Office of the Superintendent of Financial Institutions
The fight against financial crime is an ongoing priority for governments
around the world. The ability of criminals and criminal organizations
to use financial institutions to launder funds, along with the potential
risk to their reputations, and ultimately to their safety and soundness,
continues to be a concern for financial and other regulators. Over
the past several years there has been extensive action in many countries
to implement permanent measures to fight money laundering and terrorist
financing. This action has been driven largely by the leadership
of the FATF, of which Canada is a founding member.
The FATF is the intergovernmental body that develops, monitors
and evaluates country AML/ATF standards. These standards as set
out in its 40 AML Recommendations and 9 ATF Recommendations establish
a strong AML/ATF framework and permit a risk-based approach to the
implementation of preventative measures.
The Government of Canada, led by the Department of Finance, has
established a private/public sector advisory committee to gather
information, on an ongoing basis, on how Canada’s AML/ATF regime
can be continuously reviewed. The federal Government also implemented
significant changes to the PCMLTFA and PCMLTFR in 2007/2008 to ensure
that the AML/ATF legislative framework is in line with international
OSFI’s mandate includes supervising financial soundness and promoting the adoption of policies and procedures designed to mitigate risk. OSFI believes that the risk management outcomes identified in this Guideline will further reduce the susceptibility of FRFIs to being used by individuals or organizations to launder funds and fight terrorist financing, thereby reducing their exposure to damage to their reputation, a key asset in the financial services industry.
To the extent possible, OSFI has aligned this Guideline to the
framework of AML/ATF preventative measures set out in the FATF Recommendations.
OSFI believes this will help focus attention on the principal goals
of risk-based deterrence and detection.
FINTRAC is responsible for ensuring compliance with Part 1 of
the PCMLTFA, and the PCMLTFR. These prescribe a compliance program
with a risk-based component designed to ensure effective control
over ML and TF risks.
This Guideline does not create any new regulatory requirements.
It is intended to assist FRFIs in identifying and complying with
applicable AML/ATF requirements and measures contained in the PCMLTFA
and the PCMLTFR. This Guideline is also aimed at helping institutions
meet OSFI's governance and control expectations.
Effective control over ML and TF risks, and related regulatory,
operational and reputation risks, is essential.
In order to achieve effective control, FRFIs will adopt different
approaches to their AML/ATF programs that take into account the
nature, scope, complexity and risk profile of their institution.
FRFIs are expected to take into account the contents of this Guideline
when implementing their AML/ATF programs. OSFI's AML/ATF assessment
program, which aims to assist OSFI in evaluating the effectiveness
of controls, takes the foregoing into consideration in the assessment
of individual institutions.
The OSFI Act enables OSFI and FINTRAC to exchange information
on FRFIs’ compliance with Part 1 of the PCMLTFA. To this end, on
June 14, 2004, OSFI and FINTRAC signed a Memorandum of Understanding
for exchanging information. FRFIs should also be aware that in December
2008, FINTRAC will be able to impose administrative monetary penalties
against its reporting entities, including FRFIs, for violations
of prescribed provisions of the PCMLTFA and PCMLTFR.
FRFIs should note that FINTRAC, as the agency responsible for
ensuring compliance with Part 1 of the PCMLTFA, and the PCMLTFR,
publishes and maintains its own Guidelines on compliance with the
PCMLTFA and the PCMLTFR. OSFI has made every effort not to duplicate
in substance FINTRAC guidance. This Guideline should therefore be
read in conjunction with FINTRAC’s Guidelines, as appropriate. Where
we do refer to matters touched on in FINTRAC’s Guidelines, we have
conformed references to those used by FINTRAC.
The FATF Recommendations include measures to mitigate the risk
that criminals and other inappropriate persons might take over ownership
of, or unduly influence the management of, financial institutions.
OSFI screens all persons who own or control, directly or indirectly,
significant interests in FRFIs. This screening is done prior to
the approval of a new FRFI and when ownership interests change.
In addition, OSFI screens directors and senior officers who will
be in place when a FRFI commences operations. However, OSFI seeks
to rely on FRFIs’ internal processes for assessing the ongoing suitability
and integrity of directors and senior officers who are appointed
after the FRFI’s initial start up.
OSFI’s expectations of FRFIs’ internal processes for screening
directors and senior officers post- authorization are set out in
OSFI Guideline E-17 “Background Checks on Directors and Senior Management
of FREs”. A risk-based approach to assessing the FRFI’s own screening
processes is applied by OSFI where warranted. Compliance with Guideline
E-17 in pertinent respects will be included in OSFI’s AML/ATF assessment
Certain provisions of the PCMLTFA and the Criminal Code give
both FINTRAC and OSFI responsibility for dealing with issues related
to the financing of terrorist activities.
FINTRAC’s objectives include the prevention, detection, and deterrence
of the financing of terrorist activities, while OSFI’s role is that
of a central reporting channel for the aggregate reporting requirements
outlined in subsection 83.11(2) of the Criminal Code.
With respect to FRFIs’ terrorist property reporting obligations,
OSFI posts on its Internet site (www.osfi-bsif.gc.ca) lists of terrorist
individuals and organizations, and will continue to receive monthly
reports from FRFIs on the findings of their continuous searching
for and freezing of terrorist assets as required by the regulations
under the United Nations Act or by subsection 83.11(1)
of the Criminal Code in respect of designated entities.
In addition, FINTRAC and a number of international organisations
have published information related to terrorist financing activities.
FINTRAC has also issued a guideline on Submitting Terrorist Property
Over the past few years, Canada has implemented several new economic
and anti-proliferation (of weapons of mass destruction) sanctions
against a number of countries, entities and designated persons.
In addition, the FATF has issued guidance documents on a number
of these and related matters. The array of obligations imposed on
FRFIs by the reporting requirements, sanctions and related procedural
actions merits dealing with designated name searching, listings,
reporting, economic and anti- proliferation sanctions in a separate
Guideline. OSFI anticipates that this Guideline will be issued in
The components of the FRFI’s AML/ATF program that are designed
to comply with the PCMLTFA and PCMLTFR should be incorporated into,
or referenced by, the FRFI’s LCM framework. Although the chief compliance
officer is responsible for the LCM framework generally (Guideline
E-13: Legislative Compliance Management), the AML/ATF components
of the LCM framework should be the responsibility of the CAMLO.
The FATF, the Basel Committee on Banking Supervision and the International
Association of Insurance Supervisors have each issued risk-based
AML/ATF guidance directed at the financial sector. FRFIs should
consult the appropriate guidance issued by these bodies for more
information on risk assessment and effective controls.
The basic principle underpinning OSFI’s Supervisory Framework is that FRFIs must develop and implement effective risk management
controls to manage their exposure to financial risk and ultimately
their financial stability and soundness.
This Guideline aims to assist FRFIs in their development and implementation
of effective AML/ATF controls to manage their exposure to ML and
The PCMLTFA and PCMLTFR prescribe various outcomes that FRFIs
must achieve to detect and deter ML and TF. These outcomes are set
out as regulatory requirements which, in the aggregate, form the
compliance regime to be embedded in FRFIs’ AML/ATF programs. Examples
of regulatory requirements include: the identification of clients;
the appointment of a CAMLO; determining whether a client is a PEFP;
the prohibition on dealing with shell banks. Some requirements feed
into broader outcomes; others are themselves outcomes.
