On July 10, 2019, final amending regulations (“Final Regulations”) were issued amending each of the existing regulations (the “PCMLTFA Regulations”) under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the “PCMLTFA”). The Final Regulations will generally become effective June 1, 2021 other than (i) certain amendments to the Cross-border Currency and Monetary Instruments Reporting Regulations, Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations and Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations, which will instead become effective June 1, 2020, and (ii) the provision in respect of identification noted below which are effective as of June 25, 2019.
These amending regulations had previously been issued in draft in June 2018 (the “Draft Regulations”), and included in particular changes to expand the applicability of the PCMLTFA Regulations to virtual currency activities, prepaid cards and foreign money services businesses.
The primary aim of the Final Regulations is to improve the effectiveness of Canada’s anti-money laundering and counter-terrorism financing regime, and to close gaps in the regime and improve compliance with international standards, particularly in light of the prior Financial Action Task Force (FATF) review for Canada. In addition, the Final Regulations seek to modernize the PCMLTFA Regulations particularly given recent technology changes and the development of the Fintech industry and associated new business models leveraging prepaid cards and virtual currency. Finally, the Final Regulations contain a number of minor technical changes.
The Final Regulations for the most part remain consistent with the Draft Regulations, subject to the changes outlined below. Please refer to our prior legal update for further detail in respect of the Draft Regulations.
Industry specific changes
- Virtual currencies – Once the Final Regulations are effective, dealers in virtual currencies will be required to register with FINTRAC as money services businesses (“MSBs”) and meet the requirements under the PCMLTFA applicable to MSBs, including having in place a compliance program. The Final Regulations mostly track the requirements set forth in the Draft Regulations (outlined in our prior legal update).
Notably, the definition of “virtual currency” has been amended from the definition set out in the Draft Regulations. The Draft Regulations defined “virtual currency” as “a digital currency that is not a fiat currency and that can be readily exchanged for funds or for another virtual currency that can be readily exchanged for funds”; or “information that enables a person or entity to have access to such digital currency”.
In the Final Regulations, the definition has been changed to “a digital representation of value that can be used for payment or investment purposes that is not a fiat currency and that can be readily exchanged for funds or for another virtual currency that can be readily exchanged for funds” or “a private key of a cryptographic system that enables a person or entity to have access to [such] digital representation of value”. Therefore, the definition has been expanded beyond digital currency use cases to tokens that can be used either for payment purposes (such as bitcoin or stablecoins) or investment purposes (such as security tokens).
The Final Regulations maintain the exemptions originally set out in the Draft Regulations in an unamended form for “a transfer or receipt of virtual currency as compensation for the validation of a transaction that is recorded in a distributed ledger; or an exchange, transfer or receipt of a nominal amount of virtual currency for the sole purpose of validating another transaction or a transfer of information”, where “distributed ledger” means “a digital ledger that is maintained by multiple persons or entities and that can only be modified by a consensus of those persons or entities.”
In addition, the Final Regulations, like the Draft Regulations, impose numerous record-keeping and reporting requirements in respect of transactions involving virtual currency that apply to entities subject to the PCMLTFA, including the requirement to maintain large virtual currency transaction records where the entity received virtual currency amounting to CAD $10,000 or more, and virtual currency exchange transaction tickets where virtual currency is exchanged for funds, funds are exchanged for virtual currency or one virtual currency is exchanged for another.
In calculating the exchange rate to be used for the above, the Final Regulations state the exchange rate should be that published by the Bank of Canada, or if no such rate is published, the exchange rate should be the rate that the person would use in the ordinary course of business at the time of the transaction.
The definition of “funds” was revised in the Final Regulations. It was originally defined in the Draft Regulations as “cash and other fiat currencies, and securities, negotiable instruments or other financial instruments that indicate a title or right to or interest in them” or “information that enables a person or entity to have access to a fiat currency other than cash.” The Final Regulations changed the word “information” to “a private key of a cryptographic system”. This definition appears to contemplate reference to digital fiat currency (i.e. digital Canadian dollar). “Fiat currency” remains defined as “a currency that is issued by a country and is designated as legal tender in that country.”
- Prepaid cards – Similarly, once the Final Regulations are effective, the PCMLTFA will extend to certain types of prepaid card. The Final Regulations have added further exemptions. In particular, (i) prepaid payment products issued for single use for the purposes of a retail rebate program, (ii) prepaid payment products to which only a public body can add funds (eg. prepaid cards for government programs) and (iii) prepaid payment products to which only a registered charity can add funds for the purposes of humanitarian aid (eg. disaster relief prepaid cards), now fall outside the scope of the PCMLTFA.
The Final Regulations have generally not otherwise altered the requirements applicable to prepaid payment product accounts. In particular, the Final Regulations have maintained the requirement to verify the identity of each “authorized user” of a prepaid account that is subject to the PCMLTFA.
