Office of the Superintendent of Financial Institutions
As of July 26, 2021, this Guideline has been rescinded and is no longer applicable. For more information, please consult our consultation response published on May 17, 2021.
The fight against financial crime is an ongoing priority for governments around the world. The ability of criminals and criminal organizations to use financial institutions to launder funds, along with the potential risk to their reputations, and ultimately to their safety and soundness, continues to be a concern for financial and other regulators. Over the past several years there has been extensive action in many countries to implement permanent measures to fight money laundering and terrorist financing. This action has been driven largely by the leadership of the FATF, of which Canada is a founding member.
The FATF is the intergovernmental body that develops, monitors and evaluates country AML/ATF standards. These standards as set out in its 40 AML Recommendations and 9 ATF Recommendations establish a strong AML/ATF framework and permit a risk-based approach to the implementation of preventative measures.
The Government of Canada, led by the Department of Finance, has established a private/public sector advisory committee to gather information, on an ongoing basis, on how Canada’s AML/ATF regime can be continuously reviewed. The federal Government also implemented significant changes to the PCMLTFA and PCMLTFR in 2007/2008 to ensure that the AML/ATF legislative framework is in line with international standards.
OSFI’s mandate includes supervising financial soundness and promoting the adoption of policies and procedures designed to mitigate risk. OSFI believes that the risk management outcomes identified in this Guideline will further reduce the susceptibility of FRFIs to being used by individuals or organizations to launder funds and fight terrorist financing, thereby reducing their exposure to damage to their reputation, a key asset in the financial services industry.
To the extent possible, OSFI has aligned this Guideline to the framework of AML/ATF preventative measures set out in the FATF Recommendations. OSFI believes this will help focus attention on the principal goals of risk-based deterrence and detection.
FINTRAC is responsible for ensuring compliance with Part 1 of the PCMLTFA, and the PCMLTFR. These prescribe a compliance program with a risk-based component designed to ensure effective control over ML and TF risks.
This Guideline does not create any new regulatory requirements. It is intended to assist FRFIs in identifying and complying with applicable AML/ATF requirements and measures contained in the PCMLTFA and the PCMLTFR. This Guideline is also aimed at helping institutions meet OSFI's governance and control expectations.
Effective control over ML and TF risks, and related regulatory, operational and reputation risks, is essential.
In order to achieve effective control, FRFIs will adopt different approaches to their AML/ATF programs that take into account the nature, scope, complexity and risk profile of their institution. FRFIs are expected to take into account the contents of this Guideline when implementing their AML/ATF programs. OSFI's AML/ATF assessment program, which aims to assist OSFI in evaluating the effectiveness of controls, takes the foregoing into consideration in the assessment of individual institutions.
The OSFI Act enables OSFI and FINTRAC to exchange information on FRFIs’ compliance with Part 1 of the PCMLTFA. To this end, on June 14, 2004, OSFI and FINTRAC signed a Memorandum of Understanding for exchanging information. FRFIs should also be aware that in December 2008, FINTRAC will be able to impose administrative monetary penalties against its reporting entities, including FRFIs, for violations of prescribed provisions of the PCMLTFA and PCMLTFR.
FRFIs should note that FINTRAC, as the agency responsible for ensuring compliance with Part 1 of the PCMLTFA, and the PCMLTFR, publishes and maintains its own Guidelines on compliance with the PCMLTFA and the PCMLTFR. OSFI has made every effort not to duplicate in substance FINTRAC guidance. This Guideline should therefore be read in conjunction with FINTRAC’s Guidelines, as appropriate. Where we do refer to matters touched on in FINTRAC’s Guidelines, we have conformed references to those used by FINTRAC.
The FATF Recommendations include measures to mitigate the risk that criminals and other inappropriate persons might take over ownership of, or unduly influence the management of, financial institutions.
OSFI screens all persons who own or control, directly or indirectly, significant interests in FRFIs. This screening is done prior to the approval of a new FRFI and when ownership interests change. In addition, OSFI screens directors and senior officers who will be in place when a FRFI commences operations. However, OSFI seeks to rely on FRFIs’ internal processes for assessing the ongoing suitability and integrity of directors and senior officers who are appointed after the FRFI’s initial start up.
OSFI’s expectations of FRFIs’ internal processes for screening directors and senior officers post- authorization are set out in OSFI Guideline E-17 “Background Checks on Directors and Senior Management of FREs”. A risk-based approach to assessing the FRFI’s own screening processes is applied by OSFI where warranted. Compliance with Guideline E-17 in pertinent respects will be included in OSFI’s AML/ATF assessment methodology.
Certain provisions of the PCMLTFA and the
Criminal Code give both FINTRAC and OSFI responsibility for dealing with issues related to the financing of terrorist activities.
FINTRAC’s objectives include the prevention, detection, and deterrence of the financing of terrorist activities, while OSFI’s role is that of a central reporting channel for the aggregate reporting requirements outlined in subsection 83.11(2) of the
With respect to FRFIs’ terrorist property reporting obligations, OSFI posts on its Internet site (www.osfi-bsif.gc.ca) lists of terrorist individuals and organizations, and will continue to receive monthly reports from FRFIs on the findings of their continuous searching for and freezing of terrorist assets as required by the regulations under the
United Nations Act or by subsection 83.11(1) of the
Criminal Code in respect of designated entities. In addition, FINTRAC and a number of international organisations have published information related to terrorist financing activities. FINTRAC has also issued a guideline on Submitting Terrorist Property Reports.
Over the past few years, Canada has implemented several new economic and anti-proliferation (of weapons of mass destruction) sanctions against a number of countries, entities and designated persons. In addition, the FATF has issued guidance documents on a number of these and related matters. The array of obligations imposed on FRFIs by the reporting requirements, sanctions and related procedural actions merits dealing with designated name searching, listings, reporting, economic and anti- proliferation sanctions in a separate Guideline. OSFI anticipates that this Guideline will be issued in 2009Footnote 1.
The components of the FRFI’s AML/ATF program that are designed to comply with the PCMLTFA and PCMLTFR should be incorporated into, or referenced by, the FRFI’s LCM framework. Although the chief compliance officer is responsible for the LCM framework generally (Guideline E-13: Legislative Compliance Management), the AML/ATF components of the LCM framework should be the responsibility of the CAMLO.
The FATF, the Basel Committee on Banking Supervision and the International Association of Insurance Supervisors have each issued risk-based AML/ATF guidance directed at the financial sector. FRFIs should consult the appropriate guidance issued by these bodies for more information on risk assessment and effective controls.
The basic principle underpinning OSFI’s
Supervisory Framework is that FRFIs must develop and implement effective risk management controls to manage their exposure to financial risk and ultimately their financial stability and soundness.
This Guideline aims to assist FRFIs in their development and implementation of effective AML/ATF controls to manage their exposure to ML and TF risks.