In all cases, the manner in which these outcomes may be achieved
is prescribed. Generally, there are three ways in which the PCMLTFA
and the Regulations prescribe how an outcome is to be achieved:
In these situations, one or more measures are prescribed. All
of the prescribed measures must be followed. An example is PEFP
determination - if a client is determined to be a PEFP, certain
prescribed measures must be taken.
In these situations, a choice of alternative measures is prescribed.
These measures offer FRFIs flexibility in achieving the prescribed
outcome. Aside from selecting which option to choose, no other options
or alternatives are available to the FRFI. Examples include prescribed
types of acceptable identification documentation for individuals
and prescribed sets of alternative measures for the identification
of credit card clients in non-face-to face situations.
In these situations, the PCMLTFA and PCMLTFR allow FRFIs more
flexibility to determine for themselves how to achieve the prescribed
outcomes, provided that the measures chosen are “reasonable”. To
be reasonable, the measures used must achieve the prescribed outcome.
An example is reasonable measures to determine the source of funds
for certain high risk clients.
This Guideline identifies measures that OSFI has found to be reasonable
when applied effectively – i.e., when they achieve prescribed outcomes.
The measures, which are drawn from a wide base of sources, including
the FATF, should not be treated as checklists.
As noted below, OSFI expects FRFIs to have AML/ATF programs in
place that include measures which are not expressly addressed by
the PCMLTFA and PCMLTFR, but which are consistent with other OSFI
Guidance and OSFI’s Supervisory Framework.
The AML/ATF program is the key vehicle for establishing and maintaining
effective control over ML and TF risks in all relevant areas of
the FRFI enterprise.
The following is a more detailed description of OSFI’s expectations
and prescribed content of the AML/ATF program:
FRFIs should ensure that their AML/ATF programs include the following
elements, each of which is expanded upon in this Guideline. Elements
required by the PCMLTFA and the PCMLTFR are marked with an asterisk:
Senior Management Oversight, including *Reporting
to Senior ManagementFootnote 2;
*An appropriate individual responsible for implementation
of the programFootnote 3.
See further, “CAMLO”;
*Assessment of inherent ML and TF risksFootnote 4.
See further, “Assessment of Inherent Risks”;
*Written AML/ATF policies and procedures that are kept up
to dateFootnote 5. See further,
“Control Policies and Procedures”;
*Written ongoing training programFootnote 6.
See further, “Ongoing Training”;
Self Assessment of controls. See further, “Self Assessment
of Controls”; and
*Effectiveness testingFootnote 7.
See further, “Effectiveness Testing”.
The AML/ATF program should implement a corporate standard of inherent
risk assessment and risk control measures, across all relevant business
areas of the FRFI.
The formality and sophistication of the AML/ATF program should
be commensurate with the size and complexity of the FRFI and its
businesses. As a general principle, the corporate standard should
be consistent with Canadian regulatory requirementsFootnote 8.
The PCMLTFAFootnote 9 requires that standards consistent with s. 6, 6.1 and 9.6 of the
PCMLTFA be applied in respect of wholly owned subsidiaries and branches
in countries that are not members of the FATF where the laws of
such countries permit it. FRFIs should ensure that unless there
is an explicit prohibition, such standards are applied.
FRFIs should notify OSFI if a country explicitly prohibits compliance
with s. 9.7 or 9.8 of the PCMLTFA, to assist OSFI in analysing the
situation in respect of that country.
Senior Management should have responsibility and accountability for: directing day-to-day implementation and management of the AML/ATF program; ensuring that it is adequate to mitigate ML and TF risk; that it complies with the PCMLTFA and PCMLTFR as required; and that it is implemented effectively in all relevant business areas.
Senior Management should ensure that:
Senior Management should ensure they receive sufficient pertinent
information from the CAMLO, the Auditor and other sources as appropriate,
to enable them to ensure the overall adequacy and effectiveness
of the AML/ATF program.
The PCMLTFRFootnote 10 prescribe timing and content of written reports on effectiveness
testing, including reporting on any updates made to AML/ATF policies
and procedures and the status of the implementation of such updates.
In larger, more complex, FRFIs, AML/ATF reports on effectiveness
testing made at different times (for example, during audits of different
business areas) should be collated and consolidated periodically.
This will support the goal of assessing overall adequacy and effectiveness.
FRFIs should ensure that AML/ATF reporting to Senior Management by the CAMLO and by the Auditor is not unduly commingled, in order to differentiate the contents and purpose of the reporting.
The reports from the CAMLO should include information about: the
FRFI-wide scope of the assessment of inherent risks including: significant patterns or trends; the self assessment of controls and material
changes thereto; and remedial action plans or recommendations, if
any, with milestones and target dates for completion. Where appropriate,
the CAMLO should draw conclusions, offer advice or make recommendations
about the overall structure and scope of the AML/ATF program.
Please refer to OSFI’s Corporate Governance Guideline for OSFI’s expectations of FRFI Boards of Directors in regards to operational, business, risk and crisis management policies.
Whether or not the broader risk management structure of the FRFI
is decentralized, responsibility for implementation of the enterprise
AML/ATF program should be assigned to the CAMLO, who should be one
person positioned centrally at an appropriate senior corporate level
of the FRFI. For the purposes of this Guideline, FRFIs should treat
the CAMLO as an independent oversight function as described in OSFI’s
Corporate Governance Guideline.
The CAMLO is expected to be responsible both for the regulatory
compliance component and the broader prudential
risk management component of the AML/ATF program.
FRFIs should ensure that the CAMLO has clear and documented responsibility
and accountability for AML/ATF program content, design and enterprise-wide
implementation. In particular, the CAMLO’s mandate should include
If the CAMLO delegates or assigns duties to other individuals,
or if the FRFI assigns some elements of the AML/ATF program to business
areas that do not report to the CAMLO, the CAMLO should take reasonable
measures to be satisfied that such elements are implemented satisfactorily.
Reasonable measures to achieve this could include:
FRFIs should ensure that the CAMLO has:
Responsibility for the implementation of the AML/ATF program requires
that the CAMLO have a thorough working knowledge of ML/TF risks
and controls in the FRFI and AML/ATF regulatory requirements; a
broad knowledge of the operations of the FRFI; and appropriate professional
qualifications, experience and strong leadership skills.
Consideration should be given to these factors when FRFIs consider
the seniority and reporting relationship of the CAMLO.
The PCMLTFAFootnote 11 requires that the compliance program include the development and
application of policies and procedures to assess, in the course
of a FRFI’s activities, the risk of a ML or a TF offence.
The PCMLTFRFootnote 12 requires that the following categories of ML and TF risk be covered
in a FRFI’s assessment of inherent risk:
For the purposes of item (iv) above, FRFIs should take into account
transaction risk factors, for example, structured or otherwise complex
transactions, and factors that may fall into more than one of the
other three categories.