- Foreign money services businesses – Once the Final Regulations become effective, the PCMLTFA will also extend to foreign money services businesses (“Foreign MSBs”), which are defined under the PCMLTFA as persons and entities that: (i) do not have a place of business in Canada, (ii) are engaged in the business of providing such services directed at persons or entities in Canada, and (iii) provide those services to their clients in Canada. The Final Regulations generally have not altered the requirements proposed under the Draft Regulations in respect of Foreign MSBs other than specifying that the requirements in respect of electronic fund transfers (“EFTs”) apply only to international EFTs.
- Suspicious transaction reports (STR) – The deadline to report a suspicious transaction report (STR) has been changed from “within three days” (which was the proposed requirement in the Draft Regulations) to “as soon as practicable”, in each case after measures have been taken that enable them to establish there are reasonable grounds to suspect that the transaction was related to the commission of a money laundering or terrorist financing offence.
The current requirement is that a STR be reported within 30 days after the day on which the person or entity or any of their employees or officers detects a fact respecting a financial transaction or an attempted financial transaction that constitutes reasonable grounds to suspect that the transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist activity financing offence.
The change from three days to “as soon as practicable” aligns with international standards and, specifically, FATF Recommendation 20 which requires businesses “to report promptly” any suspicious transactions. Entities should review their processes to ensure they will be able to meet the new standard going forward.
- Electronic funds transfer reports (EFTR) – A number of changes were made to the EFTR requirements proposed in the Draft Regulations in the Final Regulations aiming to clarify the fact that such requirements are intended to apply only to non-domestic EFTs. The definition of EFTs was revised to re-institute the language in the PCMLTFA regulations limiting these to only include, in the case of SWIFT messages, SWIFT MT-103 (used for cross border/international wire transfers) and their equivalent. A new exemption was also added for transfers of funds for the purpose of internal treasury management, including the management of their financial assets and liabilities, if one of the parties to the transaction is a subsidiary of the other or if they are subsidiaries of the same corporation.
The Final Regulations also kept a significant terminology change that was in the Draft Regulations but not current requirements. Currently, entities are only required to report and keep records of EFTs that are initiated “at the request of a client”. The Final Regulations broaden the requirement to include those initiated “at the request of a person or entity.”
In addition, a new definition was introduced for “international electronic funds transfers” which are defined as an “electronic funds transfer other than for the transfer of funds within Canada” .
The Final Regulations in particular clarify that the “travel rule” applies to international EFTs and other ETFs to which SWIFT MT-103 messages or their equivalent apply. The Final Regulations define the prescribed information required under the travel rule to beneficiary name and address and the account number or other reference number of the beneficiary.
The Final Regulations also require that entities develop and apply written risk-based policies and procedures for determining, in the case of an EFT received by them that, despite reasonable measures taken, does not include with it any of the information required under the PCMTFA, whether they should suspend or reject the EFT and any follow-up measures to be taken.
The Final Regulations, like the Draft Regulations, expand the record-keeping requirement beyond entities that send EFTs to also include those that are intermediaries or receive an EFT.
- Cross-border currency reporting – The Final Regulations also contain some clarifying updates to the declaration forms in respect of cross-border currency reporting.
- The Draft Regulations included a significant expansion of existing record-keeping requirements, including the requirement to include “every other known detail” identifying a transaction. The Final Regulations scaled these back and deleted the requirement to include “every other known detail”. This is no doubt a welcome change for entities subject to record-keeping requirements under the PCMLTFA.
- The Final Regulations also repeal the existing requirement to keep a record of “reasonable measures taken” when an entity has been unsuccessful in obtaining certain information.
- The Final Regulations maintain the meaningful change to the identification requirement introduced in the Draft Regulations. Under the current PCMLTFA Regulations, a document used to verify identity was required to be “original, valid and current” and the Final Regulations now require such document to be “authentic, valid and current” and repeal the prohibition on the use of scanned/photocopied documents.
Entities subject to the PCMLTFA should carefully review their policies and procedures to ensure compliance with the Final Regulations. Entities in the virtual currency and prepaid card industries and money services business in particular will want to ensure that they take appropriate measures to put in place a compliance program within the required timeline.
A separate legal update focused on life insurance related changes will also follow.
This article is co-authored with Derek Ramm, Vice President of MT>Play.
By Ana Badour
- One step closer to AI regulations in Canada: The AIDA companion document - May 31, 2023
- The unexpected effect of the introduction of mandatory breach notification requirements in Québec - May 23, 2023
- An arbitrator rules on the legality of administrative suspensions without pay for investigations in collective labour relations contexts and zero-tolerance alcohol policies for employees in high-risk positions - April 26, 2023