- Consulting with Canadians -


Archived information

Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

CBA's Submission in Response to Finance Canada's Enhancing Canada's Anti-Money Laundering and Anti-Terrorist Financing Regime consultation:

Developing An Effective and Balanced Regime

The CBA Response to the Department of Finance's Consultation Paper Enhancing Canada's Anti-Money Laundering and Anti-Terrorist Financing Regime

September, 2005

Table of Contents


General comments

Comments on specific proposals

Appendix A – CBA Letter to Department of Finance (August 17, 2004)


The Canadian Bankers Association (CBA) appreciates the opportunity to provide comments on the proposals in Enhancing Canada's Anti-Money Laundering and Anti-Terrorist Financing Regime (the "Consultation Paper"). In making these comments, our aim is to work with the federal government and with other stakeholders to improve Canada's anti-money laundering (AML) and anti-terrorist financing (ATF) framework.

A Step in the Right Direction

Overall, we think that the proposals in the Consultation Paper are a step in the right direction. There are proposals that if enacted, should make our regime more effective. Also, we are particularly delighted that the federal government is open to ensuring that any changes to Canada's AML/ATF framework are practical and enable legitimate business activity to flourish.

Simply put, we are generally encouraged by the approach taken in the Consultation Paper because in our view, effectiveness and balance are the essential elements of an AML/ATF regime that works well.


An AML/ATF regime plays a critical role in protecting the integrity of the financial system and it is, therefore, important to have effective measures in place to identify individuals and entities that could use the financial system either to conceal the source of funds derived from criminal activity or to further their criminal activities.


The regime must also be balanced. The AML/ATF framework in Canada is unique in that in order to function well, it must interact with a wide range of stakeholders such as law enforcement agencies and banks and other financial institutions. We believe that no useful purpose would be served, and in fact, the effectiveness of the regime itself would be diminished, by overburdening stakeholders with too many rules and requirements.

In short, measures that provide effective deterrence and do not impede legitimate business activity are, in our view, the cornerstones of an AML/ATF regime that works well.

Room for Improvement

As a key stakeholder, the Canadian banking industry has consistently supportedthe development of an AML/ATF regime that works well and we believe that the enactment of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act ("PCMLTFA") has provided, over the years, a solid platform for this purpose. But, there is room for improvement and we are, therefore, delighted to have the chance to provide input on the proposals in the Consultation Paper and we also welcome the willingness of government officials to continue consultations as the proposed changes to the framework take shape.

By commenting on the Consultation Paper's proposals and by having an ongoing dialogue, we believe that we can contribute meaningfully to the goal of ensuring that Canada has an effective and balanced AML/ATF framework.

General Comments

With a view to providing a framework for our participation in the consultative process, it might be helpful to start with comments that apply to many of the proposals.

Risk-based approach needed.

It is the banking industry's overarching message in this consultation process that the effectiveness of the regime depends on using a risk-based approach. This is clearly the view of the Financial Action Task Force (FATF) yet, as we will note, there are many proposals in the Consultation Paper where this approach has not been taken. In our continuing consultations, we would like to ensure that to the greatest extent possible, a risk-based approach is taken.

Significant lead-time needed.

Once amendments are enacted, there will be significant effort and expense to update systems, policies and procedures, customer and account documentation and to prepare for, and conduct employee training. All stakeholders recognize that implementing these changes will require considerable time. To be able to meet the requirements in the updated regime, therefore, reporting entities and, probably, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), will need to be given enough lead-time to implement the necessary changes to their systems and employee training programs.

Further consideration of the implications needed.

We wonder if the implications of the proposals have been considered thoroughly enough. For example, has consideration been given to the impact of the privacy regimes in Canada and in other countries on the ability of banks to collect and provide personal information? Also, we wonder if there is a good understanding of all the practical implications of many of the proposals on reporting entities especially dealing with customer due diligence. To alleviate concerns and possibly avoid unwanted consequences, we would appreciate the opportunity of sharing our views with you on these implications over the coming weeks.

Cross-border Electronic Funds Transfers (EFTs).

A number of the proposals deal with the treatment of EFTs and expand upon the existing reporting requirements. To avoid the increasing complexities created by these broader requirements, we recommend that reporting entities report all cross-borderEFTs, regardless of amount. For EFTs being sent, there would be a need to report the prescribed information but for EFTs being received, we recommend that there should simply be a general reporting requirement for whatever information is received.

Comments on Specific Proposals

Set out below are our comments on the specific proposals in the Consultation Paper. As we note in our comments, the banking industry believes that some issues (e.g. amendments to the PCMLTF Regulations to address the issue of non face-to-face customer identification in a practical way) are of the highest importance and need immediate attention.

Proposal 1.4 - Customer Due Diligence and Record-Keeping Requirements

The Consultation Paper proposes to amend the PCMLTF Regulations to require reporting entities subject to Part 1 of the Act to take certain measures in the following situations:

  • When there is a suspicion of money laundering or terrorist financing and the identity of the client has not previously been ascertained, the reporting entity should identify and verify the customer's information. In this situation, verification should be undertaken only to the extent that it can be accomplished without tipping off the customer about the suspicion;
  • When there is a suspicion of money laundering or terrorist financing, and there are doubts about the veracity or adequacy of previously obtained customer information, the reporting entity should repeat the process of identifying and verifying the customer's information. In this situation, verification should be undertaken only to the extent that it can be accomplished without tipping off the customer about the suspicion. Records of the sources of information and the methods of identification should be kept in both cases.

We believe that these proposals need clarification. For example, it is unclear whether the changes are intended to be discretionary or mandatory. We also believe that greater clarity is required in terms of the scope and intent of the proposals. In our minds, the objective should be to encourage enhanced due diligence, to the extent that this can be accomplished without tipping off the customer, rather than by simply requiring a reporting entity to repeat the customer identification and verification measures performed previously.

We also wonder about the Consultation Paper's interpretation of FATF Recommendation 5 on the identification verification of customers whose previously obtained identification is considered inadequate or questionable. In our view, proposing that the customer's identification should be verified when there is a suspicion of money laundering or terrorist financing will be of little value and may have substantial drawbacks for law enforcement and investigations. It is our position that the verification of identification in most, if not all, cases will provide no additional comfort about the customer, and it is impractical to believe that it can be achieved without tipping off the client.

