November 7th, 2011

Consultation Paper on Proposed Amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations on Ascertaining Identity

Consultations Responses: Please note that the Department of Finance publishes consultation responses in PDF format and language of submission only.

 

Note: A consultation is not a poll. Please do not send multiple or duplicate submissions.

Consultations Document:

How to Comment:

The Government looks forward to receiving the comments of interested parties on these proposals. Comments regarding any element of this paper are invited and can be emailed to fcs-scf@fin.gc.ca.

Also, written comments can be forwarded to:

Leah Anderson
Director, Financial Sector Division
Department of Finance
140 O’Connor Street
Ottawa, Ontario, K1A 0G5

Written comments should be forwarded by December 16, 2011

To add to the transparency of the consultation process, the Department of Finance will post submissions on its website, with the consent of the submitting party.  We ask that, in providing your submission, you clearly state:

The Department of Finance will not post submissions that do not clearly provide consent to do so.  If you consent to the posting of your submission on the Department of Finance website, please ensure to provide the submission electronically in PDF format or in plain text.

Once received by the Department of Finance, all submissions are subject to the Access to Information Act (ATIA) and may be disclosed in accordance with its provisions.


Proposed Amendments to the Proceeds of Crime 
(Money Laundering) and Terrorist Financing Regulations
on Ascertaining Identity

Introduction

The Government of Canada (‘the Government’) is proposing changes to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) in order to strengthen Canada’s Anti-Money Laundering and Anti-Terrorist Financing (AML/ATF) Regime and to improve Canada’s compliance with the Financial Action Task Force’s (FATF) 40+9 Recommendations on Money Laundering and Terrorist Financing.

Domestic Considerations

The strength of an AML/ATF regime hinges in large part on the ability of financial institutions and intermediaries to know their clients, to understand their activities, and to identify potentially suspicious transactions that may be related to money laundering or terrorist financing.  Collectively, this is known as customer due diligence, or ‘CDD measures’. Deficiencies have been identified in Canada’s AML/ATF regime relating to its CDD obligations, which could weaken the ability of Canadian reporting entities to detect and deter transactions related to money laundering and terrorist financing.  This could harm not only the reporting entities themselves, but the stability of Canada’s financial system as a whole.

The Government is proposing regulatory amendments to address those deficiencies. The changes proposed would allow reporting entities to better identify customers and understand their business, which will consequently enable them to identify transactions and activities that are at greater risk for money laundering or terrorist financing.  These changes are intended to strengthen the ability of reporting entities to identify funds related to money laundering or terrorist financing, and stop them from entering into Canada’s financial system and the broader international financial system. 

The proposed amendments are also expected to enhance the ability of reporting entities to take a risk-based approach to customers, products and activities and to comply with their obligations under the PCMLTFR, by introducing the concept of a ‘business relationship’.  This is expected to permit a more balanced approach to compliance, as it will assist reporting entities to better implement a risk-based approach, and give them greater scope and flexibility when complying with certain obligations under the PCMLTFR.

International Considerations

The FATF is the international AML/ATF standard setting body and monitors the implementation of the standards.   The FATF’s 40 Recommendations on Money Laundering and 9 Special Recommendations on Terrorist Financing are international AML/ATF standards that member countries, including Canada, have agreed to implement.  The FATF identifies six of its 40 + 9 Recommendations as core Recommendations, with which member countries are to be largely or fully compliant.  Failure to be largely or fully compliant with core Recommendations over time could mean that a member country is subject to disciplinary action by the FATF and its individual member states.

Recommendation 5 is a core Recommendation.  It states that member countries should implement measures to ensure that financial institutions are adequately able to identify their customers when establishing business relations or carrying out occasional transactions.  These measures include:

  1. Identifying the customer using reliable, verifiable documentation;
  2. Identifying and taking reasonable measures to verify the identity of a beneficial owner;
  3. Obtaining information on the purpose and intended nature of a business relationship; and
  4. Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including, where necessary, the source of funds.

The FATF reported on its Mutual Evaluation of Canada’s AML/ATF regime in February, 2008.  As a result of that evaluation, Canada received a rating of Non-Compliant (NC) in respect of Recommendation 5.  A rating of NC means that “there are major shortcomings, with a large majority of the essential criteria not being met”.   While regulatory provisions that subsequently came into force address some of the shortcomings identified in the 2008 Mutual Evaluation Report for Canada, they are not deemed sufficient by the FATF to meet Recommendation 5 at a Largely Compliant (LC) or Compliant (C) level.

The full text of Recommendation 5 is attached as Annex A, and the relevant portions of the FATF Methodology for Assessing Compliance with the 40 Recommendations and 9 Special Recommendations is attached as Annex B.

Non-compliance could have negative implications for Canada’s financial sector, particularly in countries, such as EU members, where reliance may be placed on the FATF’s evaluations to determine risk. If financial dealings with Canadian institutions are deemed to carry a higher risk for money laundering or terrorist financing purposes, the activities of Canadian financial institutions overseas, as well as Canadian financial dealings with other countries could be affected.

