Skip Ribbon Commands
Skip to main content

Draft Anti-Money Laundering Regulation Amendments Released for Comment


On October 13, 2012 the Department of Finance (“Finance”) released draft regulations to amend Canada’s anti-money obligations (“Draft Amendments”). If enacted, those changes would impact banks, trust companies, credit unions, securities dealers, insurance companies, real estate businesses, trust companies, accountants, lawyers and notaries (collectively known as “Reporting Entities”). Draft Amendments would impact the ways that those entities identify customers and monitor their behaviour, principally for the purpose of identifying suspicious transactions and activities related to money laundering or terrorist financing. These changes have been expedited by Finance, first having been introduced in a November 2011 consultation paper (“Consultation”) with a one month comment period, as a consequence of international commitments to fix Canada’s AML regime1. The Draft Amendments would implement all of the proposals from the Consultation. Interested parties have 30 days to comment to Finance on the Draft Amendments.

We have split our summary of the text and implications of the Draft Amendments into three sections:

Despite Finance’s analysis about the potential impact of the draft changes, we are of the opinion that Reporting Entities would be faced with additional administrative burden with their introduction.

Customer Due Diligence (CDD) - Base Obligations for Customer Identification

1. Reporting Entities that enter into a Business Relationship must keep a record that sets out the purpose and intended nature of that Business Relationship

What is a Business Relationship?
Any relationship with a client established by a Reporting Entity “ conduct financial transactions or provide services related to those transactions”. And, as the case may be:
i) if a customer holds one or more accounts, the Business Relationship includes all the transactions and activities for all accounts a customer holds with the Reporting Entity; or
ii) If a customer does not hold an account, the Business Relationship consists of only transactions and activities for which the Reporting Entity would be required to ascertain identity or confirm corporate/entity existence.

For clarity, transactions and accounts which are currently exempted from identification and record-keeping requirements (e.g. RRSPs, group term life insurance) are not considered to be part of the Business Relationship.

It is important to note that the two alternatives do not distinguish between Reporting Entity types. That is to say, a credit union could hypothetically be providing services to a non-member (such as remittances with a value of CAD 1,000 or more), and still be responsible for gathering information about the business relationship.

To be clear, if a customer does not hold an account with a Reporting Entity, and does not enter into a relationship to (or actually) conduct prescribed transactions with the Reporting Entity, no Business Relationship exists.

What is Business Relationship information collected for?
Business Relationship information is collected to form the basis for ongoing monitoring (discussed under Enhanced Due Diligence below). Previously Canada’s legislation did not explicitly require the consideration of all of a client’s interactions with an institution for the purpose of keeping client identification information up to date, assessing/reassessing risk, and considering transactions and activities for suspicious transaction reporting.

When would the obligation begin?
The Draft Amendments would come into effect the date they are registered. It would appear that the obligation to collect Business Relationship purpose and intended nature would be prospective, but the obligations in respect of ongoing monitoring of Business Relationships (existing and new) would be immediate.

What impact could this have on Reporting Entities?
Reporting Entities will first need to determine a method to collect and retain Business Relationship intended use and purpose. For some Reporting Entities, this will require database upgrades, likely at the Customer Information Record level.

Reporting entities that open accounts will next need to ensure that all accounts across all business units relatable to and consolidated by customer. AML risk management systems such as Verafin currently enable that approach. Those that open accounts will also have to consider what technology method will be used to consolidate and track non-account transactions by customer as though they were account holders (or prohibit non-customer transactions, which is already a common practice in the credit union industry, for instance). Reporting Entities that do not open accounts will need a method to aggregate and track prescribed transactions by customer (and to distinguish between prescribed and non-prescribed transactions). While this is currently common practice for money services businesses, foreign exchange companies and casinos, it is less common for other reporting entities such as accountants and real estate businesses.

2. Reporting Entities must conduct CDD measures in respect of any transaction or activity which gives rise to a suspicion of money laundering or terrorist financing

Aren’t we already required to try and identify customers that conduct (or attempt) transactions that give rise to a suspicion of money laundering or terrorist financing?
Some interpretations of the current legislation exclude transactions exempted from customer identification (such as RRSPs) from taking measures to ascertaining identity in the case of a transactions or activities that give rise to suspicion of money laundering or terrorist financing. This technical amendment would makes it the responsibility of every Reporting Entity to take reasonable measures to ascertain the identity of every person conducting or attempting a transaction that is “required to be reported” as a suspicious transactions.

What if we previously ascertained the identity of the customer?
The Draft Amendments permit reliance on previous identifications conducted in accordance with the PCMLTFR. However, regulations remain requiring reasonable measures to re-identify when doubts about identity veracity arise.

What impact could this have on Reporting Entities?
Common practices and related training already conform to the expectation of this Draft Amendment, accordingly, this provision is expected to have minimal impact on Reporting Entities.

3. Reporting Entities must collect and verify information about beneficial ownership and control of corporations and entities in the prescribed circumstances

Aren’t we already required to collect information about beneficial ownership and control?
The obligation to collect information about all directors, and natural persons owning or controlling the prescribed percentages of corporations and entities in prescribed circumstances remains for: financial entities; insurance companies; insurance brokers and agents; and money services businesses.

Additionally, the Draft Amendments would require those same reporting entities to collect “information establishing the ownership, control and structure of the entity”. In the case of a trust, those reporting entities would be required to collect the names and addresses of all trustees and all known beneficiaries and settlers of the trust.

