Since July 2015, when draft amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (Draft Regulations) were published in the Canada Gazette, the industry has been expecting changes to aspects of the current AML/TF regime, particularly with respect to customer identification. After a lengthy delay, caused at least in part by the change in government, FinTRAC signaled the imminent arrival of the updated rules by releasing a new guideline on its website regarding methods to ascertain the identity of individuals (the Guideline). The Guideline refers to amended regulations that were apparently made on June 17th, but are yet to have been officially published in the Canada Gazette. The Guideline offers guidance on certain elements of the yet unseen final amendments to the regulations.

Highlights and Observations

Based on the Guideline, it appears that the methods for verification of identity of individuals proposed in the Draft Regulations have not been substantially changed from what was proposed last summer.  For a summary of the proposals in the Draft Regulations, please see our update from July 2015.  Here are some areas of note:

Single Process Method

The only single process method of identification of an individual who is not physically present at the time of identification discussed in the Guideline is the credit file method. The Draft Regulations include an additional single process method, which involves referring to information that is received from a federal or provincial government body or an agent of such body. We understand that there is currently no such process available in Canada and for this reason this method is not included in the Guideline.

As in the Draft Regulations, the credit file method referred to in the Guideline requires a Canadian credit file that has been in existence for at least three years. Submissions from various industry participants requesting that the three year period be reduced have apparently not been accepted.

Reliable Sources for Dual Process Methods

One of the key updates proposed in the Draft Regulations is the new concept that identity may be verified by referring to information from two different reliable sources (referred to in the Guideline as the “dual process method”). This is a welcome development as it is less prescriptive than the current requirements and provides flexibility; however, with less prescription, there is also less certainty about what will be considered acceptable. FinTRAC has provided the following criteria for determining whether a source would be considered “reliable”:

  1. The source must be an originator or issuer of information;
  2. The reporting entity must trust the source to verify the identity of the client;
  3. The source should be well known and considered reputable; and
  4. The source cannot be the reporting entity or the client.

These criteria are helpful, but they raise additional questions:

  • What does it mean for a reporting entity to “trust” the source?
  • Is this an objective or subjective test?
  • If trust will be determined objectively (i.e. whether it was reasonable for the reporting entity to trust the source), what diligence must the reporting entity have done to come to the conclusion that it may trust the source?
  • What diligence must the reporting entity do to determine whether a source is “well known” and “considered reputable”? Considered reputable by whom?

The Guideline provides some examples of reliable sources: various levels of government, crown corporations, financial entities and utility providers. Note that a municipal government is considered a reliable source for the dual process method, but an identity document issued by a municipal government is excluded from acceptable photo identification.

Use of Agents

Under the current regulations, a reporting entity may use an agent to verify identity on its behalf provided that it has a written agreement or arrangement in place with the agent. The Draft Regulations include additional flexibility with respect to the use of agents. In particular, based on the Draft Regulations, a reporting entity may rely on measures previously taken by the agent to verify identity even if the agent took those measures on its own behalf or on behalf of another reporting entity under a written agreement or arrangement. The Guideline adds the following in connection with these provisions:

  1. If an agent ascertained the client for another entity and the information is still current, the reporting entity may rely on it;
  2. If the identifying information used by the agent has expired, the reporting entity may still rely on it, provided that the reporting entity’s agreement with the agent was in place before the information expired.

This appears to give reporting entities some leeway when they use agents who have previously identified clients, but we question whether it is overly cumbersome to be of practical assistance.

Here is an example to illustrate how this would work: ABC Mortgages (a mortgage broker) identified Sally, the prospective borrower, on June 15, 2014 on behalf of Bank A by referring to Sally’s Ontario driver’s license. Sally’s driver’s license expires on May 31, 2016. Bank B is now opening a new mortgage account for Sally.

If Bank B has a written agreement with ABC Mortgages for ABC Mortgages to verify the identity of clients on behalf of Bank B and that agreement was in place before May 31, 2016, Bank B can rely on ABC Mortgages’ previous identification of Sally. If, however, Bank B entered into the written agreement with ABC Mortgages after May 31, 2016, Sally’s identity will have to be re-verified as the previous identification cannot be relied on.

This guidance suggests that reporting entities should enter into written agreements as soon as possible with any potential agent that they may use to verify identity on their behalf. Also, the agent’s record of the identity document, and in particular, the expiry date of the document will have to be reviewed for each individual client to determine whether the (a)  identity document is still current; or (b) if the identity document is not current, whether the date of the reporting entity’s agreement with the agent predates the expiry date of the identity document; if it does not, the individual will need to be re-identified.

Acceptable Documents

The Guideline includes a long list of acceptable Canadian federal, provincial and territorial government-issued photo identification documents. Although the list is stated not to be exhaustive, reporting entities may wish to use the list in the Guideline to help them document which Canadian identity documents they will generally accept.

The Guideline provides that reporting entities are not permitted to accept a copy or a digitally scanned image of photo identification. Further, if a reporting entity is referring to a document in a dual process method, the original document is the one the client received from the issuer. If any information has been redacted, the document is not acceptable.

Application of Guideline

The Guideline applies to all entities that are subject to the PCMLTFA, to the extent that the entity is required to verify identity of individuals.  Although the Guideline uses the terminology “individual clients” and “client identity”, based on the Draft Regulations and the current regulations under the PCMLTFA, the methods for identifying an individual client and an individual who is an authorized signer or other representative of a corporate client are the same. The Guideline is therefore relevant to reporting entities that only provide services to corporate clients in addition to those that provide services to individuals.

Next Steps

The Guideline provides for a one-year transition period from June 17, 2016 until June 17, 2017 during which the current methods for verification of the identity of individuals (those included in the regulations before amendment and described in FinTRAC Guideline 6) can also be used in addition to the new methods.

We expect that reporting entities will wait until the amended regulations have been published before they begin using the updated methods for identity verification. We will continue to track developments and will post a further update following publication of the final amendments to the regulations.