Rationale for Proposed Changes

The Government of Canada is proposing a number of regulatory changes to the PCMLTFR.  The purpose of these changes is:

  1. To strengthen Canada’s AML/ATF regime by improving the capacity of reporting entities to know their customers and by increasing their ability to identify transactions potentially related to money laundering or terrorist financing;
  2. To assist reporting entities to comply with their obligations under Canada’s AML/ATF regime, by allowing them to take a more risk-based approach to examining activities, transactions and customer relationships that are subject to the Act;
  3. To safeguard the international reputation of Canada’s financial system and institutions, and promote their continued integrity and strength.
  4. To improve Canada’s compliance with FATF Recommendation 5, and thereby strengthen Canada’s contribution to global AML/ATF efforts that help to prevent abuses of the financial system;  and
  5. To ensure that Canada will not be subject to disciplinary action by the FATF as the result of non-compliance with Recommendation 5.

How to Comment:

The Government looks forward to receiving the comments of interested parties on these proposals. Comments regarding any element of this paper are invited and can be emailed to fcs-scf@fin.gc.ca.

Also, written comments can be forwarded to:

Leah Anderson
Director, Financial Sector Division
Department of Finance
140 O’Connor Street
Ottawa, Ontario, K1A 0G5

Written comments should be forwarded by December 16, 2011

To add to the transparency of the consultation process, the Department of Finance will post submissions on its website, with the consent of the submitting party.  We ask that, in providing your submission, you clearly state:

The Department of Finance will not post submissions that do not clearly provide consent to do so.  If you consent to the posting of your submission on the Department of Finance website, please ensure to provide the submission electronically in PDF format or in plain text.

Once received by the Department of Finance, all submissions are subject to the Access to Information Act (ATIA) and may be disclosed in accordance with its provisions.

Chapter 1:  Introduction of ‘business relationships’

Proposal 1.1:  Introduction of ‘business relationships’

Persons and entities subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) (also known as ‘reporting entities’) are currently subject to various AML/ATF obligations when opening an account or when conducting various prescribed financial transactions above a designated threshold.  These obligations include ascertaining customer identity in respect of designated account openings and financial transactions, keeping prescribed records and reporting designated financial transactions to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canada’s financial intelligence unit.  Reporting entities are also required to assess the risk of their customers, products and activities, and to conduct enhanced CDD measures in respect of identified high risk customers or activities.

FATF Recommendation 5, which states that reporting entities should be required to adequately identify their customers, provides that CDD measures must be performed in respect of business relationships and occasional transactions. 

FATF Methodology: Recommendation 5[1]

5.2 Financial institutions should be required to undertake customer due diligence (CDD) measures when:

a) establishing business relations;

b) carrying out occasional transactions above the applicable designated threshold (USD/€ 15,000).  This also includes situations where the transaction is carried out in a single operation or in several operations that appear to be linked;

c) carrying out occasional transactions that are wire transfers in the circumstances covered by the Intepretative Note to SR VII;

d) there is a suspicion of money laundering or terrorist financing, regardless of any exemptions or thresholds that are referred to elsewhere under the FATF Recommendations; or

e) the financial institution has doubts about the veracity or adequacy of previously obtained customer identification data.

5.6 Financial institutions should be required to obtain information on the purpose and intended nature of the business relationship.

5.7 Financial institutions should be required to conduct ongoing due diligence on the business relationship.

5.8 Financial institutions should be required to perform enhanced due diligence for higher risk categories of customer, business relationship or transaction.

The PCMLTFR currently do not extend AML/ATF obligations to business relationships. Rather, the PCMLTFA applies only to account openings and occasional financial transactions.  This is further limited by the fact that certain reporting sectors do not offer accounts to clients; the PCMLTFR obligations apply only to designated financial transactions conducted by such reporting entities.  To address this deficiency, the Government of Canada proposes to amend the PCMLTFR to extend the application of certain AML/ATF obligations to business relationships, in addition to account openings and prescribed financial transactions. 

The obligations that would be extended to include business relationships include:

  1. Ongoing monitoring of business relationships;
  2. Application of enhanced customer due diligence measures in respect of high risk business relationships; and
  3. Keeping a record of the purpose and intended nature of a business relationship.

See Proposals 3.2, 3.3, 3.4 and 3.5 for further details.

The introduction of ‘business relationships’ to the PCMLTFR is designed to assist reporting entities in their implementation of a risk-based approach to compliance.  The proposed amendments will allow reporting entities to consider the entirety of their relationships with customers when assessing the risk level of a customer, product or activity, and will assist in creating more holistic risk assessments. 

The PCMLTFR provides that when reporting entities conduct designated account openings and financial transactions, they are required to ascertain the identity of the person opening the account or conducting the transaction, keep prescribed records, and report suspicious and certain prescribed financial transactions.  We do not propose to alter these existing provisions.  However, we propose that, when a reporting entity conducts an account opening or financial transaction in respect of which a record is required to be kept under the PCMLTFR, it will be deemed that that reporting entity has entered into a business relationship with the customer in question.  From that point forward, wherever an obligation under the PCMLTFA or PCMLTFR applies to ‘business relationships’, that reporting entity will be required to apply that obligation to the entirety of its relevant financial activities with the customer, and not just to those designated financial activities and transactions that are explicitly covered by the PCMLTFR.

