In September 2016, the Financial Action Task Force (FATF) published its mutual evaluation report on Canada’s Anti-Money Laundering (AML) and Anti-Terrorist Financing (ATF) framework. The evaluation identified several areas where Canada’s AML and ATF framework could be strengthened and made more effective.
The Panama Papers and the Paradise Papers of 2016 and 2017 respectively, further illustrated how corporate vehicles, including trusts, can be used to conceal the true ownership of assets for the purposes of money laundering, terrorist financing, tax evasion and avoidance.
In response, and as part of its regular five-yearly reviews of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), on February 7, 2018 the Canadian Department of Finance (The Department) released a consultation paper containing proposed amendments and recommendations to Canada’s AML/ATF regime.
What are these proposed changes?
The key provisions of the consultation paper where reporting entities are likely to be most impacted are summarized below.
Closing legislative and regulatory gaps
Beneficial ownership implications: The Department is seeking views from stakeholders on different corporate registry models. Further, the paper is proposing improved corporate transparency through standardized guidance on the beneficial ownership information to be recorded and maintained. This is in view of the fact that financial institutions are unable to do much to verify the accuracy of beneficial ownership information provided by their clients, as very little information is publicly available.
Expanding the scope of the PCMLTFA to high risk areas
The consultation paper proposes to clarify existing reporting requirements or to expand the scope and depth of the PCMLTFA to a number of new types of businesses in Canada. In many cases, the paper expands existing definitions, or introduces new categories and requirements for information gathering.
Proposition to amend the definition of Heads of International Organizations (HIO) and Politically Exposed Persons (PEP) to include international bodies which have considerable political influence in society and in the global economy, and who control significant financial resources. Clarifications to the definitions of certain domestic PEPs (e.g. First Nations Chiefs) are proposed, and that financial institutions determine whether beneficial owners of clients are PEPs to apply the prescribed measures to mitigate the risks associated with PEPs to these beneficial owners.
The consultation paper proposes to introduce standardized client identification and record-keeping requirements at various thresholds to remove today’s unnecessary complexity and barriers to compliance. Additionally, and similar to regulations in the United States and Australia, the consultation paper proposes making it a criminal offence for an entity or individual to structure transactions (i.e. break them down into multiple smaller transactions) to avoid triggering reporting requirements.
A number of new businesses and sectors are being proposed for inclusion under Canada’s AML/ATF regime, bringing the in-scope entities more in line with international AML/ ATF regulations. Notable new sectors include:
- law firms in order to close the most notable loophole in Canada’s current AML/ATF framework
- non-federally regulated mortgage lenders such as mortgage finance companies, REITs, mortgage investment corporations, mutual fund trusts, syndicated mortgages or individuals acting as private lenders
- mortgage insurers and land registries and title insurance
- finance, lending and factoring companies
- company service providers
- designated non-financial businesses and professions (DNFPBs) and other new businesses such as privately owned ATMs and jewelry auction houses.
Strengthening intelligence capacity and enforcement
The consultation paper proposes new measures relevant to Canadian financial institutions including Electronic Funds Transfers (EFTs). In addition to certain regulated entities being required to report client initiated cross-border incoming and outgoing EFTs, those EFTs that pass through a Canadian financial institution (where Canada is not the sending or receiving destination) should also be reported.
The consultation paper is proposing the introduction of Geographic Targeting Orders (GTOs) in respect of certain geographic areas or segments that are seen to be a higher risk for money laundering and terrorist financing. Of note, the US has used GTOs to focus on AML risks in the real estate sector by requiring all title insurance companies to identify and report on the natural persons behind shell companies that make cash-only purchases of high-end real estate in six major markets.
Modernizing the framework and supervision
The consultation paper proposes a number of measures to modernize Canada’s AML/ATF framework, the most relevant for financial institutions including enhancing and strengthening identification methods and Money Service Businesses (MSB). As such, The Department proposes to strengthen current identification processes, explore new ones and leverage new technologies to enhance the effectiveness of customer due diligence. They also propose strengthening the FINTRAC registration process for MSBs including expanding the list of offences that would make an applicant ineligible for registration, to safeguard the integrity of the financial system.
The Department supports continued flexibility and adaptation in an environment of rapid development and proposes principles-based identification requirements over strict rules-based regimes, which could allow reporting entities to take a risk-based approach in respect of new technologies.
What will these changes mean for our business?
Good question. That depends entirely whether you are an established financial institution with existing and tested frameworks in place or, if you are new to this and never had to consider AML/ATF as part of your regulatory controls.
Established financial institutions
Should these changes become regulation, there would be significant impact from a process, system and people perspective. Financial institutions would have to implement new customer information capture processes to abide by the new definitions of beneficial owners and expanded scope of PEPs to be identified. This in turn would require potential changes to system fields and architecture to document and house the information, with associated changes to transaction monitoring and AML specific systems to accommodate the new informational parameters. Finally, from a people perspective, new guidance and training may need to be provided to certain groups of frontline staff to instruct them on how to identify and capture the required information to abide by the rules, implying the need for a communication and roll out strategy across impacted business units.
New businesses not previously covered by AML/ATF regulation
The impact of these changes could be much more significant. Proposed new businesses would have to implement an AML/ATF compliance program that includes:
- appointing an AML/CTF compliance officer
- developing and implementing AML/ATF compliance policies and procedures including enhanced procedures for high risk situations
- conducting a risk assessment of business activities and relationships
- developing and conducting AML/ATF training
- conducting periodic effectiveness reviews of the Compliance Program
The AML/ATF policies and procedures that new businesses will have to implement could include requirements to identify and verify the identity of clients, including PEPs, HIOs and beneficial ownership of corporate clients, conducting risk assessments of client relationships, ongoing monitoring for the timely detection of suspicious activity, transaction reporting to FINTRAC and record keeping. This will require significant investment in people, processes and technology that could pose change management and transformation challenges, especially in larger, more complex organizations.
What should we do next?
In the first instance, you need to understand what is already in place in your organization. If you currently comply with the PCMLTFA, it will be a question of identifying what changes/adaptations will be needed.
- Do you understand the impact on your systems?
- Are your systems capable of handling the changes?
As part of forming your commentary, you should perform an impact assessment across your existing system infrastructure and customer information capture processes, to understand where there are gaps against the proposals in The Department’s paper. Specific areas to assess include the data architecture and source systems supporting AML/ATF processes, particularly those related to PEPs and HIOs, EFTs, including transaction monitoring and filtering, to begin to identify potential data quality, data flow issues and understand any required changes or enhancements to their data architecture and source systems. Associated know your customer (KYC) processes will also need to be reviewed.
Proposed new reporting entities should also assess the impact of implementing an AML/ATF Compliance Program on its people (compliance officers, risk managers, IT systems analysts, operations staff etc.), processes (client onboarding, risk assessment, screening, transaction monitoring), technology (onboarding systems, screening capabilities, data warehouses) as well as data. Feedback on the impact, associated costs and realistic timeframe requirements could be provided to the Department as part of the commentary on the proposed changes.
Upon completion of their impact assessment, all types of institutions will need to be mindful of the potential trade-offs that need to be taken into account when modernizing their frameworks and programs to align with the paper’s recommendations. Exploration of newly available RegTech* solutions for client verification and technology can be used to reduce risk within an AML/ATF program and is a potential avenue for newer organizations who may suddenly be caught within the scope of these recommendations.
If your organization is now part of the expanded scope of the AML/ATF regime, then you have a different set of questions to consider. The most important question being how comfortable are you developing your own AML/ATF plan?