One of the five core requirements of a registered firm’s anti-money laundering and anti-terrorist financing (AMLTF) compliance program is to conduct a risk assessment of its business activities and relationships. The business-based risk assessment must assess the risks linked to a registered firm’s business activities and the relationship-based risk assessment must assess the risks linked to the nature and type of business of a registered firm’s clients. During an audit, FINTRAC may review these risk assessments, in part to verify if they consider certain risk factors. The risk assessments are not to be confused with the requirement to complete an independent two-year effectiveness review, which is a separate obligation that must be completed by registered firms every two years.
In January of 2021, FINTRAC published updated risk assessment guidance to include legislative amendments from June 2017 and legislative amendments that will come into force on June 1, 2021.
The key take away for registered firms is that you should review your risk assessments to ensure that the following are included among the risk factors that are considered: new developments, technologies and the activities of any affiliates. Registered firms should review the updated risk assessment guidance and reach out to their usual lawyer for assistance, as applicable. The updated risk assessment guidance can be found here. For any questions, please contact Chris Tooley or a member of our team.
January 29, 2021
On March 25, FINTRAC issued a notice (Notice) indicating that it is committed to working constructively with businesses (Reporting Entities) subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) to minimize the impact of ongoing anti-money laundering and anti-terrorist financing (AMLTF) requirements while Reporting Entities are experiencing challenges due to the disruptions caused by COVID-19. FINTRAC had four main messages:
- Reporting: Reporting Entities should give priority to submitting suspicious transaction reports (STRs), as required.
- Verification of Identity: Some provincial governments are extending the validity of various identification documents to avoid in-personal renewal visits. If a person presents a document or information affected by such a decision, the Reporting Entity must still determine the authenticity of that document or information but can, until further notice, consider the document or information valid and current.
- Compliance Assessment and Enforcement: For now, FINTRAC does not plan to initiate any new examinations and plans to limit its other interactions with Reporting Entities to: (1) completion of existing examinations situations relating to reporting issues; and (2) requests for guidance.
- If Non-Compliance Is Unavoidable: In the Notice, FINTRAC stressed the importance for Reporting Entities of documenting the reasons for any situation where the Reporting Entity cannot meet a reporting or other regulatory obligation for reasons beyond its control. The Reporting Entity should document the reason for not meeting the obligation (g. employee responsible for fulfilling an obligation affected by COVID-19) and, where possible, any measures taken to mitigate the non-compliance. Firms are also encouraged to submit a voluntary self-declaration of non-compliance via email, when they can, and such a notification will be taken into account in future compliance activities.
If your firm is experiencing challenges complying with your obligations under the PCMLTFA or your monthly AMLTF reporting obligations to securities regulators, AUM Law can help. For example, we can prepare and file on your behalf your monthly AMLTF reports with securities regulators. And if you are facing an instance of potential or actual non-compliance with your obligations, we can advise you on how to document the issues, develop mitigation strategies and liaise with regulators on your behalf as needed.
March 31, 2020