Anti-Money Laundering and Combating of Terrorism Financing (AML/CTF) Policy

 

Cado Financial Services Ltd, 1907 Baseline Rd, Unit 104, Ottawa, Ontario, Canada, K2C0C7

Policy about how to prevent money laundering, terrorism financing and sanctions violations.

 

January 2025

 

Preamble

This Anti Money Laundering Compliance Policy of CADO FINANCIAL SERVICES LTD, the Company registered in Canada, province Ontario, under registration number 1000792975 (the “Company” or “we”) governs the Company’s principles and standards to prevent money laundering, to combat terrorism, and financial crime. The Company is registered with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) as a Money Service Business (MSB) with MSB registration number C100000352.

CADO FINANCIAL SERVICES LTD. fulfills legal obligations as required by the Canadian Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)[1] and other applicable rules and regulations connected to anti-money laundering and counter-terrorist financing (“AML/CTF”) obligations.

 

This AML Policy explains the current principles of anti-money laundering and counter-terrorist financing obligations and provides answers and explanations on PCMLTFA’s explanation of transaction types, reporting requirements, client information and record keeping.

 

As a money service business in Canada, the Company ensures it is fully compliant with Canadian legislation to combat money laundering and terrorism. The Company respects and adheres to the international, foreign, and domestic laws applicable to its business.

 

As such, this Policy sets the terms and conditions, as well as a procedure on how we identify and verify clients, assess relevant risks, and, if necessary, report to relevant governmental authorities.

 

We have other internal policies on this subject matter.

 

The Company Business

 

The Company is an authorized money services business in Canada. It offers to businesses the following financial solutions:

 

• Foreign exchange dealing
• Dealing in virtual currency
• Payment service provider.

 

Geography of the Company’s Services

 

The geography of services of CADO FINANCIAL SERVICES LTD. encompasses the following geographical regions: Canada, the United Kingdom, and all 26 EU member states, with intend to operate worldwide.

 

1.     Information related to money laundering

 

1.1 What is money laundering?

 

The term “money laundering” evolved to illustrate illegal and criminal activities when individual attempts to hide the original source of money or assets gained from various illicit activities, such as bribery, tax evasion, fraud.

 

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC of Canada), which is the Canadian financial intelligence unit, has introduced robust anti-money laundering and anti-terrorist financing legislation and regulations attributable to financial institutions operating in Canada. FINTRAC issues various guidance that allows to learn more on money laundering.

 

FINTRAC of Canada recognizes three stages in the money laundering process, which are:

 

• Placement which involves placing the proceeds of crime in the financial system.
• Layering which involves converting the proceeds of crime into another form and creating complex layers of financial transactions to disguise the audit trail and the source and ownership of funds. This stage may involve transactions such as the buying and selling of stocks, commodities or property.
• Integration with placing the laundered proceeds back in the economy to create the perception of legitimacy.

 

Going through these stages, it is possible to hide a source of income origin, and therefore, clean “dirty money.” Some criminals use proceeds for various illegal purposes, such as terrorist financing, making illegal transactions. As a result, such funds come to the financial system of Canada and other countries.

 

1.2 Methods of Money Laundering

 

Criminals utilize various methods to clean money. Traditionally, these methods are use of nominees and complex transactions to hide actual ownership, smurfing, asset purchases with bulk cash, currency smuggling, gambling in casinos, virtual currencies transfers, etc.

 

1.3 Importance of combating money laundering

 

Money laundering is a multi-million-dollar illegal business that brings inequality and damages to the social and economic system. Canadian authorities, together with other governments, use joint forces to deprive criminals of the profits. In recent decades, criminals have been using international and complex schemes to hide profits. Joint cooperation enables to fight against money laundering and terrorism effectively.

 

Canada is an active member of international organizations and cooperation with other countries to combat illegal activities.

It is a requirement of all financial institutions and certain organizations to comply with anti-money laundering legislation and adopt rules that meet Canadian and international requirements.

 

1.4 International Cooperation to Fight against Money Laundering

 

For the past decades, international cooperation between countries has been expanded, facilitating international cooperation at different levels, including governmental and business collaboration.

