One of the five core requirements of a registered firm’s anti-money laundering and anti-terrorist financing (AMLTF) compliance program is to conduct a risk assessment of its business activities and relationships. The business-based risk assessment must assess the risks linked to a registered firm’s business activities and the relationship-based risk assessment must assess the risks linked to the nature and type of business of a registered firm’s clients. During an audit, FINTRAC may review these risk assessments, in part to verify if they consider certain risk factors. The risk assessments are not to be confused with the requirement to complete an independent two-year effectiveness review, which is a separate obligation that must be completed by registered firms every two years.
In January of 2021, FINTRAC published updated risk assessment guidance to include legislative amendments from June 2017 and legislative amendments that will come into force on June 1, 2021.
The key take away for registered firms is that you should review your risk assessments to ensure that the following are included among the risk factors that are considered: new developments, technologies and the activities of any affiliates. Registered firms should review the updated risk assessment guidance and reach out to their usual lawyer for assistance, as applicable. The updated risk assessment guidance can be found here. For any questions, please contact Chris Tooley or a member of our team.
January 29, 2021