published amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations in the Canada Gazette earlier this year. The amendments come into force on January 31, 2014, giving those subject to the regulations just a few more months to update their AML processes to be in compliance with these new regulations. The amendments affect “reporting entities” identified in Section 5 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. These include:
- financial institutions;
- life insurance companies, brokers and agents;
- securities dealers;
- money services businesses (including businesses involved in foreign exchange dealing, electronic funds transfer, and issuing and redeeming travellers’ cheques;
- agents of the Crown that sell money orders;
- accountants and accounting firms;
- real estate developers, brokers and sales representatives;
- casinos, and
- dealers in precious metals and stones.
The new regulations have the potential to increase the burden of compliance in several ways.
Ongoing Monitoring of Business Relationship
New sections have been added to the regulations which create a requirement for reporting entities to conduct ongoing monitoring of business relationships and to keep a record of:
- the measures taken to monitor the business relationship, and
- the information obtained through monitoring.
In some cases, the Act prescribes the monitoring measures to be taken and the types of information to be obtained; in others, not.
Section 1(2) of the Act has been amended to introduce a definition of “business relationship.” A “business relationship” is any relationship with a client to conduct financial transactions or to provide services related to those transactions and:
- if the client holds one or more accounts with the reporting entity, all transactions and activities relating to those accounts; or
- if a client does not hold an account, only those transactions or activities in respect of which a reporting entity is required to ascertain the identity of a person or confirm the existence of an entity under the Regulations.
Section 1(2) has also been amended to introduce a definition of “ongoing monitoring.” This means periodic monitoring of an account or transactions based on the level of risk of money laundering or terrorist financing that a reporting entity attributes to that account or transaction. Ongoing monitoring also means periodic monitoring of the business relationship to:
- detect transactions that must be reported to the Financial Transactions Reports Analysis Centre of Canada (FINTRAC);
- keep beneficial ownership information up to date;
- keep a record that sets out the purpose and nature of the business relationship;
- reassess the level of risk associated with the client’s transactions and activities; and
- determine whether transactions and activities are consistent with information obtained about the client, including risk assessment.
The combined effect of the new definitions and regulations above is to expand client identification and monitoring obligations for reporting entities. These changes may be onerous and costly for reporting entities because they may not have been equipped to periodically collect the information now required by the revised regulations.
Keep Up-to-Date Records of the Purpose and Intended Nature of Business Relationship
Section 52.1 has been added to the Regulations. It requires that reporting entities that enter into business relationships keep a record that sets out the purpose and intended nature of the business relationship. The definition of “ongoing monitoring” in Section 1(2), as discussed above, requires that this record be kept up to date, but it is unclear exactly how often this record will have to be updated. Nevertheless, this increases the burden of compliance because reporting entities may not have been updating the purpose and intended nature of the business relationship with their clients regularly.
Beneficial Ownership Rules
The revisions amend the beneficial ownership rules in Section 11.1(1) such that any financial entity, securities dealer, life insurance company, broker or agent, or money services business that is required to ascertain identity under the regulations, must obtain:
- in the case of a corporation, the names of all directors of the corporation and the names and addresses of all persons who own or control, directly or indirectly, 25 per cent or more of the shares of the corporation;
- in the case of a trust, the names and addresses of all trustees and all known beneficiaries and settlors of the trust;
- in the case of an entity other than a corporation or trust, the names and addresses of all persons who own or control, directly or indirectly, 25 per cent or more of the entity; and
- in all cases, information establishing the ownership, control and structure of the entity.
Moreover, the Section 1(2) definition of “ongoing monitoring” now requires reporting entities to keep this beneficial ownership information up to date. Previously, Section11.1(1) only required reporting entities to take “reasonable measures” to obtain beneficial ownership information. The new requirements are absolute and therefore much more onerous.
Risk Assessment and Mitigation
Section 71.1 of the Regulations has been amended to require reporting entities to have written policies and procedures for taking enhanced measures to ascertain the identity of an individual or entity they determine to be at high risk for money laundering or terrorist financing. The policies and procedures must also detail enhanced measures to mitigate risks in such high risk situations, including keeping information up to date and conducting ongoing monitoring of business relationships for detecting transactions that should be reported to FINTRAC. Previously, the regulations only required written policies to contain “reasonable measures” for keeping client information up to date and ongoing monitoring in such situations.
The Act and the regulations under it provide for a variety of penalties for contraventions. The stiffest penalties – up to $2 million and/or five years in jail – are applied to erroneous reporting.
The new regulations create additional requirements for the businesses subject to them, and could affect each business in a differential manner. The federal government is set to publish additional guidance with respect to the implementation of the new regulations later this fall.