 

There have been various international initiatives that aim to detect and prosecute money laundering. Such global initiatives where Canada takes part are:

 

• Financial Action Task Force (FATF), more information about FATF at http://www.fatf-gafi.org;
• Egmont Group of Financial Intelligence Units (FIUs) at https://egmontgroup.org/;
• European Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime, more information at https://www.coe.int/en/web/conventions/full-list?module=treaty-detail&treatynum=141;
• Asia Pacific Group on Money Laundering (APG), more information at http://www.apgml.org;
• Caribbean Financial Action Task Force on Money Laundering (CFATF), more information at https://www.cfatf-gafic.org;
• United Nations Single Convention on Narcotic Drugs, more information at https://www.unodc.org/pdf/convention_1961_en.pdf;
• United Nations Convention on Psychotropic Substances, more information at https://www.unodc.org/pdf/convention_1971_en.pdf;
• United Nations Convention Against Illicit Traffic in Narcotic Drugs and Psychotropic Substances, more information at https://www.unodc.org/pdf/convention_1988_en.pdf;
• United Nations Convention Against Transnational Organized Crime, more information at https://www.unodc.org/unodc/en/organized-crime/intro/UNTOC.html.

 

It is a requirement of member countries to accept and implement the rules and principles to their local laws and regulations that are consistent with, and as comprehensive as agreed rules and principles.

 

Canada has enacted the Proceeds of Crime (Money Laundering) and Terrorist Financing Act in order to facilitate the identification of entities that conduct illegal financial transaction and to effectively fight against money laundering.

 

Being supportive with other international initiatives on combating money laundering, our Company has implemented internal and external policies outlining the basic framework for anti-money laundering and terrorist financing. Further, our company constantly monitors legislative developments that address this issue and adheres to Canadian legislation and international treaties implementing the best practices to combat money laundering.

 

1.5 A General Overview of Canadian Legislation to Combat Money Laundering

 

Money laundering has been legally recognized as a criminal offense in Canada under the Criminal Code within the previous decades.

 

Another important law is the Proceeds of Crime (Money Laundering) Act which was enacted in 2000. In 2001, the first reporting requirement came into effect for suspicious transactions. These measures were subsequently enhanced, and additional components were introduced. That same year, the scope of the Proceeds of Crime (Money Laundering) Act was expanded to include terrorist financing. This resulted in the former Proceeds of Crime (Money Laundering) Act becoming the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).

 

Over the course of 2002 and 2003, other requirements under the PCMLTFA and related Regulations were phased-in, such as record keeping, client identification, and other reporting obligations.

 

In 2006, amendments to the PCMLTFA introduced changes such as the establishment of a money services businesses registry, the authority to levy administrative monetary penalties and the addition of new reporting sectors, among others. They also included measures to strengthen reporting, record keeping, client identification, and compliance regime requirements. These changes were phased in over the course of 2007 to 2009.

 

Substantial regulatory amendments came into play on June 1, 2021, changing or creating new obligations for reporting entities that are subject to the PCMLTFA. Aiming to prevent unauthorized transactions, the amendments include new virtual currency obligations for all reporting entities and new definitions under the PCMLTFA. They also include record keeping and reporting changes for all reporting entities, and obligations for foreign money services businesses. The amendments introduce new requirements for all reporting entities to take reasonable measures to confirm the accuracy of information regarding beneficial ownership.

 

The MSBs Registration Regulations lacked obligations to submit certain information that is necessary for FINTRAC to effectively administer the MSB registration framework and help assess potential risks of MSB applicants. For example, there was no obligation for MSBs to submit the contact information of their chief executive officer, president, directors or owners, which can make it difficult to contact these individuals for administrative reasons. Nor is there a requirement for MSBs to indicate how many of their agents, mandataries and branches operate in different countries, which provides valuable insight on the global reach of the MSB’s activities. In order to implement the mentioned obligations, on September 26, 2023 the PCMLTFA was amended enhancing the MSB registration framework.

 

In June 2021, the Retail Payment Activities Act (RPAA) received royal assent and set the wheels in motion for a new era in payments regulation in Canada. The new legislation, the first specifically geared toward retail payment activities in Canada, is designed to protect Canadian consumers, businesses and the financial system from certain risks. The Bank of Canada is the regulator of this new regulatory regime set out in the RPAA.

Following a nine-month consultation period, On 22 November 2023, the finalized regulations enacted under the Retail Payment Activities Act (RPAA) were released on 22 November 2023, with registration-related requirements expected to come into force beginning in November 2024 and the remainder in September 2025. The RPAA and Retail Payment Activities Regulations (“Regulations“) make up Canada’s new retail payment supervisory regime overseen by the Bank of Canada, Canada’s central bank. The finalized Regulations includes a requirement for payment service providers (PSPs) to register with the Bank of Canada, and the regulations set out detailed requirements for PSPs to manage operational risks, safeguard end-user funds, report to the Bank of Canada, and other administrative aspects of the RPAA regime. Together with the RPAA, the Regulations will offer a path forward for PSPs towards Payments Canada membership and system participation. The PSPs will need to register with the Bank of Canada by no later than 15 November 2024 and take necessary steps to comply with the regulatory requirements that come into force on 8 September 2025.