Assessment of inherent risks refers to a process that:
In considering ML and TF risks, consideration should be given
to what, if any, pertinent changes have occurred since the assessment
of inherent risks was last performed. Reasonable measures to accomplish
this could include:
Regular assessment of inherent ML and TF risks enables FRFIs to
tailor or adjust corporate control measures to identified risk,
which in turn facilitates the allocation of more risk management
resources to areas of greater vulnerability. See further, “Self
Assessment of Controls” below.
The following sections discuss the methodology and desired outcomes
of the process used to analyse inherent ML and TF risks.
There is no single prescribed or universally used methodology
for inherent ML/TF risk assessment. However, the methodology used
should assess the risk of ML offences or TF offences across the
FRFI and include the categories of risk identified in p. 71(1)(c)
of the PCMLTFR.
The outcome of the methodology should be a rational, well-organized
and well-documented inherent risk analysis.
Reasonable measures to include in the methodology used would include
Inherent risk assessment should address the different categories
of risk exposure to ML and TF. The PCMLTFRFootnote 13 requires that inherent risk assessment address the following specific
categories of risk. In each category, OSFI has indicated types of
This is risk associated with types of clients that buy or use
the FRFI’s products and services. Categories of clients that may
indicate a higher risk could include:
This is risk associated with the client’s stated purpose in dealing
with the FRFI. Categories of business relationships that may indicate
a higher risk could include:
This is risk associated with FRFI products/services that enable
clients to move funds. Categories of products and services that
may indicate a higher risk could include:
This is risk associated with how FRFIs’ products/services are
delivered to clients including services delivered to clients non-face-to-face.
Categories of delivery channels that may indicate a higher risk
This is risk associated with places in which FRFI activities are
carried out. Where FRFIs have subsidiaries or branches in such places,
this may mitigate or elevate the risk. Categories of countries that
indicate a higher risk include countries:
FRFIs should ensure that they take any other relevant factors
into consideration in an inherent risk assessment, including transaction
risk factors and combinations of factors that may fall within more
than one of the other three categories.
An appropriate methodology should assign appropriate ML and TF
risk levels to the pertinent activities of the FRFI and in so doing,
identify the higher risks to which enhanced due diligence and ongoing
monitoring must be applied.
The criteria used for rating and ranking should have a rational
basis in ML and TF risk and address ML and TF risk factors that
are unique to specific business lines, areas and jurisdictions,
and also more general risk factors.
Finally, the methodology should enable FRFIs to comply with the
regulatory requirement to identify higher risk clients activity Footnote 14for purposes
of establishing a threshold level of enhanced due diligence that
is appropriate in the circumstances. See “Customer Due Diligence”
Results of the assessment of inherent risks should inform the
development of risk controls, and the allocation of resources, commensurate
with levels of ML and TF risk in the enterprise.
Certain risk control measures are prescribed by regulatory requirements.
These cannot be qualified or bypassed by inherent risk assessments.
They include, for example:
Control policies and procedures should identify and implement
measures designed to control inherent risks.
FRFIs should ensure that control policies and procedures are kept
up to date to mitigate risks. They must also comply with other regulatory
requirements: for example, the PCMLTFRFootnote 15 requires that written compliance policies and procedures form part
of the AML/ATF compliance program and be approved by a senior officer.
Control policies and procedures should be embedded in business
areas commensurate with the risks they are intended to mitigate,
and otherwise tailored to the particular circumstances in which
AML/ATF policies should set risk management standards to govern
the approach of the FRFI to deterring and detecting ML and TF, and
should ensure regulatory compliance.
Policies setting a corporate standard should be approved by Senior Management and implemented consistently across the enterprise. They should establish clear and definitive requirements throughout the organization.
In keeping with the general principle that the corporate standard
should be consistent with Canadian regulatory requirements (see
"Policies" above), policies should implement the corporate standard,
at least, of AML/ATF program requirements in wholly owned subsidiaries
and branches outside Canada to the extent that laws of the foreign
jurisdictions permit it. Policies should also reflect that unless
there is an explicit prohibition, the corporate standard, at least,
should be applied.
It should be noted that differences in local market conditions
are not a sound basis for lowering or eliminating enterprise standards.
In such cases, FRFIs should ensure that a specific risk assessment
is made to determine whether operating in such markets would result
in an unacceptable ML or TF risk to the FRFI.
Examples of topics that should be covered by policies are:
Procedures are the tools FRFIs use to translate AML/ATF policies
into practice. Therefore, it is essential that procedures state
clearly what actions are to be taken, by whom, where and when (noting
pertinent regulatory deadlines as appropriate).
The evolving nature of AML/ATF regulation and changes to a FRFI’s
business require that procedures be updated on a regular basis to
ensure their continued effectiveness. Should a FRFI’s procedures
allow for permitted exceptions, the procedures should include authorization
processes and associated enforcement mechanisms to oversee such
CDD is comprised of client identification, information gathering,
ascertaining identity and ongoing monitoring. These components must
comply with applicable regulatory requirements, and must be enhanced
for higher risk situationsFootnote 17 . The extent of CDD performed should correspond to the relative
level of assessed ML and TF risks in the circumstances. See “Specific
Higher Risks” below.
As a general principle, a business relationship should only be
entered into or maintained with a client if the FRFI is satisfied
that the information it has gathered demonstrates that the FRFI
knows the client (i.e. the client has disclosed his or her true
identity and a legitimate purpose for entering or maintaining the
business relationship with the FRFI). DTIs are required to keep
a record of the intended use of each account opened, other than
a credit card accountFootnote 18 .
The prescribed rules comprising CDD requirements do not permit
FRFIs to establish anonymousFootnote 19 accounts for clients. If FRFIs provide services (such as account
numbering or coding services) that effectively shield the identity
of a client for business reasons (for instance, in a corporate acquisition
where the premature circulation of information could jeopardize
the transaction), or where client identity is withheld for proprietary
reasons, FRFIs must ensure that they have appropriately ascertained
the identity of the client and that this information is accessible
by the CAMLO.
Where the regulatory requirements prescribe a determination of
the status of a client, for example, the determination of whether
a client is a PEFP, there must actually be a determination and FRFIs
should ensure that a determination is made based on an assessment
of the information received.
The nature and extent of CDD measures should be appropriate for
the nature of, and proportional to the level of, the ML and TF risk
that is posed by the client in the circumstances. See ”Inherent
Risk Assessment”, above. At a minimum, CDD measures must comply
with the requirements of the PCMLTFA and PCMLTFR. CDD standards
should provide that where there are doubtsFootnote 20 about the veracity or adequacy of previously
obtained client identification and verification data, enhanced CDD
must be performed.
FRFIs should enhance CDD measures if standard measures produce
inconsistent, otherwise uncertain or doubtful results. The level
of such enhanced due diligence should be sufficient to mitigate
the inconsistencies, uncertain or doubtful results.
