Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
First Data Loan Company's Submission in Response to Finance Canada's Enhancing Canada's Anti-Money Laundering and Anti-Terrorist Financing Regime consultation:
Box 25, Commerce Court West
199 Bay Street
Toronto, Ontario, Canada
July 11, 2005
Ms. L. Hemmings
Department of Finance
20th Floor, East Tower
140 O'Connor Street
Ottawa, Ontario K1A 0G5
Nicolas M.R. Burbidge, Esq.
Senior Director, Compliance Division
Office of the Superintendent of Financial Institutions
P.O. Box 39, 23rd Floor
121 King Street West
Toronto, ON M5H 3T9
Yvon Carriere, Esq.
24th Floor, 234 Laurier Avenue West
Ottawa, Ontario K1P 1H7
Ms. Dianne Lafleur
Director, Financial Services Division
Department of Finance
20th Floor, East Tower
140 O'Connor Street
Ottawa, Ontario K1A 0G5
Re: Federal Review of the AML Legislation - First Data Loan Company, Canada - Merchant Acquiring Services
We refer to the discussions which we have had with Lynn and Nick regarding First Data Loan Company, Canada (the "FDC Loan Company") and its affiliates with respect to the Canadian anti-money laundering ("AML") legislation.
Since the date of those discussions, the Federal Government has released its Consultation Paper entitled "Enhancing Canada's Anti-Money Laundering and Anti-Terrorist Regime".
Please accept this letter as a submission on behalf of the FDC Loan Company in response to the Consultation Paper.
The financial activity which we wish to discuss is the merchant acquiring business, generally, and the merchant acquiring business as carried on in Canada by the FDC Loan Company, specifically.
We understand from our discussions with you that Canada's AML rules are predicated on the risk associated with the particular activity. This principle is confirmed in the Consultation Paper, which recognizes that "certain types of financial products present limited risks of being used for criminal purposes".
We believe that, from an AML standpoint, the merchant acquiring business poses little risk; moreover, the merchant acquiring business carried on in Canada by the FDC Loan Company poses even less of a risk.
Furthermore, although the AML risks may be insignificant in connection with the merchant acquiring business, we believe that those risks are more adequately managed by the extensive fraud and other operational controls which the FDC Loan Company has in place in connection with the merchant acquiring business.
Many Canadian merchants, including start-up businesses and businesses with small amounts of capital, have been able to obtain merchant acquiring services from the FDC Loan Company. Often, the merchant agreements are entered into in a remote environment rather than in a face-to-face setting. If AML procedures requiring "face-to-face" identification were to be imposed on the merchant acquiring business carried on by the FDC Loan Company, many small Canadian merchants would bear the brunt of these requirements, with the result that there would be fewer merchants able to obtain merchant acquiring services.
In connection with the merchant acquiring business carried on by the FDC Loan Company, the settlement funds of the merchant are "locked in" and the FDC Loan Company does only one thing with those settlement funds, and that is to transfer them to the account of the merchant with a Canadian financial institution. Since the Canadian financial institution will have undertaken its own thorough AML procedures before accepting the merchant as a customer, the merchant will already have passed the AML test and there is no value, from an AML standpoint, in having the FDC Loan Company subject the merchant to similar AML procedures.
The Consultation Paper recognizes that face-to-face confirmation is not always possible and, when it is not possible, that customer identification measures should be adopted so that non-face-to-face transactions "can be conducted with the same confidence and surety as when a customer is physically present". Specifically, the Consultation Paper recommends that procedures be put in place which "would ensure that customer identification (in connection with non-face-to-face transactions) be as reliable as in face-to-face situations.
In the circumstances, therefore, we submit that the AML objectives would be thoroughly satisfied in connection with the merchant acquiring business carried on by the FDC Loan Company if the policies were revised so that the cheque clearing exemption currently in the legislation were expanded to provide that the customer identification requirement could be met by having funds of the merchant wired to, and accepted by, a Canadian financial institution at the time that settlement funds were first forwarded to the merchant following the signing of the merchant acquiring agreement.
We will now elaborate on the reasoning behind this submission.
