Banking is an industry charged with public interest. The rise and fall of banking institutions can heavily influence the economy, making them critical components of state development. Not surprisingly, Canada has extensive laws and regulations governing the operation of financial institutions.
The Bank Act is perhaps the most prevalent legislation governing banks in Canada. As financial institutions, however, banks are also covered by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).
This means that the rules under the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) also apply. But what exactly does this mean for banks? This article should help provide the highlights of FINTRAC requirements and how they affect banks.
What is the purpose of FINTRAC?
FINTRAC is a financial intelligence agency created through the PCMLTFA. Its primary purpose is to make sure that the purpose of the PCMLTFA is achieved by detecting and preventing money laundering and terrorist financing. This is one of the laws governing financial institutions today.
From the name itself, it's obvious that the PCMLTFA is trying to address two distinct problems. To remove any confusion, it’s important to distinguish each one because under the law, money-laundering is not like terrorist financing.
Here’s a good distinction between the two:
|
Money-laundering |
Terrorist financing |
|---|---|
|
When a person uses, transfers, transports, transmits, alters, disposes, or otherwise deals with any property or proceeds with the knowledge or belief that they were derived from criminal acts |
When valuable consideration is being used, transmitted, or otherwise dealt with to engage in or encourage terrorism where primary purpose is not financial gain |
In simple terms, money laundering is when money taken from unlawful means is given the appearance of being lawfully obtained. With terrorism financing, money can be earned through lawful means. What is being punished is the use of the money for terrorism.
FINTRAC requirements for each offense vary, which is why it’s important to understand the difference between the two.
Which banks are covered by FINTRAC requirements?
FINTRAC requirements are imposed on the majority of financial entities. For banks, this applies to:
- All Canadian banks
- Foreign banks located in Canada
- Full-service and lending foreign bank branches located in Canada
FINTRAC requirements every bank must follow
Once a bank falls under FINTRAC requirements, they have an obligation to comply with all the instructions of the governing authority. Failure to comply can expose the bank to expensive penalties, especially cumulative acts. Here’s an overview of the FINTRAC requirements each bank must know:
Creating a compliance program
All banks must have a compliance program that’s designed to meet their obligations under PCMLTFA. This program basically guides how all other obligations will be done by the bank. The extent of the compliance program is up to the bank if the following are present:
-
There’s a compliance officer primarily responsible for program implementation
-
Develop written compliance policies and procedures that are consistently kept up to date
-
Develop and maintain a compliance training program for employees, agents, or other authorized persons
-
Perform risk assessment of the business to find out high-risk areas of money laundering or terrorist activity
-
Have an ongoing plan for the review of compliance activities and to test their effectiveness, which must be done at least once every two years
Of course, these are the minimum FINTRAC requirements and could be made more rigorous by banks depending on their commitment levels.
Know your client
Also known as “KYC”, the know-your-client approach is the linchpin of the whole operation. Here, banks are required to verify the identity of their clients and by extension, the authenticity of the transaction. KYC FINTRAC requirements must be complied with in the following situations:
-
When there are large cash transactions; large transactions are anything covering $10,000 or more within a 24-hour period
-
When there are large virtual currency transactions
-
International electronic fund transfers equal to $1,000 or more
-
Transactions are suspicious
-
Redemption or issuances of negotiable instruments like money orders and traveller’s cheques amounting to $3,000 or more
-
Transferring or remitting virtual currency amounting to $1,000 or more
-
Foreign currency exchange transaction amounting to $3,000 or more
-
Opening of accounts
Here’s one of the suggested ways to comply with FINTRAC requirements for KYC:
The client you’re supposed to know can either be the sender or the receiver, depending on the transaction. For juridical entities like corporations or organizations, verification must be on the person authorized to give instructions on the account. For members of group plan accounts, verification must be on each and every member of the group.
Exception to the KYC rule
Note that there are exceptions to the KYC rule. FINTRAC requirements exempt the following from KYC:
-
No need to re-verify if initial verification happened according to regulations
-
If the bank is sure about the accuracy of the information previously taken
Ongoing monitoring
As part of the KYC obligation, banks are also supposed to keep their client information up to date. This means devising measures prompting clients to update their information or confirm that nothing has changed. These changes can be anything from a new address, email, phone number, or change in marital status.
The frequency of updates depends on the internal bank policies based on their risk assessment measures.
Concept of business relationship
A client is essentially any person you enter a business relationship with. The term “business relationship” is also defined by law. Why is it important to define business relationships? Well, some transactions are excluded by the definition. Also, the definition of business relationship changes depending on the reporting entity.
For banks or financial institutions, there’s a business relationship if you open an account with a client. In case there’s no account, the relationship exists if you have to verify their identity for the second time within a five-year period.
