On June 9, 2018, amendments to the regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) were proposed by the Department of Finance (the Proposed Regulations). The Proposed Regulations are wide ranging, and include a number of substantive changes as well as technical amendments. Some of the more noteworthy changes are: regulating businesses dealing in virtual currency; addressing prepaid products; and subjecting foreign money services businesses (MSBs) to Canada's anti-money laundering and anti-terrorist financing (AML/ATF) regime.
There is a 90-day period during which stakeholders can make representations concerning the Proposed Regulations. Once the Proposed Regulations are finalized, it is anticipated that they will come into force 12 months after their registration in the Canada Gazette.
The Regulatory Impact Analysis Statement notes that once the Proposed Regulations are approved, the Financial Transactions and Reports Analysis Center of Canada (FINTRAC) will update its guidance to set out its expectations for how obligations are to be met.
Virtual currency has become prominent recently, but was not specifically addresses in Canada's AML/ATF regime. An amendment to paragraph 5(h) of the PCMLTFA in 2014, but which is not yet in force, would expand the definition of an MSB to include "dealing in virtual currency." Regulations were required to define what it means to be engaged in the business of "dealing in virtual currency."
The Proposed Regulations define "virtual currency" as:
(a) a digital currency that is not a fiat currency and that can be readily exchanged for funds or for another virtual currency that can be readily exchanged for funds; or
(b) information that enables a person or entity to have access to a digital currency referred to in paragraph (a).
The Proposed Regulations defines "virtual currency exchange transaction" to mean an "exchange, at the request of another person or entity, of virtual currency for funds, funds for virtual currency or one virtual currency for another." Note that this includes transactions involving exchanges of virtual currency; it is not necessary for the transaction to involve fiat currency.
For financial entities, this means that for every account, credit card account, or prepaid payment product account that it opens, and for transactions made in connection with that account, a virtual currency exchange transaction ticket must be kept in respect of every virtual currency exchange transaction connected to the account.
For MSBs, this means that a virtual currency exchange transaction ticket must be kept in respect of every virtual currency exchange transaction.
The information that must be recorded as part of a virtual currency exchange transaction ticket is extensive, and includes:
- the date of the transaction;
- in the case of a transaction of $1,000 or more, the name, address and telephone number of the person or entity that requests the exchange, the nature of their principal business or their occupation and, in the case of a person, their date of birth;
- the type and amount of each of the funds and virtual currencies involved in the payment made and received by the person or entity that requests the exchange;
- the method by which the payment is made and received;
- the exchange rate used and the source of the exchange rate;
- the number of every account that is affected by the transaction, the type of account and the name of each account holder;
- every reference number that is connected to the transaction; and
- every other known detail that identifies the transaction
Financial entities and MSBs must report the transfer/receipt of $10,000 or more in virtual currency in a single transaction to FINTRAC. The information that must be included in the report is provided in Schedules 4 (transfer) and Schedule 5 (receipt) of the Proposed Regulations.
Financial entities and MSBs will now have to take reasonable measures to determine whether a person is a politically exposed foreign person, a politically exposed domestic person or a head of an international organization, or a family member of, or a person who is closely associated with, one of those persons (collectively, PEPs) when they transfer/receive $100,000 or more in virtual currency.
When an transfer of virtual currency must be reported to FINTRAC, the Proposed Regulations will impose a requirement on the reporting entity to take reasonable measures to determine whether the person or entity that makes the request for the transfer is acting on behalf of a third party. If it is determined that the request is being made on behalf of a third part, certain records must be kept.
The Regulatory Impact Analysis Statement notes that the Proposed Amendments with respect to virtual currency are intended to mitigate the money laundering and terrorist activity financing vulnerabilities of virtual currency, and are not meant to unduly hinder innovation. However, these new regulations will clearly have a significant impact on many businesses in the virtual currency space.