Proposal 1.5 – Politically Exposed Persons (PEPs)

This proposal in the Consultation Paper will amend the PCMLTF Act and Regulations to require that for transactions above a certain threshold, when there are reasonable grounds to suspect that a new or existing customer is a foreign or domestic PEP (a term that will be defined in the Regulations), reporting entities are to have additional responsibilities. These entities would need to:

  • Have appropriate risk management systems in place to determine whether a customer is a politically exposed person;
  • Take "reasonable measures" to establish the source of funds;
  • Conduct enhanced ongoing monitoring of the business relationship in each case; and
  • Obtain senior management approval to enact the transaction, open the account or continue the business relationship.

There are many aspects of this proposal that are unclear in our view.

For example, there is no clarification of what constitutes "reasonable measures" or "enhanced on-going monitoring".

Moreover, the reference to thresholds appears to contemplate a risk-based approach, but again, greater detail of the proposal is required if reporting entities are to determine the potential impact of this proposal on their activities and operations. We point out, in addition, that it seems unclear what purpose a threshold would serve in these circumstances. This follows from the fact that an account identified as belonging to a PEP would be considered a higher risk and, therefore, subject to higher scrutiny, regardless of amount.

We believe that in order to ensure that consistent standards are applied across all reporting entities, it is essential that more clarity is forthcoming.

This would include clear guidance on who qualifies as a PEP. FATF, we note, defines PEPs as only foreign persons and it seems clear to us that the need to identify foreign and domestic PEPs is a much higher standard than what is provided for in the European Union 3rd directive or in the U.S. regulations. We recommend that rather than using a PEP definition, this proposal might be easier to implement if an official PEP list were to be issued from time to time, just as is done with terrorist names.

If this proposal were to be implemented, we would welcome the opportunity to discuss in detail whether threshold levels should be established, whether they should be set for accounts as well as transaction-scanning and we would also appreciate discussing the size of the thresholds in order to ensure that they would not unwittingly capture routine transactions.

Furthermore, with respect to the suggestion that approval should be required from "senior management" (a term that is not defined in the Consultation Paper) for transactions with PEPs, we note that transactions involve straight-through processing and as a result, it would be virtually impossible to obtain senior management approval, or determine the source of funds, before all transactions with PEPs. We also believe that this might put the customer at a disadvantage as there would be certain transactions (e.g. securities trades) that would be very time sensitive.

Proposal 1.6 - Correspondent Banking

The Consultation Paper proposes to amend the PCMLTF Act and Regulations to require financial entities to take the following steps before entering into a correspondent banking relationship:

  • Obtain all relevant information on the activities and operations of the respondent bank, including its regulation and its anti-money laundering and anti-terrorist financing controls;
  • Obtain approval from senior management before establishing a new correspondent relationship;
  • Document the respective responsibilities of each institution; and
  • Ensure that the respondent bank conducts appropriate due diligence and can provide relevant customer identification information for clients using "payable-through accounts."

Measures are also proposed, we note, to prohibit financial entities from entering into or continuing a correspondent banking relationship with a "shell bank". We believe that it would be more appropriate to utilize a definition of "shell bank" that is more precise and means that it applies to banks without a physical presence in any country if those banks are not regulated affiliates (i.e. controlled by, or under common control with, a depository institution, credit union, or bank that maintains a physical presence in Canada or a foreign country and is subject to supervision by a banking authority in the country regulating the entity affiliated with the bank).

This would satisfy the concerns of the banking industry since some reputable financial organizations maintain subsidiaries that have no "physical presence in any country" but are regulated by a home country regulator. We recommend that the definition of "shell bank" be clearly worded to make it clear that these regulated affiliates would be outside the scope of any prohibitions.

On a more general level, we believe that the levels of due diligence required for correspondent bank relationships should be addressed on a risk-based approach.

This is another area, moreover, where more clarification would be helpful.

Clarification is needed about what is intended by "documenting" the respective responsibilities of each institution. Since correspondent banking relationships generally do not involve an account-operating agreement but rather, various product agreements, presumably this does not refer to the need for an account operating agreement.

The term "payable through accounts" needs to be defined and the wording "activities and operations", in our view, is also too vague to determine if this is a reasonable or practical requirement. For example, to what level of detail would "activities and operations" require documentation? Also, would banks be precluded from entering into a correspondent relationship with a bank in a non-FATF country, and if not, would such a relationship require additional due diligence documentation? Would banks be expected to verify (i.e. audit) the information provided by the correspondent bank?

As well as asking for further details, we also suggest that consideration be given to whether, before entering into a correspondent banking relationship, the correspondent bank should ensure that the respondent bank has AML policies and procedures in place to conduct appropriate due diligence on clients using payable-through accounts and provide relevant customer identification information to the correspondent bank. If this were the case, the correspondent bank would then only need to do the necessary "know your customer" due diligence.

We also note that the Consultation Paper proposal is set at a higher standard than the one specified by FATF Recommendation 7 (which only requires due diligence based on publicly available information) and we are not convinced that a higher standard would be warranted.

Proposal 1.7 – Lower Risk Situations

It is proposed that the following types of transactions would be exempted from the client identification and record-keeping requirements:

  • The opening of an income trust reinvestment plan account sponsored by a fund manager for its investors, unless the account is funded in whole or in part by a source other than the fund manager;
  • The opening of a supplemental unemployment benefit plan account or a retirement compensation arrangement plan account unless the account is funded in whole or in part by contributions by a person or entity other than the employer;
  • The opening of an employee disability, dental, medical or benefit plan account governed under the Income Tax Act unless the account is funded in whole or in part by contributions by a person or entity other than the employer; and
  • Accounts established for the holding of securities in trust pursuant to the escrow requirements of Canadian securities regulators;

We would appreciate clarification as to whether it is necessary to verify the identity of a child under 12 in addition to his/her parent/guardian where an account is opened in the name of the child. Depending on his/her age, the child may not be able to sign a signature card, in which case it would appear that identity verification may not be required. In addition, depending on the child's age, there are cases where the child would not have any identification documents available. We would appreciate confirmation of appropriate procedures in these lower risk situations.

