Regional Report Canada: As gun-shy Fintrac regains penalty powers, government strengthens AML, will enforcement rise?

ACFCS Portrait 10 Dollars Canadian Bank Notes. Canada money, Canada bank note. Financial Closeup Collection.

The Skinny:

  • Over the last year, Canada has been bolstering AML across the board with stronger rules targeting riskier sectors like virtual currencies, cracking open beneficial ownership bastions and boosting budgets for investigators.
  • But for the past four years, the country’s financial intelligence unit, Canada’s Financial Transactions and Reports Analysis Centre (Fintrac), has been out of the fight in a critical area that helps foster compliance: levying statement-making penalties – or in this case handing down any fines at all.
  • There is a good reason that Fintrac, which in early 2016 handed down its largest ever penalty for AML failures at more than $1 million, has been somewhat gun-shy when it comes to levying fines: because it tried to hit several entities, they fought back in Federal Court, and the regulator lost.  
  • The loss in court was a particularly galling one for Fintrac as some of the penalties it was trying to levy for AML failures were as small as $5,000.
  • The defeat resulted in Fintrac engaging in a comprehensive multi-year review of its policies around the issuance of administrative monetary penalties.
  • On the plus side, AML compliance professionals in Canada have more detail, specificity and clarity to sharpen their programs than ever before.
  • But being very prescriptive can also have a dark side: if your AML program currently has gaps, or what examiners consider gaps in these areas, you could be making a date with the Federal Court.

By Brian Monroe
bmonroe@acfcs.org
June 18, 2020 

Over the last year, Canada has been laying the groundwork to bolster the fight against illicit finance in a bevy of ways: stronger rules targeting riskier sectors like virtual currencies, cracking open beneficial ownership bastions and boosting budgets for investigators.

But for more than four years, one critical piece of the anti-money laundering (AML) enforcement puzzle has been missing: penalties for non-compliance. While the U.S. been handing down AML, sanctions and corruption fines in the hundreds of millions and even billions of dollars – Canada’s Financial Transactions and Reports Analysis Centre (Fintrac) has remained uncharacteristically mum.

There is a good reason that Fintrac, which in early 2016 handed down its largest ever penalty for AML failures at more than $1 million, has been somewhat gun-shy when it comes to levying fines: because it tried to hit several entities, they fought back in Federal Court, and the regulator lost.  

“Since May 2016, Fintrac’s hands were tied because of the Federal Court of Appeals ruling the Centre’s method for calculating fines was unclear,” according to report by Ted Sausen at NICEActimize.

“This made it difficult for organizations to challenge fined amounts,” he wrote. “As a result, six violation notices were repealed, leaving FINTRAC with an inability to assess fines on financial institutions for non-compliance.”

The loss in court was a particularly galling one for Fintrac as some of the penalties it was trying to levy for AML failures were as small as $5,000.

The defeat resulted in Fintrac engaging in a comprehensive multi-year review of its policies around the issuance of administrative monetary penalties.

On the plus side, AML compliance professionals in Canada have more detail, specificity and clarity to sharpen their programs than ever before. But being very prescriptive can also have a dark side: if your AML program currently has gaps, or what examiners consider gaps in these areas, you could be making a date with the Federal Court.

The impetus for Fintrac’s policy review was the decisions of the Federal Court and the Federal Court of Appeal in Max Realty Solutions v. Attorney General of Canada,1 Kabul Farms v. R, and Contrevenant No. 10 v. Attorney General of Canada, according to analysis by many of the top minds at Torys.

The facts of the three cases differ, but the courts reached the same conclusion in all three: FINTRAC had a valid basis for finding that the reporting entity violated the PCMLTFA, but they set aside the AMPs because the regulator failed to supply an adequate rationale for how it calculated the AMPs – details in countries like the United States spelled out in rules, regulations, guidance, prior penalties and an interagency AML exam manual.