Prepaid Payment Products
The Proposed Amendments introduce the concept of a "prepaid payment product". A "prepaid payment product" is defined as "a product that is issued by a financial entity and that enables a person or entity to engage in a transaction by giving them electronic access to funds or virtual currency paid to a prepaid payment product account held with the financial entity in advance of the transaction. It excludes a product that enables a person or entity to access a credit or debit account or one that is issued for use only with particular merchants". It is important to note the exclusion at the end of this definition: these requirements will not apply to closed loop products.
For financial entities, the result will be a substantial increase in record keeping obligations with respect to prepaid payment product accounts, which are defined as "an account connected to a prepaid payment product and that permits transactions that total $1,000 or more to be conducted within a 24-hour period, or a balance of funds or virtual currency of $1,000 or more to be maintained."
For every prepaid payment product account that a financial entity opens and for related transactions, the financial entity will have to maintain records similar to those that a bank would maintain when opening an account. These new record keeping requirements will include a "prepaid payment product slip", which must set out the following information:
- the date of a payment to a prepaid payment product account;
- the name of the person or entity that makes the payment;
- the type and amount of each of the funds or virtual currencies involved in the payment;
- the method by which the payment is made;
- the name of each holder of the prepaid payment product account;
- the account number and, if it is different, the number that identifies the prepaid payment product that is connected to the account; and
- every other known detail that identifies the payment.
Furthermore, financial entities will have to verify the identity of every person, corporation, or entity other than a corporation, for whom/which it opens a prepaid payment product account, as well as any other person, other corporation, or entity other than a corporation, who/that makes a payment of $1,000 or more to a prepaid payment product account.
Previously, amendments to the PCMLTFA, which are not yet in force, will add paragraph 5(h.1), which will capture the activities of MSB that do not have a place of business in Canada but that provide the services of an MSB to clients in Canada.
The Proposed Regulations will impose obligations on foreign MSBs similar to the obligations faced by domestic MSBs. This includes: registering with FINTRAC, engaging in customer due diligence, reporting transactions to FINTRAC, and record keeping requirements. MSBs (foreign and domestic) will have to renew their registration with FINTRAC every two years, and provide supporting documentation in connection with renewal.
The Regulatory Impact Analysis Statement notes that the Internet and new payment methods provide an opportunity for foreign entities without a place of business in Canada to offer MSB services in Canada, and that this represents a gap in Canada's legal framework, and an uneven playing field for Canadian domestic competitors, who are subject to the requirements of Canada's AML/ATF regime.
Electronic Funds Transfers
A number of changes have been made with respect to electronic funds transfers (EFTs).
The EFT reporting requirements applicable to financial entities, MSBs and casinos, applies to the transfer of "funds," the definition of which has been expanded, and now includes the following:
- cash and other fait currencies, and securities, negotiable instruments or other financial instruments that indicate a title or right to or interest in them; or
- information that enables a person or entity to have access to a fait currency other than cash.
When an EFT must be reported to FINTRAC, the Proposed Regulations will impose a requirement on the reporting entity to take reasonable measures to determine whether the person or entity that makes the request for the transfer is acting on behalf of a third party. If it is determined that the request is being made on behalf of a third part, certain records must be kept.
MSBs will now have to take reasonable measures to determine whether a person is a PEP when the MSB initiates or receives an EFT of $100,000 or more, whether within Canada or cross-border.
Changes are also coming to the "24 hour rule." The Proposed Regulations will:
- clarify that multiple transactions performed by an individual within a 24-hour period are considered a single transaction for reporting purposes when they total $10,000 or more, and that only one report should be submitted to capture all transactions within a 24-hour period that collectively meet or surpass this threshold;
- ensure that the 24-hour rule also applies to beneficiaries of multiple cash transactions (i.e., where deposits or transfers of money are received by the same person and the aggregate amount over a 24-hour period is $10,000 or more); and
- clarify that any cash transactions that a reporting entity receives in the aggregate amount of $10,000 or more, regardless of its corporate structure, must be reported.