Proposal 1.1

Define business relationships for the purposes of the PCMLTFR to mean any financial relationship established to provide financial activities or transactions. Deem that a business relationship between a reporting entity and a client arises when a reporting entity conducts any financial activity or transaction in respect of which it is required to keep a record under the PCMLTFR.  Clarify that the obligation to apply designated measures to business relationships does not arise until after such time as a person or entity subject to the PCMLTFA conducts a financial activity or transaction in respect of which a record is required to be kept under the PCMLTFR.

Chapter 2:  Expanding the range of activities in respect of which CDD measures are required

Overview of Proposals

The following proposals are designed to strengthen the CDD provisions of the PCMLTFR by eliminating any remaining weaknesses through which funds related to money laundering or terrorist financing could enter the financial system without being subject to any or sufficient scrutiny.  The proposed amendments would increase the range of activities in respect of which customer identification is required, thereby helping to bolster reporting entities’ knowledge of their clients and strengthen Canada’s AML/ATF regime as a whole.

Proposal 2.1:  CDD in respect of Suspicious Transactions that are Otherwise Exempted from CDD Obligations

Generally speaking, the PCMLTFR requires reporting entities to ascertain customer identity when opening prescribed accounts and conducting financial transactions above a designated threshold.  Notwithstanding this general principle, section 62 of the PCMLTFR also provides exceptions for a number of prescribed financial transactions and activities from such obligations, on the grounds that those transactions and activities have been determined to be at low risk for money laundering or terrorist financing.

Section 53.1 of the PCMLTFR also provides that reporting entities must take reasonable measures to ascertain the identity of customers when they conduct any financial transaction in respect of which there are reasonable grounds to suspect money laundering or terrorist financing.  This provision does not explicitly specify whether the obligation to take reasonable measures to conduct CDD measures in respect of suspicious transactions overrides the exemption on CDD in respect of designated low risk financial transactions.

FATF Recommendation 5 provides that financial institutions should be required to undertake CDD measures when there is a suspicion of money laundering and terrorist  financing, regardless of whether other exceptions apply.

FATF Methodology:  Recommendation 5.2

5.2 Financial institutions should be required to undertake customer due diligence (CDD) measures when:

a) establishing business relations;

b) carrying out occasional transactions above the applicable designated threshold (USD/€ 15,000).  This also includes situations where the transaction is carried out in a single operation or in several operations that appear to be linked;

c)  carrying out occasional transactions that are wire transfers in the circumstances covered by the Intepretative Note to SR VII;

d)  there is a suspicion of money laundering or terrorist financing, regardless of any exemptions or thresholds that are referred to elsewhere under the FATF Recommendations; or

e)  the financial institution has doubts about the veracity or adequacy of previously obtained customer identification data.

The Government proposes to amend the PCMLTFR to clarify that reporting entities are required to take reasonable measures to ascertain the identity of customers who conduct any financial transaction that gives rise to a suspicion of ML or TF, regardless of whether such a transaction is subject to a prescribed exception under the Regulations

This proposed amendment would strengthen Canada’s AML/ATF regime by explicitly providing that all suspicious transactions would be subject to some AML/ATF obligations and would eliminate the possibility of any blanket CDD exceptions in the Canadian AML/ATF regime. By requiring CDD measures to be taken in respect of all suspicious transactions, even those which are subject to the ordinary exceptions to record keeping and ascertaining identity under section 62 of the PCMLTFR, this proposal would ensure that all financial transactions are subject to a base level of scrutiny, commensurate with the level of risk identified.

Further, reporting entities would be given another tool to expand their knowledge of their clients’ activities, which would assist them to more accurately assess that client’s risk level and take the resulting necessary steps.

Proposal 2.1

Amend the PCMLTFR to clarify that reporting entities are required to take reasonable measures to ascertain the identity of customers who conduct transactions that give rise to a suspicion of money laundering or terrorist financing, regardless of whether such transactions are covered by the exceptions to general customer identification, record-keeping and reporting requirements in under section 62 of the PCMLTFR.

Proposal 2.2:  CDD in respect of Suspicious Attempted Transactions

As previously discussed, section 53.1 of the PCMLTFR provides that reporting entities must take reasonable measures to ascertain the identity of customers when they conduct any transaction in respect of which there are reasonable grounds to suspect money laundering or terrorist financing.  The PCMLTFA defines suspicious transactions as any financial transaction that occurs or is attempted in the course of a reporting entity’s activities that gives rise to a suspicion of money laundering or terrorist financing.  However, the relevant provisions of the PCMLTFR do not expressly extend the obligation to ascertain customer identity to attempted suspicious transactions.  This has led to an ambiguity in the interpretation of this section.

FATF Recommendation 5 provides that financial institutions should be required to conduct CDD measures whenever there is a suspicion of money laundering or terrorist financing.  This requirement extends to both attempted and completed transactions.

