Payment service providers and AML compliance in Canada

Anti-money laundering (AML) rules in Canada can be complex, and as they evolve along with technologies, may lack clarity. In this article, we explore how money services businesses and payment service providers fall under AML regulations, and what compliance represents for these businesses. In Canada, money services businesses (MSBs), are required to register with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), in line with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and related regulations.

A business in Canada is considered an MSB if it performs any of the following services for the public:

• foreign exchanging dealing
• money transferring
• issuing or redeeming money orders, traveller's cheques, or anything similar
• dealing in virtual currency

The big question

From our experience, the money transferring service offering attracts the most queries and appears to lack clarity. Specifically, we are often asked whether a payment service provider is considered to engage in money transferring and whether, by virtue of this service, they are considered to be an MSB in Canada which will subject them to the same regulations applicable to such services.

Current requirements in Canada

Payment service providers, sometimes referred to as third-party payment processing companies (TPPPs), are not explicitly defined in the PCMLTFA, related regulations or by FINTRAC, and therefore would only be captured under this regulation if they meet the criteria of a defined reporting entity. As payment service providers effectively assist with the transfer of monies between a buying party and a selling party; it remains unclear whether this service is considered a money transferring service and whether this would cause a payment service provider to be considered an MSB in Canada.

FINTRAC’s perspective is that a business performing money transfers for the sake of the service is an MSB, while a business that transfers monies to support its actual services is not. For example, businesses that transfer funds for the purpose of utility, payroll, rent or tuition payments are not considered MSBs, as the transfer of monies is corollary to their main business. Likewise, businesses that provide settlement services directly to merchants on behalf of that merchant’s customers for the purchase of goods or services, are not considered MSBs, as the transfer of funds is performed solely to support the company’s merchant services^[1].

Based on the clarification provided by FINTRAC, payment service providers that do not provide money transferring services for the sake of the service, are not considered MSBs and therefore are not required to register with FINTRAC nor adhere to the PCMLTFA and related regulations. Although not officially regulated, financial institutions and other third parties often consider payment service providers to be engaged in a business that is at higher risk for money laundering / terrorist financing and therefore frequently require payment service providers to register as an MSB with FINTRAC and adhere to the associated PCMLTFA and related regulatory requirements in order to maintain a business relationship (i.e. a financial account).

PSP vulnerabilities to money laundering / terrorist financing

The Financial Action Task Force (FATF) likens payment businesses that provide services involving funds used solely to make purchases within a limited number of merchants with a limited value for a limited range of goods and services, to closed-loop prepaid cards. Therefore, the task force views these types of payment service businesses as less at risk for money laundering / terrorist financing^[2].

Other payment service providers that do not fit this definition are exposed to higher money laundering / terrorist financing risks. Canada’s decision to exempt them from the PCMLTFA and related regulatory requirements is not in line with the FATF’s perspective on the risks associated with such businesses^[3]. The risks associated with these types of payment service providers can be quite significant:

• Anonymity and faceless transactions - Services that allow a customer to purchase, register, load / reload, or use payment methods in an anonymous manner increase the risk the customer is not who they say they are.
• Speed of transmission - Services that can be accessed via the Internet or apps and allow the initiation, transfer or acceptance of payments through a variety of methods, can be used to move funds quickly around the world. This makes tracing the origin of funds difficult.
• Global reach - Services that allow funds to be transferred globally are attractive for money laundering / terrorist financing purposes, particularly if the services are available in countries with weak AML / CFT regimes.
• Differing AML regimes – The payment service providers may be located in one jurisdiction while users are located in another jurisdiction subject to different AML / CFT regimes; this is particularly concerning if the business is located in a jurisdiction with poor AML / CFT controls.
• Funding source - Services that permit third-party funding from anonymous sources are at a higher risk for money laundering / terrorist financing as the origin of funds can be difficult to trace.
• Number of intermediaries / extent of de-centralization - Business models that involve lots of parties in the service delivery chain are concerning when the parties are subject to different AML / CFT regimes or when some parties are from industries traditionally not privy to money laundering / terrorist financing regulations.
• Lack of direct relationship with underlying customer – This can make it difficult for payment service providers to assess the value and volume of transactional activity performed by the underlying customer, to gauge whether this is consistent with expectations for that customer or indicative of fraud or a money laundering or terrorist financing scheme. Additionally, the payment service provider must rely on due diligence measures performed by program managers on the underlying customer. This puts the payment service provider at risk as they are unable to determine source of funds and customer identity and therefore could be at risk of violating AML and sanctions regulations in their home jurisdiction.
• Credit risk – Should an underlying customer engage in credit card fraud, identity fraud or the like, there is the risk the payment service provider will be responsible for covering those losses.
• Reputational risk – A payment service providers that inadvertently becomes publicly associated with a money laundering or terrorist financing scheme, may face backlash from the public causing damage to their good business standing.

Not only do payment service providers face several risks, the financial institution(s) a payment service provider holds accounts with also face risks by virtue of this relationship. Specifically, the financial institution(s) must rely on the due diligence measures undertaken by the program managers for the underlying customer; the financial institution(s) are not able to identify the underlying customer, understand the source of funds or nature of the relationship on their own. Further, as the financial institution(s) ultimately process the transactions, they may unwittingly process fraudulent transactions and therefore are exposed to further risk of AML / CFT violations.

The big answer

As payment service providers are currently unregulated, there is little to no requirement to maintain a robust AML program despite the risks, unless at the insistence of your financial institution partner or another third-party. However, payment service providers should create an AML / CFT program to manage the money laundering / terrorist financing risks associated with their business, as a best practice (or to prepare for future regulatory changes).

Contact

For more information, contact Forensics and Litigation Support team members Mondiu Jaiyesimi, MSc. Economics, CAMS, CBP, at 647.475.4500 or [email protected] or Sara Chambers, CPA, CFE, CAMS, CFF, at 403.536.5582 or [email protected]

[1] Source: www.fintrac-canafe.gc.ca/guidance-directives/overview-apercu/FINS/2-eng?s=12

[2] Source: www.fatf-gafi.org/media/fatf/documents/recommendations/Guidance-RBA-NPPS.pdf

[3] Source : www.fatf-gafi.org/media/fatf/documents/recommendations/Guidance-RBA-NPPS.pdf