Finally, the record keeping and reporting requirements with respect to EFTs have increased. For EFTs over $1,000 that have been initiated, sent or received by financial entities, MSBs and casinos, the information that is required to be record has significantly expanded. Furthermore, for EFTs of $10,000 or more that must be reported to FINTRAC, the information that must be included in the reports (see Schedules 2 and 3 of the Proposed Regulations) is much more detailed.
Life insurance companies, brokers and agents are not subject to the same record-keeping, reporting, and customer due diligence requirements as other financial entities. The Proposed Regulations will require life insurance companies, brokers and agents to follow these requirements when they offers loans (e.g., the requirement to keep client information records or records related to customer due diligence) or prepaid payment products to the public or maintain accounts with respect to those loans or prepaid payment products.
Life insurance companies or life insurance brokers or agents will now have to take reasonable measures to determine whether a person is a PEP in the following circumstances:
- where a person makes a lump-sum payment of $100,000 or more in respect of an immediate or deferred annuity or a life insurance policy, or
- when a beneficiary to whom the life insurance company, broker or agent is to remit an amount of $100,000 or more over the duration of an immediate or deferred annuity or a life insurance policy.
The Proposed Regulations will also clarify that where a life insurance broker or agent acts as a managing general agent (MGA) for a life insurance company, the MGA would not be considered a reporting entity.
Documents currently used to verify customer identity must be "original, valid and current" and cannot be a scanned or photocopied document. The Proposed Regulations change this requirement to provide that the document be "authentic, valid and current." This will permit the use of scanned/photocopied documents, which will facilitate the use of electronic methods to verify a person's identity.
Reporting entities that are required to verify a person's identity can rely on measures previously taken by an agent, an affiliate or a subsidiary. The Proposed Regulations would allow a reporting entity to rely on measures that were previously taken by another reporting entity. To rely on such measures, the reporting entity would have to be able to request and obtain information on the method of identity verification immediately or within three days of a request being made.
Other Proposed Amendments
There are a number of other noteworthy changes in the Proposed Regulations. Some of these include:
- Beneficial Ownership: When an entity wants to open an account, reporting entities are required to obtain beneficial ownership information; take reasonable measures to confirm the accuracy of this information; and to keep the information up to date on an ongoing basis. However, there is no explicit requirement to take steps to confirm the accuracy of new information as it comes in or as it is updated over time. The Proposed Regulations will require reporting entities to take reasonable measures to confirm the accuracy of the information when it is kept up to date in the course of ongoing monitoring.
- Taking "Reasonable Measures": There are many instances where reporting entities are require to keep a record of any "reasonable measures" they have taken where they were unsuccessful in meeting certain obligations (such as information on directors or partners or on persons who own or control 25% or more of a corporation or other entity, whether a person for whom an account is opened is a PEP, etc.). The Regulatory Impact Analysis Statement notes that stakeholders felt this requirement was too onerous. Accordingly, it will be repealed.
- Suspicious Transactions Reports: The Proposed Regulations will provide that one a reporting entity establishes that there are reasonable grounds to suspect that a transaction is related to the commission or attempted commission of a money laundering or terrorist activity financing offence, the reporting entity will be required to file a suspicious transaction report within three days to FINTARC. Currently, a reporting entity has 30 days to file a suspicious transaction report.
- PEP's Source of Wealth: The Proposed Regulations will also require reporting entities to take reasonable measures to determine the sources of a PEP's wealth. According to the Regulatory Impact Analysis Statement, the amount of a client's accumulated funds or wealth should appear to be reasonable and consistent with the information provided, and doubts about the origin of such funds or wealth would have to be satisfied before a reporting entity proceeds with the relationship or permits the transactions to occur.
- Confirming the Existence of a Corporation: There are currently no requirements regarding the date of issuance for documents used to confirm the existence of a corporation. The Proposed Regulations would provide that a corporation's identity can be done by referring to its certificate of incorporation, to a record that it is required to file annually under applicable provincial securities legislation or to the most recent version of any other record that proves its existence as a corporation. A certificate of incorporation or other record that proves the corporation's existence must have been issued within the previous year.