FINTRAC Updates Guidance on Regulatory Amendments Coming into Force on June 1, 2021
The Financial Transactions and Reports Analysis Centre of Canada (“FINTRAC”) has recently updated its guidance on (1) compliance program requirements, (2) methods to verify the identity of persons and entities, (3) third party determination requirements and (4) reporting terrorist property. FINTRAC has also published new guidance on prepaid payment products and accounts, the 24-hour rule and travel rule requirements.
The updated and newly published guidance reflects the series of regulatory amendments made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the “PCMLTFA”) and regulations over the past few years, the majority of which will come into force on June 1, 2021. Our prior summaries of the regulatory amendments can be found here and here. FINTRAC has also published other updated guidance pieces over the past several months on topics such as record keeping, client identification, business relationships and much more. Please refer to our March 2021 and April 2021 blog posts for more information on these guidance pieces.
Compliance Program Requirements
The compliance program requirements under the PCMLTFA and associated regulations apply to all reporting entities (“REs”). In particular, the updated guidance will require REs to cover travel rule requirements to include specific information in electronic funds transfers (“EFT”) and virtual currency (“VC”) transfers as part of their compliance policies and procedures. REs will be required to develop and apply written risk-based policies and procedures to help determine whether they should suspend or reject an EFT or VC transfer they receive. A RE’s policies and procedures will also have to describe the steps the RE will take for all obligations that require it to take reasonable measures. A RE’s compliance training program will also have to be delivered to those who handle VC for the RE.
Methods to Verify the Identity of Persons and Entities
FINTRAC requires all REs to verify the identity of persons and entities. A notable update to this guidance includes the addition of the reliance method as a way to identify a person or entity by relying on measures that were previously taken by another RE or an affiliated foreign entity. Similar to the other methods in the guidance, a RE’s compliance program’s policies and procedures must describe the processes it follows when using the reliance method.
Another change to the guidance includes the addition of the simplified identification method to verify the identity of certain prescribed entities. The simplified identification method is only available to the following REs: banks and authorized foreign banks, cooperative credit societies, savings and credit unions, caisses populaires, life insurance companies or foreign life insurance companies, companies to which the Trust and Loan Companies Act applies, trust and loan companies regulated by provincial legislation, and securities dealers. The simplified procedure allows these REs to be deemed to comply with the identification requirements of certain entities if the RE considers there is a low risk of a money laundering or terrorist activity financing offence. REs must keep a record of their risk assessment outlining the grounds for their determination that there is a low risk of an offence.
If a RE has previously verified the identity of a person or entity using the reliance method or simplified identification method, it must verify the identity of the person or entity again for any subsequent transaction or activity.
Third Party Determination Requirements
The Financial Action Task Force has observed that third parties have been used in several money laundering and terrorist financing cases. REs must take reasonable measures to determine whether a third party is involved when the RE carries out certain transactions or activities. A notable change to the updated guidance includes the obligation of REs to make third party determinations when they are required to report a large VC transaction ($10,000 or more) or keep a large VC transaction record. In particular, this means that a RE must take reasonable measures to determine whether the person from whom they are receiving the VC is acting on behalf of a third party.
The updated guidance also includes certain record-keeping requirements that REs will be subject to if they are not able to make a third party determination, but have reasonable grounds to suspect that a third party is involved.
The updated guidance also includes certain exceptions for financial entities (“FEs”), securities dealers, casinos and life insurance companies, brokers or agents. For example, REs will not have to make a third party determination when opening a credit card or a prepaid payment product account. Life insurance companies, brokers or agents will not need to make a third party determination if they keep an information record on a beneficiary in connection with the sale of a life insurance policy under which the RE is to remit an amount of $10,000 or more to the beneficiary over the duration of the policy. Under the PCMLTFA, financial entities include: banks and authorized foreign banks, cooperative credit societies, savings and credit unions, caisses populaires, companies to which the federal Trust and Loan Companies Act or similar provincial legislation applies, and departments, agents and mandataries of the Crown.
