New FINTRAC Rules and an AML Compliance program

New FINTRAC Rules and an AML Compliance program Earleen Moulton Senior Legislative and Compliance Consultant March 2014

Requirement: AML Compliance Program • Advisors, firms, MGAs, just as insurers, must establish a compliance program for themselves and their employees/advisors that includes the following key elements: – Appointment of a compliance officer – Establishment of compliance policies and procedures – Regular reviews of these policies and procedures – Provide training to people who act on their behalf (employees and advisors) – Document a risk assessment, take appropriate precautions

New Regulations – overview • Additional information collected at start of business relationship Know your client • Enhanced customer due diligence (CDD) • Continue to know your client and stay connected • Show your work • Manage risk • Stay close to high risk clients • Advisors will need to be proactive • Keep good records • Provide complete and specific information

Business relationships Defined as ‘a relationship you establish with a client to conduct financial transactions or provide service related to those transactions’ Additional information to collect at start of business relationship Intended use and purpose Identify in writing the nature of the relationship Keep notes & records of measures to monitor relationships, information you obtain New entity requirements

Ongoing monitoring ‘Periodic and risk-based’ Includes: • Following your policies & processes to detect transactions that are required to be reported • Keeping client ID info current (use direct and indirect means) • Reassessing the level of risk associated with client’s transactions and activities • Determining whether transactions or activities of clients are consistent with the information obtained/recorded about the client, including their risk assessment

Enhanced monitoring measures • More frequent and stringent checks – business relationships – especially for high risk clents o o More frequent, regular assessment of risk Must keep ID updated Intended use and purpose up to date Enhanced monitoring of transactions (consistent with intended use and purpose)

Examples of enhanced measures • Obtaining additional information on the client • Obtaining detailed information on the reasons for the intended or conducted transactions • Identifying patterns of transactions that need further examination or review • Increased monitoring of transactions of higherrisk products, services or channels(internet sales)

Enhanced customer due diligence (CDD) • Retain more info about corporations and other entities to establish ownership, control and organizational structure • Previous “reasonable efforts” changed to “mandatory” for some requirements ID requirements of most senior active manager of the entity ascertaining signing authority for entities Intended use and purpose of the product(s) • Consider as high risk • Conduct enhanced on-going monitoring • Keep records of attempts to obtain info

Beneficial owners • • Must keep ID Owner information Intended use and purpose, keep it up to date Risk based

Tools available • FINTRAC’s site – Guideline 4: Implementation of a Compliance Regime – www. fintrac. gc. ca • Rep. Net under Advisor Support > Compliance > Money laundering & terrorist reporting> ‘Guide to creating an anti-money laundering and antiterrorism financing program’ • MGA’s tools

List of documents/tools on Rep. Net

Compliance program template • Customize to your operation • Fields that are to be filled out are in blue • Please make sure you follow the instructions in red • Delete instructions (in red) before printing

Self-review of compliance policies and procedures worksheet – Rep. Net : Advisor Support > Compliance > Money laundering & terrorist reporting To help ensure your business is compliant with policies and procedures required under the Proceeds of Crime (Money Laundering) & Terrorist Financing Act, you should periodically review your business practices. Done regularly, these reviews will help determine if your business has policies and procedures in place to comply with legislative and regulatory requirements, and whether those policies and procedures are being adhered to. Date of review: _________ Name of person completing review: _______________ Signature of principal: _______________ Compliance items Appointment of a compliance officer 1. I/We have appointed a Compliance Officer for our practice. Written compliance policies and procedures 2. Within the past year, I/we have reviewed the criteria and process for identifying and reporting suspicious transactions and terrorist property and have established policies and procedures in this regard. 3. I/We are aware of the requirements under the legislation for record keeping. 4. I/We have reviewed the requirements under the legislation for client identification and verification and I/we collect all information required on product applications, or as required, for each particular line of business. Yes No Comments

Sample policies and procedures • Show your commitment to prevent, detect and address non-compliance • Level of detail depends on – needs and the complexity of advisor’s business. – risk of exposure • Review policies & procedures, steps to reporting – Can be adopted and customized – On Rep. Net

Risk assessment • Required to have an assessment and documentation of risks related to money laundering and terrorist financing appropriate to the advisor’s practice • Refer to the risk checklist in FINTRAC’s Guideline 4. This will help you: – Identify potential high risks of money laundering & terrorist financing – Develop strategies to mitigate risk

Questions. . . I’m around all day!