Consultation Paper: Strengthening Canada's Anti-Money Laundering and Anti-Terrorist Financing Regime
In December, 2011 the Government of Canada published a consultation paper on "proposals to strengthen Canada's anti-money laundering (AML) and anti-terrorist financing (ATF) legislative framework. "
The consultation paper can be found at http://www.fin.gc.ca/activty/consult/pcmltfa-lrpcfat-eng.asp
Comments can be e-mailed to firstname.lastname@example.org or mailed to:
Director, Financial Sector Division
Department of Finance
20th Floor, East Tower
140 O'Connor Street
Ottawa, Ontario K1A 0G5
Comments are due by March 1, 2012. Comment letters should state whether or not you want your comment letter posted to the Department of Finance website and, if you consent, whether to include with the posting your name and the name of the organization you represent. Posting will make the letter accessible to others, including a Parliamentary Committee that will be conducting a review of the AML/ATF legislation early this year.
There are seven (7) sets of proposals. We will not comment on Chapter 4, which deals with information sharing between FINTRAC and other agencies or on Chapter 7, which contains technical amendments.
Chapter 1: Proposals related to Customer Due Diligence
Proposal 1.1 - New record keeping requirements for financial entities and casinos
Proposal 1.1 would require that financial entities (generally deposit-taking institutions) and casinos keep records of the identity of the three authorized signers of a business account and of the means used to verify their identity.
This is a simple record keeping requirement. Financial entities and casinos already have to do the identification and verification. We are somewhat surprised that this was missed in the first place.
Proposal 1.2 - Introduced business
The Federal Government proposes to review the current exemptions for introduced (or referred) business. The two current exemptions noted are:
· those for insurance companies in section 56(2) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTF Regulations) if there are reasonable grounds to believe that the client's identity has already been verified by another life insurance company or broker as part of the same transaction or a series of transactions including the original transaction
· the exemption in section 62(1)(b) for the opening of an account to sell mutual funds if there are reasonable grounds to believe that the client's identity has already been verified by a securities dealer in respect of the sale (presumably meaning the initial sale by the dealer to the client) of the mutual funds or a transactions that is part of a series of transactions including the original sale.
The proposals do not cover what the securities industry calls introducing/carrying relationships, in which the carrying broker is exempt from the PCMLTF Regulations for carried business under section 62(2)(o) of the PCMLTF Regulations. The consultation paper also explicitly excludes the use of an agent to verify a client's identity as being covered by the proposals.
The concerns expressed are:
· that there may be a loss of records if the introducing arrangement between the parties is terminated
· that there may be lack of clarity as to who is responsible for customer due diligence information.
However, the proposal also seeks comments on:
· whether there are other introducing or referral relationships that could be covered by similar exemptions
· whether there are industry practices in place that mitigate the risks raised in the consultation paper
· the feasibility of a reporting entity requesting documentation about the verification information used by the introducing entity, either when the introduction arrangement is made or later if the arrangement between the two entities is terminated.
There are no concrete proposals, this is simply an effort to canvass the affected industries on the issues.
We suggest that industry members give thought to the types of arrangements that could be included for exemption and particularly to the practices already in place that could alleviate the Department of Finance's worries about loss of records. For example, securities regulators and SROs generally ensure for their own purposes that full business records are maintained and secure whenever a dealer goes out of business.
It is somewhat refreshing to see the Department of Finance starting a consultation with general questions rather than concrete proposals that, however ill-considered, often get cast in stone once published. We encourage those with an interest in the topic to respond with their ideas.
Proposal 1.3 - Non-face-to-face verification of identity
The consultation paper notes the difficulties in this area in the face of the rapid expansion of on-line financial services. It notes previous decisions to accommodate non-face-to-face verification, stating:
It is recognized that a bank statement provided electronically by a financial entity (e.g., downloaded by a client from their online banking account), which includes the individual's name and supporting deposit account information, may be used to confirm that an individual has a deposit account under the non-face-to-face identification requirements. This could then facilitate the ability for an individual to confirm through an electronic medium that they have a deposit account, which is one of the methods that can be used to ascertain identify in non-face-to-face situations.