In Kabul, the leading case, the Court of Appeal explained that “[a]s part of procedural fairness, a party potentially liable for an administrative monetary penalty, such as the respondent, needs to know about any formula, guideline or supporting analysis the Director will rely upon in his assessment of penalties,” according to court documents reviewed by legal professionals.

In the case of Kabul, Fintrac’s Director had used an unpublished formula to determine the AMP.

Furthermore, the court held that the formula appeared to conflict with the criterion set by legislation as the “formula is based only on the type of violation, not the particular mitigating or aggravating facts underlying it relating to harm.”

To be justifiable, “the sorts of figures the Director chose at each step in this methodology” should have been “underpinned or justified by some reasoning or evidence in the record.”5 The Court of Appeal found that this reasoning was lacking: based on the record, FINTRAC “might have plucked the numbers from the air.”

So what did Fintrac’s AML penalty review conclude and produce for compliance teams?

FINTRAC’s review has resulted in five documents: (a) the Compliance Framework; (b) the Assessment Manual; (c) the AMP policy; (d) sample penalty calculations; and (e) a voluntary declaration of non-compliance policy, according to Torys.

The AMP policy includes a two-step process for calculating AMP amounts for violations of the PCMLTFA when FINTRAC determines, in its discretion, to issue an AMP:

  • First, classifying the violation and assessing the harm done. Harm is defined as the degree to which a violation interferes with achieving the objectives of the PCMLTFA or FINTRAC’s ability to carry out its mandate.
  • Second, assess the reporting entity’s compliance history. Penalties for first-time violations will generally be reduced by two-thirds the base amount, second-time violations (meaning the reporting entity has previously been penalized for a violation of the same type) will generally be reduced by one-third the base amount, and penalties for third time violations will be at the full base amount.

The voluntary declaration of non-compliance policy provides that where (a) the declared non-compliance issue is not a repeated instance of a previously voluntarily disclosed issue; and (b) the declaration has not been made after the reporting entity has been notified of an upcoming examination, FINTRAC will not issue an AMP.

FINTRAC has also provided new guidance on when it “may” publicly “name” AMP recipients. It may do so under any of the following circumstances: (a) the person or entity has committed a very serious violation; (b) the final penalty amount is equal to or greater than $100,000; or (c) the person or entity has previously been subjected to an AMP.

As Fintrac brandishes penalty powers anew, what are expectations? The answer: perfection

As we highlighted, one of the biggest changes in the flurry of AML amendments over the last year is that Fintrac must much more transparent about its penalties – whenever the agency finally pulls the trigger.

On June 21, 2019, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act was amended, “requiring Fintrac to make public all administrative monetary penalties (AMPs) imposed,” it stated on its site.  

As a result, Fintrac’s AMP policy has been “updated to reflect the change to mandatory publication at specific stages in the penalty process. Mandatory publication will apply to all AMPs imposed as of June 21, 2019.”

But, ironically, according to Fintrac, it may not need to bring the penalty hammer soon to set a new tone for compliance. Most banks in Canada are expected to be already complying with AML rules broadly, and creating and filing suspicious transaction reports (STRs) with value to Fintrac and law enforcement.

How do we know this?

Well, Fintrac admitted as much, according to its “2020–21 Departmental Plan” released in March.

Under the section, “Planned results for Compliance with Anti-Money Laundering and Anti-Terrorism Financing Legislation and Regulations,” the “percentage of assessed reporting entities not requiring enforcement action” has a target goal of 90 percent.

Similarly, the “percentage of financial transaction reports submitted to FINTRAC that meet validation rules as an indicator of quality,” also has a target goal of 90 percent. The deadline for this nigh total expectation of total AML compliance program perfection: March 31, 2021. Good luck! 

A stronger focus on enforcement could complicate updates, adjusting to new rules

Running, adjusting and remediating AML programs is difficult in the best of times.

But with so many updated and amended AML duties, particularly those covering sectors not typically under such scrutiny, that could open the door for examiner criticism – nudging the specter of fines ever closer.

