Consultation Paper on proposed amendments to the customer due diligence requirements of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations
On November 7, 2011 the Government of Canada published a consultation paper on proposed changes to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (the Regulations) to "strengthen the identification and customer due diligence (CDD) provisions of the Regulations."
The consultation paper can be found at http://www.fin.gc.ca/activty/consult/pcmltfrai-rrpcfatvic-eng.asp.
Comments can be e-mailed to firstname.lastname@example.org or mailed to:
Director, Financial Sector Division
Department of Finance
140 O'Connor Street
Ottawa, Ontario K1A 0G5
Comments are due by December 16, 2011.
While the consultation paper discusses a need to enable those subject to the Regulations (called "reporting entities" throughout the paper) to better identify clients and understand their business, it appears clear to us that the proposals are mostly in response to Canada's failing grade (Non-Compliant) on the requirements of Financial Action Task Force (FATF) Recommendation 5, handed out in the FATF Mutual Evaluation in 2008.
The mutual evaluation did not consider the significant changes in the requirements that came into effect in June, 2008; however, the consultation paper states that the FATF does not consider those changes sufficient to raise the rating to Largely Compliant or Compliant.
In our view, the proposed changes will not make a substantial difference to securities dealers because existing requirements in securities regulations at both the Provincial and SRO level already place higher requirements on dealers than the regulatory regimes in other sectors of the industry. In addition, some of the proposed changes simply involve the extension to other reporting entities of requirements already placed on deposit-taking institutions and securities dealers.
Our only significant disagreement is with proposal 3.5 (see below), which we believe could have the opposite effect from that intended by the proposal.
In addition, the proposals continue the Government's practice of simply piling new requirements on top of old ones, without any attempt to rationalize the existing rules in light of experience.
In our opinion, many of the requirements on financial institutions, particularly in dealing with foreign financial institutions located in countries with strong anti-money laundering regimes, place Canadian financial institutions at an unnecessary competitive disadvantage, draw time and attention away from higher risk areas of their business and bring the whole regime into disrepute.
The Government could increase the efficacy of the regime much more quickly and sensibly by opening a general consultation, soliciting suggestions at how to improve the regulations and giving due consideration to what, if anything, is actually being achieved or is even achievable by the current requirements.
THE SPECIFIC PROPOSALS
Proposal 1.1 - Business Relationships
The proposal calls for the addition to the regulations of the concept of "business relationships." A "business relationship" is established whenever a reporting entity conducts any activity with a customer that it must, under the current regulations, keep a record of. For dealers that includes account opening and conducting transactions other than the few types exempt under section 62. Once a business relationship has been established, the financial institution will have to meet its obligations under the regulations with respect to all its business with the customer, whether or not specific transactions or activities are explicitly covered by the Regulations. These obligations include
- Ongoing monitoring of business relationships
- Application of enhanced customer due diligence to high risk business relationships
- Recording the purpose and intended nature of a business relationship
The reasoning given is that the proposed amendments will "allow reporting entities to consider the entirety of their relationships with customers when assessing the risk level of a customer, product or activity, and will assist in creating more holistic risk assessments."
We are somewhat at a loss as to what all this achieves, unless it is primarily directed at non-financial reporting entities. It appears to us to be implied that once a dealer or other financial institution opens an account and begins conducting transactions for a customer, it must take into account everything it does with the customer when it assesses customer risk and monitors for suspicious transactions. Certainly every dealer AML system we have ever reviewed looks at the totality of its dealings with a customer in assessing risk and looking for suspicious transactions.
Securities dealers are already required under section 23(1)(a.1) of the Regulations to record the intended use of an account. It is unclear to us what additional information the "purpose and intended nature of a business relationship" is likely to provide that will prove of much use in meeting the objectives of the Regulations.
On the other hand, since it is likely that financial institutions are in the main already doing what the proposed change requires, we don't see it as adding anything much to the regulatory burden, at least for securities dealers.
Proposal 2: Expand the range of activities requiring customer due diligence
Proposal 2.1 would require reporting entities to conduct customer due diligence measures - identification and identity verification - whenever a customer conducts a suspicious transaction, even when the transaction is exempt under section 62 of the Regulations or the customer is one of those exempt from customer due diligence requirements.
Proposal 2.2 would require reporting entities to conduct customer due diligence measures regarding anyone who attempts a suspicious transaction.
We find these proposals unexceptionable, and they are presented in the consultation paper as clarifications. We doubt that any financial institution that takes its AML/CFT responsibilities seriously would act on the basis that it could or should ignore suspicious transactions that happen to be exempt under section 62 (if indeed there are such suspicious transactions) or done by customers that are exempt from CDD requirements. Similarly, our experience is that most financial institutions try to go as far as they can in the CDD process if a prospective customer attempts a suspicious transaction. Nonetheless, we are all for clarity.
Proposal 3.1 - Beneficial ownership information
Proposal 3.1 would make the obtaining of beneficial ownership information about corporations and entities mandatory. Currently, a reporting entity has to try to get the information and if it fails, record the reason for the failure.
The proposal would also require a reporting entity to "take reasonable steps to ascertain (i.e. verify) the beneficial ownership information."
The proposal is unclear as to what would constitute reasonable steps, but notes that it is intended to provide some flexibility where a reporting entity is unable to ascertain the beneficial ownership information with certainty. The proposed rule changes would require the reporting entity to maintain records of the steps taken and whether or not it was able to verify the information.
