In June 2021, amendments to the PCMLTFA, Canada’s AML law, came into force. FINTRAC, Canada’s financial regulator, will only begin assessing compliance with the amendments on April 1st, 2022. This gives businesses some time to prepare; our article can help.
The new updates impact Canadian and foreign businesses that are obligated to follow Canadian AML law and report to FINTRAC (the Financial Transactions and Reports Analysis Centre of Canada). These include:
Notably, certain non-Canadian businesses must also comply with the new AML requirements. These are so-called foreign Money Service Businesses—companies that don’t have a place of business in Canada but direct and provide their services to Canadians. This can be an offshore crypto platform that advertises to and onboards Canadian users.
From unified PEP checks to new reporting obligations, the latest amendments have introduced several key changes that require businesses to revise their KYC and KYB procedures. Click on the toggles to see a detailed analysis of all the major updates:
Before: There was no requirement to keep records and file reports for large crypto transactions.
After: All businesses must keep a “large virtual currency transaction record” and file reports to FINTRAC if they receive C$10,000 (around $8,000/€6,800) and more in cryptocurrency within 24 hours.
How to comply: The new amendments require businesses to record information about crypto transactions over C$10,000. This should include:
This information must be sent to FINTRAC via the web reporting system within five working days after the transfer.
Note that the latest rules have simplified transaction reporting. While previous obligations required filing a separate report for each transaction over C$10,000, the new requirements permit businesses to create a single report for all transfers made by a customer within 24 hours. This is called the 24-hour rule; and it works for both electronic and crypto transfers.
Before: The FATF Travel Rule only targeted financial institutions that send or receive electronic fiat transfers.
After: The Travel Rule now extends to crypto and electronic fiat transfers made by financial institutions, domestic and foreign Money Service Businesses, and casinos.
How to comply: Businesses must collect names, account numbers, and addresses of senders and recipients in crypto or electronic fiat transfers over C$1,000 (around $800/€680).
In most cases, companies have already collected personal data on a given client during the initial KYC process. This means that clients only need to provide information about the person they are sending money to.
Also, financial platforms are required to share Travel Rule data on transacting parties.
Before: Only financial entities, securities dealers, life insurance companies, and money services had to check beneficiaries.
After: When entering into a partnership with another legal entity, businesses must verify the identities of any beneficiaries as part of their KYB procedure. Importantly, businesses must update this information on an ongoing basis.
How to comply: Businesses must collect and verify two types of data: 1) information about the partner company and 2) the identities of the beneficial owners. Let’s take a closer look:
Businesses can verify beneficial ownership through a partner company’s corporate documents or external data sources. The latter could include the securities and shareholders registers, articles of incorporation, etc.
Before: Only financial entities, securities dealers, money services businesses, and life insurance companies were subject to Politically Exposed Persons (PEP) screenings.
After: All businesses must check whether a customer is a PEP, HIO (Head of International Organization), or an associate of either at the onboarding stage.
How to comply: To determine whether clients are PEPs, businesses must screen them against domestic and international PEP lists. Since it’s hard to guarantee that these lists are updated on a regular basis, it’s best to supplement with adverse media checks.
Before: Businesses that offered prepaid payment products weren’t subject to AML regulations.
After: Financial and insurance businesses that issue prepaid payment products (like prepaid cards) have to follow AML requirements.
How to comply: Businesses must verify account holders, conduct suspicious activity reporting, and establish record-keeping, among other key AML obligations. KYC checks must also be performed on payments of C$1,000 (around $800/€680) or more to these accounts.
We’ve made a guide on all verification methods available in Canada and how to use them—check it out here.
Fines for non-compliance with AML regulations in Canada range from just one Canadian dollar to C$500,000 (around $400,000/€340,000) per violation. The exact amount depends on the degree of the breach. For instance, a one-time failure to report a large transaction can cost businesses up to C$1,000 (around $800/€680), while repeat violations of record-keeping obligations can result in fines of up to C$500,000.
Severe violations of these AML rules can lead to even greater penalties. For instance, multiple suspicious activity reporting violations carry fines of up to С$2 million ($1,6m/€1,4m) and/or 5 years imprisonment for directors, AML officers, or any other individual involved.
The latest amendments to Canada’s AML laws have wide implications for both domestic and foreign businesses. Although FINTRAC will only begin enforcement in April 2022, businesses should use this time wisely to get fully compliant and avoid severe sanctions.
We’ll continue to track AML changes in Canada and will update this article on an ongoing basis. Save it to your reading list so you don’t miss any important news.