FATF Methodology:  Recommendation 5.2

5.2 Financial institutions should be required to undertake customer due diligence (CDD) measures when:

a) establishing business relations;

b) carrying out occasional transactions above the applicable designated threshold (USD/€ 15,000).  This also includes situations where the transaction is carried out in a single operation or in several operations that appear to be linked;

c) carrying out occasional transactions that are wire transfers in the circumstances covered by the Intepretative Note to SR VII;

d) there is a suspicion of money laundering or terrorist financing, regardless of any exemptions or thresholds that are referred to elsewhere under the FATF Recommendations; or

e) the financial institution has doubts about the veracity or adequacy of previously obtained customer identification data.

The Government proposes to amend the PCMLTFR to clarify that reporting entities must take reasonable measures to ascertain the identity of individuals who attempt to conduct a suspicious transaction.  The extension of this obligation to include attempted transactions, which give rise to a suspicion of money laundering or terrorist financing, would assist reporting entities to better know their clients. Reporting entities would be required to take measures to ascertain client identity in respect of a broader range of transactions, thereby giving them a fuller picture of the scope of a client’s activities.  This would strengthen Canada’s AML/ATF regime, as the more knowledge reporting entities have of their clients, the better able they are to accurately assess the risk level of those clients, and to identify transactions that may be at a higher risk of money laundering or terrorist financing.

Proposal 2.2

Amend the PCMLTFR to clarify that reporting entities are required to take reasonable measures to ascertain the identity of individuals who conduct or who attempt to conduct a transaction that gives rise to a suspicion of money laundering or terrorist financing.

Chapter 3:  Expanding the Scope of Certain CDD Obligations

Overview of Proposals

The Government proposes to expand the scope of certain CDD obligations to cover a wider range of activities and relationships.  The proposed amendments are intended to assist reporting entities to better know their clients by increasing the range of circumstances in which CDD measures are required. 

The proposed changes would also allow reporting entities, when implementing certain obligations under the PCMLTFR, to examine the entire relationship with a client, rather than limiting scrutiny to designated financial transactions or activities.  It is anticipated that this will assist reporting entities in implementing a risk-based approach for identifying, assessing and mitigating customer risk levels.  Reporting entities will be able to assess the entirety of a relationship when determining the risk level to which a particular client or activity should be assigned.  This will also provide for more accurate risk categorization and allow reporting entities to better know their clients.

Proposal 3.1:  Expand CDD Measures for Beneficial Ownership Information

Section 11.1 of the PCMLTFR provides that, when confirming the existence of a client that is a corporation or an entity, reporting entities are required to take reasonable measures to obtain the name and occupation of all directors of the corporation and the name, address and occupation of all persons who own or control, directly or indirectly, 25% or more of the corporation or entity.  This information is otherwise known as ‘beneficial ownership information’.  This provision is designed to require reporting entities to understand the beneficial ownership structure (where applicable) of the party conducting a financial transaction, in order to better understand the client and the transaction itself.

FATF Recommendation 5 sets out a broad obligation for financial institutions to identify and take reasonable measures to verify the identity of the beneficial owner of funds.   This requirement includes an obligation to understand the ownership and control structure of a client that is a corporation or an entity, and to determine the natural persons that ultimately own or control that client.

FATF Methodology:  Recommendation 5.5

5.5 Financial institutions should be required to identify the beneficial owner, and take reasonable measures to verify the identity of the beneficial owner using relevant information or data obtained from a reliable source such that the financial institution is satisfied that it knows who the beneficial owner is.

5.5.1 For all customers, the financial institution should determine whether the customer is acting on behalf of another person, and should then take reasonable steps to obtain sufficient identification data to verify the identity of that other person.

5.5.2 For customers that are legal persons or legal arrangements, the financial institution should be required to take reasonable measures to:

(a) understand the ownership and control structure of the customer;

(b) determine who are the natural persons that ultimately own or control the customer.

This includes those persons who exercise ultimate effective control over a legal person or arrangement.

The Government proposes to extend the beneficial ownership provisions of the PCMLTFR to require reporting entities to obtain information as to the beneficial ownership of customers that are corporations, entities, or trusts and to take reasonable measures to ascertain such information.  The following changes are proposed: 

  1. the obligation to obtain beneficial ownership information would become a mandatory one (currently, reporting entities are only required to take reasonable measures to obtain such information); 
  2. reporting entities would be further required to take reasonable measures to ascertain the beneficial ownership information obtained; and
  3. the PCMLTFR would clarify that reporting entities would be required to obtain and take reasonable measures to ascertain beneficial ownership of trusts (including names of identifiable beneficiaries, settlors and trustees) with whom they conduct designated financial transactions.

These more rigorous measures to ascertain client identity would strengthen Canada’s AML/ATF regime, eliminate weaknesses in the regime that could permit certain financial transactions to take place without being subject to CDD measures, and assist reporting entities to understand their customers and identify transactions that are at a higher risk for money laundering or terrorist financing.  This would thereby increase the protection of the financial system. 

Note that reporting entities would take ‘reasonable measures’ to ascertain customer identification information.  This will provide some flexibility for reporting entities in case of situations where it is not possible or feasible to ascertain the necessary information with certainty.  Reporting entities would be required to keep a record of whether or not they were able to ascertain the information, and the specific measures they undertook to do so.  This would assist reporting entities in demonstrating their compliance with this regulatory obligation.

Proposal 3.1

Amend the PCMLTFR to require reporting entities to obtain information as to the beneficial ownership of customers that are corporations, entities or trusts and to take reasonable measures to ascertain such information.