This proposal would also extend the record-keeping exemptions to the transactions that are currently exempt from the client identification requirements under the regulations. When customer identity cannot be ascertained in person by the reporting entity, it is also proposed that reliance would be put on an agent or introducer or specific non face-to-face customer identification measures would be used.

It is our strong view that a risk-based approach is extremely important in managing the implications (and the costs) of client record-keeping/identification and the third party/beneficial owner determination requirements.

We also strongly believe that it is vital for law enforcement, reporting entities and for customers to ensure that the exemptions and that the timing for meeting these requirements are the same for all industries within the financial services sector.

We note, in this regard, that there are currently different standards and requirements for financial institutions, insurance companies, trust companies and broker/dealers and as mentioned in the letter from the CBA dated August 17, 2004 (a copy of which is attached), it is critical to have consistent standards throughout the financial services sector.

It is our position that the existence of different standards and requirements could very well create confusion and compliance difficulties for both customers and reporting entities when different types of financial institutions are involved in offering financial products or services to the public.

For example, a financial institution might use a trust affiliate to act as the trustee and/or custodian for registered plans, but the affiliate would not necessarily distribute the products or maintain the individual member records. The trustee, in these circumstances, would typically appoint an agent to open and maintain plan member accounts. The trustee would ask the agent to confirm compliance with the AML verification requirements and the agent would often claim to be exempt. It would be logical, therefore, to establish a common set of exemptions.

We also recommend that the Regulations be further amended to exempt from client identification and record keeping requirements, the opening of accounts for the following additional types of savings plans:

  • RRSP (individual and group arrangements) **
  • RESP (registered educational savings plans)
  • RRIF (registered retirement income fund)
  • ESP (corporate-sponsored employee savings plan)
  • ESPP (corporate-sponsored employee stock purchase plan) **
  • LIF, LIRA, LRIF (locked in retirement accounts) **
  • Foreign regulated pension plans and
  • Group Investment Accounts (non-registered)

** For plans issued by securities dealers, exemptions currently apply

As well, it is our view, that financial institutions should be able to rely on client identification obtained through proper customer due diligence procedures conducted across business lines by affiliated entities and subsidiaries within a banking group. Consistency in client identification and exemption requirements across these lines, we submit, would further assist in ensuring that within a banking group, a client need only be identified once. This, in turn, would mean less customer frustration and inconvenience.

In our August 17, 2004 letter, the CBA also recommended that a reference be included to extend the identification verification exceptions to "subsidiary(ies) under the control of a corporation ...". We continue to believe that this is a needed change for the reason that while large corporations typically operate through subsidiary legal entities, the exception language, as currently drafted, would not appear to be inclusive of such subsidiaries. We can say that from an operational perspective, this constraint has caused immense challenges for Canadian banks.

We also recommend that these exemptions apply to:

  • First Nations. First Nations are already very heavily regulated by the federal government. For example, the Department of Indian and Northern Affairs maintains its own data on each status member of a Band;
  • Federal and provincial Crown Corporations, public utilities;
  • Court-appointed Guardians of real or legal persons, including Guardians for incapable persons and Trustees-in-Bankruptcy. It is, in our opinion, inappropriate and unnecessary to obtain identification in circumstances where clients or accountholders are declared incapable or bankrupt and Guardians or Trustees-in-Bankruptcy are appointed by the Court to manage assets; and
  • Situations where there is already oversight by federal or provincial authorities (e.g. trust accounts for the travel industry or pre-paid funeral arrangements).

Proposal 1.8 – Agents or Introducers

It is proposed to amend the PCMLTF Regulations to allow any reporting entity to rely on another person or entity to ascertain the identity of its customer provided that the reporting entity has a contractual arrangement with the person or entity for the purpose of ascertaining customer identity. The agent would be required to ascertain customer identity in person by referring to a government-issued identity document as required under the Regulations.

Under this provision, the reporting entity would have to obtain customer information from the person or entity ascertaining customer identity on its behalf and would be required to keep the records specified under the Regulations. However, the ultimate responsibility for complying with the requirements would remain with the reporting entity.

In our view, rather than requiring a reporting entity to enter into contractual arrangements with all of its agents, it might be more practical, and just as effective from an AML standpoint, if the Regulations were to provide for exceptions with regard to the need to have contracts with agents.

The issue of adequate awareness and training of these agents, we note, is becoming increasingly important and there is value, we believe, in having consistent business rules and requirements among reporting entities that use agents to ascertain customer identity. Currently, identification standards differ for each group of reporting entities and, as we have previously noted, we believe it is important to harmonize identification requirements among all reporting entities.

We must say, though, that this proposal needs further detail and analysis if we are to assess its value compared to its impact on our activities. Generally, it should be left to reporting entities to determine when a contractual arrangement is warranted as part of its risk assessment. For banks, this proposal might need to be considered in association with the requirements in OSFI Guidelines B8 (Deterring and Detecting Money Laundering) and B10 (Outsourcing of Business Activities). Further clarification is also required on what the expectations of a financial entity would be if this proposal were to be put into effect and whether limitations or exceptions were to be contemplated. For example, would it be a requirement that the reporting entity audit the information obtained by the agent/introducer to assure that it is valid?

Where banks are not able to verify the identity of a customer directly, we note that verification is typically provided through a Canadian embassy, lawyers, and in the case of businesses, lawyers external to the business, accounting firms, referrals from another financial institution, or other types of agents for particular products or services that a financial institution provides. There is typically no formal contract between the bank and these other parties. In some circumstances, therefore, a requirement to enter into contractual arrangements is operationally impractical, as banks would need to enter into multiple contracts with agents in every country in which clients reside or operate or in which signing officers reside or work.

If this proposal were to be implemented, we believe that a clear definition would be required of what constitutes a "contractual arrangement" and the exceptions would also have to be specified. We also recommend that a standard form for reporting entities be designed to record the relevant information regarding the person whose identity is being verified and the agent information, rather than requiring a separate contract for every agent in every country where a reporting entity has customers.