The PCMLTFA and PCMLTFR prescribe various outcomes that FRFIs must achieve to detect and deter ML and TF. These outcomes are set out as regulatory requirements which, in the aggregate, form the compliance regime to be embedded in FRFIs’ AML/ATF programs. Examples of regulatory requirements include: the identification of clients; the appointment of a CAMLO; determining whether a client is a PEFP; the prohibition on dealing with shell banks. Some requirements feed into broader outcomes; others are themselves outcomes.
In all cases, the manner in which these outcomes may be achieved is prescribed. Generally, there are three ways in which the PCMLTFA and the Regulations prescribe how an outcome is to be achieved:
In these situations, one or more measures are prescribed. All of the prescribed measures must be followed. An example is PEFP determination - if a client is determined to be a PEFP, certain prescribed measures must be taken.
In these situations, a choice of alternative measures is prescribed. These measures offer FRFIs flexibility in achieving the prescribed outcome. Aside from selecting which option to choose, no other options or alternatives are available to the FRFI. Examples include prescribed types of acceptable identification documentation for individuals and prescribed sets of alternative measures for the identification of credit card clients in non-face-to face situations.
In these situations, the PCMLTFA and PCMLTFR allow FRFIs more flexibility to determine for themselves how to achieve the prescribed outcomes, provided that the measures chosen are “reasonable”. To be reasonable, the measures used must achieve the prescribed outcome. An example is reasonable measures to determine the source of funds for certain high risk clients.
This Guideline identifies measures that OSFI has found to be reasonable when applied effectively – i.e., when they achieve prescribed outcomes. The measures, which are drawn from a wide base of sources, including the FATF, should not be treated as checklists.
As noted below, OSFI expects FRFIs to have AML/ATF programs in place that include measures which are not expressly addressed by the PCMLTFA and PCMLTFR, but which are consistent with other OSFI Guidance and OSFI’s Supervisory Framework.
The AML/ATF program is the key vehicle for establishing and maintaining effective control over ML and TF risks in all relevant areas of the FRFI enterprise.
The following is a more detailed description of OSFI’s expectations and prescribed content of the AML/ATF program:
FRFIs should ensure that their AML/ATF programs include the following elements, each of which is expanded upon in this Guideline. Elements required by the PCMLTFA and the PCMLTFR are marked with an asterisk:
Senior Management Oversight, including *Reporting to Senior ManagementFootnote 2;
*An appropriate individual responsible for implementation of the programFootnote 3. See further, “CAMLO”;
*Assessment of inherent ML and TF risksFootnote 4. See further, “Assessment of Inherent Risks”;
*Written AML/ATF policies and procedures that are kept up to dateFootnote 5. See further, “Control Policies and Procedures”;
*Written ongoing training programFootnote 6. See further, “Ongoing Training”;
Self Assessment of controls. See further, “Self Assessment of Controls”; and
*Effectiveness testingFootnote 7. See further, “Effectiveness Testing”.
The AML/ATF program should implement a corporate standard of inherent risk assessment and risk control measures, across all relevant business areas of the FRFI.
The formality and sophistication of the AML/ATF program should be commensurate with the size and complexity of the FRFI and its businesses. As a general principle, the corporate standard should be consistent with Canadian regulatory requirementsFootnote 8. The PCMLTFAFootnote 9 requires that standards consistent with s. 6, 6.1 and 9.6 of the PCMLTFA be applied in respect of wholly owned subsidiaries and branches in countries that are not members of the FATF where the laws of such countries permit it. FRFIs should ensure that unless there is an explicit prohibition, such standards are applied.
FRFIs should notify OSFI if a country explicitly prohibits compliance with s. 9.7 or 9.8 of the PCMLTFA, to assist OSFI in analysing the situation in respect of that country.
Senior Management should have responsibility and accountability for: directing day-to-day implementation and management of the AML/ATF program; ensuring that it is adequate to mitigate ML and TF risk; that it complies with the PCMLTFA and PCMLTFR as required; and that it is implemented effectively in all relevant business areas.
Senior Management should ensure that:
Senior Management should ensure they receive sufficient pertinent information from the CAMLO, the Auditor and other sources as appropriate, to enable them to ensure the overall adequacy and effectiveness of the AML/ATF program.
The PCMLTFRFootnote 10 prescribe timing and content of written reports on effectiveness testing, including reporting on any updates made to AML/ATF policies and procedures and the status of the implementation of such updates.
In larger, more complex, FRFIs, AML/ATF reports on effectiveness testing made at different times (for example, during audits of different business areas) should be collated and consolidated periodically. This will support the goal of assessing overall adequacy and effectiveness.
FRFIs should ensure that AML/ATF reporting to Senior Management by the CAMLO and by the Auditor is not unduly commingled, in order to differentiate the contents and purpose of the reporting.
The reports from the CAMLO should include information about: the FRFI-wide scope of the assessment of inherent risks including: significant patterns or trends; the self assessment of controls and material changes thereto; and remedial action plans or recommendations, if any, with milestones and target dates for completion. Where appropriate, the CAMLO should draw conclusions, offer advice or make recommendations about the overall structure and scope of the AML/ATF program.
Please refer to OSFI’s
Corporate Governance Guideline for OSFI’s expectations of FRFI Boards of Directors in regards to operational, business, risk and crisis management policies.
Whether or not the broader risk management structure of the FRFI is decentralized, responsibility for implementation of the enterprise AML/ATF program should be assigned to the CAMLO, who should be one person positioned centrally at an appropriate senior corporate level of the FRFI. For the purposes of this Guideline, FRFIs should treat the CAMLO as an independent oversight function as described in OSFI’s Corporate Governance Guideline.
The CAMLO is expected to be responsible both for the regulatory compliance component
and the broader prudential risk management component of the AML/ATF program.
FRFIs should ensure that the CAMLO has clear and documented responsibility and accountability for AML/ATF program content, design and enterprise-wide implementation. In particular, the CAMLO’s mandate should include accountability for:
If the CAMLO delegates or assigns duties to other individuals, or if the FRFI assigns some elements of the AML/ATF program to business areas that do not report to the CAMLO, the CAMLO should take reasonable measures to be satisfied that such elements are implemented satisfactorily. Reasonable measures to achieve this could include:
FRFIs should ensure that the CAMLO has:
Responsibility for the implementation of the AML/ATF program requires that the CAMLO have a thorough working knowledge of ML/TF risks and controls in the FRFI and AML/ATF regulatory requirements; a broad knowledge of the operations of the FRFI; and appropriate professional qualifications, experience and strong leadership skills.
Consideration should be given to these factors when FRFIs consider the seniority and reporting relationship of the CAMLO.
The PCMLTFAFootnote 11 requires that the compliance program include the development and application of policies and procedures to assess, in the course of a FRFI’s activities, the risk of a ML or a TF offence.