Amend the PCMLTFR to require reporting entities to keep a record of the reasonable steps taken to ascertain the beneficial ownership information.

Proposal 3.2:  Extend Ongoing Monitoring Obligations to all Risk Levels of Customers and Activities to which the PCMLTFA Applies

and

Proposal 3.3:  Conduct Ongoing Monitoring in respect of Business Relationships

Currently, the PCMLTFR requires reporting entities to conduct ongoing monitoring of customers’ activities and financial transactions only in situations that have been identified as high risk for money laundering or terrorist financing.  These are:  correspondent banking relationships (sections 15.1 and 55.1 PCMLTFR), politically exposed persons (section 67.1 PCMLTFR), and conducting prescribed special measures for high risk customers and activities (section 71.1 PCMLTFR).  These obligations do not apply equally to all reporting sectors.  Specifically, the obligation to conduct ongoing monitoring under section 71.1 applies to all reporting entities when they have identified high risk situations.  Only financial institutions are required to conduct ongoing monitoring in respect of correspondent banking relationships, while the obligation to monitor politically exposed persons extends to both financial institutions and securities dealers.

FATF Recommendation 5 states that financial institutions should be required to conduct ongoing due diligence on business relationships with their customers.  This is a two pronged obligation, which provides that financial institutions must both scrutinize transactions throughout the course of a business relationship in order to determine whether they align with the institution’s knowledge of the customer, business and risk profile, and must review and keep customer identification records up to date.

FATF Methodology:  Recommendation 5.7

5.7 Financial institutions should be required to conduct ongoing due diligence on the business relationship.

5.7.1 Ongoing due diligence should include scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution‘s knowledge of the customer, their business and risk profile, and where necessary, the source of funds.

5.7.2 Financial institutions should be required to ensure that documents, data or information collected under the CDD process is kept up-to-date and relevant by undertaking reviews of existing records, particularly for higher risk categories of customers or business relationships.

The Government proposes two changes to the ongoing monitoring provisions of the PCMLTFR to:

  1. Extend reporting entities’ obligations to conduct ongoing monitoring of clients to all clients and activities to which the PCMLTFA applies, not just those which have been assessed as high risk; and
  2. Specify that reporting entities should conduct ongoing monitoring activities in respect of the business relationship with a client.

These changes would broaden the scope of client activities that reporting entities could have reference to when monitoring and assessing client risk.  It is anticipated that by monitoring all customers and financial activities to which the PCMLTFA applies, and not just those that the reporting entity has identified as high risk, reporting entities would be able to better understand their clients’ activities and would be more able to accurately categorize the risk level which those clients pose.  Increased scrutiny would help strengthen Canada’s AML/ATF regime by reducing the amount of transactions related to money laundering or terrorist financing that are permitted to enter the financial system.

It is further anticipated that the proposed changes would increase reporting entities’ ability to comply with their obligations under the PCMLTFA and PCMLTFR; in particular, it would assist reporting entities to conduct risk-based assessments of their clients, products and activities. By permitting reporting entities to look at the overall business relationship with a client, entities would be able to assess risk based on the entirety of a client’s actions.  This would improve the quality of the resulting risk assessments, as well as improve reporting entities’ ability to comply with the resulting obligations under the PCMLTFR

Proposal 3.2

Amend the PCMLTFR to extend ongoing monitoring to all clients and activities to which the PCMLTFA applies, not just those that a reporting entity has assessed as being high risk.

Proposal 3.3

Amend the PCMLTFR to provide that ongoing monitoring should be conducted in respect of a business relationship as a whole.

Proposal 3.4:  Purpose and Nature of a Business Relationship

Currently, the PCMLTFR provides that when conducting CDD in respect of an account opening or a prescribed financial transaction above a designated threshold, reporting entities are also required to keep a record of the intended use of the account or the purpose of the transaction, as the case may be.

FATF Recommendation 5.6 states that financial institutions should be required to obtain information on the purpose and intended nature of the business relationship with their customer. 

FATF Methodology:  Recommendation 5.6

5.6 Financial institutions should be required to obtain information on the purpose and intended nature of the business relationship.

In order to improve the capacity of reporting entities to know and understand their clients’ activities, the Government is proposing to amend the PCMLTFR to require reporting entities to keep a record of the purpose and intended nature of a business relationship with a client.

Proposal 3.4

Add a provision in the PCMLTFR to require reporting entities to keep a record that sets out the purpose and intended nature of a business relationship between a reporting entity and its customer.

Proposal 3.5:  Clarify and Expand the Application of Enhanced CDD Measures

The PCMLTFR requires that where, as the result of a risk assessment, a reporting entity determines that a client, transaction or activity is of high risk for money laundering or terrorist financing, it must take reasonable measures to keep client identification information up to date, conduct ongoing monitoring of financial transactions, and take any other measures to mitigate the risks identified.  These requirements are collectively known as ‘enhanced CDD measures’.  Enhanced CDD measures are intended to reflect the higher risk for money laundering or terrorist financing of certain clients, activities and transactions, and implement more rigorous CDD provisions in order to better counteract that assessed risk.

