Presentations to Reporting Entities

Office of Superintendent of Financial Institutions Anti-Money Laundering Information Session

Michael Donovan, Compliance Manager

May 6, 2009

I would like to thank Nick Burbidge for the opportunity to be here today to provide FINTRAC’s perspective on matters of regulatory compliance and money laundering.

I want to address some of the recent changes to the legislation, particularly the introduction of administrative monetary penalties, and provide some context for their use. I also want to describe the priorities and future direction of FINTRAC’s compliance program.

Recent Changes in Legislation

The legislative amendments under C-25 have broadened the number of businesses subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and have extended and created new requirements for existing business sectors. This has improved detection and deterrence of money laundering in Canada and strengthened Canada’s efforts to combat both money laundering and terrorist activity financing.

The legislative changes bring Canada in line with most international standards and have raised the bar in terms of the level of scrutiny and due diligence for financial transactions within many business sectors.

The cumulative effect of the changes is improved detection and deterrence. This is a two-part, or two-pronged advancement for this national initiative.

First, I would like to describe what has been done to improve detection. Since FINTRAC began its operations nearly eight years ago, there has been a steady increase in the number of cases we have disclosed to law enforcement. With each successive year, we are assisting in more investigations. This growth trend will continue for the foreseeable future. Our product is improving and we are able to provide meaningful insights through the financial transactions that have been reported. At present, 80% of our disclosures become part of an active investigation. This has improved detection of criminal proceeds as they enter the legitimate economy.

The second prong is one of deterrence. Better deterrence has resulted from the cumulative effect of more scrutiny within the system, more due diligence, better client identification, and improved record keeping. The ability to remain anonymous has been removed from some types of transactions, through record keeping and client identification. A paper trail exists in some transactions, where none existed before. All these measures make it harder to launder money.

The recent legislative changes have introduced a risk-based approach to the compliance requirements.

Effective June 23, 2008, a compliance regime has to include an assessment and documentation of risks related to money laundering and terrorist financing in a manner that is appropriate to your institution, given your business lines, your products and clients.

The management of the risk-based approach and risk-mitigation requires the leadership and engagement of senior management for optimum implementation.

Senior management is ultimately responsible for making decisions related to policies, procedures and processes that mitigate and control the risks of money laundering and terrorist financing within a business.

It is a dynamic process that requires the risk assessment to be continually updated based on your experiences, the lessons you have learned and the knowledge you have gained.

The risk-based approach requires effort. It does allow businesses to make their own decisions about levels of risk and allocate their own resources accordingly, but these decisions have to be implemented effectively.

Requiring financial institutions (FIs) to make decisions about risk levels is both a blessing and a burden. After nearly one year, FINTRAC, in working with OSFI and through our own review, have observed an unequal implementation of the risk-based approach within federally regulated financial institutions. I would not say that it is off to a bad start, but that the field is uneven, with some businesses far outpacing those who are lagging behind. Like OSFI, when we observe an undeveloped risk-based methodology, it raises concerns about the effectiveness of a federally regulated financial institution’s (FRFI) overall compliance regime.

Administrative Monetary Penalties

Since December 30, 2008, FINTRAC has had the power to impose penalties in instances of non-compliance with the Act and its regulations.

This administrative monetary penalty framework does not replace the criminal penalties that have existed since 2001. Administrative monetary penalties are a tool for FINTRAC to ensure compliance. Criminal penalties will remain and, as before, it will be in the hands of the police to gather evidence and decide on criminal charges as may be necessary.

In considering administrative monetary penalties, the notion of proportionality is fundamental. Violations are classified by the regulations as “Minor”, “Serious” or “Very Serious”, and carry maximum penalties of $1,000, $100,000 and $500,000 respectively.

FINTRAC is required to assess “harm” for each violation. This harm will be measured by the degree to which the violation would obstruct Canada’s ability to detect and deter money laundering and terrorist financing. The harm caused by a violation can vary from violation to violation. The level of harm is then used to establish the base penalty amount. The entity’s compliance history will also be taken into consideration in the assessment of these penalties, which are designed to be non-punitive and proportional.

The fundamental use of penalties and our whole compliance program—for that matter—is to act as an incentive in the detection and deterrence of money laundering and terrorist financing.

I should also note that reporting entities will be able to seek a review of an administrative monetary penalty once a Notice of Violation is issued. After all appeals and reviews have been exhausted, the name, the violation and the amount of a penalty may be published on the FINTRAC Web site. This will call public attention to the violation.