 

The Company and anyone acting on behalf of the Company must comply with the applicable local laws.

 

1.6 When are we obliged to report to FINTRAC?

 

The Company takes any violation seriously and is committed to efficiently and timely investigate, and, if necessary, report the FINTRAC about certain transactions and property in accordance with the Canadian laws.

 

We ensure that our Compliance Officer, top management, and internal system is able to track and monitor violations.

 

In accordance with Canadian laws, we are obliged to take specific steps and report immediately to FINTRAC.

 

FINTRAC is an independent government agency in Canada. It operates at arm’s length from law enforcement agencies and collects, analyzes, and discloses information to help detect, prevent and deter money laundering and the financing of terrorist activities in Canada and abroad. Companies and other entities in Canada are obliged to report to FINTRAC on suspicion of money laundering and terrorist financing. Further, it analyzes information and implements other necessary actions.

 

The Company will immediately submit a report to FINTRAC in case of the following:

 

1.7 Suspicious transactions

 

The Company will report on any completed or attempted transaction if there are reasonable grounds to suspect that such transaction is related to the commission or attempted commission of a money laundering offense or a terrorist activity financing offense. We will report to FINTRAC or, if necessary, directly to law enforcement.

 

FINTRAC provides detailed information about reporting suspicious transactions to FINTRAC to which we adhere to: https://fintrac-canafe.canada.ca/guidance-directives/transaction-operation/str-dod/str-dod-eng

 

There are different grounds and examples which would lead to our reporting obligations of suspicious transactions.

The suspicion of money laundering or terrorist activity financing will likely materialize from the assessment of multiple elements (transactions, facts, context, and any other related information that may or may not be an indicator of money laundering or terrorist activity financing. When these elements are viewed together, they create a picture that will either support or negate the suspicion of the commission of a money laundering or terrorist activity financing offence.

Reasonable grounds to suspect is the required threshold to submit an STR to FINTRAC and is a step above simple suspicion, meaning that there is a possibility that an ML/TF offence has occurred.

The reasonable grounds to suspect threshold may be better understood when you have an understanding of other thresholds:

• simple suspicion
• reasonable grounds to believe

Simple suspicion is a lower threshold than reasonable grounds to suspect and is synonymous with a “gut feeling” or “hunch”. In other words, simple suspicion means a feeling that something is unusual or suspicious, but there are no any facts, context or money laundering or terrorist activity financing indicators to support that feeling or to reasonably conclude that a money laundering or terrorist activity financing offence has occurred. Simple suspicion could prompt you to assess related transactions to see if there is any additional information that would support or confirm your suspicion.

Reasonable grounds to believe is a higher threshold than Reasonable grounds to suspect and is beyond what is required to submit an STR. Reasonable grounds to believe means that there are verified facts that support the probability that an ML/TF offence has occurred. In other words, there is enough evidence to support a reasonable and trained person to believe, not just suspect, that an ML/TF offence has occurred.

If the Company is in receipt of a production order, by law enforcement, the Company must perform an assessment of the facts, context, and ML/TF indicators to determine whether the Company has Reasonable grounds to suspect that a particular transaction is related to the commission of an ML/TF offence.

The Company must submit an STR as soon as practicable after completing the measures (described above) required to establish Reasonable grounds to suspect that a transaction is related to the commission of an ML/TF offence. In situations involving time-sensitive information, such as suspected terrorist financing and threats to national security, the Company is encouraged, as a best practice, to expedite the submission of Suspicious Transaction Reports.

 

1.8 Suspected sanctions evasion

 

The Company is required to report to FINTRAC all completed and attempted transactions where the Company has reasonable grounds to suspect the transaction is related to the commission or the attempted commission of a sanctions evasion offence.

 

As of August 19, 2024, in addition to longstanding obligations to report transactions where there are reasonable grounds to suspect that they are related to money laundering and terrorist activity financing offences, reporting entities must report transactions suspected to be related to sanctions evasion to FINTRAC.