FATF Recommendation 5 stipulates that where a customer, business relationship or transaction is at higher risk of money laundering or terrorist financing, financial institutions should be required to perform enhanced due diligence.  Recommendation 5 does not specify what particular form that enhanced due diligence must take.

FATF Methodology:  Recommendation 5.8

5.8  Financial institutions should be required to perform enhanced due diligence for higher risk categories of customer, business relationship or transaction.

The Government is proposing the following amendments to the enhanced CDD provisions of the PCMLTFR

  1. Extend the obligation to implement enhanced CDD to include circumstances in which a client, activity or business relationship has been deemed to be at high risk of money laundering or terrorist financing as the result of ongoing monitoring. 
  2. Make the obligation to conduct enhanced CDD measures mandatory, rather than the current requirement that reporting entities take reasonable measures to implement such measures. 
  3. Amend the enhanced CDD provisions to clarify that the measures to be taken:
    • Must be enhanced and go beyond the scope of measures taken in respect of low or medium risk clients, activities or business relationships; and
    • Must be commensurate with the risk identified and with the activities and business practices of the reporting sector in question.

The proposed enhanced measures to be taken would include taking:

  1. Enhanced measures to ascertain the identity of any person or confirm the existence of any corporation or entity;
  2. Enhanced measures to keep client identification information up to date; and
  3. Measures to conduct enhanced ongoing monitoring of business relationships for the purpose of detecting suspicious transactions.

Enhanced CDD measures would be specifically extended to apply to business relationships (currently, enhanced CDD measures are only required for financial transactions that are expressly subject to obligations under the PCMLTFA or PCMLTFR).  This is designed to ensure that customers that have been identified as high risk for money laundering or terrorist financing would be subject to enhanced CDD in respect of the totality of their relationship with the reporting entity.  This would help to avoid a situation in which certain activities of a high risk client are not subject to enhanced CDD measures and therefore not subject to AML/ATF scrutiny.

The proposed amendments are designed to ensure that the enhanced CDD provisions result in reporting entities taking enhanced and more rigorous CDD measures where high risk clients, activities and relationships are identified.  In doing so, this would also assist reporting entities to better know and understand their clients’ activities, and better allow them to identify transactions potentially related to money laundering or terrorist financing.  Overall, this proposal would help to strengthen Canada’s AML/ATF regime. 

Proposal 3.5

Amend the PCMLTFR to provide that the obligation to implement enhanced CDD measures also arises in circumstances in which a client, activity or business relationship has been determined to be high risk as the result of ongoing monitoring.

Amend the PCMLTFR to require reporting entities to implement mandatory enhanced CDD measures when a client, activity or business relationship has been determined to be high risk.  The enhanced CDD measures would include taking:

  1. Enhanced measures to ascertain the identity of any person or confirm the existence of any corporation or entity;
  2. Enhanced measures to keep client identification information up to date; and
  3. Measures to conduct enhanced ongoing monitoring of business relationships for the purpose of detecting suspicious transactions.

Conclusion

The Government of Canada is committed to ensuring a strong and comprehensive AML/ATF regime.  Given the changing and evolving nature of money laundering and terrorist financing, Canada’s legislative framework must also evolve to keep pace. From time to time, it is therefore necessary to take steps to strengthen the regime to ensure that the integrity of the financial system is maintained and that the regime is well positioned to further its mandate of deterring and detecting money laundering and terrorist financing.

To that end, the Government of Canada is proposing regulatory amendments which will expand the application of certain obligations to include business relationships, expand the range of activities in respect of which CDD measures are required, and extend the scope of certain CDD obligations.

The regulatory amendments proposed in this paper would help to make Canada’s AML/ATF regime stronger by providing reporting entities with additional tools and opportunities to know their customers and to identify transactions and activities related to money laundering and terrorist financing.  Furthermore, the proposed changes would help to protect Canada’s financial system from transactions related to money laundering and terrorist financing, and will ensure that Canada remains a strong player in the global fight against money laundering and terrorist financing. 

We look forward to receiving your comments in respect of these proposals.

Annex A – FATF Recommendation 5

Customer due diligence and record-keeping

5.* Financial institutions should not keep anonymous accounts or accounts in obviously fictitious names.

Financial institutions should undertake customer due diligence measures, including identifying and verifying the identity of their customers, when:

The customer due diligence (CDD) measures to be taken are as follows:

a) Identifying the customer and verifying that customer’s identity using reliable, independent source documents, data or information4.

b) Identifying the beneficial owner, and taking reasonable measures to verify the identity of the beneficial owner such that the financial institution is satisfied that it knows who the beneficial owner is. For legal persons and arrangements this should include financial institutions taking reasonable measures to understand the ownership and control structure of the customer.

c) Obtaining information on the purpose and intended nature of the business relationship.

d) Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including, where necessary, the source of funds.

Financial institutions should apply each of the CDD measures under (a) to (d) above, but may determine the extent of such measures on a risk sensitive basis depending on the type of customer, business relationship or transaction. The measures that are taken should be consistent with any guidelines issued by competent authorities. For higher risk categories, financial institutions should perform enhanced due diligence. In certain circumstances, where there are low risks, countries may decide that financial institutions can apply reduced or simplified measures.