FRFIs may have clients whose identities have not been ascertained
in accordance with the PCMLTFR on account of having become clients
prior to the AML/ATF requirements coming into force in 2002, or
having purchased products that the PCMLTFR exempt from client identification
requirements. FRFIs should ensure that if such clients subsequently
purchase products to which client identification requirements apply,
they are subject to appropriate client identification measures.
Reasonable measures to ensure that such clients are appropriately
identified could include:
The PCMLTFR specifies the originals of prescribed valid documents
(or types of valid documents) that may be inspected to ascertain
the identity of individuals and the existence of entities in face
to face and non face to face scenarios, and the timing for doing
so. A FRFI’s CCD policy should provide clear direction that complies
with the PCMLTFR, (where applicable) on:
While identification and verification standards and policies must
meet the minimum prescribed requirements, FRFIs may consider that
the assessment of inherent risk justifies the application of additional
identification requirements to some categories of client.
For example: the PCMLTFRFootnote 21 prescribes the use of valid government-issued
documents to be used to ascertain the identity of a client. These
include, inter alia, birth certificates. The PCMLTFR permits
Social Insurance Number (SIN) cards to be used to ascertain the
identity of a client. Where a birth certificate or a SIN card is
the only document available to ascertain identity, and the assessed
ML or TF risk of the client is other than minimal, FRFIs should
consider applying additional identification measures. Such additional
measures could include viewing the original of other acceptable
government-issued identification documents, including government-issued
photo identification, or, if these are not available, other credible
evidence supporting the identity of the client such as a property
tax or utility bill.
For persons without acceptable Canadian identification documents,
comparable or equivalent foreign identification documents may be
acceptable if they can be read and assessed as valid identification
documents (for example, by reference to publicly available information)
and can be understood by the FRFI.
Identifying a client that is a corporation or other entity may
involve the collection of substantial information in some cases.
In addition to confirming the existence of the entityFootnote 22, FRFIs must take reasonable measures
to obtain the names and occupations of its directors and the names,
addresses and occupations of individual(s) who are the ultimate
beneficial owners of 25% or more of the entity Footnote 23. Reasonable
measures to obtain this information could include:
Where a FRFI is required to obtain the occupation of a person
(for example, a director of a client entity), the FRFI should ensure
that the occupation obtained is the person's principal occupation
and not merely the person's title in the client entity.
The measures applied should be commensurate with the level of
DTIs must also ascertain the identity of every person who signs
a signature card in respect of a business account, except that where
the signature card is signed by more than three authorized individuals,
the identities of at least three of them must be ascertainedFootnote 24. The requirements of identification
of individual clients are applicable. Life insurance companies should
adopt a similar practice as a matter of prudent risk management
because the inherent risk of not identifying signing officers for
business accounts is similar.
The PCMLTFA and PCMLTFR prohibit FRFIs from opening accounts in
prescribed circumstances if the FRFI cannot establish the identity
of the client in accordance with prescribed measuresFootnote 25.
FRFIs must also take reasonable measures, at times prescribed
by the PCMLTFRFootnote 26, to determine whether the individual
client is acting for or on behalf of a third party. Reasonable measures
Life insurance companies are not required to ascertain the identity
of, or obtain the identification information of, a person where
there are reasonable grounds to believe that the person’s identity
has been ascertained in the prescribed manner by another life insurance
company or life insurance broker or agent in respect of the same
transaction or of a transaction that is part of a series of transactions
that includes the original transactionFootnote 27. For these situations, life insurance
companies should therefore develop and implement policies and procedures
designed to ensure that:
OSFI understands that with respect to individual products, in
practice life insurance companies do receive information about the
identity of the client on application forms submitted by life insurance
agents or brokers. This practice enables life insurance companies
to periodically determine that the grounds for relying on such agents
FRFIs should satisfy themselves that, in appropriate circumstances,
the amount of clients’ accumulated funds or wealth appears to be
reasonable and consistent with the information provided. Doubts
about the origin of such funds or wealth should be satisfied before
proceeding with the relationship or permitting transactions to occur.
Reasonable measures to implement this requirement could include:
Where doubts persist, consideration should be given to not proceeding
with the relationship or transaction.
In cases where a client is assessed as higher risk and the source of accumulated funds or wealth does not appear
to be reasonable, or is inconsistent with the information provided
despite taking reasonable measures to resolve the inconsistency,
the FRFI should consider declining to enter the business relationship,
or terminating it, and consider filing a suspicious attempted transaction
FRFIs must be able to identify suspicious transactions, or suspicious
attempted transactions, and report these to FINTRAC. Further, FRFIs
must take reasonable measures to ascertain the identity of every
person with whom the FRFI conducts a transaction that is determined
by the FRFI to be suspiciousFootnote 28.
These obligations imply that the activities of all clients, regardless
of their risk ranking, must be subject to some form of ongoing monitoring
to detect transactions or attempted transactions that are potentially
Reasonable measures for such monitoring could include:
FRFIs should conduct feasibility studies, as appropriate, to determine
whether transaction volumes merit the application of information
technology solutions to transaction monitoring.
Monitoring should identify information, transactions or attempted
transactions that are unusual or potentially suspicious and that
require further analysis. Monitoring criteria should cover all relevant
indicators. Relevant indicators could include:
The PCMLTFA and PCMLTFR provide that where a FRFI determines that
the risk of a ML or TF offence is high, FRFIs must take prescribed
special measures for identifying clients, keeping records and monitoring
financial transactions in respect of the activities that pose the
high riskFootnote 29. The prescribed
special measures include: reasonable measures to determine whether
the high risk client is a PEFPFootnote 30;
keep client identification information and the information referred
to in PCMLTFR s. 11.1 up to dateFootnote 31;
conduct ongoing suspicious transaction and suspicious attempted
transaction monitoring Footnote 32;
and generally mitigate the high riskFootnote 33.
FRFIs should consider creating more than one category of higher
risk client, and more than one category of enhanced due diligence,
if the nature, scope, complexity and risk profile of the financial
institution merit such action. Each level of enhanced monitoring
should reflect the assessed level of risk appropriately.
Reasonable measures for applying enhanced monitoring could include:
Additional measures that could be taken to strengthen the monitoring
of high risk activities include:
This section discusses OSFI’s expectations and prescribed measures
in respect of enhanced due diligence and related controls applicable
to areas of identified higher risk.
Many FRFIs rely on introducers, intermediaries or other third
partiesFootnote 34 for client information gathering and verification purposes. These
include, for example, deposit and mortgage brokers and solicitors.
ML and TF risk mitigation can be compromised where FRFIs do not
ensure that appropriate client identification standards are applied
by the introducers, intermediaries or other third parties.
With one exception for life insurance companies referred to above,
accountability for ascertaining the identity of the client and obtaining
the information used to identify the client remains with the FRFI
when it uses a third party to ascertain the identity of clients.
In respect of this accountability, FRFIs must have an agreement
or arrangement in writing with the agent or mandatary if such person
is to be responsible for client identification and verification.
The provisions of this arrangement or agreement must conform to
the requirements of the PCMLTFRFootnote 35 and it should obligate the agent or mandatary to:
DTIs and life insurance companies should also:
Documentation of relationships and communications with, and client
due diligence work of, agents and mandataries, should be complete
and current, and client information should be placed in the client’s
record promptly upon receiving it. See further, “Record Keeping
and Retention”, below.