1.ï¿½ The FDC Loan Company is an affiliate of First Data Merchant Services Corporation ("FDMS"). FDMS is a subsidiary of First Data Corporation ("FDC"), and is the world's leading provider of merchant processing services with over 19.8 billion transactions processed in 2004. As a leader in electronic commerce and payment services, FDC serves approximately 4.1 million merchant locations, 1,400 card issuers and millions of consumers.
2.ï¿½ FDMS provides merchant processing services to acquiring banks, and also participates in various joint venture acquiring alliances with financial institutions. The FDC Loan Company receives merchant processing services from FDMS. FDMS also processes payments for approximately 130,000 Internet merchants. Processing services include:
- Card transaction authorization and capture;
- Merchant Settlement;
- Chargeback handling;
- Reconciliation and reporting;
- Preparation of merchant statements; and
- Loyalty programs.
3.ï¿½ Although the Canadian banks have carried on a merchant acquiring business in connection with their credit card business for many years, the nature of the business was not well understood in Canada until entities such as FDC began carrying on business in Canada. The fact that FDC established the FDC Loan Company, whose primary business is merchant acquiring, gave Canadian regulators, such as OSFI and CDIC, an opportunity to better understand the nature of this business. The FDC Loan Company has been in a constant dialogue with OSFI regarding the merchant acquiring business. In this regard, I am enclosing a copy of a presentation which FDC prepared for OSFI on Aprilï¿½21, 2005. Commencing at page 4, the presentation gives an excellent explanation of the merchant acquiring business and the role which the FDC Loan Company plays in that business.
4.ï¿½ You will note from the presentation that the essence of the merchant acquiring business is the facilitation of the ability of credit and debit cardholders to make purchases at a merchant location using their cards and to subsequently settle these transactions with the issuers of the cards and to then fund the merchant.
5.ï¿½ For the purposes of our discussions regarding the merchant acquiring business and the AML issues that relate to that business, let me set out two examples which focus on the role which an acquiring entity, such as the FDC Loan Company, plays in connection with a credit card or a debit card transaction:
- Assume that the consumer (the "Consumer") purchases goods for $100 from a merchant (the "Merchant") and pays the purchase price with his MasterCard which the Consumer received from his bank (the "Issuing Bank").
- In order to convert the $100 MasterCard transaction record into cash, the Merchant has entered into an agreement with the FDC Loan Company pursuant to which the FDC Loan Company agrees, in effect, to collect the $100 owing to the Merchant in connection with the transaction. (The FDC Loan Company and the Issuing Bank receive some fees in connection with the transaction for their services, but I do not believe the fees are relevant to our discussion and I will not mention them again.)
- The FDC Loan Company is also a member of MasterCard and when the FDC Loan Company receives the transaction record from or through the Merchant, the FDC Loan Company in effect contacts the MasterCard Association and notifies it that the Consumer has purchased goods in the amount of $100 from the Merchant using his MasterCard.
- The MasterCard Association then notifies the Issuing Bank that the Consumer has incurred a $100 liability to the Merchant, and the Issuing Bank, through the MasterCard settlement process, transfers $100 to the FDC Loan Company.
- The FDC Loan Company then has the responsibility of transferring the $100 to the Merchant.
- The FDC Loan Company prepares a report daily showing the amount payable to the Merchant. The FDC Loan Company maintains a list of the total amount payable to all Merchants and the amount payable to each individual Merchant. Shortly after receiving the settlement funds for the Merchant, the FDC Loan Company has those funds transferred to a current account which the Merchant has with a Canadian financial institution, for example, Royal Bank of Canada (the "Current Account Financial Institution")
6.ï¿½ï¿½ an AML standpoint is that the settlement funds which the FDL Loan Company is holding for the Merchant are "locked" funds which can be disbursed by one, and only one, method: through the transfer of those funds to the account which the Merchant has with the Current Account Financial Institution. Although the settlement funds may be disbursed by the Merchant out of its account with the Current Account Financial Institution, that is an ordinary course transaction for the purposes of the AML legislation and the Current Account Financial Institution will presumably have undertaken the required "know-your-customer" procedures (the "KYC" procedures") when it opened the account for the Merchant.