Frankly, we had missed the recognition of this method, nor can we find any reference to it on FINTRAC's web site. We wonder how it might work, since by definition the would-be client is not in the presence of a representative of the reporting entity when he or she downloads the statement and it would take very little technical sophistication to doctor or mock-up such a statement, at least to the limited extent needed to get past many financial institution personnel.
The proposal seeks comments on the security features included in electronically provided bank statements that would assist in determining the authenticity of such a statement. This makes us even more confused, since it is hardly like anyone in charge of the current AML/AFT regime to allow something without first assuring themselves of its reasonable effectiveness.
The proposal calls for a review of the current regime in this area, giving consideration to the following:
· Whether the use of a telecommunications directory as a reliable independent data source for client identity verification is appropriate.
At present, this type of verification is available only to credit card companies under Parts B and C of Schedule 7 of the PCMLTF Regulations. We have always thought that its inclusion was simply a demonstration of the lobbying power of the credit card industry; if such a source was really reliable it would surely have been available to other reporting entities
· Explanations of why credit card companies are unable to use the other verification methods available under Part B of Schedule 7
· Explanations why financial institutions have not established a process to confirm directly to another financial intermediary that a client maintains a deposit account, subject to client consent
· Information on other types of third party sources used by credit card companies to assess account applications and whether they could be considered as an alternative to the telecommunications directory method.
The 2008 revisions to the non-face-to-face identity verification requirements in the PCMLTF Regulations have been a costly for the financial services industry. Why credit card companies got off somewhat lighter is an interesting question, but is hardly relevant at this point.
What is relevant is why:
· the consultation paper seems to be focused on the clearly inappropriate method available to credit card companies and no one else
· whether the requirement for two methods of identity verification in non-face-to-face situations is really necessary, including whether some of the currently available non-face-to-face methods should be considered sufficient in and of themselves
· whether there aren't other alternatives that have not been considered. For example, many countries allow financial institutions to accept utility bills as one method of identity verification in two-method regimes. We have never been particularly supportive of the method, but if it works elsewhere why not here?
The most relevant question for those not in the credit card business is why financial entities (in particular banks) have not developed methods through which other reporting entities could securely verify that a prospective client has a deposit account at the institution in his/her name. Obviously there would be a cost to financial entities; equally obvious to us is that other reporting entities would be delighted to pay a reasonable fee to obtain such a service. And even more obvious is that banks get something of an advantage for their affiliates in other sectors of the industry by:
· their ability, if they so desire, to restrict the provision of such verification only to their affiliates, and we know dealers who say the banks just won't respond to their verification enquiries
· the ability of the affiliates to use the verification by their bank affiliates as a method of identity verification under section 64(1)(b) of the PCMLTF Regulations, even if the bank affiliate is outside Canada.
It might be that some comments on these topics, even if they fall outside the specific questions raised in the consultation paper, would be worthwhile.
Proposal 1.4 - Record of signing authority
The consultation paper seeks comments on whether the current requirement for reporting entities to maintain signature cards (or signatures on account applications) is necessary. It says that the Government is interested in the balance between the paper chase this kind of requirement causes and the usefulness of the signatures to law enforcement.
The paper asks for comments on
· what kind of technological information reporting entities would propose to maintain if a handwritten signature was replaced with an electronic alternative; and
· the ability of a reporting entity to provide another reporting entity, with client consent, a copy of a client's signature card.
We note that section 1 of the PCMLTF Regulations says "signature includes an electronic signature." That formulation doesn't really specify a copy of a handwritten signature. We had always thought that a secure electronic signature was equally acceptable, although less commonly used.
In context of the discussion in the paper, we don't really understand why technological information is proposed as an alternative to a handwritten signature. Reporting entities already have to gather prescribed information about customers and verify their identities. There are also extensive requirements in Provincial electronic commerce legislation about replacing paper documents with electronic ones.
