Fintrac penalties against bank and smaller entities show power of regulator

Four monetary penalties by Canada’s financial intelligence unit against a bank and three smaller entities for compliance deficiencies reveal institutions can face massive fines for relatively minor infractions, but some institutions fear their names being publicized even more than a hefty payment.

Canada’s Financial Transactions and Reports Analysis Centre (Fintrac) this month levied its first – and largest – penalty against a bank for anti-money laundering (AML) failures, a $1.2 million fine against an unnamed Canadian institution for failing to report a single suspicious transaction report (STR), and breaches tied to reporting of a cash transaction and wire of $10,000 or more. To view Fintrac’s enforcement actions, please click here.

The size of the penalty might seem alarming to those outside of Canada compared with the lightness of the offense, but institutions can face penalties in the hundreds of thousands of dollars for “getting one field in one STR wrong,” said Matthew McGuire, vice president of financial crime risk management at Toronto-based Securefact, which focuses on identification verification technologies.

Now those penalties can spiral higher if there are multiple errors in a given STR or what the regulator perceives as missed STRs that should have been filed, easily presenting a potential penalty in the millions or tens of millions of dollars, he said.

And rather than penalty reductions being based on the strength of the overall compliance program, transparency or remediation efforts, the bulk of any reduction in penalty amounts are based more around the size of the institution, McGuire said.

So a small entity with only a few employees could get up to a 95 percent reduction in the maximum penalty amount, while a large bank with more than 500 employees globally would get no chance at a reduction, he said.

Fintrac increasingly willing to levy penalties

In tandem with the million-dollar bank penalty, the regulatory body – which has been increasing in its aggressiveness and willingness to penalize entities with even basic AML deficiencies in recent years – penalized three small entities in the tens of thousands of dollars, but chose to publish their names along with very vague and boilerplate details of their missteps.

Fintrac fined the Diamond Exchange Toronto, Becksley Capital in Toronto and Victoria Jewellers in Regina, Saskatchewan, for penalties totaling nearly $55,000, for an array of gaps, including failures involving written procedures, assessing and documenting financial crime risks and compliance training.

Becksley is the only action that highlighted slightly different issues, and is the highest amount of the three at $28,500 Canadian dollars, noting problems tied to instituting and documenting a previously-prescribed two-year programmatic review and failing to take “reasonable measures” to determine at account opening if the account would be used by a third-party.

The actions are also absent of much depth, in stark contrast to extremely detailed US AML actions, which mean there is little in the way of instruction to help other banks not make the same mistakes, McGuire said.

“Guidance in Canada is tremendously lacking” when it comes to AML, he said, adding that in many instances current documents proffered by regulators are “very high-level, theoretical” doctrines that make it “difficult to offer much assistance” in terms of on-the-ground compliance challenges.

In too many cases, the only “assistance institutions get is through the exam process,” when they are on the receiving end of letters or penalties, McGuire said. “That is the time [regulators] write down and provide some level of guidance on what has gone wrong.”

So how much in penalties could a Canadian entity be facing for AML failures? Here is the answer, according to Fintrac:

Violations are classified by the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations as minor, serious or very serious and carry the following range of penalties:

  • Minor violation: from $1 to $1,000 per violation
  • Serious violation: from $1 to $100,000 per violation
  • Very serious violation: from $1 to $100,000 per violation for an individual, and from $1 to $500,000 per violation for an entity (e.g. corporation)

Criminal penalties

 FINTRAC may disclose cases of non-compliance to law enforcement when there is extensive non-compliance or little expectation of immediate or future compliance. Criminal penalties may include the following:

  • Failure to report suspicious transactions: up to $2 million and/or 5 years imprisonment.
  • Failure to report a large cash transaction or an electronic funds transfer: up to $500,000 for the first offence, $1 million for subsequent offences.
  • Failure to meet record keeping requirements: up to $500,000 and/or 5 years imprisonment.
  • Failure to provide assistance or provide information during compliance examination: up to $500,000 and/or 5 years imprisonment.
  • Disclosing the fact that a suspicious transaction report was made, or disclosing the contents of such a report, with the intent to prejudice a criminal investigation: up to 2 years imprisonment.

More pressure on Canada, Fintrac to bolster AML framework

The pronouncement by Fintrac occurs just weeks after the largest financial leak in history tied to Panamanian law firm Mossack Fonseca that revealed the operation worked with dozens of banks to help create hundreds of shell companies for politicians, criminals and sanctions evaders.

The leak also named Royal Bank of Canada and subsidiaries in connection with more than 370 shell corporations, though the bank has denied wrongdoing or skirting tax and AML laws.

Fintrac is also likely feeling more pressure to make its AML framework appear stout and its examining bodies sound with a recent mutual evaluation of its country-wide procedures by the International Monetary Fund (IMF), reviewing standards set out by the Paris-based Financial Action Task Force (FATF), which sets global AML standards.

According to an assessment calendar on the FATF site, Canada was reviewed in November with results scheduled to be published in June.

Apart from its examination and enforcement duties, Fintrac, which was formed in 2000 but didn’t get penalty authority until the late 2000s, analyzes reports of suspicious activity submitted by entities subject to AML rules, including banks, money services businesses, broker dealers and others.

In fiscal 2015, it received more than 92,000 suspicious transaction reports – typically transfers of $10,000 or more into or out of Canada, a jump of 13 percent from the prior year, according to Fintrac’s latest annual report.

During the year, it also issued 16 monetary penalties to “encourage change in the non-compliant behaviour of reporting entities,” according to the report.

So how does Fintrac decide if a bank or other entity should be named in an enforcement action? Here is the answer:

Fintrac can, at its discretion, publish specific details of an administrative monetary penalty (AMP) imposed once all proceedings in respect of the AMP have concluded (i.e., all avenues of review and appeal have been exhausted). The purpose of public notice is to promote awareness, encourage a change in compliance behavior and demonstrate transparency. As of June 26, 2013, a person or entity subject to an administrative monetary penalty may be named if one of the following criteria is met:

  • The person or entity has committed a very serious violation; or
  • The base penalty amount is equal to or greater than $250,000, before adjustments are made in consideration of the person or entity’s compliance history and ability to pay; or
  • Repeat significant non-compliance on the part of the person or entity.

Institutions don’t want the Fintrac ‘kiss of death’

When queried about why Fintrac chose not to publish the name of the bank tied to its largest ever penalty, a spokesman stated that the regulator has discretion to not publish the names of offenders and that it chose to do that to get the penalty out quickly rather than await the results of a lengthy appeals process, according to media reports.

But the bigger fight for some institutions is not just to lower their penalty exposure, but to keep their names out of public enforcement documents altogether.

Now, larger banks with “deep pockets” can use their leverage to negotiate their names not being put into the public record, an option typically not available to smaller MSBs or other more diminutive operations subject to AML rules, McGuire said.

That’s because getting named in a public enforcement action “can be the kiss of death” for an entity, particularly small money remitters and other MSBs, he said, noting that of the dozen or so MSBs named recently in enforcement actions, only two were still in existence a year later.

“Some bank policies explicitly say that if you are an MSB and you were the subject of an AML action or penalty previously, you are not a candidate” to have accounts at that institution, McGuire said. “Getting named publicly has a very significant impact on some operations. People are quite willing to write the check, they just don’t want their names associated with such behavior.”