7.ï¿½ The role of a merchant acquirer, such as the FDC Loan Company, in connection with the debit card transaction is similar to its role in connection with a credit card transaction:
- Assume that the Consumer purchases goods for $100 from the Merchant and pays the purchase price with his debit card, which the Consumer received from the Issuing Bank.
- The FDC Loan Company notifies the Issuing Bank, through the payment system, of the transaction and the Issuing Bank transfers $100 of settlement funds to the FDC Loan Company.
- As is the case in connection with a credit card transaction, once the FDC Loan Company receives the settlement funds, it does one, and only one, thing with those funds: it transfers those funds to an account which the Merchant has with the Current Account Financial Institution.
8.ï¿½ It is our understanding that the foundation of the Canadian approach to AML issues is that AML issues should be analyzed based upon the risk associated with the relevant transactions. We have heard OSFI enunciate this principle and the principle is now repeated in the Consultation Paper:
"Although criminals can use a number of methods to launder money or finance terrorist activities, certain types of financial products present limited risks of being used for criminal purposes. The Government, and FATF Recommendation 5, recognize that it may not be necessary to impose client identification and record-keeping requirements in these situations."
FATF Recommendation 5
"...Financial institutions should apply each of the CDD [client due diligence] measures [under Recommendation 5]..., but may determine the extent of such measures on a risk sensitive basis depending on the type of customer, business relationship or transaction. The measures that are taken should be consistent with any guidelines issued by competent authorities. For higher risk categories, financial institutions should perform enhanced due diligence. In certain circumstances, where there are low risks, countries may decide that financial institutions can apply reduced or simplified measures...."
In our view, the risks associated with merchant acquiring transactions, particularly those transactions involving the FDC Loan Company, are minimal and do not warrant extensive regulatory oversight.
9.ï¿½ Although we believe that the AML risk inherent in the merchant acquiring business as carried on by the FDC Loan Company is minimal, that does not mean that the FDC Loan Company does not employ extensive fraud and risk management procedures in connection with that business. In this regard, the FDC Loan Company has entered into an outsourcing arrangement with FDMS to provide fraud and risk management services relating to its merchant acquiring business.
10.ï¿½ The FDMS Credit Risk Management Group focuses on fraud and risk management related to merchant acquiring. The primary focus of these activities is on potential merchant fraud and credit risk, although cardholder fraud is also a concern from a credit standpoint. These services are performed by FDMS on behalf of the FDC Loan Company and include:
- Credit underwriting support in connection with the establishment of merchant accounts, which includes significant due diligence and verification procedures;
- Following establishment of the customer relationship, FDMS performs ongoing portfolio risk management and fraud monitoring through:
- Periodic reviews, which may include risk scoring; analysis of financial statements, bank references, commercial and personal credit reports and ratings and indicators of country risk; and review of various sources of information about litigation, customer complaints, etc. In addition, chargebacks, credit timeliness and other operational indicators are analyzed for significant variances or negative changes;
- fraud exception reports, which may identify variances in daily volume or average ticket size, suspicious patterns such as recurring-dollar or even-dollar transactions, foreign transactions or transactions with a foreign credit card;
- activities of its "Mid-Risk Management" Unit, which was established by FDMS to address, manage and mitigate the perceived higher credit/fraud risk associated with Internet merchants, through use of exception reports and various investigative procedures;
- special procedures related to certain status changes, such as changes to a business' authorized signer, legal name, etc.
- Support for Product Development with Risk Management on New Product Offerings as needed; and
- Collection Strategies and Support.
11. In addition, FDC employs a variety of products and services which are used to the benefit of the FDC Loan Company to prevent and detect fraud and money laundering. These tools and services, which are employed by FDC for the purposes of combating fraud and for risk management, may also be used to detect suspicious activities, prohibited transactions and potential money laundering activities.