The provision of a copy of a signature card by one reporting entity to another strikes us as one of those things likely to be more affected by the reluctance of the providing institutions than by what the rules allow. We have already noted above the difficulty securities dealers can encounter in getting account confirmations from deposit-taking entities.
While any relief from an unnecessary paper chase is welcome, we think that changes in this requirement will be of limited application. Deposit-taking entities generally need a signature card as a comparison basis for cheques and securities regulators give dealers limited room to manoeuvre in getting signatures on account applications and required consents and acknowledgements of receipt. We are sure the possibility of a change to the requirement will be welcomed by on-line providers, but think that there are many more fruitful avenues for reducing unnecessary paperwork.
Proposal 1.5 - Politically Exposed Foreign Persons
The Government is consider adding close associates of those already defined as 'politically exposed foreign persons' to the current definition.
This is another example of the Government wanting to expand a requirement that is realy in need of contraction. Canada is one of the few countries in the world that takes the view that "once a PEFP, always a PEFP." Many others have limitations such that a PEFP stops being one after being out of office for 10 years. The current rule also includes family members, who also continue being PEFPs throughout their lifetimes, even if the original PEFP is long out of office or deceased. The proposal as worded would also make close associates and their family members lifetime PEFPs, no matter whether their close association began long after the PEFP to whom they are associated left office.
We also wonder what definition of close associate would be useful is preventing what the proposal is supposed to help catch - laundering of the proceeds of corruption. Will it include the PEFP's best friend in University? And how will such "close associates" be identified if they don't declare themselves as such?
The PEFP definition is already too broad. All that the consultation paper deems worthy of discussion is broadening it even further. In our opinion, this will only lead to more paperwork while reducing the efficacy of the rules by diverting attention from the identification of real risks to the paperwork necessary to prevent remote ones.
Proposal 1.6 - Extension of PEFP requirements to life insurance companies, brokers and agents
The consultation paper proposes extending the PEFP requirements to customers of life insurance companies, brokers or agents that open investment or loan accounts.
We agree. AML requirements should be based on businesses and products; they should not discriminate amongst different kinds of entities that offer them.
This requirement will make for a stronger regime. However, the concrete rules will have to be careful about what types of products are covered. There are insurance products that are not particularly useful for money laundering.
Proposal 1.7 - Assessment of current clients to determine PEFP status
The Government is giving consideration to amending paragraph 54.2(b) (regarding financial entities) and subsection 57.1(2) (regarding securities dealers) to clearly provide that those entities are required to assess whether all existing account-holders are PEFPs, where such a determination has not already been made.
This would replace the requirement introduced in 2008, which permitted financial entities and securities dealers to use a risk basis for deciding whether to check existing clients for PEFP status.
We don't see the need for this and the consultation paper presents no reasoning behind it. The Government introduced a limited risk basis for certain provisions in 2008; now it is already backing off from what little it did allow to be done (or we should say not don)e on a risk basis.
Most large financial entities and dealers already do regular scrubs of their complete client lists for PEFPs. The proposed requirement would therefore have more of an affect on smaller dealers and institutions that put their existing clients through external PEFP checks based on risk. There is no presentation of information on why the change is necessary. What cases have there been of undetected PEFPs having prior accounts through which they have managed to launder money?
Where is the information needed to balance cost and benefit?
Proposal 1.8 - Exemption for listed companies
The consultation paper includes a proposal to remove the $75 million asset test on the exemption in paragraph 62(2)(m) of the PCMLTF Regulations for corporations whose shares are traded on a Canadian or foreign stock exchange designated by the Minister of Finance under subsection 262(1) of the Income Tax Act.
The securities industry has been advocating this for a long time. The asset test was borrowed from IDA/IIROC capital rules and was never appropriate to the PCMLTF Regulations.
The Regulation should also be amended to recognize that there are other entities such as trusts (REITs, income trusts, etc.) that are listed on stock exchanges that should enjoy the same exemption.
Proposal 1.9 - Verification of Identity of a Corporation
The consultation paper notes a possible amendment to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTF Act) to specify that any document that is used as proof of the existence of a corporation must be no more than one year old.
