March 2014

New FINTRAC Rules and an AML Compliance program

Earleen MoultonSenior Legislative and Compliance Consultant

Requirement: AML Compliance Program

• Advisors, firms, MGAs, just as insurers, must establish a compliance program for themselves and their employees/advisors that includes the following key elements:– Appointment of a compliance officer– Establishment of compliance policies and

procedures– Regular reviews of these policies and procedures– Provide training to people who act on their behalf

(employees and advisors)– Document a risk assessment, take appropriate

precautions

New Regulations – overview

• Additional information collected at start of business relationship Know your client

• Enhanced customer due diligence (CDD) • Continue to know your client and stay connected• Show your work

• Manage risk • Stay close to high risk clients

• Advisors will need to be proactive• Keep good records• Provide complete and specific information

Business relationships

Defined as ‘a relationship you establish with a client to conduct financial transactions or provide service related to those transactions’

Additional information to collect at start of business relationship Intended use and purpose

Identify in writing the nature of the relationship Keep notes & records of measures to monitor relationships,

information you obtain New entity requirements

Ongoing monitoring

‘Periodic and risk-based’

Includes: • Following your policies & processes to detect

transactions that are required to be reported• Keeping client ID info current (use direct and indirect

means)• Reassessing the level of risk associated with client’s

transactions and activities • Determining whether transactions or activities of clients

are consistent with the information obtained/recorded about the client, including their risk assessment

Enhanced monitoring measures

• More frequent and stringent checks – business relationships – especially for high risk clents

o More frequent, regular assessment of risko Must keep ID updated o Intended use and purpose up to dateo Enhanced monitoring of transactions (consistent with

intended use and purpose)

Examples of enhanced measures

• Obtaining additional information on the client• Obtaining detailed information on the reasons

for the intended or conducted transactions • Identifying patterns of transactions that need

further examination or review• Increased monitoring of transactions of higher-

risk products, services or channels(internet sales)

Enhanced customer due diligence (CDD)

• Retain more info about corporations and other entities to establish ownership, control and organizational structure

• Previous “reasonable efforts” changed to “mandatory” for some requirements ID requirements of most senior active manager of the entity ascertaining signing authority for entities Intended use and purpose of the product(s)

• Consider as high risk• Conduct enhanced on-going monitoring• Keep records of attempts to obtain info

Beneficial owners

• Must keep ID• Owner information• Intended use and purpose, keep it up to date• Risk based

Tools available

• FINTRAC’s site– Guideline 4: Implementation of a Compliance

Regime – www.fintrac.gc.ca

• RepNet under Advisor Support > Compliance > Money laundering & terrorist reporting>

‘Guide to creating an anti-money laundering and anti-terrorism financing program’

• MGA’s tools

List of documents/tools on RepNet

Compliance program template

• Customize to your operation• Fields that are to be filled out are in blue• Please make sure you follow the instructions in

red• Delete instructions (in red) before printing

Self-review of compliance policies and procedures worksheet – RepNet : Advisor Support   >  Compliance > Money laundering & terrorist reporting

To help ensure your business is compliant with policies and procedures required under the Proceeds of Crime (Money Laundering) & Terrorist Financing Act, you should periodically review your business practices. Done regularly, these reviews will help determine if your business has policies and procedures in

place to comply with legislative and regulatory requirements, and whether those policies and procedures are being adhered to. Date of review: __________________ Name of person completing review: ______________________________ Signature of principal: ______________________________Compliance items Yes No Comments

Appointment of a compliance officer      

1. I/We have appointed a Compliance Officer for our practice.

     

Written compliance policies and procedures      

2. Within the past year, I/we have reviewed the criteria and process for identifying and reporting suspicious transactions and terrorist property and have established policies and procedures in this regard.

     

3. I/We are aware of the requirements under the legislation for record keeping.

     

4. I/We have reviewed the requirements under the legislation for client identification and verification and I/we collect all information required on product applications, or as required, for each particular line of business.

     

Sample policies and procedures

• Show your commitment to prevent, detect and address non-compliance

• Level of detail depends on– needs and the complexity of advisor’s business. – risk of exposure

• Review policies & procedures, steps to reporting– Can be adopted and customized– On RepNet

Risk assessment

• Required to have an assessment and documentation of risks related to money laundering and terrorist financing appropriate to the advisor’s practice

• Refer to the risk checklist in FINTRAC’s Guideline 4. This will help you:– Identify potential high risks of money laundering &

terrorist financing – Develop strategies to mitigate risk

Questions...

I’m around all day!