FRFIs should consider terminating relationships with agents or
mandataries that do not comply with agreed upon client identification
responsibilities or provide the DTI or life insurance company with
the requisite client information on a timely basis.
Contracts with agents and mandataries should be reviewed and updated
as necessary to ensure compliance with the PCMLTFRFootnote 37 regarding the use of agents and mandataries.
The extent of the DTI’s or life insurance company’s exposure to
the agent or mandatary for the results of client due diligence should
be addressed expressly in the DTI’s or life insurance company’s
inherent risk assessment.
Fraudulent misrepresentation in respect of FRFIs' products takes
many forms that could include:
FRFIs should ensure their client acceptance and due diligence
processes address the risk of fraud, a predicate offence for money
laundering. FRFIs should take reasonable measures to address the
risk, which could include:
Life insurance companies should ensure that mortgage loans are
subject to the AML/ATF program.
The FATF Recommendations state that PEPs are potentially more
susceptible to financial crime than other clients of financial institutions.
In Canada, the PCMLTFA requires FRFIs to determine, in prescribed
circumstances, whether they are dealing with PEFPs and also prescribes
mandatory enhanced due diligence measures to be taken in respect
of PEFPs in prescribed circumstances.Footnote 38
A PEFP is defined in the PCMLTFA as an individual who holds or
has ever held prescribed offices or positions in or on behalf of
a foreign state or is a prescribed member of the family of such
a personFootnote 39.
For purposes of the foregoing, the term "foreign state" should
be interpreted to include the principal political subdivisions of
foreign countries when applying the PEFP definition.
Once the determination is made, prescribed actions must be taken
within minimum time periods.
There are three situations that trigger the requirement for DTIs
to determine whether a client is a PEFP:
The determination and approval by a senior officer to keep the
account open must be made no later than 14 days from account activation Footnote 43 or within
14 days of the EFT being received or sentFootnote 44.
There is no specific time period in respect of determination as
a result of a risk assessment. FRFIs should ensure that the PEFP
determination required when an existing account is deemed to be
high risk is made no later than 14 days thereafter, to be consistent
with other prescribed requirements.
Life insurance companies must take reasonable measures to determine
if a person who makes a lump-sum payment of $100,000 or more in
relation to an immediate or deferred annuity or life insurance policy
on their own behalf or on behalf of a third party is a PEFP Footnote 45.
Such person may not be the policy holder.
The determination must be made within 14 days of the payment transaction Footnote 46.
The PCMLTFA and PCMLTFR require that FRFIs take “reasonable measures”
to make the PEFP determination. Reasonable measures could include:
If FRFIs choose to ask the individual for information, FRFIs should
keep in mind that clients should not be expected to know the criteria
that determine whether they are PEFPs. FRFIs should also note that
there is no obligation imposed on FRFIs to disclose to a client
that a determination must be made, or needs to be made.
A reasonable approach would be to ask the client if the client
has or has ever had a prescribed connection to a foreign state,
government, military or judiciary. The questions could be expanded
to cover family members with any similar connections. If the responses
are not clear or inconclusive, additional assessment or due diligence
may be necessary before finalizing the determination. The additional
measures could range from asking the applicant for more information,
to internet searches, to running the individual(s’) name(s) against
a public database.
FINTRAC has published a pamphlet that FRFIs can use to explain
to their clients, if necessary, why they need to enquire about their
background. This pamphlet can be viewed at FINTRAC’s Internet site.
FRFIs that choose to screen names and other personal information
against a commercial or publicly available database should ensure
OSFI does not expect FRFIs to depend on a client database in making
a PEFP determination where the information obtained from the client
shows that the client is a PEFP. Clients, who initially provide
information that clearly establishes them to be PEFPs, must be determined
to be PEFPs and need not be scrubbed through databases unless it
is done merely to obtain background or additional information.
Refer to the discussion about “reasonable measures” in "Client
Due Diligence", above. FRFIs should ensure a determination is made
based on an evaluation of the information received from a client
or a database.
FRFIs should also ensure that, where a client is determined to
be a PEFP, and the FRFI is aware that the client has family members
who are also PEFPs by reason of the definition in the PCMLTFA, the
names of such family members are scrubbed against the FRFI’s client
databases to determine if accounts are held in such names by the
FRFIs that use agents or mandataries (deposit brokers, mortgage
brokers or others) to identify their clients and remit client identification
information to them retain responsibility for PEFP determination.
FRFIs may assign responsibility for collecting the information necessary
for the FRFI to determine if the client is a PEFP, but the FRFI,
not the agent, is responsible for making the determination and for
applying the prescribed measures accordingly. FRFIs should ensure
that where agents or mandataries are responsible for gathering the
information, the agents understand what is required to be done and
the FRFI satisfies itself that its agents are doing what is required.
If a client’s name is contained in a public database, but the
FRFI does not determine the client is a PEFP, the FRFI may wish
to make a note of the “hit” for future reference or to guide it
in any future risk assessment.
Once a PEFP determination is made, it may not be reversed or otherwise
changed, other than to correct error. The PEFP definition provides
that the criterion or criteria that trigger PEFP status remain(s)
in effect in perpetuity.
When a client is determined to be a PEFP a FRFI must:
Reasonable measures to establish source(s) of funds include asking
the client to explain how the client came to hold the funds. Examples
of source of funds could include: savings accumulated through employment;
sale of investments; sale of a business; an inheritance; a salary
bonus; and consulting fees.
In respect of the approval by a senior officer, such individual
should be a person at a more senior level who has the authority
to make this decision.
Reasonable measures for enhanced and ongoing monitoring of PEFPs’
accounts may involve manual or automated processes, or a combination
of both depending on resources and needs and could include:
The PEFP definition in the PCMLTFA indicates that the country
of residence or citizenship of an individual is immaterial to PEFP
determination. FRFIs should therefore ensure that their methodology
of PEFP determination does not preclude individuals merely because
they may be Canadian citizens or residents.
FRFIs may need to ensure they distinguish between PEFPs and domestic
PEPs. The latter are not separately defined in the PCMLTFA definition
of PEFP, although a PEFP could also be a domestic PEP. However,
FRFIs are not under any legal obligation to identify domestic PEPs per se, whether by screening or flagging large transactions
or in any other way. Further, even if FRFIs know they are dealing
with a domestic PEP, they are not under any legal obligation to
apply the measures that are applicable to PEFP accounts, unless
that individual is a PEFP.
Where a FRFI is aware that a client is a domestic PEP, the FRFI
should assess what effect, if any, this may have on the overall
assessed risk of the client. If the assessed risk is elevated, the
FRFI should apply enhanced due diligence measures as it considers
The PCMLTFA and PCMLTFR do not oblige FRFIs to apply PEFP measures
to their subsidiaries or branches of FRFIs outside Canada.
Where a FRFI is aware that a client of a subsidiary or a branch
outside Canada is a PEFP, the FRFI should assess what effect, if
any, this may have on the overall assessed risk of the client. If
the assessed risk is elevated, the FRFI should apply enhanced due
diligence as it considers appropriate.
