New FINTRAC Rules and an AML Compliance program Earleen Moulton Senior Legislative and Compliance Consultant March 2014 Requirement: AML Compliance Program • Advisors, firms, MGAs, just as insurers, must establish a compliance program for themselves and their employees/advisors that includes the following key elements: – Appointment of a compliance officer – Establishment of compliance policies and procedures – Regular reviews of these policies and procedures – Provide training to people who act on their behalf (employees and advisors) – Document a risk assessment, take appropriate precautions New Regulations – overview • Additional information collected at start of business relationship Know your client • Enhanced customer due diligence (CDD) • Continue to know your client and stay connected • Show your work • Manage risk • Stay close to high risk clients • Advisors will need to be proactive • Keep good records • Provide complete and specific information Business relationships Defined as ‘a relationship you establish with a client to conduct financial transactions or provide service related to those transactions’ Additional information to collect at start of business relationship Intended use and purpose Identify in writing the nature of the relationship Keep notes & records of measures to monitor relationships, information you obtain New entity requirements Ongoing monitoring ‘Periodic and risk-based’ Includes: • Following your policies & processes to detect transactions that are required to be reported • Keeping client ID info current (use direct and indirect means) • Reassessing the level of risk associated with client’s transactions and activities • Determining whether transactions or activities of clients are consistent with the information obtained/recorded about the client, including their risk assessment Enhanced monitoring measures • More frequent and stringent checks – business relationships – especially for high risk clents o o o o More frequent, regular assessment of risk Must keep ID updated Intended use and purpose up to date Enhanced monitoring of transactions (consistent with intended use and purpose) Examples of enhanced measures • Obtaining additional information on the client • Obtaining detailed information on the reasons for the intended or conducted transactions • Identifying patterns of transactions that need further examination or review • Increased monitoring of transactions of higherrisk products, services or channels(internet sales) Enhanced customer due diligence (CDD) • Retain more info about corporations and other entities to establish ownership, control and organizational structure • Previous “reasonable efforts” changed to “mandatory” for some requirements ID requirements of most senior active manager of the entity ascertaining signing authority for entities Intended use and purpose of the product(s) • Consider as high risk • Conduct enhanced on-going monitoring • Keep records of attempts to obtain info Beneficial owners • • • • Must keep ID Owner information Intended use and purpose, keep it up to date Risk based Tools available • FINTRAC’s site – Guideline 4: Implementation of a Compliance Regime – www.fintrac.gc.ca • RepNet under Advisor Support > Compliance > Money laundering & terrorist reporting> ‘Guide to creating an anti-money laundering and antiterrorism financing program’ • MGA’s tools List of documents/tools on RepNet Compliance program template • Customize to your operation • Fields that are to be filled out are in blue • Please make sure you follow the instructions in red • Delete instructions (in red) before printing Self-review of compliance policies and procedures worksheet – RepNet : Advisor Support > Compliance > Money laundering & terrorist reporting To help ensure your business is compliant with policies and procedures required under the Proceeds of Crime (Money Laundering) & Terrorist Financing Act, you should periodically review your business practices. Done regularly, these reviews will help determine if your business has policies and procedures in place to comply with legislative and regulatory requirements, and whether those policies and procedures are being adhered to. Date of review: __________________ Name of person completing review: ______________________________ Signature of principal: ______________________________ Compliance items Appointment of a compliance officer 1. I/We have appointed a Compliance Officer for our practice. Written compliance policies and procedures 2. Within the past year, I/we have reviewed the criteria and process for identifying and reporting suspicious transactions and terrorist property and have established policies and procedures in this regard. 3. I/We are aware of the requirements under the legislation for record keeping. 4. I/We have reviewed the requirements under the legislation for client identification and verification and I/we collect all information required on product applications, or as required, for each particular line of business. Yes No Comments Sample policies and procedures • Show your commitment to prevent, detect and address non-compliance • Level of detail depends on – needs and the complexity of advisor’s business. – risk of exposure • Review policies & procedures, steps to reporting – Can be adopted and customized – On RepNet Risk assessment • Required to have an assessment and documentation of risks related to money laundering and terrorist financing appropriate to the advisor’s practice • Refer to the risk checklist in FINTRAC’s Guideline 4. This will help you: – Identify potential high risks of money laundering & terrorist financing – Develop strategies to mitigate risk Questions... I’m around all day!