The PCMLTFRFootnote 12 requires that the following categories of ML and TF risk be covered in a FRFI’s assessment of inherent risk:
For the purposes of item (iv) above, FRFIs should take into account transaction risk factors, for example, structured or otherwise complex transactions, and factors that may fall into more than one of the other three categories.
Assessment of inherent risks refers to a process that:
In considering ML and TF risks, consideration should be given to what, if any, pertinent changes have occurred since the assessment of inherent risks was last performed. Reasonable measures to accomplish this could include:
Regular assessment of inherent ML and TF risks enables FRFIs to tailor or adjust corporate control measures to identified risk, which in turn facilitates the allocation of more risk management resources to areas of greater vulnerability. See further, “Self Assessment of Controls” below.
The following sections discuss the methodology and desired outcomes of the process used to analyse inherent ML and TF risks.
There is no single prescribed or universally used methodology for inherent ML/TF risk assessment. However, the methodology used should assess the risk of ML offences or TF offences across the FRFI and include the categories of risk identified in p. 71(1)(c) of the PCMLTFR.
The outcome of the methodology should be a rational, well-organized and well-documented inherent risk analysis.
Reasonable measures to include in the methodology used would include consideration of:
Inherent risk assessment should address the different categories of risk exposure to ML and TF. The PCMLTFRFootnote 13 requires that inherent risk assessment address the following specific categories of risk. In each category, OSFI has indicated types of risks.
This is risk associated with types of clients that buy or use the FRFI’s products and services. Categories of clients that may indicate a higher risk could include:
This is risk associated with the client’s stated purpose in dealing with the FRFI. Categories of business relationships that may indicate a higher risk could include:
This is risk associated with FRFI products/services that enable clients to move funds. Categories of products and services that may indicate a higher risk could include:
This is risk associated with how FRFIs’ products/services are delivered to clients including services delivered to clients non-face-to-face. Categories of delivery channels that may indicate a higher risk could include:
This is risk associated with places in which FRFI activities are carried out. Where FRFIs have subsidiaries or branches in such places, this may mitigate or elevate the risk. Categories of countries that indicate a higher risk include countries:
FRFIs should ensure that they take any other relevant factors into consideration in an inherent risk assessment, including transaction risk factors and combinations of factors that may fall within more than one of the other three categories.
An appropriate methodology should assign appropriate ML and TF risk levels to the pertinent activities of the FRFI and in so doing, identify the higher risks to which enhanced due diligence and ongoing monitoring must be applied.
The criteria used for rating and ranking should have a rational basis in ML and TF risk and address ML and TF risk factors that are unique to specific business lines, areas and jurisdictions, and also more general risk factors.
Finally, the methodology should enable FRFIs to comply with the regulatory requirement to identify higher risk clients activity
Footnote 14for purposes of establishing a threshold level of enhanced due diligence that is appropriate in the circumstances. See “Customer Due Diligence” below.
Results of the assessment of inherent risks should inform the development of risk controls, and the allocation of resources, commensurate with levels of ML and TF risk in the enterprise.
Certain risk control measures are prescribed by regulatory requirements. These cannot be qualified or bypassed by inherent risk assessments. They include, for example:
Control policies and procedures should identify and implement measures designed to control inherent risks.
FRFIs should ensure that control policies and procedures are kept up to date to mitigate risks. They must also comply with other regulatory requirements: for example, the PCMLTFRFootnote 15 requires that written compliance policies and procedures form part of the AML/ATF compliance program and be approved by a senior officer.
Control policies and procedures should be embedded in business areas commensurate with the risks they are intended to mitigate, and otherwise tailored to the particular circumstances in which they operate.
AML/ATF policies should set risk management standards to govern the approach of the FRFI to deterring and detecting ML and TF, and should ensure regulatory compliance.
Policies setting a corporate standard should be approved by Senior Management and implemented consistently across the enterprise. They should establish clear and definitive requirements throughout the organization.
In keeping with the general principle that the corporate standard should be consistent with Canadian regulatory requirements (see "Policies" above), policies should implement the corporate standard, at least, of AML/ATF program requirements in wholly owned subsidiaries and branches outside Canada to the extent that laws of the foreign jurisdictions permit it. Policies should also reflect that unless there is an explicit prohibition, the corporate standard, at least, should be applied.
It should be noted that differences in local market conditions are not a sound basis for lowering or eliminating enterprise standards. In such cases, FRFIs should ensure that a specific risk assessment is made to determine whether operating in such markets would result in an unacceptable ML or TF risk to the FRFI.
Examples of topics that should be covered by policies are:
Procedures are the tools FRFIs use to translate AML/ATF policies into practice. Therefore, it is essential that procedures state clearly what actions are to be taken, by whom, where and when (noting pertinent regulatory deadlines as appropriate).
The evolving nature of AML/ATF regulation and changes to a FRFI’s business require that procedures be updated on a regular basis to ensure their continued effectiveness. Should a FRFI’s procedures allow for permitted exceptions, the procedures should include authorization processes and associated enforcement mechanisms to oversee such exceptions.
CDD is comprised of client identification, information gathering, ascertaining identity and ongoing monitoring. These components must comply with applicable regulatory requirements, and must be enhanced for higher risk situationsFootnote 17 . The extent of CDD performed should correspond to the relative level of assessed ML and TF risks in the circumstances. See “Specific Higher Risks” below.
As a general principle, a business relationship should only be entered into or maintained with a client if the FRFI is satisfied that the information it has gathered demonstrates that the FRFI knows the client (i.e. the client has disclosed his or her true identity and a legitimate purpose for entering or maintaining the business relationship with the FRFI). DTIs are required to keep a record of the intended use of each account opened, other than a credit card accountFootnote 18 .
The prescribed rules comprising CDD requirements do not permit FRFIs to establish anonymousFootnote 19 accounts for clients. If FRFIs provide services (such as account numbering or coding services) that effectively shield the identity of a client for business reasons (for instance, in a corporate acquisition where the premature circulation of information could jeopardize the transaction), or where client identity is withheld for proprietary reasons, FRFIs must ensure that they have appropriately ascertained the identity of the client and that this information is accessible by the CAMLO.
Where the regulatory requirements prescribe a determination of the status of a client, for example, the determination of whether a client is a PEFP, there must actually be a determination and FRFIs should ensure that a determination is made based on an assessment of the information received.
The nature and extent of CDD measures should be appropriate for the nature of, and proportional to the level of, the ML and TF risk that is posed by the client in the circumstances. See ”Inherent Risk Assessment”, above. At a minimum, CDD measures must comply with the requirements of the PCMLTFA and PCMLTFR. CDD standards should provide that where there are doubtsFootnote 20 about the veracity or adequacy of previously obtained client identification and verification data, enhanced CDD must be performed.
FRFIs should enhance CDD measures if standard measures produce inconsistent, otherwise uncertain or doubtful results. The level of such enhanced due diligence should be sufficient to mitigate the inconsistencies, uncertain or doubtful results.