In amendments and updates to Canada’s top AML rules, the government has updated requirements for money services businesses (MSBs), foreign MSBs, designated non-financial businesses and professions (DNFBPs), virtual currencies, real estate and jewelers, along with new wrinkles around cross-border currency and monetary instruments reporting regulations, just to name a few:

Here is a snapshot of some of the key changes, according to legal analysts.

On June 10, 2020, “regulations amending the regulations amending certain regulations” made under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the “PCMLTFA”) were registered in the Canada Gazette.

The new regulations make a number of amendments to prior amendments (Draft Amending Regulations) to the existing regulations under the PCMLTFA, which were published on February 15, 2020, including updated duties for operations under the rubric of financial institution, but not technically a bank, according to analysis by top Canadian compliance thought leaders at law firm McCarthy Tetrault.

To view a prior summary of the Draft Amending Regulations, click here.

Draft Amending Regulations

The Draft Amending Regulations included a number of amendments which expanded the obligations applicable to a bevy of designated non-financial businesses and professions (DNFBPs), including:

·       casinos,

·       Dealers in precious metals and stones (DPMS),

·       Real estate brokers, sales representatives and developers,

·       Accountants and accounting firms,

·       British Columbia notaries and

·       Agents of the Crown, such as the requirement to ascertain beneficial ownership and the requirement to determine whether customers are politically exposed persons (PEPs).

 Additional obligations were also proposed for casinos and real estate developers, brokers and sales representatives.

Changes to Draft Amending Regulations

Business relationship

A “business relationship” is a relationship established between a FINTRAC reporting entity and a client, whereby the reporting entity conducts financial transactions or provides services related to those transactions. 

Financial entities and securities dealers commented that the Draft Amending Regulations could be interpreted as removing certain exemptions from forming a business relationship, and recommended reinstating the explicit exemptions from forming a business relationship when opening certain low-risk accounts.

Resulting change – as the policy intent is to continue exempting low-risk accounts from the formation of a business relationship, exceptions which were previously included in the definition of business relationship have been reinstated for certainty.

For example, the Regulations now explicitly state that sales of certain group life insurance policies are exempt from forming a business relationship.

The Regulatory Impact Assessment to the Regulations states that this revision is not intended to constitute a change in policy but rather a clarification to address a drafting point.

Record-keeping obligations

Financial entities and securities dealers commented, that:

  • While financial institutions were previously required to keep records on who has been authorized access to a business’ bank account, these record-keeping requirements were not equally applicable to financial entities and securities dealers under the Draft Amending Regulations.
  • Under the Draft Amending Regulations, the verification of identity in respect of a credit card or a prepaid payment product account, as well as its timing, was inconsistently applied between similar products. The Draft Amending Regulations required that identity be verified when a credit card is issued, while the requirement for identity verification for prepaid payment products was tied to activation. This was inconsistent as there could be a lag between when a credit card is issued versus when it is activated.

Resulting change – The Regulations now provide that securities dealers will have to keep records of no more than three persons, as opposed to all persons, authorized to access a business account, consistent with the requirement for financial entities.

The Regulations have been modified to be consistent across similar products. The Regulations also now require identity verification once a credit card is activated, instead of when it is issued, to match the requirements for prepaid payment product accounts.

PEP determination

Previously, the PCMLTFA and its regulations only required that financial entities, securities dealers, money services businesses (MSBs) and life insurance companies to determine whether their customers are PEPs; the Draft Amending Regulations proposed expanding these obligations to DNFBPs.

Casinos commented that PEP determination could be burdensome to casinos as it is time-consuming and considered intrusive by patrons, considering the required inquiries on family and close associates of PEPs.

The identification of a PEP’s family members and close associates could be time-consuming at a gaming establishment during account opening and may encourage patrons to stop making accounts due to the intrusive nature of the inquiries.