The proposed changes would also extend the beneficial ownership requirements to include the identifiable beneficiaries, settlors and trustees of trusts. The consultation paper does not say whether there will be a threshold for trust beneficiaries and settlors. We presume that it be 25%, the same as for beneficial ownership of other entities. We also presume that the requirements will cover all trustees, as there is no trusteeship threshold.
These additional requirements will be new to some reporting entities, but not to IIROC Dealer Members, who are already required to verify information on beneficial owners and obtain information on the known beneficiaries and settlors of trusts. The proposed requirement to obtain information about trustees of trusts is new, but is already widely practiced because the identity of a trustee often has to be verified because of his or her authority over the trust's account.
The main if subtle difference between the proposed new rule and the IIROC rules is that at the moment IIROC dealers are permitted to take at face value (absent something suspicious) the entity's word as to who owns how much; the dealer has in essence to verify that those named are real persons. The proposed new rule would require verification of the fact and extent of their ownership interest.
Our main suggestion is that if the Government really wants to go down this road, it should consider doing something to assist reporting entities, starting with a requirement for Federally incorporated companies to include beneficial ownership information in their filings and have the information available through the Government's on-line corporate search facility. Next, the Government could use its influence to get the Provinces to do the same.
Proposals 3.2 and 3.3 - Ongoing monitoring
Proposal 3.2 would require reporting entities to monitor all clients and activities to which the Regulations apply, not just high risk ones. The consultation paper notes that this is already a requirement for correspondent banking and dealings of politically exposed foreign persons at financial institutions and securities dealers.
Proposal 3.3 would require ongoing monitoring of business relationships.
Once again we see these proposed changes as having little practical effect for financial institutions and dealers. Section 7 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the Act), requires reporting of every suspicious transaction "that occurs or that is attempted in the course of their activities." While section 71.1(b) of the Regulations currently requires ongoing monitoring of high risk clients, the reporting obligation under section 7 of the Act is not limited to transactions by high risk customers, therefore the obligation to monitor all customer transactions is implied in the Act.
Securities dealers that have retail advisory accounts already have monitoring requirements under securities regulations anyway; monitoring for suspicious transactions is already done in that context.
As for the monitoring of "business relationships," IIROC dealers already have a requirement in section 1300.1(a) to "remain informed of the essential facts relative to every customer." This would seem to us to encompass whatever has to be done to meet the proposed requirement.
Proposal 3.4 - Purpose and intended nature of a business relationship
Proposal 3.4 would require all reporting entities to record the nature and purpose of a business relationship with a customer.
As noted previously, for dealers and financial institutions we don't see that this adds much if anything to the current requirement to record the intended use of an account.
Proposal 3.5 - Enhanced due diligence
Proposal 3.5 has three parts:
- Extend the enhanced due diligence requirement currently in section 71.1 of the Regulations to those customers, activities or business relationships found through ongoing monitoring to have high AML/CFT risk
- Make the enhanced CDD measures mandatory, rather than requiring the reporting entity to take "reasonable measures"
- Amend the requirements to make it clear that enhanced CDD measures must go beyond those taken for lower risk customers, activities or business relationships and must be commensurate with the risk identified and the activities and business practices of the reporting sector
The first is, in our experience, already required and already in place in the financial sector. Section 9.6 (2) of the Act, which establishes the risk assessment requirement, refers to reporting entities assessing risk "in the course of their activities," not just when they open accounts. We would be surprised to find a financial institution that did not reclassify a customer or activity as high risk if experience found it to be high risk.
The second proposal seems to us to be problematic. We wonder in what sense enhanced due diligence for high risk customers, activities and business activities is not already mandatory. The current requirements set a standard: the measures taken must be reasonable. Does the proposal mean that reasonable measures are no longer enough? If so, what is the standard the enhanced measures have to meet? There is nothing specific in the proposal.
The third part of the proposal is, in our opinion, the most objectionable. First of all, it would discourage a reporting entity from implementing the highest possible customer due diligence policies and procedures for all clients, because if it doesn't leave something extra to do for high risk clients it will be off-side of the proposed requirement. Does the Government really want to encourage reporting entities to establish a lower bar for the general run of clients just so they have room to raise it for high risk clients?
Second, among the proposed mandatory enhanced due diligence requirements is "enhanced measures to ascertain the identity of any person or confirm the existing of any corporation or entity."
The requirements for verifying the identity of individuals and corporations are already strict and go well beyond those in place in other countries. Yet somehow, a reporting entity that has taken measures in full compliance with the requirements is supposed to go further for high risk clients! Just what can the entity do? Require that the customer show, in person, two pieces of government-issued identification instead of just one? Pay for a certified copy of corporate records already reviewed on-line in a government-operated system?
In our view, most of these provisions add little or nothing to what financial institutions already do. In that sense they are harmless.
However, Proposal 3.5 appears to us to be poorly thought out. It risks having the opposite effect from that intended by forcing some reporting entities to lower their normal CDD standards. It takes the only standard - reasonableness - out of the requirement for enhanced CDD and fails to replace it with other, more specific standards. It requires either non-existent or useless extras to be added to CDD requirements that in many cases already go beyond international norms and what is reasonable.
This is hardly progress.
If these issues are of concern to you, Sutton Boyce Regulatory Consulting can help you draft a comment letter.