Financial entities must revamp policies and procedures to adhere to new regulations
Significant changes to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, announced in July by the Department of Finance, will require major change for financial businesses in their policies and procedures, say legal experts. Regulated entities will face considerable work to prepare for the new regulations which come into play on June 1, 2020, and in some cases on June 1, 2021. New participants will also be caught under the regime, including entities that deal in virtual currency, and foreign money services businesses that serve Canadian customers.
“The changes to the law are all-encompassing. They touch on almost every area,” says Jacqueline Shinfield, financial services regulatory partner at Blake, Cassels & Graydon LLP. “In-house counsel will have to look at policies and procedures they have in place today, then look at how the law has changed and do a gap analysis. They will have to revise and update policies and procedures and potentially revise and update customer facing forms to capture the information they need.”
One of the most significant changes involves the regulation surrounding the reporting of suspicious transactions. Instead of filing a report “within 30 days” as stated by the current policy, the new rule will require these transactions to be filed “as soon as reasonably practicable,” leaving room for interpretation, which can present challenges for in-house counsel.
“This is a hot-button issue,” says Karen Bannon, chief compliance officer for corporate payments at FLEETCOR Companies, Cambridge Global Payments & Comdata. “With this subjective analysis of when something becomes suspicious, it becomes very difficult from a systems perspective to say ‘okay, file today or file tomorrow’. It would be better in my view to have a specific date because then you can make a calculation and the system tracks it and sends you reminders.”
Shinfield believes the change reflects a compromise following strong criticism that many regulated entities had expressed to the previous draft of the regulations, published in June 2018, which had required a filing within just three days.
In addition to a FINTRAC examination, regulated entities like Cambridge Global Payments must undertake an independent review of the process which may present additional difficulties if the review finds that the filing did not take place on the appropriate day.
Another potentially troublesome change is to the definition and regulations surrounding Electronic Funds Transfers and their record-keeping requirements. International EFTs face additional changes to the reporting responsibility where multiple regulated entities are involved, thus presenting major challenges to an international payment provider such as Cambridge.
“Almost every transaction we do is cross-border so our entire reporting structure will need to be amended and those steps will all have to be reviewed and redone which takes a significant amount of time for the IT team,” says Bannon.
Virtual currency is going to be caught under the legislation for the first time, meaning that regulated entities dealing in these currencies will be considered money services businesses and will be required to keep records and file reports to adhere to the new compliance policy. Moreover, foreign businesses directing services to Canada will need to be registered as a foreign MSBs, bringing them under the regime.
“If you aren’t regulated and you’re about to become regulated, you have to do a risk assessment of the business, put compliance policies and procedures in place and train people in the business to understand what money laundering is and how your institution may be susceptible,” says Shinfield.
Bannon is glad to see virtual currency captured under the legislation.
“That has long been outstanding, and it gives those individuals who deal in virtual currency the opportunity to have relationships with an entity like Cambridge,” she says.
In a positive development for many companies, identity verification requirements have been relaxed and modernized to allow regulated entities to use new fintech products to verify identity. Identity documents no longer need to be “original,” providing they are “valid, authentic and current,” meaning that electronic documents may be permissible. Shinfield believes this move will make the process less onerous.
Other amendments to the rules include regulations surrounding the issuance of prepaid payments cards by financial entities, which will be considered a regulated activity under the new regulations. Recordkeeping and client identity requirements will be required in such transactions for the first time.