Resulting change – the Regulatory Impact Assessment to the Regulations noted that it is critical to consider family members or close associates of PEPs, as it is an established trend that criminals will distance themselves from proceeds of crime until the proceeds have been laundered. Family members or other personal relationships are frequently relied on to conduct transactions on behalf of criminals in order to create this distance.

As a result, while the PEP requirements could not be relaxed due to the FATF Standards – the internationally endorsed AML/ATF standards established by the Financial Action Task Force – and the money laundering risks posed by casinos, the same exemptions that apply to financial entities will be extended to DNFBPs, MSBs and casinos.

Under these exemptions, reporting entities do not have to conduct a PEP determination for certain low-risk entities and accounts (such as a corporation or trust that has minimum net assets of $75 million and whose shares or units are traded on a Canadian stock exchange, which is unlikely to be a PEP).

Coming into Force

The Regulations came into force on May 20, 2020.

June 1, 2020 Amendments

As well, certain prior amendments (see our summary here) to the regulations under the PCMLTFA came into force on June 1, 2020.

These amendments, among other things, introduced new obligations for domestic and foreign businesses that “deal in virtual currency.”

As required of MSBs, persons and entities dealing in virtual currency will need to fulfill certain AML/ATF obligations, including implementing a full compliance program and registering with FINTRAC.

As well, foreign MSBs will be required to fulfill similar obligations to domestic MSBs, for example, registering with FINTRAC, exercising customer due diligence, reporting transactions and keeping records for the same activities.

Finally, the “travel rule” also as of June 1 applies to businesses dealing in virtual currency in Canada, consistent with the 2019 FATF guidance on virtual assets.

Canada crypto compliance expectations could rise

It’s no surprise Canada is attempting to better secure its virtual borders as the “Travel Rule” has been a vexing industry focal point, an overall tumultuous year for an already-rollicking sector.  

Crypto exchanges and other Virtual Asset Service Providers (VASP) are already facing fresh compliance challenges in the form of updated counter-crime guidance released by the Paris-based Financial Action Task Force (FATF) in June 2019.

At the widely-watched meeting, FATF, which sets global AML standards, issued the first ever broad international recommendations to cover virtual value with financial crime compliance rules, including stringent requirements to capture and share customer data with related crypto-enabled entities, risk assess customers and businesses for illicit inclinations, monitor for aberrant activity and file reports to law enforcement.

Under these new measures, virtual asset service providers are required to implement roughly the same AML/CFT requirements as traditional financial institutions, dubbed by many in the crypto space as the “Travel Rule,” including:

  • Identify who they are sending funds on behalf of, and who is the recipient of those funds;  
  • Develop processes where they are required to share that information with other providers of virtual assets, and law enforcement;  
  • Know their customers and conduct proper due diligence to ensure they are not engaging in illicit activity; and,    
  • Develop risk-based programs that account for the risks in their particular type of business. 

The guidance and related interpretative note to its recommendations covers virtual asset (VA) activities and virtual asset service providers (VASPs) – think formal crypto currency exchanges – and even smaller operations, have stated they face broad difficulties in capturing, analyzing and sharing the details of customers and users with other service providers, brick-and-mortar institutions and investigators.

Apart from the controversial “Travel Rule,” the key pieces of the FATF guidance include:

  • Virtual asset exposure, risk assessments: Obligations requiring countries to assess and mitigate their risks associated with virtual asset activities and service providers.
  • Licensing, registration regulatory reviews: License or register service providers and subject them to supervision or monitoring by competent national authorities – notably, countries will not be permitted to rely on a self-regulatory body for supervision or monitoring – and implement sanctions and other enforcement measures when service providers fail to comply with their AML/CFT obligations.
  • Multi-country, agency cooperation, coordination: The guidance also underscores the importance of international cooperation. Some countries may decide to prohibit virtual asset activities based on their own assessment of the risks and regulatory context, or to support other policy goals.