FRFIs may have clients whose identities have not been ascertained in accordance with the PCMLTFR on account of having become clients prior to the AML/ATF requirements coming into force in 2002, or having purchased products that the PCMLTFR exempt from client identification requirements. FRFIs should ensure that if such clients subsequently purchase products to which client identification requirements apply, they are subject to appropriate client identification measures.
Reasonable measures to ensure that such clients are appropriately identified could include:
The PCMLTFR specifies the originals of prescribed valid documents (or types of valid documents) that may be inspected to ascertain the identity of individuals and the existence of entities in face to face and non face to face scenarios, and the timing for doing so. A FRFI’s CCD policy should provide clear direction that complies with the PCMLTFR, (where applicable) on:
While identification and verification standards and policies must meet the minimum prescribed requirements, FRFIs may consider that the assessment of inherent risk justifies the application of additional identification requirements to some categories of client.
For example: the PCMLTFRFootnote 21 prescribes the use of valid government-issued documents to be used to ascertain the identity of a client. These include,
inter alia, birth certificates. The PCMLTFR permits Social Insurance Number (SIN) cards to be used to ascertain the identity of a client. Where a birth certificate or a SIN card is the only document available to ascertain identity, and the assessed ML or TF risk of the client is other than minimal, FRFIs should consider applying additional identification measures. Such additional measures could include viewing the original of other acceptable government-issued identification documents, including government-issued photo identification, or, if these are not available, other credible evidence supporting the identity of the client such as a property tax or utility bill.
For persons without acceptable Canadian identification documents, comparable or equivalent foreign identification documents may be acceptable if they can be read and assessed as valid identification documents (for example, by reference to publicly available information) and can be understood by the FRFI.
Identifying a client that is a corporation or other entity may involve the collection of substantial information in some cases. In addition to confirming the existence of the entityFootnote 22, FRFIs must take reasonable measures to obtain the names and occupations of its directors and the names, addresses and occupations of individual(s) who are the ultimate beneficial owners of 25% or more of the entity
Footnote 23. Reasonable measures to obtain this information could include:
Where a FRFI is required to obtain the occupation of a person (for example, a director of a client entity), the FRFI should ensure that the occupation obtained is the person's principal occupation and not merely the person's title in the client entity.
The measures applied should be commensurate with the level of assessed risk.
DTIs must also ascertain the identity of every person who signs a signature card in respect of a business account, except that where the signature card is signed by more than three authorized individuals, the identities of at least three of them must be ascertainedFootnote 24. The requirements of identification of individual clients are applicable. Life insurance companies should adopt a similar practice as a matter of prudent risk management because the inherent risk of not identifying signing officers for business accounts is similar.
The PCMLTFA and PCMLTFR prohibit FRFIs from opening accounts in prescribed circumstances if the FRFI cannot establish the identity of the client in accordance with prescribed measuresFootnote 25.
FRFIs must also take reasonable measures, at times prescribed by the PCMLTFRFootnote 26, to determine whether the individual client is acting for or on behalf of a third party. Reasonable measures could include:
Life insurance companies are not required to ascertain the identity of, or obtain the identification information of, a person where there are reasonable grounds to believe that the person’s identity has been ascertained in the prescribed manner by another life insurance company or life insurance broker or agent in respect of the same transaction or of a transaction that is part of a series of transactions that includes the original transactionFootnote 27. For these situations, life insurance companies should therefore develop and implement policies and procedures designed to ensure that:
OSFI understands that with respect to individual products, in practice life insurance companies do receive information about the identity of the client on application forms submitted by life insurance agents or brokers. This practice enables life insurance companies to periodically determine that the grounds for relying on such agents are reasonable.
FRFIs should satisfy themselves that, in appropriate circumstances, the amount of clients’ accumulated funds or wealth appears to be reasonable and consistent with the information provided. Doubts about the origin of such funds or wealth should be satisfied before proceeding with the relationship or permitting transactions to occur. Reasonable measures to implement this requirement could include:
Where doubts persist, consideration should be given to not proceeding with the relationship or transaction.
In cases where a client is assessed as higher risk
and the source of accumulated funds or wealth does not appear to be reasonable, or is inconsistent with the information provided despite taking reasonable measures to resolve the inconsistency, the FRFI should consider declining to enter the business relationship, or terminating it, and consider filing a suspicious attempted transaction report.
FRFIs must be able to identify suspicious transactions, or suspicious attempted transactions, and report these to FINTRAC. Further, FRFIs must take reasonable measures to ascertain the identity of every person with whom the FRFI conducts a transaction that is determined by the FRFI to be suspiciousFootnote 28. These obligations imply that the activities of all clients, regardless of their risk ranking, must be subject to some form of ongoing monitoring to detect transactions or attempted transactions that are potentially suspicious.
Reasonable measures for such monitoring could include:
FRFIs should conduct feasibility studies, as appropriate, to determine whether transaction volumes merit the application of information technology solutions to transaction monitoring.
Monitoring should identify information, transactions or attempted transactions that are unusual or potentially suspicious and that require further analysis. Monitoring criteria should cover all relevant indicators. Relevant indicators could include:
The PCMLTFA and PCMLTFR provide that where a FRFI determines that the risk of a ML or TF offence is high, FRFIs must take prescribed special measures for identifying clients, keeping records and monitoring financial transactions in respect of the activities that pose the high riskFootnote 29. The prescribed special measures include: reasonable measures to determine whether the high risk client is a PEFPFootnote 30; keep client identification information and the information referred to in PCMLTFR s. 11.1 up to dateFootnote 31; conduct ongoing suspicious transaction and suspicious attempted transaction monitoring
Footnote 32; and generally mitigate the high riskFootnote 33.
FRFIs should consider creating more than one category of higher risk client, and more than one category of enhanced due diligence, if the nature, scope, complexity and risk profile of the financial institution merit such action. Each level of enhanced monitoring should reflect the assessed level of risk appropriately.
Reasonable measures for applying enhanced monitoring could include:
Additional measures that could be taken to strengthen the monitoring of high risk activities include:
This section discusses OSFI’s expectations and prescribed measures in respect of enhanced due diligence and related controls applicable to areas of identified higher risk.
Many FRFIs rely on introducers, intermediaries or other third partiesFootnote 34 for client information gathering and verification purposes. These include, for example, deposit and mortgage brokers and solicitors. ML and TF risk mitigation can be compromised where FRFIs do not ensure that appropriate client identification standards are applied by the introducers, intermediaries or other third parties.
With one exception for life insurance companies referred to above, accountability for ascertaining the identity of the client and obtaining the information used to identify the client remains with the FRFI when it uses a third party to ascertain the identity of clients. In respect of this accountability, FRFIs must have an agreement or arrangement in writing with the agent or mandatary if such person is to be responsible for client identification and verification. The provisions of this arrangement or agreement must conform to the requirements of the PCMLTFRFootnote 35 and it should obligate the agent or mandatary to:
DTIs and life insurance companies should also:
Documentation of relationships and communications with, and client due diligence work of, agents and mandataries, should be complete and current, and client information should be placed in the client’s record promptly upon receiving it. See further, “Record Keeping and Retention”, below.
