FCAC Issues New Framework for Administrative Monetary Penalties
On June 15, 2021, the Financial Consumer Agency of Canada (“FCAC”) published a new framework on administrative monetary penalties (“AMP”) which outlines how it will determine proposed penalty amounts going forward. The new framework closely resembles, with less detail, the AMP framework introduced Financial Transactions and Reports Analysis Centre of Canada’s (“FINTRAC”) in 2019 following a series of Federal Court decisions.
Typically, if FCAC has reasonable grounds to believe that a regulated entity has breached a consumer provision under the Bank Act, the Insurance Companies Act, the Trust and Loan Companies Act or a Compliance Agreement, it will issue a Notice of Violation, specifying, among other things, the alleged violation/breach committed, the name of the regulated entity that has committed it and the amount of any proposed monetary penalty.
While the criteria that were required to be taken into account when determining penalty amounts were known to regulated entities by virtue of section 20 of the Financial Consumer Agency of Canada Act (“FCAC Act”), the actual assessments or penalty calculations were not. The FCAC has not historically publicized how it calculated the amount of its proposed penalties. Its new framework, however, aims to change that by providing guidance on how proposed penalty amounts will be determined based on categories of levels for each of the criteria set out in section 20 of the FCAC Act.
Section 20 of the FCAC Act requires that, when determining a penalty amount, FCAC considers the degree of harm caused by the violation, the degree of negligence or intent demonstrated by the regulated entity, the history of violations committed by the regulated entity and its ability to pay the penalty. The first three of these criteria will now be assessed against three levels of severity, which carry different penalty amounts.
Summary of levels and amounts
- Harm caused by violation (including duration of violation)
- level 1 – where it finds “some harm”, FCAC can impose a monetary penalty ranging from $0 to $2M;
- level 2 – where it finds “significant harm” found, FCAC can impose a monetary penalty ranging from $2M to $4M; and
- level 3 – where it finds “very significant harm”, FCAC can impose a monetary penalty ranging from $4M to $6M.
- Degree of negligence or intent demonstrated (including duration of negligence or intent)
- level 1 – where it finds “some negligence”, FCAC can impose a monetary penalty ranging from $0 to $500K;
- level 2 – where it finds “significant negligence”, FCAC can impose a monetary penalty ranging from $500K to $1M; and
- level 3 – where it finds “very significant negligence”, FCAC can impose a monetary penalty ranging from $1M to $2M.
- Violation history
- level 1 – where the regulated institution has “no or little history” of violations, FCAC can impose a monetary penalty ranging from $0 to $500K;
- level 2 – where the regulated institution has a “significant history” of violations, FCAC can impose a monetary penalty ranging from $500K to $1M; and
- level 3 – where the regulated institution has a “very significant history” of violations, FCAC can impose a monetary penalty ranging from $1M to $2M.
Assessment of levels
While the FCAC’s new framework provides the factors that may be considered to assign a level of severity to a violation, it does not provide examples or use cases of actual penalty calculations.
 Bank Act: paragraphs 157(2)(e) & (f), sections 273.1 & 413.1, subsection 418.1(3), sections 439.1 - 459.5, subsections 540(2) & (3) & 545(4) & (5), paragraphs 545(6)(b) & (c), subsection 552(3) and sections 559 - 576.3, sections 992 - 1003 and related regulations; Insurance Companies Act: paragraphs 165(2)(f)& (g), subsection 469.1(3), sections 479 - 489.3, subsection 542.061(3) & sections 598 - 607.2, sections 1034 - 1045 and related regulations; Trust and Loans Companies Act: paragraphs 161(2)(e) & (f), subsection 418.1(3) & sections 425.1 - 444.3, sections 539.01 - 539.12 and related regulations.
 A Compliance Agreement is a written agreement between FCAC and a regulated entity, detailing the corrective measures required to address breaches of market conduct obligations, to prevent recurrence of breaches, and/or to implement any measures designed to further compliance with market conduct obligations.
 Harm: number of impacted consumers, dollar value impact to consumers (for example, total, average, highest, lowest), opportunity costs for consumers, regulated entity’s actions in identifying impacted consumers and providing redress/remediation, potential harm to the regulated entity’s compliance culture, potential harm to the reputation of, or consumer confidence in the sector, length of time the breach was in effect as it relates to harm
Negligence/intent: controls in place to prevent a breach (for example, policies and procedures, testing, audits, training), controls in place to detect a breach, implementation of controls, whether FCAC communicated with the sector or the regulated entity about the issue related to the breach and related actions taken by the regulated entity, lack of appropriate consideration by the regulated entity to consequences of its actions, length of time the breach was in effect as it relates to negligence/intent
Violation history: number of previous violations for the same provision, number of violations for related provisions, number of violations for any provision