“The threat of criminal and terrorist misuse of virtual assets is serious and urgent,” FATF said in a public statement, adding that the group expects all countries to “take prompt action to implement the FATF Recommendations,” giving countries a scant 12 months to implement and abide by the guidelines, with a review set to start this month.

Canada cracks open ownership bastions, boosts investigator budgets

While changing laws in Canada tied to AML have been needed to keep pace with criminal trends and global watchdog updates, the country over the last year has also finally opened up the budget purse strings to give investigators more resources.

A year ago this month, Canada’s top governmental officials detailed several key moves they were making to strengthen AML defenses, give more resources to investigators and remove law enforcement stumbling blocks, including:

  • Ownership opacity: Making it easier to find out who owns what by improving beneficial ownership transparency. Participating provinces and territories will initiate open consultations towards a beneficial ownership public registry. These consultations will examine the benefits to a public registry in combatting financial crimes, and will prioritize businesses’ competitiveness, individuals’ privacy and respect of jurisdictional responsibility.
  • Budget bump: Helping governments investigate and prosecute financial criminals. This includes an intention to provide up to $10 million to the Royal Canadian Mounted Police, beyond Budget 2019 commitments, to help it invest in information management and IT infrastructure and digital tools to pursue complex financial crimes.
  • Guarding gatekeepers: Creating a new working group with the Federation of Law Societies of Canada to address the inherent risks of money laundering and other illicit activity that may arise in the practice of law. The working group will hold its first meeting later this month.
  • Cooperation nation: Working cross-government on anti-money laundering best practices, and reporting back to Ministers by January 2020. To read the full report, click here: Canada’s Department of Finance.

Enter the AML ‘Special Ops’ Team

These moves are in addition to key actions taken in March 2019, when Canada stated in its budget it was proposing a special ops-style financial crime compliance and investigations task force to deepen, broaden and tighten investigative resources, effectiveness and outcomes – and find and crush the mega laundering networks.

The goal: counter a growing array of money laundering loopholes allowing criminals to cleanse billions of dollars through real estate, casinos, international trade and more Canada.

The new tactic by the federal government was just one of the many ways Canada stated at the time it is attempting to improve its regulatory, compliance and investigative track record for countering large scale, complex and international money laundering operations.

The country, as is the case with many of its ally regimes, is beset by criminal groups, corrupt oligarchs, cyber hackers and others.

In recent years, Canada has been accused of becoming a destination for billions of dollars in questionable funds from China, Russia and other risky regions, so much so, that one group even coined a money laundering tactic through casinos called the “Vancouver Method.”

To outside watchdog groups, these improvements to Canada’s AML compliance and investigations regimes are desperately needed.

Fintrac itself noted in the March Departmental Plan for the coming year that the financial intelligence unit was facing daunting challenges, a likely nod to compliance in a time of coronavirus.

“These are challenging times, as we strive to stay ahead of criminals and hostile actors who aim to exploit our financial system to launder their proceeds from large-scale fraud, trafficking and corruption,” said Nada Semaan, Fintrac’s Director and Chief Executive Officer since March 2018.

“ At the same time, both FINTRAC and Canada’s broader AML/ATF Regime must address the continual pressures of global technological change which affect our society generally and the financial sector specifically.”

To deliver its intended results, Fintrac will “harness digital renewal to enhance our capabilities. We will collaborate with our many stakeholders — regulatory partners, thousands of Canadian businesses, Canada’s police, law enforcement and national security agencies and our international allies — to share information and best practices,” Semaan wrote.

These efforts will be modeled in some aspects after Fintrac’s strategies to combat human trafficking in the sex trade, mass-marketing fraud and the production and distribution of fentanyl, as well as the laundering of criminal proceeds stemming from illicit activities.

“In the coming year, we will build upon the excellent coordination we have witnessed between FINTRAC, police and businesses in our public-private partnerships by enhancing lawful information sharing to better detect, prevent and disrupt criminal activity with an emphasis on gaining a greater understanding on when and how the underground banking and formal banking system may intersect.”