Proposal 1.9 - Non Face-to-Face Customer Identification Measures

We understand that there will be consultations with reporting entities to establish appropriate non face-to-face client identification requirements for financial entities, securities dealers, money service businesses and foreign exchange dealers. These requirements would apply if the customer is not physically present at the time the client identification requirements are triggered (i.e. transactions conducted on the Internet, by telephone or by using the mail) and the customer's identity cannot be ascertained in person by the reporting entity or an agent by referring to a government-issued identity document.

The Consultation Paper states that the appropriate measure or combination of measures should be based on the money-laundering or terrorist-financing risks associated with different types of financial services, and should ensure that customer identification is as reliable as in face-to-face situations. It is proposed that baseline criteria should be established in respect of client identification measures, whether documentary or not. Examples of such measures provided in the Consultation Paper include:

  • Confirming that a cheque drawn by the person on an account of a financial entity subject to the PCMLTF Act has been cleared;
  • Confirming that the person's identity was ascertained by a financial entity as prescribed by the PCMLTF Regulations in a face-to-face situation; and
  • Verifying the customer's identifying information using an independent source such as a business information services company.

We note that this issue has been a major concern for many Canadian banks and we welcome the willingness of the federal government to recognize that changes are needed to the existing PCMLTF Regulations.

Our strong view is that the risk-based approach described in this proposal is clearly preferable to the existing regime which imposes very specific requirements which might not be appropriate for all institutions or types of products. But, more work needs to be done.

For example, consider the use of baseline criteria and the limited examples set out in the Consultation Paper. It appears that by attempting to establish baseline criteria for client identification measures, new rules could still impose requirements that might not be appropriate for all institutions. It is true that at a particular point in time, appropriate criteria could be developed. But, our concern is that technological advancements and innovations in methods of delivering products and services could easily render this approach irrelevant or ineffective over even a short period of time.

A preferable approach, in our opinion, would be to outline the general goals of customer identification measures and to allow reporting entities the flexibility to determine the appropriate measures to be developed in keeping with these goals including the use, where appropriate, of non-documentary methods. It should be permitted to establish procedures to account for all relevant risks including those presented by the types of accounts maintained by a bank, the various methods of opening accounts provided, the type of identifying information available, and the bank's size, location, and type of business or customer base.

In concluding our comments on this proposal, we should underscore how important we view the issue of non face-to-face customer identification and we, therefore, look forward to further discussions on the issue. We view this issue as an integral part of an effective and balanced AML/ATF framework.

Proposal 1.10 - Third Parties, Beneficial Owners

Proposal 1.10 is to amend the PCMLTF Regulations to require that in every situation where customer identification requirements are triggered, reporting entities also obtain third party and beneficial owner information and take reasonable measures to verify this information. This requirement would not apply to situations that are explicitly exempt from the client identification requirements under the Regulations. Reporting entities would be required to determine, in each case, whether the customer is acting on behalf of a third party and if so, to obtain, verify and keep records of the name, address and occupation of all third parties, as well as their relationships to the customer.

There would particular practical difficulties in applying this requirement to transactional scenarios, e.g. where a business initiates an EFT of $3000 as a non-client at a financial institution. The person who conducts the transaction may not have beneficial ownership information or third party information.

It is understood, that if the customer is a business, reporting entities would be required to obtain, verify or keep records of the name, address and occupation of all natural persons who own or control, directly or indirectly (for example through the ownership of a legal entity), more than 10 per cent of a corporation or partnership.

If the customer is a Non-Profit Organization (NPO), then the reporting entities would be required to obtain, verify and keep records of the name, address and occupation of all senior officers and directors. This procedure, we believe, would be quite onerous for large charities such as the United Way. Reporting entities would also be required to determine whether the NPO is soliciting, as defined under the federal Not-for-profit Corporations Act, and keep a record of this information. They would also need to take reasonable measures to determine whether the NPO is a charity registered with the Canada Revenue Agency (CRA) and, if so, obtain and keep records of the CRA registration number and confirmation of the registration by referring to the CRA website or other means.

Finally, in respect of a trust, the proposal would require reporting entities to obtain, verify and keep records of the name, address and occupation of all settlors and all living beneficiaries of the trust. Reporting entities would be required to take reasonable measures to establish the source of funds.

We have concerns about this proposal.

Uppermost in our minds is whether the proposal is really practical. This arises, for example, from the fact that in Canada, there is no public or government registry that allows for the independent verification of small businesses or other entities. As a result, if the intent of a bank customer is to conceal a third party, the customer could simply claim that there is no third party and there would be nothing further that the bank could do to verify this assertion.

We fail to see, moreover, where a risk-based approach has been taken in this proposal. Implementation of these measures would create severe administrative costs and burdens for reporting entities and it is our strong view that banks should have the flexibility to implement verification procedures they believe appropriate after taking into account the risk involved in any given situation.

Consider the following more detailed comments that support our concerns:

We point out that there is a broad range of transactions that are quite legitimately transacted through the account of a third party. There are, for example, transactions belonging to a child under the age of majority which would typically be processed through a parent's account. Similarly, adult children are typically required to conduct transactions on behalf of aging parents using their own accounts. We would expect, therefore that if this proposal were to be enacted, exemptions would have to be given for these kinds of transactions.

It is important to note also that currently, banks are required to take reasonable measures to collect third party information when opening an account. This is done by asking the customer, either verbally or in writing, at the time of opening the account, whether the account is "to be used by or on behalf of a third party". If the client answers "yes" (which happens rarely), further information on the third party is asked. It is the experience of Canada's banks that the rationale for this requirement is very difficult to understand, both for employees and clients. Proposing to amend the Regulations to require that in every situation a bank obtain third party and beneficial owner information and take reasonable measures to verify this information would, we believe, create substantial problems for custodians of investment vehicles and foreign financial institutions. It would be difficult for a bank to obtain its clients' client information, and almost impossible for banks to verify that information, especially since the terms "third party" and "verify", as used in the Consultation Paper, are unclear and need clarification.

We also feel that requiring this information for every account opening dilutes its value. It becomes routine and gives a false sense of security. We would propose, therefore, that this requirement be abolished and replaced by an obligation to ascertain the identity of any person, other than the client, who uses the account and to report any suspicion that a client is acting on behalf of a third party.