FRFIs should consider terminating relationships with agents or mandataries that do not comply with agreed upon client identification responsibilities or provide the DTI or life insurance company with the requisite client information on a timely basis.
Contracts with agents and mandataries should be reviewed and updated as necessary to ensure compliance with the PCMLTFRFootnote 37 regarding the use of agents and mandataries.
The extent of the DTI’s or life insurance company’s exposure to the agent or mandatary for the results of client due diligence should be addressed expressly in the DTI’s or life insurance company’s inherent risk assessment.
Fraudulent misrepresentation in respect of FRFIs' products takes many forms that could include:
FRFIs should ensure their client acceptance and due diligence processes address the risk of fraud, a predicate offence for money laundering. FRFIs should take reasonable measures to address the risk, which could include:
Life insurance companies should ensure that mortgage loans are subject to the AML/ATF program.
The FATF Recommendations state that PEPs are potentially more susceptible to financial crime than other clients of financial institutions. In Canada, the PCMLTFA requires FRFIs to determine, in prescribed circumstances, whether they are dealing with PEFPs and also prescribes mandatory enhanced due diligence measures to be taken in respect of PEFPs in prescribed circumstances.Footnote 38
A PEFP is defined in the PCMLTFA as an individual who holds or has ever held prescribed offices or positions in or on behalf of a foreign state or is a prescribed member of the family of such a personFootnote 39.
For purposes of the foregoing, the term "foreign state" should be interpreted to include the principal political subdivisions of foreign countries when applying the PEFP definition.
Once the determination is made, prescribed actions must be taken within minimum time periods.
There are three situations that trigger the requirement for DTIs to determine whether a client is a PEFP:
The determination and approval by a senior officer to keep the account open must be made no later than 14 days from account activation
Footnote 43 or within 14 days of the EFT being received or sentFootnote 44. There is no specific time period in respect of determination as a result of a risk assessment. FRFIs should ensure that the PEFP determination required when an existing account is deemed to be high risk is made no later than 14 days thereafter, to be consistent with other prescribed requirements.
Life insurance companies must take reasonable measures to determine if a person who makes a lump-sum payment of $100,000 or more in relation to an immediate or deferred annuity or life insurance policy on their own behalf or on behalf of a third party is a PEFP
Footnote 45. Such person may not be the policy holder.
The determination must be made within 14 days of the payment transaction
The PCMLTFA and PCMLTFR require that FRFIs take “reasonable measures” to make the PEFP determination. Reasonable measures could include:
If FRFIs choose to ask the individual for information, FRFIs should keep in mind that clients should not be expected to know the criteria that determine whether they are PEFPs. FRFIs should also note that there is no obligation imposed on FRFIs to disclose to a client that a determination must be made, or needs to be made.
A reasonable approach would be to ask the client if the client has or has ever had a prescribed connection to a foreign state, government, military or judiciary. The questions could be expanded to cover family members with any similar connections. If the responses are not clear or inconclusive, additional assessment or due diligence may be necessary before finalizing the determination. The additional measures could range from asking the applicant for more information, to internet searches, to running the individual(s’) name(s) against a public database.
FINTRAC has published a pamphlet that FRFIs can use to explain to their clients, if necessary, why they need to enquire about their background. This pamphlet can be viewed at FINTRAC’s Internet site.
FRFIs that choose to screen names and other personal information against a commercial or publicly available database should ensure they:
OSFI does not expect FRFIs to depend on a client database in making a PEFP determination where the information obtained from the client shows that the client is a PEFP. Clients, who initially provide information that clearly establishes them to be PEFPs, must be determined to be PEFPs and need not be scrubbed through databases unless it is done merely to obtain background or additional information.
Refer to the discussion about “reasonable measures” in "Client Due Diligence", above. FRFIs should ensure a determination is made based on an evaluation of the information received from a client or a database.
FRFIs should also ensure that, where a client is determined to be a PEFP, and the FRFI is aware that the client has family members who are also PEFPs by reason of the definition in the PCMLTFA, the names of such family members are scrubbed against the FRFI’s client databases to determine if accounts are held in such names by the FRFI.
FRFIs that use agents or mandataries (deposit brokers, mortgage brokers or others) to identify their clients and remit client identification information to them retain responsibility for PEFP determination. FRFIs may assign responsibility for collecting the information necessary for the FRFI to determine if the client is a PEFP, but the FRFI, not the agent, is responsible for making the determination and for applying the prescribed measures accordingly. FRFIs should ensure that where agents or mandataries are responsible for gathering the information, the agents understand what is required to be done and the FRFI satisfies itself that its agents are doing what is required.
If a client’s name is contained in a public database, but the FRFI does not determine the client is a PEFP, the FRFI may wish to make a note of the “hit” for future reference or to guide it in any future risk assessment.
Once a PEFP determination is made, it may not be reversed or otherwise changed, other than to correct error. The PEFP definition provides that the criterion or criteria that trigger PEFP status remain(s) in effect in perpetuity.
When a client is determined to be a PEFP a FRFI must:
Reasonable measures to establish source(s) of funds include asking the client to explain how the client came to hold the funds. Examples of source of funds could include: savings accumulated through employment; sale of investments; sale of a business; an inheritance; a salary bonus; and consulting fees.
In respect of the approval by a senior officer, such individual should be a person at a more senior level who has the authority to make this decision.
Reasonable measures for enhanced and ongoing monitoring of PEFPs’ accounts may involve manual or automated processes, or a combination of both depending on resources and needs and could include:
The PEFP definition in the PCMLTFA indicates that the country of residence or citizenship of an individual is immaterial to PEFP determination. FRFIs should therefore ensure that their methodology of PEFP determination does not preclude individuals merely because they may be Canadian citizens or residents.
FRFIs may need to ensure they distinguish between PEFPs and domestic PEPs. The latter are not separately defined in the PCMLTFA definition of PEFP, although a PEFP could also be a domestic PEP. However, FRFIs are not under any legal obligation to identify domestic PEPs
per se, whether by screening or flagging large transactions or in any other way. Further, even if FRFIs know they are dealing with a domestic PEP, they are not under any legal obligation to apply the measures that are applicable to PEFP accounts, unless that individual is a PEFP.
Where a FRFI is aware that a client is a domestic PEP, the FRFI should assess what effect, if any, this may have on the overall assessed risk of the client. If the assessed risk is elevated, the FRFI should apply enhanced due diligence measures as it considers appropriate.
The PCMLTFA and PCMLTFR do not oblige FRFIs to apply PEFP measures to their subsidiaries or branches of FRFIs outside Canada.
Where a FRFI is aware that a client of a subsidiary or a branch outside Canada is a PEFP, the FRFI should assess what effect, if any, this may have on the overall assessed risk of the client. If the assessed risk is elevated, the FRFI should apply enhanced due diligence as it considers appropriate.