Greater Emphasis on Enforcement

FINTRAC’s compliance program has been in place since 2003. Originally, the main objective was to increase awareness and support efforts to populate our reports database. This objective was reasonable given that all sectors were new to the AML/ATF regime and FINTRAC was a new organization. A cooperative approach was needed to build the necessary relationships and achieve our objective, and has been successful.

As the program has evolved, it has become clear that reporting entity sectors are not all in the same place with respect to awareness and meeting their obligations.

This uneven level of compliance has been compounded by Bill C-25 amendments which have brought new sectors under the PCMLTFA regime. As a result, FINTRAC’s compliance program has become more tailored in its approach.

FINTRAC is realigning more of its compliance resources into enforcement activities, including an increase in the volume of examinations that are conducted. Promotional activities will, in contrast, be limited to these new sectors. Those sectors that have been within the ambit of the PCMLTFA since FINTRAC became operational, such as FRFIs, will see an increased emphasis on enforcement.

The goals of enhancing compliance, ensuring the successful implementation of C-25 initiatives, and improving the quantity and quality of report data for tactical and strategic analysis will be of paramount importance over the next few years.

As such, there are a few areas of concern that FINTRAC has with regard to FRFI’s and their role within the national initiative to combat money laundering.

The first is an apparent disconnect between chief anti-money laundering officers (CAMLOs) and the IT group. Compliance units that deal with regulatory obligations often seem to be disconnected from the information technology group that is responsible for the technical side of submitting reports to FINTRAC.

By way of example, FINTRAC recently discovered that a FRFI’s compliance department was not aware that FINTRAC had been returning reports for further action as the FRFI had delegated the reporting entity administrator (REA) role to an individual in their IT department without the knowledge of the CAMLO.

FINTRAC’s expectation is that the REA role will either be filled by the CAMLO (or someone in the AML unit) or another competent designate appointed by, and subject to the oversight of, the CAMLO. FINTRAC views the REA role as a significant one and we expect it to be filled by seasoned experienced personnel. In addition, the contact should not be assigned to transient personnel, since this does not assure continuity of the relationship. Reports that fail filing rules are considered to be reporting failures and could be subject to AMPs.

Another concern is that situations have and continue to arise where the CAMLO was not aware of consistently late reporting. This of course negatively affects FINTRAC’s intelligence gathering capabilities and also exposes FRFIs to potential penalties under the AMPs regime.

Every FRFI should retain records of filings to fulfill its record keeping obligations, and where necessary the CAMLO should retrieve and review these records on a regular basis.

We expect the CAMLO to keep his/her Senior Management aware of the reporting activities of their FRFI, including volumes and report types submitted. This will allow senior management to assess levels and volumes of risk as required in the FRFI’s risk assessment methodology.

As millions of reports are submitted to FINTRAC on a monthly basis, the importance of properly formatted, timely and high quality reports is crucial to our ability to detect ML/TF.

This apparent disconnect has also made it more difficult for us to address issues of reporting quantity and quality. FRFI’s compliance units should ensure that their reports meet the regulatory requirements before authorizing their IT departments to submit them to FINTRAC. And, as indicated in OSFI’s Guideline B-8, FRFIs should ensure that the CAMLO exercises appropriate oversight of the IT group.

Lastly, FINTRAC is concerned that in difficult economic times FRFIs may look to reducing costs by cutting compliance resources. I would urge you not to make that choice. This would have consequences for FINTRAC certainly, but it would have consequences for the larger effort to combat money laundering and terrorist activity financing.

Moving Forward Working Together

At FINTRAC, we recognize and appreciate that considerable work is being done by the FRFIs and this is in keeping with the major role FRFIs play in our financial system and the many financial transactions they administer.

FRFIs have much better developed compliance programs and are capable of a more sophisticated risk based approach than many of the small businesses that are also subject to the Act.

We would like FRFIs to be seen as “practitioners” or role models of strong AML/CFT compliance, a model for other industries and other businesses to follow.

In the next year, we will begin a review of our reporting forms. This is a necessary administrative improvement and we will need your input to improve these forms. You might view this as an opportunity to correct things that you have noticed over the years or simply to bring more efficiency to how this information is collected.

FINTRAC has and will continue to work with FRFIs in terms of feedback on emerging trends and typologies on ML/TF. Very shortly we will be publishing our first Money Laundering Trends and Typologies Report, dealing with the banking sector. I would encourage all of you to read it and to make recommendations as to what other subjects future reports might include. There is a need to share more information of this type and we hope to produce additional reports to follow this one. Your comments, to shape these future reports, will be most welcome.

Thanks again to OSFI for the opportunity to speak here today.