Most importantly, the Draft Amendments require the listed categories of Reporting Entities to take and document reasonable measures to confirm the accuracy of all the information collected.

Do any of the percentages change?
The 25% threshold remains the same, except for IIROC regulated firms subject to IIROC rules 1300.1 (b) and (e), in which case the threshold is 10%.

What if we are not able to verify information about beneficial ownership and control?
If unable to obtain the required information or to confirm that information, the Reporting Entity must (a) take and document reasonable measures to ascertain the identity of the most senior managing officer of the entity, and (b) treat the entity as high risk (including the application of prescribed measures).

What impact could this have on Reporting Entities?
Reporting entities will have to develop standards and processes for the confirmation of the corporate structure and beneficial ownership information, as well as processes to deal with those where the information cannot be collected (more likely processes to reject prospective clients in these circumstances).

Ongoing Monitoring

1. Reporting Entities must conduct ongoing monitoring of its business relationships, and keep a record of the measures taken/information obtained. Ongoing monitoring involves conducting periodic monitoring on a risk sensitive basis (based on the risk assessment findings), conducted for the purpose of:

i. detecting suspicious and attempted suspicious transactions;
ii. keeping client identification information and beneficial ownership information up to date;
iii. reassessing the level of risk associated with the client’s transactions and activities; and
iv. determining whether transactions or activities are consistent with the information obtained about their client, including the risk assessment of the client.

Must each individual client relationship be monitored separately for risk?
Existing legislation refers to the risk of customer and business relationships (plural), and many Reporting Entities deal with risk assessment and mitigation by grouping clients by like risk. The wording of these Draft Amendments suggests that risk assessment and mitigation must necessarily be applied at the customer level (where a defined Business Relationship exists).

Would client identification information require updating for every client, regardless of risk?
Existing regulation requires updating of client identification information only for high risk clients. These Draft Amendments would require client identification updates for all clients with some periodicity linked to the risk assessment. By way of example, high risk clients might be subjected to updates every other year, where low risk clients would be subjected to updates every five years. Note that client identification information update does not mean that a client must be re-identified, just that information related to their identification (e.g. name, address, date of birth) needs to be kept up to date. Some will address this requirement with negative confirmation (e.g. sending a message to the client that asks for correction of information currently on file – preferably through a secure internet portal).

What is the significance of a required assessment against expected activity?

Requiring a review specifically for assessments against a baseline changes the nature of suspicious transaction reporting. The requirement to report a suspicious transaction was not previously coupled with an explicit requirement to monitor for suspicious transactions. Reporting Entities could expect to be challenged about their evaluation of client transaction behaviour against historical and expected levels in a regime such as this, as is the case in the US now.

What impact could this have on Reporting Entities?
Ongoing monitoring is the most significant of the proposed changes. Information updates for all clients and monitoring on an individual client basis will require a combination of automated and manual approaches to be practical. Smaller reporting entities would be most challenged with these Draft Amendments.

Enhanced Customer Due Diligence - Enhanced Measures for Customer Identification

1. Reporting Entities must subject high risk customers (Business Relationships), activities, transactions to new specified measures.

At a minimum risk based mitigation measures must include: (a) measures to ascertain identity beyond legislative requirements, (b) keeping client identification and beneficial ownership up to date, and (c) conducting ongoing monitoring of Business Relationships beyond legislative requirements to detect suspicious transactions.

What impact could this have on Reporting Entities?
Reporting Entities often take additional measures to ascertain identity beyond legislative requirements, by taking a second piece of identification, for example. Keeping client information and beneficial ownership up-to-date will be a requirement for all clients, and so if those other amendments are adopted, there will be little incremental impact. A similar thing can be said of ongoing monitoring of Business Relationships, except that the Draft Amendment asks something beyond the legislative standard, which is already significant. Reporting Entities would again require a combination of automated and manual approaches to implement such an amendment.

Coming into Force

The Regulations will come into force one year following their final publish date in the Canada Gazette. As a consequency, the earliest they could practically come into force is January 2014.

What Should be Done at this Stage?

At this stage of regulatory change, we recommend updating management and directors about the content of the Draft Regulations, and the potential impacts to your organization. In our view, it is likely that many of the provisions in these Draft Amendments will be passed as drafted, particularly as they align with international standards. You may wish to take steps in preparation, such as scoping the impacts to your organization and developing a plan implement changes that will bring you into compliance.

Any comments should be forwarded to your industry ortrade group. If you are not a member of such a group, comments may be submitted directly to Leah Anderson, Director, Financial Sector Division, Financial Sector Policy Branch, Department of Finance Canada, Ottawa, Ontario K1A 0G5 (tel.: 613-992-6516, fax: 613-943-8436, email: [email protected]).

In order to be considered, your comments must be submitted within 30 days after October 13th, 2012.

Reporting Entities should also be aware of the second regulatory consultation by Finance which is still underway, and the Senate review of the effectiveness of Canada’s AML regime from which a report is expected in December. Given these circumstances, it is likely that we will see additional proposed changes in the coming year.

1 In most recent AML regime evaluation, Canada’s AML legislation was found to be inconsistent with the international standard dealing with customer identification. That standard, known as Financial Action Task Force Recommendation 5, has since been revised and re-titled Recommendation 10 (February 2012). The Draft Amendments are consistent with the language and of the legacy and revised recommendation.