Money-laundering regulations get a facelift

Amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) were issued February 13, 2013 and come into force one year later.

The amendments impact a wide range of financial services entities, including:

• Financial institutions
• Life insurance companies
• Life insurance brokers or agents
• Securities dealers
• Accountants and accounting firms
• Real estate brokers, sales representatives and developers

Reporting entities will need to update their policies and procedures, risk assessments, processes, systems, training programs and documentation to reflect the new standards.

The new standards address the following areas:

01 Customer Due Diligence (CDD)

The amendments provide clarifications to the CDD provisions and define when and how CDD measures should be prescribed. The term “business relationship” is introduced to identify circumstances where CDD applies.

It’s defined as any relationship with a client established by a reporting entity “…to conduct financial transactions or provide services related to those transactions.” Also:

• If a customer holds one or more accounts, the business relationship includes all the transactions and activities for all accounts; or
• If a customer does not hold an account, the business relationship consists of only transactions and activities for which the reporting entity would be required to ascertain identity or confirm corporate/entity existence.

Transactions and accounts currently exempted from identification and record-keeping requirements (e.g. RRSPs, group term life insurance) are not considered part of the business relationship.

Consolidating transaction profiles

Reporting entities that open accounts will need to ensure all accounts across all business units are consolidated by customer — anti-money-laundering risk management systems such as Verafin currently allow for this. they also have to consider what technology will be used to consolidate and track non-account transactions by customer, as though they were account holders (or prohibit non-customer transactions, which is already a common practice in the credit union industry, for instance).

Reporting entities that do not open accounts will need a method to aggregate and track prescribed transactions by customer (and to distinguish between prescribed and non-prescribed transactions). while this is currently common practice for money services businesses, foreign exchange companies and casinos, it is less common for other reporting entities such as accountants and real estate businesses.

CDD’s emphasis is not only on clients with accounts but also on client transactions and activities where identification is required.

The new regulation also defines what “ongoing monitoring” includes. The objective here is to detect reportable transactions, keep client information up to date, reassess the risk level of the client’s transactions and activities, and determine if the transactions or activities are in line with what is known about the client (see “Consolidating transaction profiles,”).

This is the most significant of the proposed changes. Information updates for all clients and monitoring on a client-by-client basis will require a combination of automated and manual approaches to be practical. Smaller reporting entities would be most affected.

The CDD measures include keeping a record of the purpose and intended nature of the business relationship. Under the new standard there will be no exceptions to CDD measures where suspicious transactions or activities are involved.

02 Enhanced Due Diligence (EDD)

The new regulations include keeping client information up to date and applying enhanced ongoing monitoring of business relationships to detect reportable transactions.

Where it is found that the risk level of the client’s transactions or activities for money laundering or terrorist activity is higher, EDD measures apply based on the level of risk. The idea is to ensure reportable entities adequately identify their customers, understand their activities and apply a risk-based approach to these activities (see “Enhanced due diligence measures,” ).

03 Beneficial ownership

The requirements around beneficial ownership have been adjusted to include obtaining beneficial ownership information on trusts relating to trustees, beneficiaries and settlors. The term “reasonable measures” no longer applies when it comes to confirming beneficial ownership. Reportable entities must now obtain and confirm the prescribed information on beneficial ownership.

Enhanced due diligence measures

Reporting entities must subject high-risk customers, activities, and transactions to new screening procedures.

At a minimum, these measures must include:

• Ascertaining identity beyond legislative requirements
• Keeping client identification and beneficial ownership up to date
• Conducting ongoing monitoring of business relationships beyond legislative requirements to detect suspicious transactions

The new standard will also require reportable entities to obtain information establishing the ownership, control and structure of the entity and to take measures to confirm the accuracy of the information obtained. The institution must keep records of the information and take measures to confirm its accuracy.

When beneficial ownership information can’t be obtained, the institution must ascertain the identity of the trust’s most senior managing officer and treat that customer as high risk. EDD measures then apply.

Do any of the percentages change?

The 25% threshold remains the same, except for IIROC-regulated firms subject to IIROC rules 1300.1 (b) and (e), in which case the threshold is 10%.

What information do financial institutions have to send now?

Financial institutions, including banks, credit unions and securities dealers, must send FINTRAC reports on large cross-border movements of funds, large cash transactions, and transactions they find suspicious.

All these categories of reports involve many fields and pages of information. To complete them, reporting entities must have collected, and in some cases independently verified, a great deal of information about their clients and the transactions they conduct. Over the past four years, FINTRAC compliance examinations have involved increasingly detailed assessments of the technical adherence to information collection, and nuanced interpretations of the content required for each field.

For example, anti-money-laundering legislation requires information on a person’s occupation and the intended use of an account. FINTRAC examinations have in the past found deficiencies where occupations such as “Accountant” or “Retired,” and intended uses such as “Savings” or “Household expenses” were declared too vague.