We also believe that clarification is required on what constitutes "verification" of the information. The concept of verification is not currently included in the regulations, and this proposal appears to introduce a standard that is more stringent than the current requirements. Also, clarification is required as to whether this requirement applies only to accounts, or any and all products offered by the financial entity. We recommend that reporting entities be given flexibility with respect to the means and timing of the verification consistent with a risk-based approach. Furthermore, for consistency with other measures of the Regulations, we believe that all registered products should be exempt from this requirement.

The application of this proposal to third parties also raises specific problems, while its wording leaves a number of matters in need of clarification. These are explained as follows:

For example, while we generally support the need to obtain detailed customer information for "beneficial owners" of corporations, the 10% proposed threshold is far too low in our view. We believe that there is little value in obtaining information about the natural persons who own 10% of a company, particularly if this ownership is not direct. Given the complex structures of many legitimate operations, a 10% shareholding may have no real control over the operations or accounts of another affiliated company. Furthermore, this information is already available, we note, through government agencies such as the CRA and the burden of obtaining or verifying this information should not be placed on reporting entities. It is also unclear as to what information, if any, is required for entities other than corporations or partnerships, such as associations and recreation clubs, that typically do not have a traditional corporate ownership structure.

For NPOs, the wording of the proposal in the Consultation Paper raises specific questions and concerns. For example, we can safely safe that there are thousands of NPOs in Canada (service clubs, hockey teams, church socials) and to investigate each of these NPOs to the level of detail suggested by the proposal in the Consultation Paper would be unmanageable. Also, some NPOs operate either as a trust or a corporation under a provincial governing statute and the purpose of determining whether the NPO is soliciting or non-soliciting under the Canada's NPO Corporation Act is unclear.

It is also unclear whether a reporting entity is required to confirm that a NPO is soliciting as a charity registered with the CRA or whether the reporting entity merely needs to ask the NPO and can rely on the NPO's response. In addition, if reporting entities are given a verification requirement for the directors and senior officers of NPOs, the current wording of the proposal, in our minds, is impractical as it states that such verification is to be required for all directors and "senior officers". A definition of the term "senior officers" is required, in our view, and a maximum specified as to the number of individuals for which "validation" of identity is required (as with the maximum of three signing officers for corporations in the current regulations).

Finally, with respect to trusts, a definition of the term is critical since there are various forms of trusts. For example, some mutual funds are set up as trusts, but we do not believe the intent is to apply these requirements to them. Furthermore, if the beneficiaries of trusts are to be identified, it needs to be clear in what circumstances. For example, does this apply to trust companies when they are acting as trustees, or does it only apply to institutions dealing with third party trustees? Clarification is also required as to what constitutes "reasonable measures" by the reporting entity when it is attempting to discover the source of funds, and whether this would be considered on a risk-based approach, as is contemplated in the FATF recommendations.

Proposal 1.11 - Ongoing Due Diligence

The Consultation Paper proposes to amend the PCMLTF Regulations to require that reporting entities:

  • Monitor their business relationships with their customers, including transactions, on an ongoing basis; and
  • Implement procedures to ensure that customer information remains up-to-date.

We believe that further clarification is needed on the meaning of the term "monitoring business relationships" since the wording "including transactions" suggests that reporting entities are expected to expand upon their current customer monitoring systems. While many banks currently conduct some degree of transaction monitoring, we are concerned that this proposal might be more extensive.

It is our view that any requirement to keep customer information "up-to-date" is unrealistic. Mandating procedures to update millions of accounts would simply not be practical especially since the onus would be on the customers to provide the needed updated information. In our view, a requirement to "maintain" customer information should be qualified by a risk-based approach and should be needed only on a transactional or event-occurrence basis (e.g. changes in address, authorized users, credit limit).

Again, we suggest that further details about what is meant by this proposal might be helpful in helping us consider its impact on banking operations.

Proposal 1.12 – EFT Customer Due Diligence and Record-Keeping Requirements

Proposal 1.12 in the Consultation Paper is to amend the PCMLTF Regulations to require that a financial entity, money service business, foreign exchange dealer, securities dealer or casino initiating a domestic or international EFT at the request of a client, regardless of the amount, ascertain the identity of the client and keep records of the following information:

  • Name and address of the client;
  • Account number or reference number;
  • Telephone number of the client;
  • Name and address of the person on whose behalf the EFT is made;
  • Type and number of identity document; and
  • Name and address of the beneficiary.

This proposal, we note, goes well beyond the FATF Recommendation and we see no reason why the requirement under our regime should be more stringent.

The Consultation Paper proposal would require reporting entities to verify the identity of any customer that initiates an international or domestic EFT, regardless of the EFT's amount. This would appear to include customers whose identification would not have to be obtained. The proposal would also require reporting entities to keep records, in each case, of the client's telephone number, the name and address of the person on whose behalf the EFT is made, the type and number of the identity document and the name and address of the beneficiary.

We point out that many customers do not originate international EFTs in person, but use a cash management product and for this reason, there would be no opportunity to verify identity. If a bank is aware that a payment is being made on behalf of a third party, the name and address of the third party could typically be obtained. Where, however, the customer gives no indication that the payment is being made on behalf of a third party, it would be impossible for the bank to obtain this information. Furthermore, in some jurisdictions, privacy legislation limits the disclosure and retention of this personal information.

In our view, there should not be a requirement to ascertain the identity of the client conducting a transaction where the person already holds an account with the financial entity. The address of the beneficiary is not relevant for payments being made into an account, nor is it required to effect the payment and for these reasons, it should not be required information.

In addition, it is important to maintain the definition of EFTs that is set out in the current Regulations.

Proposal 1.13 - Client Information Transmission

The Consultation Paper proposes to amend the PCMLTF Act to require that reporting entities conducting EFTs on behalf of their customers (i.e. financial entities, money service businesses, foreign exchange dealers, securities dealers and casinos) implement the following measures with respect to international EFTs:

  • When initiating outgoing international EFTs, the reporting entity should include, at a minimum, the first two information elements above in the EFT message;
  • When the reporting entity acts as an intermediary in the EFT payment chain, it should ensure that the above originator information remains with the EFT message; and
  • When the reporting entity is the recipient of an EFT, it should take reasonable measures to ensure the EFT includes the above originator information.

