Draft Guideline B-8 - Deterring and Detecting Money Laundering and Terrorist Financing
On November 7, 2008, the Office of the Superintendent of Financial Institutions Canada (“OSFI”) published draft revised Guideline B-8 – Deterring and Detecting Money Laundering and Terrorist Financing (the “Guideline”). Industry associations are invited to provide comments by December 10, 2008.
In 2007/2008, the federal government implemented significant changes to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (“PCMLTFA”) and the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (“PCMLTFR”), essentially revising the regulatory requirements with respect to the anti-money laundering (“AML”) and anti-terrorist financing (“ATF”) programs of federally-regulated financial institutions (“FRFIs”). A FRFI is defined in the Guideline to include banks, authorized foreign banks in respect of their business in Canada (foreign bank branches), companies to which the Trust and Loan Companies Act applies and life insurance companies or foreign life insurance company branches to which the Insurance Companies Act applies, and includes FRFIs branches and subsidiaries worldwide.
This Guideline has been designed to assist FRFIs in developing and implementing effective AML/ATF risk management controls to manage their exposure to money laundering (“ML”) and terrorist financing (“TF”) risk, as part of their AML/ATF programs. OSFI believes that the Guideline does not create new regulatory requirements; it simply underpins the current regulatory requirements. Nonetheless, OSFI has advised that FRFIs should consider the provisions of the Guideline as mandatory and FRFIs should review this Guideline to ensure that their policies and procedures are in compliance.
The AML/ATF program is essential in establishing and maintaining effective controls over ML and TF risks in all relevant areas of the FRFI enterprise. As such, the Guideline prescribes that FRFIs include the following elements in their AML/ATF programs: (i) board and senior management oversight; (ii) an appropriate individual responsible for implementation of the program; (iii) assessment of inherent risks; (iv) control policies and procedures; (v) ongoing training; (vi) self assessment of controls; and (vii) effectiveness testing. The following is a brief summary of the key points of the Guideline:
Board and Senior Management Oversight
FRFIs should ensure that its board of directors has documented oversight accountability for approving policies and procedures and monitoring the effectiveness of the AML/ATF program on a regular basis. Senior management should be responsible for: (i) implementing and managing the AML/ATF program; and (ii) ensuring that the AML/ATF program is adequate to mitigate ML and TF risk and complies with the PCMLTFA and PCMLTFR, as required.
Chief Anti-Money Laundering Officer
FRFIs should have an appropriate individual at a senior corporate level responsible for the implementation of AML/ATF programs.
Assessment of Inherent Risks
The PCMLTFA requires that a FRFI’s compliance program include the development and application of policies and procedures to assess, in the course of a FRFI’s activities, the risk of a ML or TF offence. The PCMLTFR requires that the following categories of ML and TF risk be covered in the FRFI’s assessment of inherent risk: (i) the client and business relationships of the FRFI; (ii) the products and delivery channels of the FRFI; (iii) the geographic location of the activities of the FRFI; and (iv) any other relevant factor (taking into account composite risks arising from the combination of risks identified above, i.e. transaction risk). FRFIs are to assess inherent risk by: (i) identifying current and emerging ML and TF risks inherent in activities of the FRFI; (ii) assessing the relative seriousness of the identified risks; and (iii) highlighting the higher risks to which enhanced due diligence must be applied.
Control Policies and Procedures
Written control policies and procedures should: (i) identify and implement measures designed to control inherent risks; (ii) be kept up to date to mitigate risks; and (iii) comply with other regulatory requirements. The policies should set risk management standards to govern the approach of the FRFI to deterring and detecting ML and TF, and should ensure regulatory compliance. Procedures should be used to translate the policies into practice.
Ongoing Training
FRFIs should ensure that written AML/ATF training programs are developed and maintained and that appropriate training should be considered for all pertinent persons within the FRFI.
Self Assessment of Controls
FRFIs should ensure that a self-assessment of control measures is conducted on an ongoing, but at least annual, basis.
Effectiveness Testing
The PCMLTFR require that the following AML/ATF program components be reviewed for the purpose of testing their effectiveness every two years: (i) policies and procedures; (ii) risk assessments; and (iii) training programs. The PCMLTFR also prescribes minimum content and timing for reports on effectiveness testing. The FRFI should ensure that effectiveness testing of the AML/ATF program is included in its auditor’s mandate.
Client Due Diligence
Client due diligence is comprised of client identification, information gathering, ascertaining identity and ongoing monitoring. These components must comply with applicable regulatory requirements, and must be enhanced for higher risk situations. As a general rule, a business relationship should only be entered into or maintained with a client if the FRFI is satisfied that the information it has gathered demonstrates that the FRFI knows the client (i.e. the client has disclosed his/her true identity and a legitimate purpose for entering or maintaining the business relationship with the FRFI).
Specific Higher Risks
The Guideline also identifies specific areas of higher risk, including, but not limited to: (i) non face-to-face client identification; (ii) PEFPs (i.e. an individual who holds or has held a prescribed office or position in or on behalf of a foreign state or is a prescribed member of the family of such a person); (iii) client corporations that can issue bearer shares; (iv) correspondent banking; (v) processing electronic funds transfers; (vi) trade finance; and (vii) new and developing technologies.
Record Keeping and Retention
Procedures for keeping paper and electronic records of pertinent information about clients and transactions must ensure that the FRFI complies with all of the record keeping requirements of the PCMLTFA and the PCMLTFR.
Transaction Monitoring and Reporting
FRFIs should ensure that internal reporting requirements comply with regulatory reporting requirements. Significant compliance issues should be documented, provided to senior management and reported to OSFI and the Financial Transactions and Reports Analysis Centre of Canada (“FINTRAC”) promptly. FRFIs have an obligation to report all suspicious transactions and suspicious attempted transactions to FINTRAC, as well as any property in the possession or control of the FRFI that the FRFI knows, or has reasonable grounds to believe, is owned or controlled by or on behalf of a terrorist or terrorist group. Suspicious transactions and suspicious attempted transactions are defined as those in respect of which there are reasonable grounds to suspect that the transaction or attempted transaction is related to the commission or attempted commission of a ML or TF offence. FRFIs also must report to FINTRAC any cash transactions that, in the aggregate, total $10,000 or more within a 24 hour period.
For the full text of the Guideline, please visit the OFSI website at: www.osfi-bsif.gc.ca
This update is intended as a summary only and should not be regarded or relied upon as advice to any specific client or regarding any specific situation.
If you would like further information regarding the issues discussed in this update or if you wish to discuss any aspect of this commentary, please feel free to contact us.
Top