Financial institutions should verify the identity of the customer and beneficial owner before or during the course of establishing a business relationship or conducting transactions for occasional customers. Countries may permit financial institutions to complete the verification as soon as reasonably practicable following the establishment of the relationship, where the money laundering risks are effectively managed and where this is essential not to interrupt the normal conduct of business.

Where the financial institution is unable to comply with paragraphs (a) to (c) above, it should not open the account, commence business relations or perform the transaction; or should terminate the business relationship; and should consider making a suspicious transactions report in relation to the customer.

These requirements should apply to all new customers, though financial institutions should also apply this Recommendation to existing customers on the basis of materiality and risk, and should conduct due diligence on such existing relationships at appropriate times.

Annex B – FATF Methodology for Assessing Compliance with the FATF 40 Recommendations and 9 Special Recommendations:  Recommendation 5

Customer Due Diligence and Record-keeping

Recommendation 5

The essential criteria listed below should be read in conjunction with the text of Recommendations 5 and 8, Special Recommendation VII, the Interpretative Notes to Recommendation 5, 12 and 16, and to Recommendation 5.  (Note to assessors:  Ensure that the assessments of Criteria 5.2 – 5.3 and Criterion VII.1 (in SR VII) are consistent).

Essential criteria

5.1 Financial institutions should not be permitted to keep anonymous accounts or accounts in fictitious names.

Where numbered accounts exist, financial institutions should be required to maintain them in such a way that full compliance can be achieved with the FATF Recommendations. For example, the financial institution should properly identify the customer in accordance with these criteria, and the customer identification records should be available to the AML/CFT compliance officer, other appropriate staff and competent authorities.

When CDD is required[2]

5.2 Financial institutions should be required to undertake customer due diligence (CDD) measures when:

a) establishing business relations;

b) carrying out occasional transactions above the applicable designated threshold (USD/€ 15,000). This also includes situations where the transaction is carried out in a single operation or in several operations that appear to be linked;

c) carrying out occasional transactions that are wire transfers in the circumstances covered by the Interpretative Note to SR VII;

d) there is a suspicion of money laundering or terrorist financing, regardless of any exemptions or thresholds that are referred to elsewhere under the FATF Recommendations; or

e) the financial institution has doubts about the veracity or adequacy of previously obtained customer identification data.

Required CDD measures[3]

5.3 Financial institutions should be required to identify the customer (whether permanent or occasional, and whether natural or legal persons or legal arrangements) and verify that customer‘s identity using reliable, independent source documents, data or information (identification data).[4]

5.4 For customers that are legal persons or legal arrangements, the financial institution should be

required to:

(a) verify that any person purporting to act on behalf of the customer is so authorised, and identify and verify the identity of that person; and

(b) verify the legal status of the legal person or legal arrangement, e.g. by obtaining proof of incorporation or similar evidence of establishment or existence, and obtain information concerning the customer‘s name, the names of trustees (for trusts), legal form, address, directors (for legal persons), and provisions regulating the power to bind the legal person or arrangement.

5.5 Financial institutions should be required to identify the beneficial owner, and takereasonable measures to verify the identity of the beneficial owner[5] using relevant information ordata obtained from a reliable source such that the financial institution is satisfied that it knows who the beneficial owner is.

5.5.1 For all customers, the financial institution should determine whether the customer  is acting on behalf of another person, and should then take reasonable steps to obtain  sufficient identification data to verify the identity of that other person.

5.5.2 For customers that are legal persons or legal arrangements, the financial institution should be required to take reasonable measures to:

(a) understand the ownership and control structure of the customer;

(b) determine who are the natural persons that ultimately own or control the customer.

This includes those persons who exercise ultimate effective control over a legal person or arrangement.

Examples of the types of measures that would be normally needed to satisfactorily perform this function include:

  • For companies - identifying the natural persons with a controlling interest and the natural persons who comprise the mind and management of company.
  • For trusts - identifying the settlor, the trustee or person exercising effective control over the trust, and the beneficiaries.

Note to assessors: where the customer or the owner of the controlling interest is a public company that is subject to regulatory disclosure requirements i.e. a public company listed on a recognised stock exchange, it is not necessary to seek to identify and verify the identity of the shareholders of that public company.

5.6 Financial institutions should be required to obtain information on the purpose and intended nature of the business relationship.

5.7 Financial institutions should be required to conduct ongoing due diligence on the business relationship.

5.7.1 Ongoing due diligence should include scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution‘s knowledge of the customer, their business and risk profile, and where necessary, the source of funds.

5.7.2 Financial institutions should be required to ensure that documents, data or information collected under the CDD process is kept up-to-date and relevant by undertaking reviews of existing records, particularly for higher risk categories of customers or business relationships.

Risk

5.8 Financial institutions should be required to perform enhanced due diligence for higher risk categories of customer, business relationship or transaction.

Examples of higher risk categories (which are derived from the Basel CDD Paper) may include[6]

a) Non-resident customers,

b) Private banking,

c) Legal persons or arrangements such as trusts that are personal assets holding vehicles,

d) Companies that have nominee shareholders or shares in bearer form.

Types of enhanced due diligence measures may include those set out in Recommendation 6.