In commenting on this proposal, we start with the fact that a reporting entity can only ensure that the ordering party information obtained is passed on to the next financial institution. The reporting entity in this case can only pass on what it receives. When a financial institution receives an incoming EFT, in other words, it acts purely in a passive manner, processing the payment based in the information in the EFT itself.

We also note that provided there is sufficient information in the EFT received to enable flow-through processing, the receiving financial institution does not have any need to seek additional information and is highly unlikely to be given the additional information if requested. Any requirement to do so would, in our view, place an onerous and unreasonable burden on financial entities, which would have to construct systems to detect when a field is not populated, and develop a mechanism to revert to the originating financial entity for the missing information.

Moreover, since the payment would already have been processed, the originating financial institution would have little incentive to provide this data, and could be prevented from doing so, based on the rules in place in the country in which the EFT originated.

As a result, we believe that the onus should not be on the receiving financial entity in Canada, that is a passive recipient of the message, to ensure the sender complies with Canadian law, particularly as the sending institution might not be subject to comparable requirements under its local laws.

Our view is that if it is considered important that all EFTs have the information specified in this proposal, the federal government should seek to have the Society for Wholesale Interbank Financial Telecommunication (SWIFT) change its rules so that inclusion of this information would be mandatory for all payments conducted by SWIFT members.

Before leaving this proposal, we mention again that more clarification would be helpful. For example, if the originator information is not passed along, it is unclear what "reasonable measures" the receiving bank is supposed to take to obtain this information.

Proposal 2.1 - Reporting of Suspicious Attempted Transactions

This proposal is to amend the PCMLTF Act and Regulations to explicitly include the reporting of suspicious attempted transactions.

  • All reporting entities that are currently obligated to report suspicious transactions under Part 1 of Act would be required to report suspicious attempted transactions.
  • Guidance would be provided to reporting entities to assist them in determining when to report.
  • The current form and manner of suspicious transaction reporting would remain unchanged except for the addition of information indicating that the transaction was not completed.
  • At a minimum, reasonable efforts should be made to obtain the name and address of the individual undertaking the transaction and the amount of the transaction.
  • The same record-keeping requirements in place for suspicious transactions would also apply to attempted suspicious transactions.

We support changing the PCMLTF Act to permit reporting entities to report attempted transactions that are, in the opinion of the reporting entity, "suspicious" but, given the uncertainty involved in such incomplete transactions, we believe it would be unwise to make it mandatory for a reporting entity to report suspicious attempted transactions. The banking industry initiated the voluntarily reporting of suspicious activities to law enforcement over 15 years ago and we see no useful purpose served by making this mandatory. We recommend that the reporting of suspicious attempted transactions should be at the discretion of the reporting entity.

If the reporting of attempted transactions were to become mandatory, we point out that considerable work would have to be done in developing the appropriate reporting mechanisms including the form to be used (which, as we will elaborate on in further discussions, should not have any mandatory fields).

Proposal 3.1- Registration Regime for Money Service Businesses (MSBs)

The Consultation Paper proposes that MSBs and unregulated Foreign Exchange Dealers be required to register their operations with FINTRAC.

We welcome the decision to amend the PCMLTF Act and Regulations to establish a registration regime for MSBs and foreign exchange dealers that are currently not regulated financial institutions. We suggest that as well as a registration system, there should be regulated enforcement of MSBs (similar to the system in the United States, where MSBs are required to be licensed and where there are criminal penalties for failure to comply with this requirement). The implementation of an enforcement system, we believe, would allow other reporting entities to be able to rely on examinations/evaluations conducted by a government agency.

We point out that these requirements should also be extended to cover the operators of independent ABM and cash machine operators.

Proposal 3.2 – Creation of an Administrative and Monetary Penalties Regime

Proposal 3.2 in the Consultation Paper is to give FINTRAC theauthority to impose penalties in the form of warning letters and/or administrative monetary penalties (AMPs) for non-compliance with the PCMLTF Act and Regulations.

We do have some misgivings about this proposal.

For example, we frankly fail to understand what useful purpose would be served by publishing the name of an offender and details of the violation. Indeed, since even minor violations could be subject to publication, we express the concern that the potential harm to the reputation of a reporting entity of having its name listed as an "offender" on FINTRAC's website could be disproportionate to the violation.

We have stronger views about the proposal to levy AMPs. The banking industry has been very consistent in its views about AMPs in several contexts. We believe that they are thinly disguised fines and we therefore express concerns about whether there is authority for FINTRAC to levy fines.

We reserve our further comments until the description of violations, the schedule of graduated penalty amounts, the criteria of assessment and other information are made available.

Proposal 3.3 – Sharing Compliance-related Information with Foreign Partners

The Consultation Paper would give FINTRAC the authority to exchange compliance-related information with its foreign counterparts.

It is our understanding that FINTRAC currently has memoranda of understanding to exchange information with a number of Financial Investigation Units (FIUs) in other countries. Therefore, before making specific comments on this proposal, we would like further information about its objectives, as we fail to understand how releasing to other FIUs specific details of compliance deficiencies, examination results and risk assessment information about Canadian reporting entities could improve FINTRAC's ability to supervise compliance of Canadian reporting entities.

Proposal 4.1 – Expansion of Information Disclosed by FINTRAC

We support the proposal to expand the list of designated information that FINTRAC would be permitted to disclose to law enforcement and intelligence agencies. Indeed, we would recommend that FINTRAC be allowed to provide information about suspected money launderers to reporting entities.

Proposal 5.1 – Creation of an Advisory Committee

The Consultation Paper proposes the creation of an Advisory Committee comprised of senior representatives from the public and private sector and chaired by an official from the Department of Finance, to advise the federal government on a variety of issues and trends as they relate to AML and ATF activities.

We strongly support this proposal and we believe it would be a valuable tool in enhancing the effectiveness of Canada's AML/ATF framework.

To be effective, though, the Advisory Committee would need representatives from a cross section of reporting entities (while being small enough that its discussions could be focused and effective) and it would also need to have a clear role.