As far as we have heard, FINTRAC and all the regulators that review AML/ATC compliance procedures at reporting entities already apply the proposed standard.
No change to the current interpretation of the existing rule, so no big practice implications that we can see, but it's always good to have standards made explicit.
Proposal 1.10 - Clarification of meaning of "third party"
The explanation in consultation paper for a clarification of third party requirements is:
The existing legislative requirement for third party determination is often misunderstood by reporting entities because of conflicting understandings of the term "third party." For the purposes of the [PCMLTF Regulations], it is intended that third parties are those who provide instructions, whereas many reporting entities have interpreted third parties as being those who carry out those instructions.
The actual proposal is to replace "third party" with "instructing party," i.e. the guy calling the shots in a transactions.
We are amazed! We thought the meaning and purpose of the third party rules were clear. If any reporting entity has so little understanding of money laundering that they can't figure out the obvious purpose of the current third party provisions, can any change to the wording make a difference?
Chapter 2: Proposals designed to close gaps in the current regime
We will comment only on Proposals 2.6 and 2.9. The rest are summarized at the end of this section for those with special interests.
Proposal 2.6 - LCTRs when cash is received by an intermediary
The Government is considering requiring reporting entities to record and report large cash transactions even where the cash is received on behalf of the reporting entity by an agent or affiliated entity.
The proposal itself seems reasonable. There should be no loopholes in the regime so that transactions that end up with the same result have different reporting requirements based on irrelevant technicalities.
The actual amendment will have to be carefully crafted to avoid duplicate reporting where an agent or affiliated entity has its own reporting requirements. For example, in the securities industry both introducing and carrying brokers have large cash transaction reporting obligations. No rule change should require both to report the same large cash transaction.
Proposal 2.9 - Clarify the 24 hour rule
The consultation paper suggests amending the description of a single cash transaction to make it more clear that it includes all transactions conducted on behalf of the same person or entity within a 24 hour period that add up to $10,000 or more, regardless of the amount of any single transaction.
Sorry, isn't that what section 3(1) of the PCMLTF Regulations already says? The consultation paper claims that there are deficiencies in the current regulation without spelling them out.
We are constantly amazed at how a regulation that appears clear as crystal seems to be difficult for some to understand.
The rest of Chapter 2
Proposal 2.1 -Require reporting of all international electronic funds transfers (eliminating the current $10,000 threshold)
Proposal 2.2 -Consider whether to extend customer due diligence requirements to the sale of prepaid access cards, such as gift cards and "open loop" prepaid cards that allow withdrawal of funds from ATMs. This does not include credit or debit products.
Proposal 2.3 -Consider whether to extend cross-border currency reporting requirements to prepaid access cards
Proposal 2.4 -Extend client identification and record keeping requirements on life insurance brokers and agents to cover the sale of investment and loan products; eliminate the threshold and income tax purposes exemptions applicable to the sale of annuities and life insurance policies
Proposal 2.5 -Limit the exemptions for large cash transaction reporting by life insurance companies, agents and brokers
Proposal 2.7 -Exclude from reporting requirements for dealers in precious metal any activities related to the sale or purchase of metals and stones used in the manufacturing process.
Proposal 2.8 -Exclude from reporting requirements for accountants any activities related to trustee in bankruptcy services
Chapter 3 - Improving Compliance, Monitoring and Enforcement
Proposal 3.1 - Simplify Money Services Business registration and renewal requirements
This proposal calls for:
· a review to ensure that the information to be filed with FINTRAC by money services businesses(MSBs) is limited to information that supports the goals of the AML/AFT regime
· amendments to the registration regulations to specify the timing of registration renewal by MSBs
Amazing! (or should we use the buzzword du jour: Awesome) Giving consideration to information requirements that relate to the job at hand! We wonder why the Canadian Securities Administrators have never undertaken such an exercise. We can hardly disagree with either part of the proposal.
