Skip Ribbon Commands
Skip to main content

Must-Know Changes to AML Rules

11/08/2016


​​

​​​​On Wednesday July 27, 2016, MNP hosted a webinar on anti-money laundering (AML) regulation changes.  During the session, we addressed challenges and recommendations regarding the changes recently made to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).  MNP received the following questions during and after our presentation and wanted to respond to and share our responses with the wider community. 

1. Q:Given the new client identification changes, what is the retention period for client credit files?

2.Q: Are you familiar with the Open Anywhere product? Where a member opens an account on line. Does the new ID methods mean that if they open it on line they must have a credit history that has existed for a minimum of 3 years?

3. Q: Can you please clarify the use of a utility bill since the document does not typically show a date of birth?

4. Q: For the 3 points relating to Affiliate acceptance. Do they have to meet all 3 criteria or just one? Thank you!

5. Q: What organization will be compiling the domestic PEP list?

6. Q: Does the PEP and HIO requirement only apply to clients who are individuals? In other words, if the client is an entity such as a pension, non-profit or investment fund, is the PEP/HIO determination required?

7. Q: If a client is not a PEP or HIO at account opening and is otherwise deemed to be low risk, is it sufficient to confirm this status annually, such as during an annual KYC update?

8.Q: Is there a CPE credit available for this webinar?

9.Q: Is FINTRAC lumping all mayors into the PEDP category. Is a mayor of a small community of 300 the same risk as a mayor of a major city?

10. Q: While you have talked about the acceptance of "original electronic document", what does this really mean and how do you validate?

 

1. Q: Given the new client identification changes, what is the retention period for client credit files? ​

A: The short answer is five years from the date the account is closed. The longer answer is that there are two applicable sections of legislation to which we would draw your attention should you wish to support your policy with excerpts from the legislation.  Both can be located in the Proceeds of Crime (Money Laundering) and terrorist Financing Regulations.

The first reference is the recordkeeping requirement for a credit arrangement located in section 14(i): ​

“In respect of every credit arrangement that it enters into with a client, a record of the client’s financial capacity, the terms of the credit arrangement and, if the client is a person, the address of their business or place of work”

The second is located in the retention of records information in section 69(1):

"Subject to subsection (2), every person or entity that is required to obtain, keep or create records under these Regulations shall retain those records for a period of at least five years following:

(a.1) in respect of records that are required to be kept under paragraph 14(i) or (n), 14.1(g) or 23(f), the day on which the account to which they relate is closed;"

2. Q: Are you familiar with the Open Anywhere product where a member opens an account on line? Does the new ID methods mean that if they open it on line, they must have a credit history that has existed for a minimum of three years?

A:  No, not necessarily. The single identification method of ascertaining identity through the use of the credit file method obliges the customer to meet the requirement of three years of credit history. If the customer does not meet this requirement, then the entity would have to default to the dual p​rocess method. This could include the eID products with a six-month history and at least two trade lines plus another independent and reliable source to confirm, name, address and date of birth. Bear in mind that ascertaining the identity means you will also have to verify that the information in the credit file matches what the individual has provided to you in their application. 

3. Q: Can you please clarify the use of a utility bill for identification purposes since the document does not typically show a date of birth?

A: You are correct a utility bill will not provide all of the information reporting entities are required to collect. The dual process method is designed to confirm the required information, specifically, the name, address and date of birth for a customer, through the use of independent and reliable documents. A combination of documents is required to provide confirmation of this information. For example, a utility bill will provide a name and address an additional document, a Canada Revenue Agency (CRA) assessment document will provide name, address and date of birth. Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has provided a listing of documents and the information they contain in Table 2 of the Guideline: Methods to ascertain the identity of individual clients.

4. Q: For the three points relating to affiliate acceptance: do they have to meet all three criteria or just one?

A: An entity has to meet one of the criteria to be considered to be affiliated with another. 

5. Q: What organization will be compiling the domestic Politically Exposed Person (PEP) list?

A: MNP is unable to recommend any particular service for compiling the domestic PEP list for Canada over another at this time. We do recommended you contact your current name scanning provider to see if they have this service available. 

6. Q: Does the PEP and Head of International Organization (HIO) requirement only apply to clients who are individuals? In other words, if the client is an entity such as a pension, non-profit or investment fund, is the PEP/HIO determination required?