The operations of foreign branches and subsidiaries may be subject to local AML/ATF legislation, which may include requirements to identify and monitor PEPs, including PEFPs.
FRFIs are not obliged by the PCMLTFA or PCMLTFR to apply PEFP determination procedures to persons who own or control 25% or more of clients that are corporations or entities, or who are directors or officers of such corporations or entities.
Where a FRFI is aware that a person who owns or controls 25% or more of a client that is a corporation or entity, or who is a director or officer of such a corporation or entity, is a PEFP, the FRFI should assess what effect, if any, this may have on the overall assessed risk of the client corporation or entity. If the assessed risk is elevated, the FRFI should apply enhanced due diligence as it considers appropriate. Appropriate due diligence could include:
For life insurance companies, the PCMLTFRFootnote 47 does not distinguish between domestic and foreign payments. Accordingly, life insurance companies should apply a PEFP determination to prescribed funds from any source, domestic or foreign.
For DTIs, domestic transfers into or out of an account do not, of themselves, trigger any requirement to make a PEFP determination
However, if a DTI has already determined that a client is a PEFP, OSFI believes that a risk assessment should be made to determine whether monitoring domestic incoming transfers would be advisable.
Identifying a client that is a corporation that can issue bearer shares may require special customer identification measures. Bearer shares can hide the identity of beneficial owners of the client corporation. If the aggregate of such shares could amount to more than 25% of such client corporation, a FRFI might be unable to identify the beneficial owner(s).
Where a FRFI assesses (using the risk categories outline above) that the risk of dealing with such a client corporation may be present, the FRFI should apply reasonable measures to mitigate this risk. Reasonable measures should always include obtaining the identity of the person or persons who beneficially own 25% or more of the shares of the corporation taking into account any issued and outstanding bearer shares, and could also include one or more of the following:
FRFIs should ensure that the measures taken are documented.
For the purpose of this Guideline, "correspondent banking relationship" has the same meaning as in the PCMLTFA.
Correspondent banking relationships are established between banks to facilitate, among other things, transactions between banks made on their own behalf; transactions on behalf of their clients; and making services available directly to clients of other banks. Examples of these services include: inter-bank deposit activities; international electronic funds transfers; cash management; cheque clearing and payment services; collections; payment for foreign exchange services; processing client payments (in either domestic or foreign currency); and payable- through accounts.
Correspondent banking relationships with foreign financial institutions (FFIs) are identified by the FATF as a specific higher risk area, and consequently the PCMLTFA and PCMLTFR prescribe measures
Footnote 49 to be applied by FRFIs that enter into correspondent banking relationships with FFIs and their clients.
FRFIs that offer payable through accounts services to customers of FFIs must take reasonable measures to ascertain whether the FFIs have met requirements that oblige them to identify and ascertain the identities of such clients that are consistent with the requirements of the PCMLTFR, and ensure that the FFIs will provide relevant customer identification data to the FRFI, upon requestFootnote 50. Reasonable measures to achieve these requirements could include:
Reasonable measures to monitor correspondent banking relationships generally could include, for example:
Where a FRFI ascertains, pursuant to s. 55.1 of the PCMLTFR, that there are civil or criminal sanctions imposed against a FFI in respect of AML/ATF requirements; or where a FRFI ascertains that a FFI does not have in place AML/ATF policies and procedures as specified in ss.15.1(3) of the PCMLTFA; then for the purpose of detecting any suspicious transactions required to be reported to FINTRAC under s. 7 of the PCMLTFA the FRFI should conduct ongoing monitoring of all transactions in the context of the correspondent banking relationship to mitigate the higher risk
Footnote 51. The extent of such monitoring in the case of sanctions identified against a FFI should correspond to the context, severity and type of sanctions imposed on the FFI. Reasonable measures could include:
A FRFI acting as an intermediary bank may not be in a position to understand the purpose of EFTs originated by clients of FFIs or other originator banks, or conduct CDD on these persons. Consequently, such a FRFI that receives a cover payment for transactions may not be in a position to determine whether EFTs represented by the cover payment are suspicious, based on an understanding of the activities of the originator (and the beneficiary, if the beneficiary is not a client of the FRFI). It is, however, possible for intermediary FRFIs to monitor transactions that they process to identify patterns of activity that may be suspicious, to report suspicious transactions or attempted transactions, and, where such transactions are associated with a particular FFI, to review the relationship with that FFI.
All information prescribed by the PCMLTFA and PCMLTFR, including originator informationFootnote 52, must be included on all outgoing international EFTs and domestic SWIFT payments originated by FRFIs.
In addition, FRFIs must take reasonable measures to ensure that incoming EFTs include originator information. FRFIs that act as intermediary banks should develop and implement reasonable policies and procedures for monitoring payment message data subsequent to processing. Such measures should facilitate the detection of instances where required message fields are completed but the information is unclear, or where there is meaningless data in message fields. Reasonable measures could include:
The reasons for decisions taken should be documented.
Traditional trade finance services include letters of credit or other financial products, which give FRFIs the opportunity to view and assess details of the transaction that triggers an international payment.
FRFIs that outsource trade finance services to other financial institutions should ensure that this outsourcing is included in the FRFI’s inherent risk assessment. If the assessment indicates that the risk of ML and TF is elevated, the FRFI should implement reasonable measures to control the risk. Reasonable measures could include:
OSFI recognizes that FRFIs whose services are used to make trade finance payments on an open account basis may not have an opportunity to review the nature of a client's underlying trade transaction. Reasonable measures to address this risk could include:
The FATF has advisedFootnote 53 that the laundering of funds through under- and over-invoicing is one of the oldest methods of fraudulently transferring value across borders, and remains a common practice. The key element of the technique is the misrepresentation of the price of the good or service in order to transfer additional value between the importer and exporter. Many such cases have been identified by the FATF.
By invoicing the same good or service more than once, a money launderer may be able to justify multiple payments for the same shipment of goods or delivery of services, especially if more than one financial institution is used. Multiple invoicing avoids the need to misrepresent prices.
A third method of illicitly moving funds is to move more, less, or no goods.
The foregoing techniques can be combined in more complex series of arrangements. For example, the so-called Black Market Peso Exchange is a known technique used to launder the proceeds of the sale of drugs. For more detailed information on techniques and typologies associated with this and other trade-based money laundering, FRFIs are requested to consult FATF material available on the FATF web site.
Where the assessed risk of ML or TF in trade finance services is elevated, FRFIs should take reasonable measures designed to mitigate the risk of misuse of trade financing mechanisms. Reasonable measures could include:
Developments in technology frequently drive the creation of new financial products and services. Such developments can lower costs, improve client service and expand markets. FRFIs should have policies and procedures in place to ensure that new and developing technologies are included in the FRFI’s inherent risk assessment process. In this way FRFIs can ensure that appropriate AML/ATF controls are in place, and, where appropriate, develop or amend controls to take new risks into account. Examples of new and developing technologies include stored value cards that may permit clients to subsequently download those funds directly into a deposit or a credit account and mobile telephone technology and various e-money services that have similar characteristics.