12.ï¿½ Potential merchant money-laundering and/or fraud can be detected through the initial diligence procedures and the ongoing monitoring procedures outlined above. Credit underwriting procedures help to verify the identity of the merchant and its principals, and to ensure the legitimacy of its business and practices. Through the underwriting process, FDMS also develops a profile of what the merchant transaction activity should be in terms of the expected annual credit card volume and the expected average sale amount. FDMS can then detect suspicious activity based on parameters and rules which identify variances from the expected sales volume or average sale as well as parameters and rules which identify multiple sales from the same source, recurring dollar amounts, and excessive credits. Once suspicious activity is detected, further investigative steps are performed to determine the nature of the transactions in terms of suspicious activity.
13.ï¿½ FDMS also performs extensive due diligence on behalf of the FDC Loan Company, including reviewing its existing credit policy and compliance with that policy; as well as reviewing its existing credit and fraud management processes and documentation, a detailed portfolio review and a complete analysis of historical losses.
14.ï¿½ The entry into the Canadian merchant acquiring marketplace of entities such as the FDC Loan Company has been of significant benefit to Canadian businesses of all sizes, including small businesses. Due to its extensive system of credit analysis, the FDC Loan Company is able to offer merchant acquiring services to many small, family-owned Canadian businesses which were previously not able to obtain merchant acquiring services.
15.ï¿½ Many of these small Canadian businesses are located in remote areas of Canada and/or conduct their business online.
16.ï¿½ with the larger merchants to whom it is providing merchant acquiring services, it is often impractical for the FDC Loan Company to have face-to-face meetings with some of the smaller merchants or those in a remote location and to obtain "in person identification" as a condition of offering merchant acquiring services to these merchants.
17.ï¿½ The Consultation Paper recognizes the importance of non-face-to-face transactions and the impracticality of requiring in-person customer identification measures in connection with all non-face-to-face situations:
"New technologies and business models are continually being developed by the financial sector in order to respond to demands for faster, more flexible client service. These services include non-face-to-face transactions (NFFTs)-transactions and account openings where the customer cannot be physically present at any stage in the process.
These transactions, which may occur over the Internet or other interactive computer services, or over the telephone or other electronic data transmissions, are increasingly anonymous, creating a money laundering and terrorist financing risk.
To the extent possible, financial institutions and intermediaries should meet their customers in person and ascertain their identity by referring to a government-issued identity document. However, when this is not possible, customer identification measures should ensure that NFFTs can be conducted with the same confidence and surety as when a customer is physically present. The FATF and the Basel Committee paper Customer Due Diligence for Banks echo these concerns.
FATF Recommendation 8
"Financial institutions should pay special attention to any money laundering threats that may arise from new or developing technologies that might favour anonymity, and take measures, if needed, to prevent their use in money laundering schemes. In particular, financial institutions should have policies and procedures in place to address any specific risks associated with non-face to face business relationships or transactions."
FATF Recommendation 9
"Countries may permit financial institutions to rely on intermediaries or other third parties to perform...the CDD process or to introduce business....Where such reliance is permitted, the ultimate responsibility for customer identification and verification remains with the financial institution relying on the third party...."
Basel Committee paper Customer Due Diligence for Banks
"In accepting business from non-face-to-face customers:
banks should apply equally effective customer identification procedures for non-face-to-face customers as for those available for interview; and
there must be specific and adequate measures to mitigate the higher risk."
18.ï¿½ Proposal 1.9 in the Consultation Paper contemplates that reporting entities could establish appropriate non-face-to-face client identification requirements:
Non-Face-to-Face Customer Identification Measures
The Government proposes to consult with reporting entities to establish appropriate non-face-to-face client identification requirements for financial entities, securities dealers, money service businesses and foreign exchange dealers. Such requirements would apply when the customer is not physically present at the time the client identification requirements are triggered (i.e. transactions conducted on the Internet, by phone or by mail) and identity cannot be ascertained in person by the reporting entity or an agent by referring to a government-issued identity document.
The appropriate measure or combination of measures would be based on the money laundering or terrorist financing risks associated with different types of financial services, and would ensure that customer identification is as reliable as in face-to-face situations. Baseline criteria have to be established in respect of client identification measures, whether documentary or not. Examples of such measures could include:
- confirming that a cheque drawn by the person on an account of a financial entity subject to the PCMLTFA has been cleared;
- confirming that the person's identity was ascertained by a financial entity as prescribed by the PCMLTF Regulations in a face-to-face situation; and
- verifying the customer's identifying information using an independent source such as a business information services company.