We would welcome the opportunity to work closely with government officials on developing the structure of the proposed Advisory Committee, including its objectives and membership.

Proposal 6.1 – Bundled EFTs

It is proposed that the PCMLTF Regulations be amended to clarify that bundled EFTs should not be reportable as one transaction. Instead, any EFT in a bundle should be reportable on an individual basis if it exceeds $10,000. The provision would apply in respect of institutional and commercial transactions such as salary and pension payments.

We note that this proposal would require a review of every single EFT batch file that is processed to determine if it contains an EFT in excess of $10,000. It would then be necessary to rebundle the payments to report to FINTRAC. We are compelled to say that this would be a significant technical challenge and operational and extensive systems changes would definitely be required to do this.

To ease the development and operational burden on financial entities, we strongly recommend that consideration be given to requiring that all international (cross-border) EFT transactions be reported regardless of amount. FINTRAC could then analyze the data in a manner better suited to the agency's purposes.

Proposal 6.2 - Beneficiary information in Cross-Border EFTs

Under the proposed amendment, if the name and address of the beneficiary were not provided in the EFT message, the reporting entity that is the ultimate recipient of an international EFT would be required to report the EFT even if it had not been the first reporting entity to handle the EFT as it enters Canada.

We point out that this proposal would impose a significant additional requirement on the ultimate recipient to screen all payments and to build a mechanism for identifying those international EFTs that had been processed through another Canadian financial institution, with a view to determining whether that intermediary institution had reported all information to FINTRAC. Measures would have to be put in place, in addition, to report any missing customer information related to these transactions to FINTRAC. We question whether the benefits of this proposal truly outweigh the administrative costs and burdens that it would undoubtedly create and we note that it would be more practical simply to require the reporting of all cross-border EFTs to FINTRAC.

Moreover, we strongly believe that this proposal should not be implemented until changes are made by SWIFT to the mandatory data fields for completion of international wire transfers/SWIFT transfers, as there would be a significant amount of manual work and double reporting required for reporting entities. Extensive systems changes would be required, we are compelled to note, to segregate incoming international MT103s with blank name or address fields and in our considered judgement, it would be impossible to identify EFTs where the name and/or address fields are incomplete, improperly completed or fictitious beneficiary information is provided..

We note that at this time, beneficiary information is not required to complete a SWIFT transfer and we are of the view that it is unreasonable to put this significant onus on reporting entities to ensure that such information is obtained and reported. In our minds, steps should be taken to change the SWIFT rules to make inclusion of beneficiary information mandatory for all payments conducted by SWIFT members.

Proposal 6.5 - Require reporting entities to obtain and report business numbers

This proposal would require reporting entities to obtain and report to FINTRAC the customer's CRA business number.

Again, this proposal would require a significant change to the account opening procedures of Canadian banks since they do not typically have a designated field in their systems to capture and store this information and we question the value of providing the business number in the circumstances where we already obtain extensive information on the business and the customer – information that is provided to FINTRAC - when making a report. In addition, the proposal does not explain the action to be taken by a reporting entity if a business customer does not have a CRA business number.

Our concern with this proposal, in fact, is more fundamental than simply a concern with its practicality. We believe that all identification numbers issued by CRA are intended solely for tax reporting purposes, and not for the purpose of identifying customers, whether personal or corporate. Indeed, the use of an individual's social insurance number (SIN) for purposes other than tax reporting is specifically prohibited.

While not prohibited for corporations, the proposal would include the many small businesses that operate in an individual's name (i.e. "doing business as ..."). We observe that the reporting of tax identification numbers in these instances would seem actually to require the reporting of the owner's SIN, which we believe would currently be a violation of the law.

Furthermore, we do not believe that individuals in larger corporations would have access to this information, and any requirement to include such information in large cash transaction reports, and other prescribed reports, would place an inordinate burden on financial entities.

Proposal 6.9 - Property Managers

Currently, some property managers have obligations under the PCMLTF Act and Regulations as they are required to hold a real estate licence to conduct property management activities in their province of operation. The amendment proposed in the Consultation Paper would exempt transactions conducted in the course of property management activities from the application of Part 1 of the Act.

We are proceeding on the basis that any exemption would be extended to financial entities involved in opening accounts for property managers. We would appreciate your confirming this.

Proposal 6.10 - Application to Foreign Branches

This proposal is intended to clarify that Part 1 of the PCMLTF Act applies to branches of financial entities and insurance companies located outside Canada.

We strongly disagree with this proposal. All branches and subsidiaries of banks operating outside Canada are subject to the laws and regulations of the jurisdiction in which they operate, and we note that such laws and regulations meet or exceed the standards set by the FATF for co-operating AML jurisdictions. To make them subject to Canada's specific laws and regulations, in addition, would impose double reporting standards on branches that do not apply to subsidiaries.

Agreements and procedures have been established to allow the sharing of information between governments and their agencies for the purposes of consolidated banking supervision and investigations of suspected money laundering. There have not been any public indications by Canadian officials that such arrangements are not effective, and we would note that such arrangements respect the dignity of sovereign nations and the professionalism of the officials in other nations. Extra-territorial legislation that implies a lack of confidence in international agreements and authorities in other countries may have unintended costs, for meager benefits, as such information would be obtained in any case, through established channels.

While we strongly support the goal of consistency of AML programs and procedures across organizations and countries, and that customer recordkeeping requirements and standards should be similar in all jurisdictions, it needs to be recognized that variances may exist. This proposal would require Canadian banks' global businesses to comply with two different sets of AML laws and regulations with respect to client identification, record keeping and compliance requirements. In addition, with respect to client identification, we note that certain jurisdictions have stringent privacy requirements that could result in criminal violations for releasing such information.

In short, we firmly believe that any proposal that contemplates the introduction of extra-territorial reporting of prescribed transactions would represent an unreasonable burden on Canadian banks and other financial institutions. We believe that it could place reporting entities in potential violation of local privacy and customer confidentiality requirements. Finally, it could indicate a lack of confidence in the arrangements made by the government of Canada, OSFI, and FINTRAC for the sharing of information with other governments, banking regulators and financial intelligence units, and, in our minds, could well be contrary to the spirit of greater co-operation and trust sought among bank regulators and AML authorities.

