Four steps to ensure your MSB anti-money laundering program is compliant – and effective

As a money services business (MSB), having an anti-money laundering (AML) program is significant – not only to meet the obligations set out under the Canadian AML legislation but to keep in good standing with your financial institution service provider (see Tips for MSBs and fintechs on securing a banking relationship).

MSBs are reporting entities under the Canadian Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), and as such, must institute and implement an AML Program and also undergo a compliance effectiveness review (CER) of the AML program at least once every two years. Here are four things about CERs you need to know – and follow.

Regulatory Requirement and Oversight   

According to Canada’s AML regulator, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), reporting entities are expected to review their AML program to ensure it is adequate and tailored to their specific business structure. As the  risks of money laundering and terrorist financing keep evolving, FINTRAC can check on you anytime to see if your program is up-to-date and effective by conducting an examination. The review evaluates your AML policies and procedures, risk assessment, ongoing training program and compliance with all the other obligations set out in the PCMLTFA.  

It’s important to note you must have your program in place before FINTRAC contacts you or before you seek a banking relationship. FINTRAC can determine when it was put in place through your registration as an MSB and also through interviews and assessment of your operations. As well, if you have an AML program in place that has been reviewed, all gaps or weaknesses identified in the previous compliance effectiveness review must have been addressed.

Key features

The purpose of a CER is not only to ensure you have an AML program in place but that your program is in line with the FINTRAC’s requirements. The level of complexity of the review will vary according to the complexity of the business and the risks associated with its operations.

The CER will seek to determine how effective the compliance program is in detecting and preventing money laundering as well as identifying and mitigating risks associated with your clients, affiliates, services, technology, and geographical locations of where you do business. For example, do your account opening records show you are fulfilling know-your-client requirements, or do your internal records show you are monitoring business relationships as expected?

The key features of a CER include:

• Detailed review of your policies and procedures documentation, risk assessment and training materials;
• Assessment of the governance structure, appointment of compliance officer and MSB registration obligations;
• Detailed examination of transactional data;
• Review of transactions for accuracy and timeliness in reporting for large cash, electronic funds transfers and suspicious transactions;
• Testing of key controls including ongoing monitoring obligations and;
• Interviewing staff to assess their understanding of AML obligations

Once the review is completed and a written report is issued,  it must be presented to a senior officer within 30 days – a senior officer could be the CEO, or someone who has direct access to senior management and the board. The report is expected to include findings, recommendations, deficiencies, potential action plans and updates made to the policy during the period of review, as well as a statement of the implementation of the update to your AML program and policies.

Internal and external advisors

As a regulatory expectation, your AML policies and procedures documentation must include the requirement to conduct a CER, the scope of the review, and who will be conducting the review.

According to FINTRAC guidelines, the review can be completed either by an internal or external auditor, or by yourself if you don’t have an auditor. To ensure there’s no conflict of interest, and for best practices, the evaluation should be done by someone not directly involved in any part of your compliance program. The reviewer is also expected to show they are knowledgeable and experienced in conducting compliance effectiveness reviews.

Cost of non-compliance

Failing to comply with AML program requirements, or addressing recommendations, can result in both financial penalties and damage to your reputation as a business. Financial penalties or administrative monetary penalties (AMPs) for non-compliance with the PCMLTFA, range from $25,000 to $100,000 and are cumulative. For example, a Montreal-based MSB was fined more than $200,000 in 2020 for three violations under the Act while a Vancouver-based MSB was fined more than $100,000 for committing nine violations, including a failure to comply with the requirements of a CER.

Non-compliance can also result in criminal penalties. FINTRAC has become increasingly deliberate about ramping up its examinations and oversight to stem non-compliance such that the number of reporting entities  being fined more than doubled in the first half of 2021 from 2020, from two to seven.

In the current regulatory landscape, MSBs are considered high-risk targets for money laundering and terrorist financing. Hence, ensuring your AML program and policies are in place and up to date is key to preventing these criminal activities, staying on the right side of the law – and demonstrating the effectiveness of your AML program to your financial services partners.

For more information, contact Mondiu Jaiyesimi, CAMS, FIS, CBP, MSc. Economics at 647.475.4500 or [email protected]