The operations of foreign branches and subsidiaries may be subject
to local AML/ATF legislation, which may include requirements to
identify and monitor PEPs, including PEFPs.
FRFIs are not obliged by the PCMLTFA or PCMLTFR to apply PEFP
determination procedures to persons who own or control 25% or more
of clients that are corporations or entities, or who are directors
or officers of such corporations or entities.
Where a FRFI is aware that a person who owns or controls 25% or
more of a client that is a corporation or entity, or who is a director
or officer of such a corporation or entity, is a PEFP, the FRFI
should assess what effect, if any, this may have on the overall
assessed risk of the client corporation or entity. If the assessed
risk is elevated, the FRFI should apply enhanced due diligence as
it considers appropriate. Appropriate due diligence could include:
For life insurance companies, the PCMLTFRFootnote 47 does not distinguish between domestic
and foreign payments. Accordingly, life insurance companies should
apply a PEFP determination to prescribed funds from any source,
domestic or foreign.
For DTIs, domestic transfers into or out of an account
do not, of themselves, trigger any requirement to make a PEFP determination Footnote 48.
However, if a DTI has already determined that a client is a PEFP,
OSFI believes that a risk assessment should be made to determine
whether monitoring domestic incoming transfers would be advisable.
Identifying a client that is a corporation that can issue bearer
shares may require special customer identification measures. Bearer
shares can hide the identity of beneficial owners of the client
corporation. If the aggregate of such shares could amount to more
than 25% of such client corporation, a FRFI might be unable to identify
the beneficial owner(s).
Where a FRFI assesses (using the risk categories outline above)
that the risk of dealing with such a client corporation may be present,
the FRFI should apply reasonable measures to mitigate this risk.
Reasonable measures should always include obtaining the identity
of the person or persons who beneficially own 25% or more of the
shares of the corporation taking into account any issued and outstanding
bearer shares, and could also include one or more of the following:
FRFIs should ensure that the measures taken are documented.
For the purpose of this Guideline, "correspondent banking relationship"
has the same meaning as in the PCMLTFA.
Correspondent banking relationships are established between banks
to facilitate, among other things, transactions between banks made
on their own behalf; transactions on behalf of their clients; and
making services available directly to clients of other banks. Examples
of these services include: inter-bank deposit activities; international
electronic funds transfers; cash management; cheque clearing and
payment services; collections; payment for foreign exchange services;
processing client payments (in either domestic or foreign currency);
and payable- through accounts.
Correspondent banking relationships with foreign financial institutions
(FFIs) are identified by the FATF as a specific higher risk area,
and consequently the PCMLTFA and PCMLTFR prescribe measures Footnote 49 to be applied
by FRFIs that enter into correspondent banking relationships with
FFIs and their clients.
FRFIs that offer payable through accounts services to customers
of FFIs must take reasonable measures to ascertain whether the FFIs
have met requirements that oblige them to identify and ascertain
the identities of such clients that are consistent with the requirements
of the PCMLTFR, and ensure that the FFIs will provide relevant customer
identification data to the FRFI, upon requestFootnote 50.
Reasonable measures to achieve these requirements could include:
Reasonable measures to monitor correspondent banking relationships
generally could include, for example:
Where a FRFI ascertains, pursuant to s. 55.1 of the PCMLTFR, that
there are civil or criminal sanctions imposed against a FFI in respect
of AML/ATF requirements; or where a FRFI ascertains that a FFI does
not have in place AML/ATF policies and procedures as specified in
ss.15.1(3) of the PCMLTFA; then for the purpose of detecting any
suspicious transactions required to be reported to FINTRAC under
s. 7 of the PCMLTFA the FRFI should conduct ongoing monitoring of
all transactions in the context of the correspondent banking relationship
to mitigate the higher risk Footnote 51. The extent
of such monitoring in the case of sanctions identified against a
FFI should correspond to the context, severity and type of sanctions
imposed on the FFI. Reasonable measures could include:
A FRFI acting as an intermediary bank may not be in a position
to understand the purpose of EFTs originated by clients of FFIs
or other originator banks, or conduct CDD on these persons. Consequently,
such a FRFI that receives a cover payment for transactions may not
be in a position to determine whether EFTs represented by the cover
payment are suspicious, based on an understanding of the activities
of the originator (and the beneficiary, if the beneficiary is not
a client of the FRFI). It is, however, possible for intermediary
FRFIs to monitor transactions that they process to identify patterns
of activity that may be suspicious, to report suspicious transactions
or attempted transactions, and, where such transactions are associated
with a particular FFI, to review the relationship with that FFI.
All information prescribed by the PCMLTFA and PCMLTFR, including
originator informationFootnote 52,
must be included on all outgoing international EFTs and domestic
SWIFT payments originated by FRFIs.
In addition, FRFIs must take reasonable measures to ensure that
incoming EFTs include originator information. FRFIs that act as
intermediary banks should develop and implement reasonable policies
and procedures for monitoring payment message data subsequent to
processing. Such measures should facilitate the detection of instances
where required message fields are completed but the information
is unclear, or where there is meaningless data in message fields.
Reasonable measures could include:
The reasons for decisions taken should be documented.
Traditional trade finance services include letters of credit or
other financial products, which give FRFIs the opportunity to view
and assess details of the transaction that triggers an international
FRFIs that outsource trade finance services to other financial
institutions should ensure that this outsourcing is included in
the FRFI’s inherent risk assessment. If the assessment indicates
that the risk of ML and TF is elevated, the FRFI should implement
reasonable measures to control the risk. Reasonable measures could
OSFI recognizes that FRFIs whose services are used to make trade
finance payments on an open account basis may not have an opportunity
to review the nature of a client's underlying trade transaction.
Reasonable measures to address this risk could include:
The FATF has advisedFootnote 53 that the laundering of funds through under- and over-invoicing is
one of the oldest methods of fraudulently transferring value across
borders, and remains a common practice. The key element of the technique
is the misrepresentation of the price of the good or service in
order to transfer additional value between the importer and exporter.
Many such cases have been identified by the FATF.
By invoicing the same good or service more than once, a money
launderer may be able to justify multiple payments for the same
shipment of goods or delivery of services, especially if more than
one financial institution is used. Multiple invoicing avoids the
need to misrepresent prices.
A third method of illicitly moving funds is to move more, less,
or no goods.
The foregoing techniques can be combined in more complex series
of arrangements. For example, the so-called Black Market Peso Exchange
is a known technique used to launder the proceeds of the sale of
drugs. For more detailed information on techniques and typologies
associated with this and other trade-based money laundering, FRFIs
are requested to consult FATF material available on the FATF web
Where the assessed risk of ML or TF in trade finance services
is elevated, FRFIs should take reasonable measures designed to mitigate
the risk of misuse of trade financing mechanisms. Reasonable measures
Developments in technology frequently drive the creation of new
financial products and services. Such developments can lower costs,
improve client service and expand markets. FRFIs should have policies
and procedures in place to ensure that new and developing technologies
are included in the FRFI’s inherent risk assessment process. In
this way FRFIs can ensure that appropriate AML/ATF controls are
in place, and, where appropriate, develop or amend controls to take
new risks into account. Examples of new and developing technologies
include stored value cards that may permit clients to subsequently
download those funds directly into a deposit or a credit account
and mobile telephone technology and various e-money services that
have similar characteristics.
