Skip Ribbon Commands
Skip to main content

FINTRAC and DICO Drive for Compliance Examinations and Assessments


Credit unions in Ontario have received two important notices from their regulators about AML compliance this month.

The first was from the Deposit Insurance Corporation of Ontario (DICO) warning that credit unions that all credit unions and caisses populaires should urgently review their anti-money laundering programs to avoid fines and reputational penalties associated with non-compliance, and recommended that their Boards contract qualified third parties to conduct an independent assessment.

The second and more recent communication was from FINTRAC, which requested that credit unions fill out on online survey about their anti-money laundering compliance programs. Both are indications of increased scrutiny of anti-money laundering compliance efforts, and follow the trend of FINTRAC’s focus shifting from education to enforcement. The significance of both is explained below.

About DICO’s E-mail

DICO’s e-mail was prompted by their recent meeting with FINTRAC, where FINTRAC had indicated that all credit unions in Ontario had been subjected to at least one compliance examination already, and so there would be less sympathy for deficiencies identified in subsequent examinations.

Credit unions and other financial institutions with responsibilities under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) must conduct a compliance effectiveness review at least every other year. Those effectiveness reviews act as a monitoring measure – to identify compliance weaknesses before the regulator does. DICO refers to the requirement for an appropriately skilled and qualified reviewer – presumably someone with intimate familiarity with the regulations, assessment practices, and FINTRAC’s expectations.

As suggested by the DICO e-mail, more frequent or ad-hoc examinations may be necessary where past examinations have been conducted by reviewers without those qualifications, where past internal or external examinations have revealed significant structural and operational deficiencies, or where there are indicators that compliance is not being conducted in accordance with the act.

About FINTRAC’s Compliance Assessment Questionnaire

FINTRAC’s has sent notices with wide distribution requesting credit unions to complete an online compliance assessment questionnaire. According to the PCMLTFA, reporting entities that receive this request must provide all information requested – so the questionnaire is not voluntary. Those receiving the request are not being targeted – questionnaires are a regular part of FINTRAC’s program to assess reporting entity compliance. They use the information collected principally to determine, on a risk sensitive basis, who they should be conducting examinations of, what those examinations should target, and with what frequency they should be conducted. The questions are fairly predictable, and their categories follow the streams of requirements under the PCMLTFA: the need for a designated compliance officer, risk based approach documentation, policies and procedures, training program, effectiveness review, client identification, record keeping, and reporting. Be sure to fill out the questionnaire completely and accurately within the timeframe specified, providing false information is an offence, so is failing to provide information requested. We recommend having a your most recently conducted compliance review report handy, along with management responses, so that the information you provide is accurate and readily verifiable.

Steps You Should Take
  1. Start by assessing the need for an independent compliance effectiveness review. It may be necessary if your most recently completed compliance review:
    1. It was more than 2 years ago
    2. It identified significant structural or operational deficiencies
    3. Your most recent FINTRAC examination action plan called for significant changes to your program, or a follow-up assessment of progress towards compliance
    4. The reviewer was not independent (e.g. was responsible for operations, or had a hand in the policies and procedures you are employing) or had limited knowledge of relevant regulations or experience with FINTRAC examinations

  2. Prepare for completing the survey by reading the most recently conducted independent compliance effectiveness review, your risk based approach documentation, compliance policies and procedures, training program, and the results and action plan of your most recent FINTRAC examination
  3. Fill out the survey, completely, and have a reviewer assess the results
  4. Complete the survey and print copies for future reference