5.9 Where there are low risks, countries may decide that financial institutions can apply reduced or simplified measures. The general rule is that customers must be subject to the full range of CDD measures, including the requirement to identify the beneficial owner. Nevertheless there are circumstances where the risk of money laundering or terrorist financing is lower, where information on the identity of the customer and the beneficial owner of a customer is publicly available, or where adequate checks and controls exist elsewhere in national systems. In such circumstances it could be reasonable for a country to allow its financial institutions to apply simplified or reduced CDD measures when identifying and verifying the identity of the customer and the beneficial owner.

Examples of customers, transactions or products where the risk may be lower[7] could include:

a) Financial institutions – provided that they are subject to requirements to combat money laundering and terrorist financing consistent with the FATF Recommendations and are supervised for compliance with those requirements.

b) Public companies that are subject to regulatory disclosure requirements. This refers to companies that are listed on a stock exchange or similar situations.

c) Government administrations or enterprises.

d) Life insurance policies where the annual premium is no more than USD/€1000 or a single premium of no more than USD/€2500.

e) Insurance policies for pension schemes if there is no surrender clause and the policy cannot be used as collateral.

f) A pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages and the scheme rules do not permit the assignment of a member‘s interest under the scheme.

g) Beneficial owners of pooled accounts held by DNFBP provided that they are subject to requirements to combat money laundering and terrorist financing consistent with the FATF Recommendations and are subject to effective systems for monitoring and ensuring compliance with those requirements.

5.10 Where financial institutions are permitted to apply simplified or reduced CDD measures to customers resident in another country, this should be limited to countries that the original country is satisfied are in compliance with and have effectively implemented the FATF Recommendations.

5.11 Simplified CDD measures are not acceptable whenever there is suspicion of money laundering or terrorist financing or specific higher risk scenarios apply.

5.12 Where financial institutions are permitted to determine the extent of the CDD measures on a risk sensitive basis, this should be consistent with guidelines issued by the competent authorities.

Timing of verification

5.13 Financial institutions should be required to verify the identity of the customer and beneficial owner before or during the course of establishing a business relationship or conducting transactions for occasional customers.

5.14 Countries may permit financial institutions to complete the verification of the identity of the customer and beneficial owner following the establishment of the business relationship, provided that:

(a) This occurs as soon as reasonably practicable.

(b) This is essential not to interrupt the normal conduct of business.

(c) The money laundering risks are effectively managed.

Examples of situations where it may be essential not to interrupt the normal conduct of business are:

5.14.1 Where a customer is permitted to utilise the business relationship prior to verification, financial institutions should be required to adopt risk management procedures concerning the conditions under which this may occur. These procedures should include a set of measures such as a limitation of the number, types and/or amount of transactions that can be performed and the monitoring of large or complex transactions being carried out outside of expected norms for that type of relationship.

Failure to satisfactorily complete CDD

5.15 Where the financial institution is unable to comply with Criteria 5.3 to 5.6 above:

a) it should not be permitted to open the account, commence business relations or perform the transaction;

b) it should consider making a suspicious transaction report.

5.16 Where the financial institution has already commenced the business relationship e.g. when Criteria 5.2(e), 5.14 or 5.17 apply, and the financial institution is unable to comply with Criteria 5.3 to 5.5 above it should be required to terminate the business relationship and to consider making a suspicious transaction report.

Existing customers

5.17 Financial institutions should be required to apply CDD requirements to existing customers[8] on the basis of materiality and risk and to conduct due diligence on such existing relationships at

appropriate times.

For financial institutions engaged in banking business (and for other financial institutions where

relevant) - examples of when it may otherwise be an appropriate time to do so is when:

(a) a transaction of significance takes place,

(b) customer documentation standards change substantially,

(c) there is a material change in the way that the account is operated, (d) the institution becomes aware that it lacks sufficient information about an existing customer.

5.18 Financial institutions should be required to perform CDD measures on existing customers if they are customers to whom Criterion 5.1 applies.


 

[1] FATF Methodology for Assessing Compliance with the FATF 40 Recommendations and 9 Special Recommendations [955 KB],

To access a Portable Document Format (PDF) file you must have a PDF reader installed. If you do not already have such a reader, there are numerous PDF readers available for free download or for purchase on the Internet.

[2] Financial institutions do not have to repeatedly perform identification and verification every time that a customer performs a transaction,

[3] The general rule is that customers should be subject to the full range of CDD measures. However, there are circumstances in which it would be reasonable for a country to allow its financial institutions to apply the extent of the CDD measures on a risk sensitive basis.

[4] Examples of the types of customer information that could be obtained, and the identification data that could be used to verify that information is set out in the paper entitled General Guide to Account Opening and Customer Identification issued by the Basel Committee‘s Working Group on Cross Border Banking.

[5] For life and other investment linked insurance, the beneficiary under the policy must also be identified and verified. See criteria 5.14 concerning the timing of such measures.

[6] Other examples of higher risk are included in Recommendations 6 and 7.

[7] Assessors should determine in each case whether the risks are lower having regard to the type of customer, product or transaction, or the location of the customer.

[8] Existing customers as at the date that the national requirements are brought into force.