New FINTRAC Rules and an AML
Compliance program
Earleen Moulton
Senior Legislative and Compliance Consultant
March 2014
Requirement: AML Compliance Program
• Advisors, firms, MGAs, just as insurers, must establish
a compliance program for themselves and their
employees/advisors that includes the following key
elements:
– Appointment of a compliance officer
– Establishment of compliance policies and
procedures
– Regular reviews of these policies and procedures
– Provide training to people who act on their behalf
(employees and advisors)
– Document a risk assessment, take appropriate
precautions
New Regulations – overview
• Additional information collected at start of business relationship
 Know your client
• Enhanced customer due diligence (CDD)
• Continue to know your client and stay connected
• Show your work
• Manage risk
• Stay close to high risk clients
• Advisors will need to be proactive
• Keep good records
• Provide complete and specific information
Business relationships
Defined as ‘a relationship you establish with a client to
conduct financial transactions or provide service related
to those transactions’
Additional information to collect at start of business
relationship
 Intended use and purpose
 Identify in writing the nature of the relationship
 Keep notes & records of measures to monitor relationships,
information you obtain
 New entity requirements
Ongoing monitoring
‘Periodic and risk-based’
Includes:
• Following your policies & processes to detect
transactions that are required to be reported
• Keeping client ID info current (use direct and indirect
means)
• Reassessing the level of risk associated with client’s
transactions and activities
• Determining whether transactions or activities of clients
are consistent with the information obtained/recorded
about the client, including their risk assessment
Enhanced monitoring measures
• More frequent and stringent checks
– business relationships
– especially for high risk clents
o
o
o
o
More frequent, regular assessment of risk
Must keep ID updated
Intended use and purpose up to date
Enhanced monitoring of transactions (consistent with
intended use and purpose)
Examples of enhanced measures
• Obtaining additional information on the client
• Obtaining detailed information on the reasons
for the intended or conducted transactions
• Identifying patterns of transactions that need
further examination or review
• Increased monitoring of transactions of higherrisk products, services or channels(internet
sales)
Enhanced customer due diligence (CDD)
• Retain more info about corporations and other entities to
establish ownership, control and organizational structure
• Previous “reasonable efforts” changed to “mandatory” for
some requirements
 ID requirements of most senior active manager of the entity
 ascertaining signing authority for entities
 Intended use and purpose of the product(s)
• Consider as high risk
• Conduct enhanced on-going monitoring
• Keep records of attempts to obtain info
Beneficial owners
•
•
•
•
Must keep ID
Owner information
Intended use and purpose, keep it up to date
Risk based
Tools available
• FINTRAC’s site
– Guideline 4: Implementation of a Compliance
Regime
– www.fintrac.gc.ca
• RepNet under Advisor Support > Compliance >
Money laundering & terrorist reporting>
‘Guide to creating an anti-money laundering and antiterrorism financing program’
• MGA’s tools
List of documents/tools on RepNet
Compliance program template
• Customize to your operation
• Fields that are to be filled out are in blue
• Please make sure you follow the instructions in
red
• Delete instructions (in red) before printing
Self-review of compliance policies and procedures
worksheet – RepNet : Advisor Support > Compliance > Money laundering & terrorist
reporting
To help ensure your business is compliant with policies and procedures required under the Proceeds of Crime (Money Laundering) & Terrorist Financing Act,
you should periodically review your business practices. Done regularly, these reviews will help determine if your business has policies and procedures in place
to comply with legislative and regulatory requirements, and whether those policies and procedures are being adhered to.
Date of review: __________________
Name of person completing review: ______________________________
Signature of principal: ______________________________
Compliance items
Appointment of a compliance officer
1. I/We have appointed a Compliance Officer for our
practice.
Written compliance policies and procedures
2. Within the past year, I/we have reviewed the criteria and
process for identifying and reporting suspicious transactions
and terrorist property and have established policies and
procedures in this regard.
3. I/We are aware of the requirements under the legislation
for record keeping.
4. I/We have reviewed the requirements under the legislation
for client identification and verification and I/we collect all
information required on product applications, or as required,
for each particular line of business.
Yes
No
Comments
Sample policies and procedures
• Show your commitment to prevent, detect and
address non-compliance
• Level of detail depends on
– needs and the complexity of advisor’s business.
– risk of exposure
• Review policies & procedures, steps to reporting
– Can be adopted and customized
– On RepNet
Risk assessment
• Required to have an assessment and
documentation of risks related to money
laundering and terrorist financing appropriate to
the advisor’s practice
• Refer to the risk checklist in FINTRAC’s
Guideline 4. This will help you:
– Identify potential high risks of money laundering &
terrorist financing
– Develop strategies to mitigate risk
Questions...
I’m around all day!