Proposal 6.13 - Providing documents to Compliance Officers

This proposal would amend the PCMLTF Act to require that documents requested by a FINTRAC compliance officer be produced at a site determined by FINTRAC.

We understand that the purpose of this proposal is to allow FINTRAC representatives to conduct examinations in their offices, as opposed to conducting the examinations on-site at the financial entity's location. We are concerned that this measure may result in financial entities facing allegations of breach of their fiduciary responsibility with respect to customer records and, therefore, we request that there be full consultation about the details of this proposal before it is implemented

Proposal 6.14 - Compliance Questionnaires

Under this proposal, reporting entities would be compelled to complete and return to FINTRAC, compliance questionnaires sent to them by FINTRAC.

In principle, we are not opposed to this proposal as long as regulatory duplication and unnecessary costs are avoided. For example, for financial entities with several affiliates that are also reporting entities, one omnibus questionnaire, rather than separate questionnaires, should be sent by FINTRAC to the parent institution for completion by the parent on behalf of the whole group and a reasonable time should be given to complete the questionnaire.

Proposal 6.15 - Statute of Limitations for Non-Compliance Infractions

Would you please confirm our understanding that the proposed increase to five years from one year in the statute of limitations for non-compliance infractions, if action is taken by summary conviction proceedings, will not be grandfathered and will only come into force as of the date that the change is enacted.

In Closing

The CBA is pleased to have had this opportunity to provide its preliminary comments on the proposals in the Consultation Paper. Our aim in participating in this consultative process, as we have already mentioned, is to work with the federal government and other stakeholders in enhancing our AML/ATF framework. With the comments that we have provided on the proposals and with our anticipated ongoing discussions, we expect to contribute to developing a regime that is both effective and balanced.

Appendix A

Box 348, Commerce Court West
199 Bay Street, 30th Floor
Toronto, Ontario, Canada M5L 1G2

Robert Foote
Advisor, Security
Tel.: [416] 362-6093 Ext. 245
Fax: [416] 362-0412

August 17, 2004

By E-mail: hemmings.lynn@fin.gc.ca

Ms. Lynn Hemmings
Senior Project Leader
Financial Sector Division
Department of Finance
L'Esplanade Laurier, 20th Floor, East Tower
140 O'Connor Street
Ottawa, Canada
K1A 0G5

Dear Lynn,


Proposed new exemptions to record-keeping and ascertaining identity

On behalf of the CBA Money Laundering Working Group (CBAMLWG), thank you for providing the group with the opportunity to review and comment on the proposed amendments to the client identification and record keeping requirements under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) Regulations.

We have reviewed the proposed changes and offer our comments below.

General Comments

Overall, we strongly support the proposed amendments, and believe they will be helpful in clarifying some inconsistencies in the current regulations while reducing the burden on our customers, especially low risk clients.

We have some general comments we feel should be considered in the broader scope of the proposed amendments.

  • We are concerned the proposed amendments do not eliminate the disparity between the identification and exemption requirements for different financial institutions e.g. insurance companies, brokers and banking. All alternative methods by which a customer's identity can be ascertained should be made available to all industry sectors. Since the proposed amendments indicate a review of client ID requirements is now being undertaken, it may be beneficial and timely to review client ID requirements between industry sectors.
  • We feel financial institutions should be able to place reliance on client identification obtained through proper customer due diligence avenues conducted across business lines by affiliated entities and subsidiaries in all parts of our organizations. Consistency in client id and exemption requirements across these channels will further assist in ensuring that a client need only be identified once within an institution's financial group.

Given these comments are not directly addressed in the draft language provided, we would welcome the opportunity to discuss them more fully with you either through the broader public consultation process, referred to in your original note, or through a conference call to be arranged at your convenience.

Specific Comments

Below we are providing specific comments on the informal draft language included in your original note of June 14, 2004. As already noted, we strongly support the proposed amendments, but have the following specific comments, questions or suggestions on some aspects of the proposed amendments as presented.

(All section numbers refer to the proposed language unless otherwise indicated.)

Sections 62 (1) (d) & (e):

  • We suggest a reference be included to extend the identification verification requirements to "subsidiary (ies) under the control of a corporation..." referred to in paragraph (d). As you are aware, large corporations within this category often operate through numerous subsidiary legal entities, but the exception language, as currently drafted, does not appear to clearly extend to them, although this would make more sense from a practical perspective. From an operational perspective, this inconsistency has caused immense challenges for member banks.
  • We would welcome clarification about the status of "Aboriginal Bands". Are they considered to be a "public body" under these sections? We suggest they be included in an exception. Alternatively, it is requested at a minimum that any accounts opened by, on behalf of, or for the benefit of Aboriginal Bands, where the funds are known to have originated from a government, crown or public agency (e.g. payments as a result of a land claim settlement) be exempted from the identification requirements.
  • We recommend the inclusion of a new section exempting federal and provincial Crown Corporations, as well as Public Utilities.
  • We recommend the inclusion of a new section extending the exception to cover court-appointed guardians of real or legal persons, including guardians for incapable persons and trustees-in-bankruptcy. It is inappropriate and unnecessary to obtain identification in circumstances where clients/accountholders are declared incapable or bankrupt and guardians or trustees-in-bankruptcy are appointed by the court to manage the assets.

Section 62 (2):

  • We believe section 55 should be included as one of the sections that does not apply in respect of the subsequent listed policies, products and accounts. Section 55 pertains to identity verification requirements for trust companies and is referenced in the current regulations under section 62(4).

Section 62 (2) (h):

  • The draft language in this section only extends to foreign affiliates of a financial entity and we recommend that it be revised to include domestic affiliates of a financial entity.

Section 62 (2) (i):

  • We recommend the inclusion of Registered Education Savings Plans (RESP's) as part of this section in order to maintain consistency in treatment of registered products.

Section 62 (2) (p):

  • We believe the wording in this section should be broadened to include foreign regulated pension funds.

Thank you again for the opportunity to comment on these proposed amendments. The CBA and its members very much appreciate your willingness to consult with us on this matter. Should you have any questions or comments, please feel free to contact me.


Original signed by 
Robert Foote


cc. CBA MLWG members
Paul McGrath