Procedures for keeping paper and electronic records of pertinent information about clients and transactions must ensure that the FRFI complies with all of the record keeping requirements of the PCMLTFA and PCMLTFR. These include:
FRFIs are expected to use record keeping methodologies and formats that are appropriate in their particular circumstances, provided that records required to be kept by the PCMLTFA and PCMLTFR must, as a general rule, be kept for at least 5 yearsFootnote 72 and they must be made available to competent authorities on a timely basis, which is within 30 days after a request is made
Client information should be kept current to reflect regulatory requirements and the FRFI’s continuing knowledge of the client, client activities and purpose of the client relationship, which facilitates monitoring for suspicious transactions and attempted transactions.
A process should be implemented for dealing with incomplete documentation with a view to making it complete and current before doing more transactions or unrestricted transactions.
The PCMLTFA and PCMLTFR prescribe reporting to FINTRAC on LCTRs, EFTs, STRs and TPRs.
FRFIs should ensure that internal reporting processes are designed to ensure compliance with regulatory reporting requirements as they relate to transaction reporting systems. Systemic compliance issues should be documented, escalated to the CAMLO and brought to the attention of FINTRAC. Control measures should include the identification of remedial action designed to eliminate compliance issues. For example, FRFIs should notify FINTRAC promptly of any internally identified LCTR, EFT or STR reporting errors or omissions. FRFIs should pay special attention to FINTRAC’s error codes when filing reports, and take remedial action on a timely basis when FINTRAC indicates filing errors or other compliance issues. FRFIs should confirm to FINTRAC when remedial action is complete.
Suspicious transactions and attempted transactions are defined in the PCMLTFA as those in respect of which there are reasonable grounds to suspect that the transaction or attempted transaction is related to the commission or attempted commission of a ML offence or a TF offence.Footnote 74 There is no monetary threshold applicable to suspicious transactions or suspicious attempted transactions.
A transaction or attempted transaction that the FRFI reasonably suspects is related to a money laundering offence must be reported to FINTRAC. Property in the possession or control of a FRFI that the FRFIs knows, or has reasonable grounds to believe, is owned or controlled by or on behalf of a terrorist or a terrorist group, must also be reported to FINTRAC. This includes information about any transaction or proposed transaction relating to that property.
The obligation to report suspicious transactions, suspicious attempted transactions and terrorist propertyFootnote 75 is designed to assist Canadian law enforcement authorities in their investigation and prosecution of ML and TF offences and predicate offences. Robust ongoing monitoring, examination and reporting processes in FRFIs are crucial in assisting these law enforcement efforts.
Suspicious transactions and suspicious attempted transactions should be identified by FRFIs from unusual activity or transactions. Procedures to identify unusual activities should capture the background and purpose of the transaction(s), who was involved, when and where it occurred, what products or services were involved and how the transaction was structured, and should be recorded.
STRs must be filed promptly in accordance with the regulatory requirements. Supporting documentationFootnote 76 must be retained as prescribed and made available to assist law enforcement authorities within prescribed deadlines.
FRFIs must ensure that information concerning STRs, including the fact that there is a suspicion and/or an STR, is kept strictly confidential. The client(s) involved must not be tipped off to a disclosure, and information within the FRFI must be strictly limited to the CAMLO and others on a “need to know” basis.
The PCMLTFRFootnote 77 require that, except where identity has been previously ascertained in accordance with the Regulations, FRFIs must take reasonable measures to ascertain the identity of every person with whom a suspicious transaction or suspicious attempted transaction is conducted. While reasonable measures may include normal client identification practices, care must be taken to ensure that such practices, if used, do not have the effect of tipping off the client.
The PCMLTFR providesFootnote 78 that where two or more cash transactions of less than $10,000 each are made within 24 consecutive hours that in the aggregate amount to $10,000 or more, the aggregated transactions are considered to be a single transaction of $10,000 or more for reporting purposes if a FRFI knows that the transactions are conducted by, or on behalf of, the same person or entity, or an employee or a senior officer of the FRFI knows that the transactions are conducted by, or on behalf of, the same person or entity.
For the purposes of interpreting this requirement, FRFIs that have systems in place that permit the FRFI to know, by making a record of multiple cash transactions referred to in this requirement, that the transactions are conducted by or on behalf of the same client should ensure that such transactions are aggregated and reported to FINTRAC as Large Cash Transactions.
Effective training programs for staff and others (as required) is an important and statutorily required element of FRFIs’ AML/ATF programs.
FRFIs should ensure that written AML/ATF training programs are developed and maintained. Appropriate training should be considered for Senior Management, employees, agents and any other persons who may be responsible for control activity, outcomes or oversight, or who are authorized to act on the Company’s behalf pursuant to the PCMLTFRFootnote 79. The nature and content should be appropriate to the AML/ATF responsibilities of and the FRFI's relationship with, each intended recipient group. In particular, training should be tailored to provide the types and granularity of information and skills that are necessary for effective performance of the AML/ATF function in each case.
Training programs for Senior Management should provide sufficient briefing with respect to inherent risks and controls to enable them to assess information reported by the CAMLO and Auditor, and exercise effective oversight over the AML/ATF program.
FRFIs should ensure that a self assessment of control measures is conducted, preferably on an ongoing basis, but at least annually. The assessment of AML/ATF controls is an important component of AML/ATF program because of its quality assurance outcome.
While the assessments in business areas can and should be conducted by individuals in those business areas, FRFIs should ensure that the assessment process is designed to enable results in each area to be consolidated for analysis and other purposes.
The self assessment in each relevant area of the FRFI should cover, at a minimum, the adequacy of the inherent risk assessment, AML/ATF policies and procedures, training and other controls implemented to mitigate ML and TF risks.
FRFIs should ensure that the self assessment is neither too narrow nor too broad. For example, a narrow legal/regulatory-based assessment could fail to cover broader ML and TF controls. Similarly an operational-based assessment might fail to cover prescribed controls.
All significant information used in the self assessment process should be verified or readily verifiable. Methods used to ensure that information is verified or verifiable will depend on the size, complexity and governance structure of the FRFI. Reasonably effective measures observed by OSFI tend to fall into one or more of the following categories:
The self assessment of controls should provide FRFIs with:
Like the assessments of inherent risk and risk management controls, effectiveness testing of the AML/ATF program is an important component of AML/ATF program quality assurance and is a statutorily required part of the FRFI’s AML/ATF program.
The PCMLTFRFootnote 80 require that the following AML/ATF program components be reviewed for the purpose of testing their effectiveness every two years:
The PCMLTFRFootnote 81 also prescribe minimum content and timing for reports to a senior officer on effectiveness testing.