Procedures for keeping paper and electronic records of pertinent
information about clients and transactions must ensure that the
FRFI complies with all of the record keeping requirements of the
PCMLTFA and PCMLTFR. These include:
FRFIs are expected to use record keeping methodologies and formats
that are appropriate in their particular circumstances, provided
that records required to be kept by the PCMLTFA and PCMLTFR must,
as a general rule, be kept for at least 5 yearsFootnote 72 and they must be made available to competent authorities on a timely
basis, which is within 30 days after a request is made Footnote 73.
Client information should be kept current to reflect regulatory
requirements and the FRFI’s continuing knowledge of the client,
client activities and purpose of the client relationship, which
facilitates monitoring for suspicious transactions and attempted
A process should be implemented for dealing with incomplete documentation
with a view to making it complete and current before doing more
transactions or unrestricted transactions.
The PCMLTFA and PCMLTFR prescribe reporting to FINTRAC on LCTRs,
EFTs, STRs and TPRs.
FRFIs should ensure that internal reporting processes are designed
to ensure compliance with regulatory reporting requirements as they
relate to transaction reporting systems. Systemic compliance issues
should be documented, escalated to the CAMLO and brought to the
attention of FINTRAC. Control measures should include the identification
of remedial action designed to eliminate compliance issues. For
example, FRFIs should notify FINTRAC promptly of any internally
identified LCTR, EFT or STR reporting errors or omissions. FRFIs
should pay special attention to FINTRAC’s error codes when filing
reports, and take remedial action on a timely basis when FINTRAC
indicates filing errors or other compliance issues. FRFIs should
confirm to FINTRAC when remedial action is complete.
Suspicious transactions and attempted transactions are defined
in the PCMLTFA as those in respect of which there are reasonable
grounds to suspect that the transaction or attempted transaction
is related to the commission or attempted commission of a ML offence
or a TF offence.Footnote 74 There is no monetary threshold applicable to suspicious transactions
or suspicious attempted transactions.
A transaction or attempted transaction that the FRFI reasonably
suspects is related to a money laundering offence must be reported
to FINTRAC. Property in the possession or control of a FRFI that
the FRFIs knows, or has reasonable grounds to believe, is owned
or controlled by or on behalf of a terrorist or a terrorist group,
must also be reported to FINTRAC. This includes information about
any transaction or proposed transaction relating to that property.
The obligation to report suspicious transactions, suspicious attempted
transactions and terrorist propertyFootnote 75 is designed to assist Canadian law enforcement authorities in their
investigation and prosecution of ML and TF offences and predicate
offences. Robust ongoing monitoring, examination and reporting processes
in FRFIs are crucial in assisting these law enforcement efforts.
Suspicious transactions and suspicious attempted transactions
should be identified by FRFIs from unusual activity or transactions.
Procedures to identify unusual activities should capture the background
and purpose of the transaction(s), who was involved, when and where
it occurred, what products or services were involved and how the
transaction was structured, and should be recorded.
STRs must be filed promptly in accordance with the regulatory
requirements. Supporting documentationFootnote 76 must be retained as prescribed and made available to assist law
enforcement authorities within prescribed deadlines.
FRFIs must ensure that information concerning STRs, including
the fact that there is a suspicion and/or an STR, is kept strictly
confidential. The client(s) involved must not be tipped off to a
disclosure, and information within the FRFI must be strictly limited
to the CAMLO and others on a “need to know” basis.
The PCMLTFRFootnote 77 require that, except where identity has been previously ascertained
in accordance with the Regulations, FRFIs must take reasonable measures
to ascertain the identity of every person with whom a suspicious
transaction or suspicious attempted transaction is conducted. While
reasonable measures may include normal client identification practices,
care must be taken to ensure that such practices, if used, do not
have the effect of tipping off the client.
The PCMLTFR providesFootnote 78 that where two or more cash transactions of less than $10,000 each
are made within 24 consecutive hours that in the aggregate amount
to $10,000 or more, the aggregated transactions are considered to
be a single transaction of $10,000 or more for reporting purposes
if a FRFI knows that the transactions are conducted by, or on behalf
of, the same person or entity, or an employee or a senior officer
of the FRFI knows that the transactions are conducted by, or on
behalf of, the same person or entity.
For the purposes of interpreting this requirement, FRFIs that
have systems in place that permit the FRFI to know, by making a
record of multiple cash transactions referred to in this requirement,
that the transactions are conducted by or on behalf of the same
client should ensure that such transactions are aggregated and reported
to FINTRAC as Large Cash Transactions.
Effective training programs for staff and others (as required)
is an important and statutorily required element of FRFIs’ AML/ATF
FRFIs should ensure that written AML/ATF training programs are
developed and maintained. Appropriate training should be considered
for Senior Management, employees, agents and any other
persons who may be responsible for control activity, outcomes or
oversight, or who are authorized to act on the Company’s behalf
pursuant to the PCMLTFRFootnote 79. The nature and content should be appropriate to the
AML/ATF responsibilities of and the FRFI's relationship with, each
intended recipient group. In particular, training should be tailored
to provide the types and granularity of information and skills that
are necessary for effective performance of the AML/ATF function
in each case.
Training programs for Senior Management should
provide sufficient briefing with respect to inherent risks and controls
to enable them to assess information reported by the CAMLO and Auditor,
and exercise effective oversight over the AML/ATF program.
FRFIs should ensure that a self assessment of control measures
is conducted, preferably on an ongoing basis, but at least annually.
The assessment of AML/ATF controls is an important component of
AML/ATF program because of its quality assurance outcome.
While the assessments in business areas can and should be conducted
by individuals in those business areas, FRFIs should ensure that
the assessment process is designed to enable results in each area
to be consolidated for analysis and other purposes.
The self assessment in each relevant area of the FRFI should cover,
at a minimum, the adequacy of the inherent risk assessment, AML/ATF
policies and procedures, training and other controls implemented
to mitigate ML and TF risks.
FRFIs should ensure that the self assessment is neither too narrow
nor too broad. For example, a narrow legal/regulatory-based assessment
could fail to cover broader ML and TF controls. Similarly an operational-based
assessment might fail to cover prescribed controls.
All significant information used in the self assessment process
should be verified or readily verifiable. Methods used to ensure
that information is verified or verifiable will depend on the size,
complexity and governance structure of the FRFI. Reasonably effective
measures observed by OSFI tend to fall into one or more of the following
The self assessment of controls should provide FRFIs with:
Like the assessments of inherent risk and risk management controls,
effectiveness testing of the AML/ATF program is an important component
of AML/ATF program quality assurance and is a statutorily required
part of the FRFI’s AML/ATF program.