We recently had a securities dealer client ask about its obligations with regard to certain foreign exchange transactions. It apparently had a legal opinion that it was not required to register as a money services business, despite the lack of any exemptions we could find for other reporting entities that also carry out foreign exchange transactions. Nor has FINTRAC yet responded (several weeks later) to a question about the application of money services business regulations to foreign exchange dealings by other kinds of entities.
There are significant differences between the requirements on financial entities and securities dealers and those on money services businesses, predicated no doubt on the differences between the businesses and the nature of their customer relations. However, those in the business of foreign exchange dealing are defined to be money services businesses. Since the Government seems to be in a mood to clarify, it should clarify what obligations are placed on other reporting entities that happen to do foreign exchange business as well. Otherwise, such entities risk either failing to comply or devoting excessive time and trouble to compliance with non-applicable regulations.
Proposal 3.3 - Non-compliance with reporting obligations
The Government is considering giving FINTRAC the authority to require a reporting entity to file a report it has failed to file, on top of levying an administrative penalty.
This seems fair enough, presuming that the reporting entity has the same opportunity to fight the FINTRAC-ordered reporting as it does to fight the administrative penalty because it disagrees with FINTRAC that a transaction is reportable or suspicious.
As long as the two parts to a FINTRAC order (administrative penalty and required filing) go hand in hand in terms of process, we see nothing objectionable. While FINTRAC knows about the missing report, it will probably be good practice for the offending entity to do a filing.
It often surprises financial institutions that regulators can't just enter what they want into their own automated filing systems; for example, CSA and IIROC staff can't enter information into NRD; only firms can. However, it's actually a good internal control for the system and gives firms some control over what exactly goes into databases about them and their personnel.
Proposal 3.4 - Documentation of reasonable measures
The proposal is that reporting entities be required to document the "reasonable measures" they are required to take in matters such as third party determination at the time of a large cash transaction, account opening, ongoing monitoring of high risk financial transactions, and identification of an individual for an suspicious transaction report.
It is unclear to us whether the proposed documentation requirement would be met by the development of policies and procedures reasonably designed to achieve the goal, or refers to records FINTRAC would expect to see of what was done in each individual situation. While there is much overlap between the two, documentation of measures taken situation-by-situation can become unnecessarily burdensome, particularly where the measures yield no results or are incorporated a broader, perhaps technological, compliance system.
It is critical that the Government be clear about what it is proposing in order for the comments to be relevant.
In the case in point, there is a big difference between having a compliance review process that includes heightened supervision of high risk clients or transactions, and documenting the specific supervisory checks of every high risk client account transaction every day.
Proposal 3.6 - Change the process for amending reporting forms
The proposal would give the Minister of Finance the authority to change a reporting form without going through a revision to the PCMLTF Act or Regulations.
Should have been this was from the start. Legislators do legislation; bureaucrats do forms.
Proposal 3.7 - Authority of Canada Border Services Agency officers
The proposal would give Canada Border Services Agency officers the authority to question passengers crossing the border about their compliance with cross-border currency reporting requirements - i.e. whether they are carrying over $10,000 in currency or monetary instruments.
Don't give the employee of the month a nice week-end in the Bahamas by asking him or her to deliver an envelope to the Nassau branch without ensuring you have done the right reporting and told them what's in the envelope.
Chapter 5: Countermeasures
The proposals in Chapter 5 stem from amendments to the PCMLTF Act passed as part of the 2010 budget. Those changes authorize the Minister of Finance to:
· Issue directives requiring that reporting entities take special countermeasures regarding customers in specific countries or specific entitie, when the Minister has concluded that the country or entity has insufficient AML/AFT controls in place;
· Recommend that the Governor in Council issue regulations limiting or prohibiting transactions originating from a specific jurisdiction or entity
One appendix to the consultation paper lists the possible countermeasures and another proposes a definition of "foreign entity."
The list of possible countermeasures is too long to rehearse here. It can be summarized as "Do more of what you already have to do, or with a lower threshold, or do it again." The definition of a foreign entity is unexceptionable.
