On February 15, 2020, draft amending regulations (the “Draft Regulations”) were issued, proposing a number of amendments to be made to the prior amendments to the regulations (the “Regulations”) under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the “PCMLTFA”). The Draft Regulations are open for comment until March 15, 2020 and will come into force on the day they are registered.
The Regulatory Impact Assessment references a number of recent developments, notably (i) the “Dirty Money” reports commissioned by British Columbia’s Attorney General (“BC Reports”) in connection with the investigation of allegations of money laundering in casinos in British Columbia, and the recommendations in the BC Reports, (ii) the 2018 Department of Finance Canada consultation paper reviewing Canada’s anti-money laundering (”AML”) and anti-terrorist financing regime, (iii) developments in international guidance, including the 2016 Financial Action Task Force (“FATF”) mutual evaluation of Canada’s AML regime and the recent FATF guidance on virtual assets.
In particular, the Regulatory Impact Assessment states the regulatory amendments are “designed to address the recommendations [in the BC Reports] by increasing the strength of the oversight approach to the casino and the real estate sectors.” Furthermore, a number of the regulatory amendments appear to be designed to align with the FATF Recommendations and to address deficiencies cited in the 2016 evaluation.
Additional obligations for designated non-financial businesses and professions
The Draft Regulations include a number of amendments that expand the obligations applicable to designated non-financial businesses and professions (“DNFBPs”), namely: (i) casinos, (ii) dealers in precious metals and stones (DPMS), (iii) real estate brokers, sales representatives and developers, (iv) accountants and accounting firms, (v) British Columbia notaries and (vi) agents of the Crown.
- Politically exposed persons/head of international organization determination – Currently, the PCMLTFA and the Regulations only require financial entities, securities dealers, money services businesses and life insurance companies to determine whether their customers are Politically Exposed Persons (“PEPs”) or Heads of International Organizations (“HIOs”), or a family member or close associate of one of those persons.
The Draft Regulations propose expanding these obligations to DNFBPs:
- at account opening or the second transaction or activity that triggers customer identification (that is, either when an account is opened or when a business relationship is established);
- on a periodic basis (to be determined by each reporting entity based on its own facts, situation and risk assessment);
- when detecting a fact that “constitutes reasonable grounds to suspect” that a person is a PEP or HIO or close associate or family member of a PEP or HIO; and
- when DNFBPs conduct a virtual currency transfer or cash transaction of $100,000 or more.
- Beneficial ownership – Similarly, currently the PCMLTFA and the Regulations currently only require financial entities, securities dealers, money services businesses and life insurance companies to ascertain beneficial ownership of their customers. The Draft Regulations require DNFBPs to obtain, and take reasonable measures to verify the accuracy of, beneficial ownership information on customers who are entities (e.g., corporations, trusts, charitable organizations, etc.), and keep records of the information and measures taken.
The proposed application of beneficial ownership determination requirements to casinos appears to be somewhat puzzling, since casinos in Canada deal with individuals as customers, not entities (for example, a corporation would not play roulette or open an online poker account). It is possible the new beneficial ownership requirements may apply in cases where a casino initiates or receives an international wire transfer on behalf of a junket or poker tournament operator.
DNFBPs should review and update their practices and internal controls as appropriate.
Additional obligations for casinos
In addition to the new obligations outlined above that apply to casinos (as they are DNFBPs), the Draft Regulations also require casinos to ascertain customer identification when they receive $3,000 or more from a customer in a single transaction. Practically speaking, the proposed requirement should not pose undue challenges to casinos. Many gaming establishments in Canada already begin tracking customer transactions well below the current $10,000 threshold because of provincial regulatory requirements or the casino’s own risk appetite.
Of note, the new threshold does not apply to disbursements or payments to customers.
Additional obligations for real estate developers, brokers and sales representatives
In addition to the new obligations outlined above that apply to real estate developers, brokers and sales representatives (“Real Estate Businesses”) (as they are DNFBPs), the Draft Regulations also provide that Real Estate Businesses will now enter into a “business relationship” with a customer after a single transaction or activity that triggers identification, thereby lowering the existing threshold.
Virtual currency – Travel rule
As stated in the Regulatory Impact Assessment, “the travel rule is a long-standing customer due diligence requirement for banks and other financial institutions when sending each other money on customers’ behalf, which requires them to pass on certain pieces of identifying information to the next financial institution a transaction is sent to.” The Draft Regulations clarify that the “travel rule” will apply to businesses dealing in virtual currency in Canada, consistent with the 2019 FATF guidance on virtual assets.
In particular, financial entities, money services businesses and foreign money services businesses that are required to keep a record in respect of a virtual currency transfer will be required to “(a) include, with the transfer, the name, address and, if any, the account number or other reference number of both the person or entity who requested the transfer and the beneficiary; and (b) take reasonable measures to ensure that any transfer received includes [such] information.” Furthermore, they will be required to develop and apply written risk-based policies and procedures for determining, in the case of a virtual currency transfer received by them that, despite reasonable measures, does not have included with it any of the required information, whether they should suspend or reject the virtual currency transfer and any follow-up measures to be taken.
As previously noted in our legal update in respect of such guidance, implementing this rule in a virtual currency context presents challenges from a technology perspective.
Neither the Draft Regulations nor the FATF guidance prescribed how such information is to be collected. However, the FATF guidance provided the following as examples of technologies that could be used to collect such information: (i) public and private keys, (ii) transport layer security/ secure sockets layer (TLS/SSL) connections, (iii) X.509 certificates by certificate authorities that use the X.509 PKI standard, (iv) X.509 attribute certificates attached to X.509 certificates, (v) API technology and (vi) other commercially available technology or potential software or data sharing solution.
The Draft Regulations also include changes to the information to be declared in respect of currency and monetary instruments crossing the border.
Finally, the Draft Regulations contain a number of technical amendments to improve the organization of the text and replace obsolete references in the regulatory text, among other amendments.
By Ana Badour and Shauvik Shah
This article is co-authored with Derek Ramm, Managing Principal of MT>Play.
Latest posts by McCarthy Tétrault LLP (see all)
- Committee review completed for Bill 64: A step closer to a major reform of Quebec’s personal information protection regime - September 29, 2021
- The Bank for International Settlements issues paper on the regulation of digital payment services and e-money - August 23, 2021
- Emerging developments in ransomware - July 26, 2021