Reporting Terrorist Property Requirements
The updated guidance specifically provides that the terrorist property reporting (“TPR”) requirements under the PCMLTFA and associated regulations apply to all REs. FINTRAC notes that TPRs differ from other reports that are submitted to FINTRAC because a transaction or attempted transaction does not have to occur to require the filing of a TPR. Rather, it is the mere existence of property owned or controlled by or on behalf of a terrorist group that requires a RE to submit a TPR. Furthermore, if a transaction was attempted or completed, and it involved property that the RE knew or believed is owned or controlled by a terrorist group, then the RE must also submit a suspicious transaction report (STR) to FINTRAC in addition to the TPR.
Prepaid Payment Products and Prepaid Payment Product Accounts
FINTRAC has provided new guidance applicable to FEs, life insurance companies, and life insurance broker and agent entities that offer prepaid payment products (“PPPs”) to the public, or maintain prepaid payment product accounts.
PPPs are products issued by an FE which enable a person or entity to engage in a transaction by giving them electronic access to funds or to VC paid into a PPP account held with the FE in advance of a transaction taking place. PPPs do not include products that enable a person or entity to access a credit or debit account, are issued for use only with particular merchants (for example, a retail store) or are issued for single use for the purposes of a retail rebate program.
PPP accounts are accounts which are connected to a PPP that permit funds or VC totaling $1,000 or more to be added to the account within a 24 hour period, or a balance of funds or VC of $1,000 or more to be maintained.
PPP accounts are subject to account opening obligations, like other types of accounts. As well, transactions carried out with PPPs connected to PPP accounts are subject to transaction obligations. Where a business opens a PPP account with a FE, that FE would have all of the obligations associated with that PPP account.
The 24-hour Rule
FINTRAC has provided new guidance describing when REs must consider multiple transactions within a 24-hour period as a "single transaction". This concept is referred to as "the 24-hour rule”. This rule requires REs to aggregate multiple transactions when they total $10,000 or more within a consecutive 24-hour window and the transactions are conducted by the same person or entity, on behalf of the same person or entity, or for the same beneficiary (person or entity). The 24-hour rule applies to all reports with a reporting threshold of $10,000. The guidance further sets out how to aggregate transactions under the 24-hour rule and exceptions to the rule.
On June 1, 2021, these obligations will apply only to the reporting of large VC transactions. The obligations will apply to large cash transactions, EFTs and casino disbursements when FINTRAC updates the report forms for those transactions. Until then, REs should continue to apply the 24-hour rule as outlined in FINTRAC Interpretation Notice No. 4 (pre-June 1, 2021).
Travel Rule Requirements
FINTRAC has provided new guidance applicable to FEs, money services businesses (MSBs), foreign MSBs (FMSBs) and casinos regarding the travel rule. The travel rule is the requirement to ensure that specific information is included with the information sent or received in an EFT or a VC transfer.
FEs, MSBs, FMSBs and casinos must include the following travel rule information when initiating an EFT:
- the name, address and account number or other reference number (if any) of the person or entity who requested the transfer;
- the name and address of the beneficiary; and
- if applicable, the beneficiary's account number or other reference number.
Where an EFT or a VC transfer is received that ought to include the travel rule information but does not, the RE must take reasonable measures to obtain such information. These reasonable measures should be outlined in the RE’s policies and procedures. These policies and procedures should also set out what to do when, after taking reasonable measures, one is unable to obtain the travel rule information, including under what circumstances the transaction will be allowed, suspended or rejected.
Coming into Force
The above guidance pieces will come into force on June 1, 2021. FINTRAC has stated that it will “exercise flexibility in assessing and enforcing compliance with certain record keeping and reporting obligations related to the amended Regulations.” These flexible measures can be found on FINTRAC’s website. However, FINTRAC has also noted that the flexible measures will not apply to the new VC obligations, as it expects all REs to implement the VC related obligations, as applicable, starting on June 1, 2021. Accordingly, entities involved in VC transactions will want to ensure that they take appropriate measures in a timely manner to comply with these upcoming obligations.
For more information about our firm’s Fintech expertise, please see our Fintech group’s page.