On June 29, 2016, the federal Government published the final version of the long-awaited regulations (Amending Regulations) to amend various regulations (Regulations) under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).
The Amending Regulations came into force on June 30, 2016, however, there is an almost one year delay for the provisions that increase the regulatory burden, which will be in force on June 17, 2017. An updated version of the Amending Regulations with corrected in-force provisions will be published in the Canada Gazette on July 13, 2016.
A draft version of these regulations was published in July of 2015. The amendments have not changed much from those proposed in last year’s draft.
The following are highlights of the changes:
Identity verification methods
The methods for verifying identity in a non-face-to-face (NFTF) context have been amended to provide greater flexibility. This is an improvement over the permitted methods prior to these amendments, although it was hoped that the amendments would go further to allow the use of modern technologies that would make real-time NFTF verifications more practical and cost-effective. Please see our recent post in which we discussed the guidance issued by FinTRAC (Guidance) regarding the updated identity verification methods.
The amendments allow reporting entities to verify identity using the following new NFTF methods:
Single source – credit file method: Refer to information in the person’s credit file in Canada, which must have been in existence for at least 3 years and verify that the name, address and date of birth (DOB) are those of the person. The credit file method is the only single source NFTF method that is currently available.
Dual process method: Do any 2 of the following:
- Refer to information from a reliable source that contains the person’s name and address and verify that the name and address are those of the person.
- Refer to information from a reliable source that contains the person’s name and date of birth (DOB) and verify that the name and DOB are those of the person.
- Refer to information that contains the person’s name and confirms that the person has a deposit account, credit card account or other loan account with a financial entity, and verify that information.
When using a dual process method, two separate sources must be used; the same source cannot be used for the two sets of information. The Guidance provides examples of reliable source of information that may be used under the dual process method. In the Regulatory Impact Analysis Statement (RIAS) that accompanies the Amending Regulations, the Government has indicated that no additional information gathering is expected in order to verify the information and that “verifying” can simply mean comparing different pieces of identification documents.
The Amending Regulations provide that an entity that has already ascertained a person’s identity in accordance with the Regulations is not required to ascertain the person’s identity again unless the entity has doubts about the information that was used. This is an improvement from the previous exemption which applied only if the entity “recognizes” the person, as this exemption would not assist in the NFTF context.
The new ID verification methods are in effect as of June 30, 2016, however, reporting entities may continue to use the methods set out in the Regulations prior to amendment until June 17, 2017. Beginning on that date, only the new methods will be permitted.
Use of agents
The amendments provide additional flexibility in connection with the use of third parties, including agents, to verify identity on behalf of a reporting entity. In particular, a reporting entity may rely on measures previously taken by an agent taken in the agent’s own capacity or on behalf of another entity (in other words, the “agent” need not have been acting on behalf of the reporting entity at the time the verification was done).
However, as discussed in more detail in our earlier update, FinTRAC has indicated that if information used to identify an individual has expired, it cannot be relied on, unless the agreement with the agent was entered into before the information expired. We question whether these provisions are workable in practice, because it appears that records will have to be reviewed for each individual client. Also, the Guidance does not address what it means for information obtained for NFTF verifications to expire. For example, if a credit file was used for identification, this information does not have a natural expiry date.
The definition of “signature card” has been amended to allow signature cards to be signed electronically using “electronic data”. The definition of “signature” has been amended in a manner that gives reporting entities the flexibility to determine what electronic form(s) of signature they will accept.
Politically exposed persons and heads of international organizations
As expected, the Amending Regulations include requirements in respect of domestic politically exposed persons (PEPs) and heads of international organizations (HIOs). Currently, the requirements only apply in respect of foreign PEPs.
A welcome change from the draft version of these regulations is that the “look-back” period to determine whether a person is a PEP has been reduced to 5 years from the previously proposed 20 years. This means that a person is a PEP if he or she currently holds one of the offices or positions set out in the PCMLTFA or has held such office or position within the previous 5 years. Also, the Amending Regulations increase the time period for determining whether a person is a PEP to 30 days from the current 14 days following account opening.
An important and potentially challenging change from the current requirements is that in addition to PEP and HIO determinations, in certain circumstances, entities will have to determine whether the client is a person who is “closely associated” with a PEP or a HIO. According to the RIAS, “close associate” is defined as a personal or business relationship, however, we were not able to find any such definition in the legislation. Currently, it is not clear how reporting entities are expected to make a determination whether a person is a close associate of a PEP; this may be clarified by additional guidance from FinTRAC.
The requirements regarding PEPs and HIOs will come into force on June 17, 2017 along with the corresponding amendment to the PCMLTFA from the 2014 budget bill (Bill C-31) in respect of PEPs and HIOs.
Suspicious transaction reporting
A proposed change in the draft version of the Amending Regulations would have required reporting entities to send reports to FinTRAC within 30 days after the entity detects a fact that “could reasonably be expected to raise reasonable grounds” to suspect that the transaction is related to the commission of a money laundering or terrorist activity financing offence. In the consultation process, concerns were raised that the new proposed wording could lower the reporting threshold and lead to over-reporting. In response, the Government has retained original wording of this provision. This is a welcome development as the proposed change may have caused confusion.
Some minor changes to the required contents of the suspicious transaction reporting form have been made and will be in force on June 17, 2017.
Record of reasonable measures
The Amending Regulations add a requirement for reporting entities to keep a record of any reasonable measures they have taken in circumstances where reasonable measures are required to determine certain information and they were unable to determine the information specified. Some examples of when reasonable measures must be taken are (i) to confirm the accuracy of information obtained regarding those who own or control more than 25% of an entity (colloquially referred to as “beneficial ownership”); and (ii) to identity a person who conducts or attempts to conduct a suspicious transaction. To address this new requirement, reporting entities will need to document the measures taken to obtain or confirm this the information, the date on which each measure was taken, and the reasons why the measures were unsuccessful. This new record-keeping requirement will likely require various procedural changes for reporting entities. This change will be in force on June 17, 2017.
Record of credit arrangements
Financial entities will be required to keep a record for every credit arrangement that includes the client’s financial capacity, the terms of the credit arrangement, and if the client is an individual, the address of the client’s business or place of work, in addition to the terms and conditions of the credit arrangement. This new record-keeping requirement creates a positive obligation for financial entities to collect and keep a record each time they enter into a credit arrangement with a client. Currently, such a record is only required to be kept if it is created in the normal course of business. This change will be in force on June 17, 2017.
Reporting entities are required to implement a compliance program that must include an assessment and documentation of risks of money laundering and terrorist financing that arise in the course of their activities. The Amending Regulations add a requirement for reporting entities to take into consideration in their risk assessments new developments and the impact of new technologies on their clients, business relationships, products, delivery channels and geographic location of activities. Also, financial entities will be required to consider in their risk assessments the risks resulting from their affiliates’ activities. These changes will be in force on June 17, 2017.
Reporting entities will need to review the Amending Regulations and make changes to their AML policies and procedures to address the amendments. The changes to the NFTF methods to verify identity are in effect immediately, although there is a transition period until June 17, 2017 during which reporting entities may use previous methods. Reporting entities should therefore develop plans for transitioning to the new methods of identity verification, including possible changes to services obtained from third-party providers. Reporting entities that currently only use face-to-face identification methods may wish to consider whether the new NFTF methods could be useful in their operations.