The PCMLTFRFootnote 80 require that the following AML/ATF program components be reviewed
for the purpose of testing their effectiveness every two years:
The PCMLTFRFootnote 81 also prescribe minimum content and timing for reports to a senior
officer on effectiveness testing.
In addition, it would be prudent for FRFIs to ensure that all
other elements of the AML/ATF program be tested for effectiveness
on a similar time scale.
FRFIs have access to internal or external auditors (or both) and
therefore FRFIs should ensure that the Auditor is responsible for
effectiveness testing. However, this does not preclude the Auditor
from outsourcing all or part of the effectiveness testing to qualified
third parties, although remaining responsible for the effectiveness
testing program. FRFIs should ensure that effectiveness testing
of the AML/ATF program is included in the Auditor’s mandate and
Effectiveness testing may be carried out on a stand-alone basis,
or embedded in broader audits with other audit work. Whichever approach
is taken, testing must cover all key AML/ATF program components,
including policies and procedures, risk assessments and training
programs at least every two years.
FRFIs should ensure that effectiveness testing is:
The following table compares the different purposes, content,
responsibility and outcomes of effectiveness testing and self assessments
of risks and controls:
The following meanings apply in this Guideline:
In June 2010, OSFI issued an instruction guide on Designated Persons Listings and Sanctions Laws.
Return to footnote 1 referrer
PCMLTFR ss. 71(2)
Return to footnote 2 referrer
PCMLTFR p. 71(1) (a)
Return to footnote 3 referrer
PCMLTFA ss. 9.6(2)
Return to footnote 4 referrer
PCMLTFR p. 71(1)(b)
Return to footnote 5 referrer
PCMLTFR p. 71(1)(d)
Return to footnote 6 referrer
PCMLTFR p. 71(1)(e)
Return to footnote 7 referrer
PCMLTFA s. 6, 6.1 and 9.6
Return to footnote 8 referrer
PCMLTFA ss. 9.7(1) and s. 9.8
Return to footnote 9 referrer
Return to footnote 10 referrer
Return to footnote 11 referrer
PCMLTFR p. 71(1)(c)
Return to footnote 12 referrer
Return to footnote 13 referrer
PCMLTFA ss. 9.6(3)
Return to footnote 14 referrer
Return to footnote 15 referrer
PCMLTFA ss. 9.6(3) and PCMLTFR p. 71.1(a)
Return to footnote 16 referrer
PCMLTFR s. 71.1
Return to footnote 17 referrer
PCMLTFR p. 14(c.1)
Return to footnote 18 referrer
i.e., an account where the FRFI has not ascertained the identity
of the client (other than certain products which are subject
to specific identification exemptions under the PCMLTFR)
Return to footnote 19 referrer
PCMLTFR ss. 63(1.1)
Return to footnote 20 referrer
PCMLTFR ss. 64(1)
Return to footnote 21 referrer
PCMLTFR ss. 65(1)
Return to footnote 22 referrer
PCMLTFR s. 11.1
Return to footnote 23 referrer
PCMLTFR ss. 54(1)
Return to footnote 24 referrer
PCMLTFA s. 9.2
Return to footnote 25 referrer
PCMLTFR ss. 9(1) DTIs; PCMLTFR ss. 10(1) life insurance companies;
PCMLTFR ss. 8(1) large cash transactions
Return to footnote 26 referrer
PCMLTFR ss. 56(2)
Return to footnote 27 referrer
PCMLTFR s. 53.1
Return to footnote 28 referrer
Return to footnote 29 referrer
PCMLTFR p. 54.2(b)
Return to footnote 30 referrer
PCMLTFR p. 71.1(a)
Return to footnote 31 referrer
PCMLTFR p. 71.1(b)
Return to footnote 32 referrer
PCMLTFR p. 71.1(c)
Return to footnote 33 referrer
Referred to as “agents” or “mandataries” in s. 64.1 of the
Return to footnote 34 referrer
PCMLTFR s. 64.1
Return to footnote 35 referrer
FINTRAC Guideline 6G, section 4.12
Return to footnote 36 referrer
Return to footnote 37 referrer
PCMLTFA s. 9.3
Return to footnote 38 referrer
PCMLTFA ss. 9.3(3)
Return to footnote 39 referrer
PCMLTFR paragraph 54.2(a)
Return to footnote 40 referrer
PCMLTFR paragraph 54.2(b)
Return to footnote 41 referrer
PCMLTFR paragraph 54.2(c), (d)
Return to footnote 42 referrer
PCMLTFR ss. 67.1(2)
Return to footnote 43 referrer
PCMLTFR ss. 67.2(3)
Return to footnote 44 referrer
PCMLTFR s. 56.1
Return to footnote 45 referrer
Return to footnote 46 referrer
Return to footnote 47 referrer
PCMLTFR p. 54.2(c)
Return to footnote 48 referrer
PCMLTFA s. 9.4 and PCMLTFR s. 55.1, 55.2
Return to footnote 49 referrer
PCMLTFR s. 55.2
Return to footnote 50 referrer
PCMLTFR ss. 15.1(3)
Return to footnote 51 referrer
PCMLTFA p. 9.5(b)
Return to footnote 52 referrer
Trade Based Money Laundering, 23 June, 2006, available
on the FATF Web site.
Return to footnote 53 referrer
PCMLTFR ss. 11.1(1)
Return to footnote 54 referrer
PCMLTFR s. 13
Return to footnote 55 referrer
PCMLTFR p. 50(1)(c), ss. 50(3)
Return to footnote 56 referrer
PCMLTFR p. 14(a)-(c)
Return to footnote 57 referrer
PCMLTFR s. 14.1
Return to footnote 58 referrer
PCMLTFR p. 14(d)
Return to footnote 59 referrer
PCMLTFR p. 14(e)-(h)
Return to footnote 60 referrer
Return to footnote 61 referrer
PCMLTFR p. 14(i)
Return to footnote 62 referrer
PCMLTFR p. 14(j)
Return to footnote 63 referrer
PCMLTFR p. 14(k) and (l)
Return to footnote 64 referrer
Return to footnote 65 referrer
PCMLTFR ss. 15(1)
Return to footnote 66 referrer
PCMLTFR p. 14(n)
Return to footnote 67 referrer
PCMLFTR p. 14(o), s. 20.1
Return to footnote 68 referrer
PCMLTFR p. 14.1(g)
Return to footnote 69 referrer
PCMLTFR ss. 15.1(2)
Return to footnote 70 referrer
PCMLTFR s. 19
Return to footnote 71 referrer
PCMLTFR s. 69
Return to footnote 72 referrer
PCMLTFR s. 70
Return to footnote 73 referrer
PCMLTFA s. 7
Return to footnote 74 referrer
PCMLTFA s. 7 and s. 7.1
Return to footnote 75 referrer
Including a copy of the Suspicious Transaction Report
Return to footnote 76 referrer
PCMLTFR ss. 53.1(1)
Return to footnote 77 referrer
PCMLTFR ss. 3(1)
Return to footnote 78 referrer
Return to footnote 79 referrer
Return to footnote 80 referrer
Return to footnote 81 referrer