In addition, it would be prudent for FRFIs to ensure that all other elements of the AML/ATF program be tested for effectiveness on a similar time scale.
FRFIs have access to internal or external auditors (or both) and therefore FRFIs should ensure that the Auditor is responsible for effectiveness testing. However, this does not preclude the Auditor from outsourcing all or part of the effectiveness testing to qualified third parties, although remaining responsible for the effectiveness testing program. FRFIs should ensure that effectiveness testing of the AML/ATF program is included in the Auditor’s mandate and audit program.
Effectiveness testing may be carried out on a stand-alone basis, or embedded in broader audits with other audit work. Whichever approach is taken, testing must cover all key AML/ATF program components, including policies and procedures, risk assessments and training programs at least every two years.
FRFIs should ensure that effectiveness testing is:
The following table compares the different purposes, content, responsibility and outcomes of effectiveness testing and self assessments of risks and controls:
The following meanings apply in this Guideline:
In June 2010, OSFI issued an instruction guide on
Designated Persons Listings and Sanctions Laws.
Return to footnote 1 referrer
PCMLTFR ss. 71(2)
Return to footnote 2 referrer
PCMLTFR p. 71(1) (a)
Return to footnote 3 referrer
PCMLTFA ss. 9.6(2)
Return to footnote 4 referrer
PCMLTFR p. 71(1)(b)
Return to footnote 5 referrer
PCMLTFR p. 71(1)(d)
Return to footnote 6 referrer
PCMLTFR p. 71(1)(e)
Return to footnote 7 referrer
PCMLTFA s. 6, 6.1 and 9.6
Return to footnote 8 referrer
PCMLTFA ss. 9.7(1) and s. 9.8
Return to footnote 9 referrer
Return to footnote 10 referrer
Return to footnote 11 referrer
PCMLTFR p. 71(1)(c)
Return to footnote 12 referrer
Return to footnote 13 referrer
PCMLTFA ss. 9.6(3)
Return to footnote 14 referrer
Return to footnote 15 referrer
PCMLTFA ss. 9.6(3) and PCMLTFR p. 71.1(a)
Return to footnote 16 referrer
PCMLTFR s. 71.1
Return to footnote 17 referrer
PCMLTFR p. 14(c.1)
Return to footnote 18 referrer
i.e., an account where the FRFI has not ascertained the identity of the client (other than certain products which are subject to specific identification exemptions under the PCMLTFR)
Return to footnote 19 referrer
PCMLTFR ss. 63(1.1)
Return to footnote 20 referrer
PCMLTFR ss. 64(1)
Return to footnote 21 referrer
PCMLTFR ss. 65(1)
Return to footnote 22 referrer
PCMLTFR s. 11.1
Return to footnote 23 referrer
PCMLTFR ss. 54(1)
Return to footnote 24 referrer
PCMLTFA s. 9.2
Return to footnote 25 referrer
PCMLTFR ss. 9(1) DTIs; PCMLTFR ss. 10(1) life insurance companies; PCMLTFR ss. 8(1) large cash transactions
Return to footnote 26 referrer
PCMLTFR ss. 56(2)
Return to footnote 27 referrer
PCMLTFR s. 53.1
Return to footnote 28 referrer
Return to footnote 29 referrer
PCMLTFR p. 54.2(b)
Return to footnote 30 referrer
PCMLTFR p. 71.1(a)
Return to footnote 31 referrer
PCMLTFR p. 71.1(b)
Return to footnote 32 referrer
PCMLTFR p. 71.1(c)
Return to footnote 33 referrer
Referred to as “agents” or “mandataries” in s. 64.1 of the PCMLTFR
Return to footnote 34 referrer
PCMLTFR s. 64.1
Return to footnote 35 referrer
FINTRAC Guideline 6G, section 4.12
Return to footnote 36 referrer
Return to footnote 37 referrer
PCMLTFA s. 9.3
Return to footnote 38 referrer
PCMLTFA ss. 9.3(3)
Return to footnote 39 referrer
PCMLTFR paragraph 54.2(a)
Return to footnote 40 referrer
PCMLTFR paragraph 54.2(b)
Return to footnote 41 referrer
PCMLTFR paragraph 54.2(c), (d)
Return to footnote 42 referrer
PCMLTFR ss. 67.1(2)
Return to footnote 43 referrer
PCMLTFR ss. 67.2(3)
Return to footnote 44 referrer
PCMLTFR s. 56.1
Return to footnote 45 referrer
Return to footnote 46 referrer
Return to footnote 47 referrer
PCMLTFR p. 54.2(c)
Return to footnote 48 referrer
PCMLTFA s. 9.4 and PCMLTFR s. 55.1, 55.2
Return to footnote 49 referrer
PCMLTFR s. 55.2
Return to footnote 50 referrer
PCMLTFR ss. 15.1(3)
Return to footnote 51 referrer
PCMLTFA p. 9.5(b)
Return to footnote 52 referrer
Trade Based Money Laundering, 23 June, 2006, available on the FATF Web site.
Return to footnote 53 referrer
PCMLTFR ss. 11.1(1)
Return to footnote 54 referrer
PCMLTFR s. 13
Return to footnote 55 referrer
PCMLTFR p. 50(1)(c), ss. 50(3)
Return to footnote 56 referrer
PCMLTFR p. 14(a)-(c)
Return to footnote 57 referrer
PCMLTFR s. 14.1
Return to footnote 58 referrer
PCMLTFR p. 14(d)
Return to footnote 59 referrer
PCMLTFR p. 14(e)-(h)
Return to footnote 60 referrer
Return to footnote 61 referrer
PCMLTFR p. 14(i)
Return to footnote 62 referrer
PCMLTFR p. 14(j)
Return to footnote 63 referrer
PCMLTFR p. 14(k) and (l)
Return to footnote 64 referrer
Return to footnote 65 referrer
PCMLTFR ss. 15(1)
Return to footnote 66 referrer
PCMLTFR p. 14(n)
Return to footnote 67 referrer
PCMLFTR p. 14(o), s. 20.1
Return to footnote 68 referrer
PCMLTFR p. 14.1(g)
Return to footnote 69 referrer
PCMLTFR ss. 15.1(2)
Return to footnote 70 referrer
PCMLTFR s. 19
Return to footnote 71 referrer
PCMLTFR s. 69
Return to footnote 72 referrer
PCMLTFR s. 70
Return to footnote 73 referrer
PCMLTFA s. 7
Return to footnote 74 referrer
PCMLTFA s. 7 and s. 7.1
Return to footnote 75 referrer
Including a copy of the Suspicious Transaction Report
Return to footnote 76 referrer
PCMLTFR ss. 53.1(1)
Return to footnote 77 referrer
PCMLTFR ss. 3(1)
Return to footnote 78 referrer
Return to footnote 79 referrer
Return to footnote 80 referrer
Return to footnote 81 referrer