Lack of business relationships means there’s no need for ongoing monitoring. There’s also no business relationship if the transaction falls under any of the following:
-
Opening of a second account for a person who has a pre-existing account with the bank
-
Open a business account if at least three persons authorized to give instructions has been verified
-
Opening an account for the sale of mutual funds if, based on reasonable grounds, the securities dealer already did KYC
-
Opening of an account for the purpose of providing securities dealers with accounting services
-
Sale of an exempt policy under subsection 306 (1) of the Income Tax Regulations
Of course, that’s just a small snapshot of FINTRAC requirements where no business relationship exists. A full list is often made part of the compliance department of banks and could change depending on the authorizing bodies.
Have questions on FINTRAC requirements for banks? Learn more by consulting with our Lexpert-ranked best banking lawyers in Canada.
Record keeping obligations of banks
FINTRAC requirements for keeping records vary from one entity to another. With banks, all transactions requiring KYC must be recorded. This means account records, large cash transactions, virtual currency transactions, foreign currency exchange transactions, and more.
Banks are encouraged to be as descriptive as possible when maintaining records of covered transactions. All reports pursuant to FINTRAC requirements must also be kept even after they have been submitted to the authorities.
Which reports must be submitted to FINTRAC
There are five categories of reports that must be submitted to FINTRAC:
- suspicious transaction reports
- listed person or entity property reports
- large cash transaction reports
- large virtual currency transaction reports
- electronic funds transfer reports
Copies of these reports must be kept for a minimum of five years from the time they were created. Here’s an overview of how these reports help in meeting the goals of PCMLTFA:
Correspondent bank relationship and special situations
Banks that enter into a correspondent bank relationship have additional obligations based on this transaction. The relationship happens when a Canadian bank acts as the intermediary of a foreign financial institution through electronic fund transfers, cheque clearing, or others.
Canadian banks that fall under this agreement must verify the foreign entity to ensure they’re not a shell bank. They must also spell out in writing the extent of services being offered to the foreign bank. Only after satisfaction of these initial requirements can the Canadian bank enter into an agreement.
Once an agreement is in place, the following obligations must be met:
-
Periodic monitoring of the banking relationship according to the level of risk associated with the arrangement. The monitoring should include detection of transactions that require reporting to FINTRAC
-
Ensure that all information is kept up to date in relation to the correspondent bank relationship
-
Ensure that the foreign bank have existing and appropriate measures for anti-money laundering and anti-terrorism financing
-
Assessing the risk of transactions and determining if they are consistent with the information provided
Compliance with ministerial directives
Ministerial directives are issued by the Minister of Finance for the use of countermeasures against unlawful activities. These directives are subject to change, requiring constant alertness from banks. Current directives include the February 2024 guidance related to financial transactions associated with Russia and one about the Islamic Republic of Iran.
Directives are where the input of a dedicated legal team becomes important. Since new directives may be released from time to time, having someone who stays current on legislation helps prevent violations due to inaction.
Want to know more about FINTRAC requirements for banks? Consult with the best banking law firms in Canada as ranked by Lexpert.
Violations of FINTRAC requirements
Violation of FINTRAC requirements can expose banks to exorbitant fees. For example, the Exchange Bank of Canada was fined a staggering amount of $2.4 million for violating regulations under the implementing law. Penalties are cumulative, which means that multiple violations could increase the cost of the fine.
Financing entities with penalties are also published by FINTRAC, which can carry reputational risks. This is why even if a bank can pay the fine, the mere fact of violation places them in a bad light.
Violation could be for any act committed that is against the obligation of the bank. It’s not just about failure to detect money laundering. Rather, it can be failure to do any of the following acts:
- verify the identity of the client
- keep records
- create an implement a compliance program
- avoid transacting with entities considered to be high-risk
Safety measures under data privacy
The extent of monitoring done by banks seems alarming at first though this is done with the best intention. FINTRAC requirements may demand storage of personal information, but that doesn’t mean banks can do whatever they want with it. Data privacy laws are in place to ensure that the data is only used for the intended purpose.
Under data privacy laws, banks are also required to report any breach of personal data. This gives clients an added layer of security and protection when giving banks their information.
Best practices for banks
Considering the heavy stakes of failure to meet FINTRAC requirements, it’s critical for banks to have a dedicated team for anti-money laundering and terrorist financing concerns. Having a legal team who stays updated with recent changes should also help keep banks compliant, especially with all the directives issued by FINTRAC.
Common pitfalls of banks happen as early as during the KYC stage. Since the collection of information is dispersed among employees, rigorous training of data collectors is important. This ensures that no necessary information is left blank, allowing banks to properly verify transactions moving forward.
Subscribe to our free Lexpert newsletter for instant access to breaking news and the latest updates on FINTRAC requirements.