19.ï¿½ Fortunately, we believe that it is possible for the FDC Loan Company to provide needed merchant acquiring services to merchants, with whom the FDLC contracts in a non-face-to-face environment, in a manner that is consistent with the objectives of the Canadian AML legislation and the Consultation Paper. One specific example of a measure suggested by the Consultation Paper to confirm customer identification in non-face-to-face situations is through the cleared cheque method. We understand that the rationale behind this approach is that the merchant will have undergone strict AML vigilance by the Canadian financial institution with whom it has a chequing account.
20.ï¿½ Fortunately for the Canadian merchants who require acquiring services but who cannot easily meet face-to-face with representatives of the FDC Loan Company, the method by which the FDC Loan Company carries on business incorporates an AML procedure which is the functional equivalent of the cheque clearing procedure.
21.ï¿½ As indicated above, the FDC Loan Company transfers all settlement funds owing to a merchant to the merchant's current account with a Canadian financial institution. This procedure is clearly the functional equivalent of the cleared cheque procedure. The transfer to the Canadian financial institution will only be successful if the merchant has in fact an account with the Canadian financial institution. If the merchant has an account with the Canadian financial institution, it should be on the basis that the merchant passed the AML verification procedures which are imposed upon the Canadian financial institution when opening the account. The arrangement of only transferring settlement funds to an account of the merchant with a Canadian financial institution will ensure that the settlement funds never escape the AML "net" required by the Canadian legislation.
22.ï¿½ Proposal 1.9 of the Consultation Paper suggests certain measures to confirm customer identification non-face-to-face transactions. We suggest that one "measure" that should be adopted pursuant to Proposal 1.9 would be that the customer identification requirements could be met through the funds transfer method outlined above.
23.ï¿½ In providing for this procedure, it is important that the AML legislation specifically recognize that the confirmation that the merchant has an account with a Canadian financial institution will only occur after the merchant and the FDC Loan Company have entered into a merchant acquiring relationship and not at the time the parties enter into the merchant acquiring arrangement. In other words, it will only be at the moment that the FDC Loan Company attempts to transfer funds to the merchant that the FDC Loan Company will be able to confirm that the merchant has an account with another Canadian financial institution.
24.ï¿½ In light of the importance of this timing issue to our submission, let me provide an example of the sequence we are proposing:
Step 1 Merchant and the FDC Loan Company enter into a merchant acquiring arrangement;
Step 2 Merchant undertakes a transaction whereby customers pay by way of a MasterCard or a debit card.
Step 3 FDC Loan Company obtains the settlement funds from MasterCard and Interac and forwards those funds to the account which the merchant has with another Canadian financial institution.
25.ï¿½ In our proposal, the FDC Loan Company tests the customer from an AML standpoint at the moment that the FDC Loan Company attempts to transfer the funds of the merchant. If the transfer is accepted, that means that the merchant does in fact have an account with a Canadian financial institution which, in turn, means that the Canadian financial institution undertook its own AML due diligence review and decided that the customer was acceptable.
26.ï¿½ If the payment system returns the funds that the FDC Loan Company attempted to transfer to the merchant, the reason would be that the merchant does not in fact have the account with a Canadian financial institution.
27.ï¿½ Allowing the verification to occur subsequent to the establishment of the merchant arrangement does not pose any AML risks because the AML risks are associated with the settlement funds and, by definition, the settlement funds will never be received by the merchant unless the merchant has in fact established an account with a Canadian financial institution.
28.ï¿½ Accordingly, we believe that our proposal deals thoroughly with the AML risks with which you are concerned and it also has the attractive advantage of allowing merchant acquiring services to be provided to merchants for whom it is not practical to meet in a face-to-face environment with representatives of the FDC Loan Company.
Representatives of the FDC Loan Company and I would be pleased to meet with you to elaborate on this submission at your convenience.
Yours very truly,
John W. Teolis
c: First Data AML Group