A: The definition of a PEP (domestic or foreign) or a head of an international organization (HIO) applies to individuals, connected persons (as defined under the regulations) and close associates. However, many reporting entities, through their risk based approach (RBA), identify connected entities to PEPs as high risk accounts (if the PEP is considered high risk). This will be determined through your policies/procedures and RBA.

7. Q: If a client is not a PEP or HIO at account opening and is otherwise deemed to be low risk, is it sufficient to confirm this status annually, such as during an annual know your customer (KYC) update?

A: Unfortunately, the term “periodic” is not defined in the regulations. We have included the excerpt from the regulations below for your reference. MNP recommends you adopt a similar process to the one you use for standard name scanning to demonstrate consistency in the practices you apply to periodic reviews. 

54.2(2) Subject to section 62 and subsection 63(5), a financial entity shall take reasonable measures on a periodic basis to determine whether an account holder is a politically exposed foreign person, a politically exposed domestic person, a head of an international organization, a family member of one of those persons or a person who is closely associated with a politically exposed foreign person.

8. Q: Is there a continuing professional education (CPE) credit available for this webinar?

A:  Educational credits are unavailable for this webinar. MNP will be looking into applying for CPEs to the CPA to best serve you in the future.

9. Q: Is FINTRAC lumping all mayors into the PEDP category? In other words, is a mayor of a small community of 300 at the same risk as a mayor of a major city?

A: Municipal politicians are not currently included in the list of PEP positions, although updates have not yet been made to the table on the FINTRAC website. As we get closer to the date of required implementation, we recommend you check the list again —it can be found in section 9.3(3) of the PCMLTFA.  We would draw your attention once again to the fact these are minimum standards.  Depending on the size of the municipality, you may wish to identify some of these individuals or positions in your risk based approach. You may determine that a customer should be considered to be higher risk and apply special measures. At this time, every reporting entity should be determining a process to assess risk for all domestic PEPs, as well as corresponding actions which should be applied. 

While you did specify this was a town of 300, depending on the size of any given municipality you may determine through your risk-based approach a customer is higher risk and should have special measures applied. Unlike foreign politically exposed people, reporting entities are not obligated to categorize domestic politically exposed people as high risk. However, these are minimum standards, and the risk of domestic PEPs should be risk-assessed to determine whether and what additional actions should be taken.

10. Q: While you have talked about the acceptance of "original electronic document," what does this really mean and how do you validate?


A: You must ensure you see the original paper or electronic document and not a copy. The original document is the one your client received or obtained from the issuer through posted mail or electronically. The document must appear to be valid and unaltered in order to be acceptable. If any information has been redacted, it is not acceptable. 

For example, an original paper document can be a utility statement mailed to your client by the utility provider. Whereas an original electronic document is one the client received through email or by downloading it directly from the issuer's website.

Your client can email you the original electronic documents they received or downloaded, or your client can show you the document on their electronic device (for example, a smartphone, tablet, or laptop). Your client can print electronic documents they receive or download from the issuer, or they can show them to you in their original format such as .pdf (Adobe) or .xps (Microsoft viewer). Original documents do not include those that have been photocopied, faxed or digitally scanned. 

Examples

  • The client can show you their original paper utility statement in person or by posted mail.
  • The client can email or show you on their electronic device an electronic utility statement downloaded directly from the issuer's website.
  • The client can print and show you the statement they downloaded from the issuer.
  • The client can email or show you on their electronic device a mortgage statement received by email from the issuer.

This information is taken from the FINTRAC Guidelines page. Guidelines typically have numbers. This one sits between Guidelines 5 and 6 on the FINTRAC website and is titled Guideline: Methods to ascertain the identity of individual clients.

DISCLAIMER: The contents of this document include information relating to general principles and should not be construed as specific instructions or advice. It is not a substitute for legal and other professional advice. If any reader requires legal advice or other professional assistance, each such reader should always consult his or her own legal or other professional advisors and discuss the facts and circumstances that apply to the reader.

MNP is a leading national accounting, tax and business consulting firm in Canada. We proudly serve and respond to the needs of our clients in the public, private and not-for-profit sectors. Through partner-led engagements, we provide a collaborative, cost-effective approach to doing business and personalized strategies to help organizations succeed across the country and around the world.