The proposal is particularly good in that it doesn't seek to add requirements to those already in place. For example, any transactions with a foreign entity that are not covered by the current PCMLTF Act and Regulations could not be covered as a result of a directive from the Minister.
We have two comments:
1. Do-overs, if any, should be limited
One of the provisions could require that a reporting entity undertake customer due diligence measures it has already completed before doing another transaction for a customer covered by a Ministerial directive. We suggest that doing the same thing again is unhelpful and unduly burdensome if a reporting entity did a good job in the first place and the latest customer due diligence is of fairly recent vintage.
CDD measures, particularly regarding foreign customers, can be slow and expensive. In many cases a reporting entity may have identified a foreign country or entity as high risk and may already have conducted heightened due diligence before beginning to deal with the entity or a customer from the country. If so, a directive would not accomplish anything at that reporting entity. Telling it to do its customer due diligence all over again would just waste its time and money.
2. Now that the Minister has the ability to designate high risk countries, where is the relief on transactions with entities from lower risk countries, and in particular financial institutions in those countries?
The securities industry has long complained about the difficulties the current CDD rules cause in opening accounts for financial institutions in other countries. The only exemption available for most such institutions is the listed company exemption (soon, thank you, to be without the $75 million asset test).
The problem in the securities industry - and it is a problem we always thought the Federal Government should be acutely aware of - is that the securities industry does not deal in fungible assets. One dollar is like another, one mining stock is not like another. Canada is dependent on foreign investment, yet the PCMLTF Regulations clog the pathways through which that investment reaches our shores.
One argument the Ministry of Finance has made is that the Government can't go "good country, bad country" in determining what rules should apply in dealings with financial institutions from other countries, particularly when the same Government goes on trade missions to countries whose AML/ATF regimes cannot bear very close scrutiny.
Well, now the Minister can designate bad countries, so isn't it also time for some relief regarding CDD requirements for financial institutions in countries that have good AML/AFT regimes. Shouldn't a Canadian broker be able to open an account for, say, Fidelity Investments in Boston, without having to get someone to look at the passports of three Fidelity traders? Shouldn't verifying Fidelity's SEC/FINRA registration be enough?
There are dealers that don't comply with the current requirements in dealing with foreign financial institutions in countries with sound regulatory regimes. Others comply but waste huge amounts of time and resources in doing so, producing no benefit in terms of preventing or detecting money laundering. Where is the long overdue proposal to correct the problem?
Chapter 6: Other proposals
We will deal only with one proposal that is broadly relevant to reporting entities.
Proposal 6.1 - Broaden the requirement to report suspicious transactions
The proposed requirement would specify that "any activity undertaken for the purpose of a financial transaction" must be reported if it is suspicious of money laundering or terrorist financing. So, for example, an attempt to open an account that looks suspicious of AML/ATF would be reportable, even if no transaction is attempted or completed as a result.
We can't really find anything against the proposal. Essentially, it makes it a requirement for a reporting entity to report any contact with a customer or potential customer that gives reasonable grounds for suspicion that the customer or would-be customer is trying to launder criminal proceeds or finance terrorism.
The proposed requirement does broaden reporting provisions. In one sense, it takes some guesswork out of whether to report. No more "was there a transaction or attempted transaction to report." Instead, a reporting entity will be required to report whenever a potential or actual client does anything that raised a reasonable suspicion of money laundering or terrorist financing.
On the other hand, it does raise the usual spectre of second-guessing. Can a reporting entity be faulted because of a casual contact with a potential customer that raises a bad vibe but is not reported because there just isn't enough there to call it suspicious? There are always dangers that enforcement agencies and will overstep what it reasonable, but that doesn't mean that the Government should not try to make the regime as strong as possible. FINTRAC is well aware that unreasonable enforcement can only lead to defensive reporting, which is not what it wants.
This is a big package covering a broad range of issues. We could have hoped for a longer comment period. Overall, while the package seems to be moving in the right direction, once again it tends to ignore significant problems with the current regime in favour of adding new requirements.
If these issues are of concern to you, Sutton Boyce Regulatory Consulting can help you draft a comment letter.