 

What is sanctions evasion-related transactions

 

Sanctions evasion offence means an offence involves breaching restrictions established by regulations under the United Nations Act, the Special Economic Measures Act or the Justice for Victims of Corrupt Foreign Officials Act (Sergei Magnitsky Law).

 

Where there are reasonable grounds to suspect sanctions evasion by someone acting on behalf of a sanctioned person then you must report these transactions on FINTRAC’s Suspicious Transaction Reports.

The Company refers to these sanctions lists for identifying sanctioned persons:

• Consolidated Canadian Autonomous Sanctions List: https://www.international.gc.ca/world-monde/international_relations-relations_internationales/sanctions/consolidated-consolide.aspx?lang=eng
• United Nations Security Council Consolidated List: https://main.un.org/securitycouncil/en/content/un-sc-consolidated-list

The Company also has other legal obligations under Canada’s sanctions laws and associated regulations with respect to monitoring and reporting of relevant property ownership, export and import of goods and other activity in connection with sanctioned individuals and entities.

Canadian sanctions are imposed under the United Nations Act, the Special Economic Measures Act, and the Justice for Victims of Corrupt Foreign Officials Act and place restrictions on the activities permissible between persons in Canada or Canadians outside Canada and foreign states, individuals, or entities. These Acts and their relevant Regulations often include designations, or listings, of individuals and entities, which subject those persons to a dealings ban.

The Company is also obliged to apply Ministerial Directives:  https://fintrac-canafe.canada.ca/obligations/directives-eng

Ministerial Directives are currently in force with respect to three jurisdictions also subject to Canadian sanctions: the Democratic People’s Republic of Korea, the Islamic Republic of Iran and Russia.

Characteristics of financial transactions associated with sanctions evasion

 

Individuals and entities sanctioned by the Government of Canada are likely to deploy established techniques and channels to circumvent sanctions and use alternative financial channels should traditional methods be unavailable to them. These techniques include:

• Intermediary jurisdictions to establish complex networks of shell companies.
• Trade-based money laundering and non-resident banking in secrecy jurisdictions.
• Alternative financial channels like cryptocurrencies to hide transaction origins.
• Opaque corporate structures and use of proxies to mask ownership or control.
• Import/export evasion to circumvent restrictions on goods with dual-use purposes.

Consult Resources:

• FINTRAC Special Bulletin for information on recognizing and reporting sanctions evasion: https://fintrac-canafe.canada.ca/intel/bulletins/sanctions-eng
• Joint Financial Intelligence Advisory to identify transactions linked to illegal procurement or export of dual-use goods: https://fintrac-canafe.canada.ca/notices-avis/avs/2024-02-20-eng

 

1.9 Large cash transactions

 

A large cash transaction occurs when the Company receives CAD 10,000 (or any transaction with two or more cash amounts of less than CAD 10,000 that total CAD 10,000 or more should such transactions occur in the future) or more in cash in a single transaction.

Cash includes:

• coins and bank notes issued by the Bank of Canada that are intended for circulation in Canada
• coins and bank notes of countries other than Canada
• fiat currency

Cash does not include:

• other forms of funds such as cheques, money orders or other similar negotiable instruments
• virtual currency

While the Company doesn’t intend to conduct any cash transactions, the Company will report to FINTRAC any transaction exceeding CAD 10,000 or more in cash in the course of a single transaction, or any transaction with two or more cash amounts of less than CAD 10,000 that total CAD 10,000 or more should such transactions occur in the future.

 

1.10 Terrorist property

 

All persons in Canada and Canadians abroad must report the presence of property owned or controlled by designated persons to the RCMP (Royal Canadian Mounted Police ) or CSIS (The Canadian Security Intelligence Service).

The Company reports to FINTRAC if the Company receives property in the possession or control that the Company knows is owned or controlled by or on behalf of a terrorist group. This obligation is triggered when the Company is required to make a disclosure under section 83.1 of the Criminal Code or section 8 of the Regulations Implementing the United Nations Resolutions on the Suppression of Terrorism (RIUNRST).  

Further, the Company will report to FINTRAC if we have property in its possession or control that the Company believes is owned or controlled by or on behalf of a person listed under the Regulations Implementing the United Nations Resolutions on the Suppression of Terrorism.

 

1.11 Electronic Funds Transfer

 

The Company is obliged to report to FINTRAC on incoming and outgoing international electronic funds transfers of CAD 10,000 or more. These can be instructions sent electronically outside Canada or from outside Canada in a single or two/more transfers.

 

1.12 Large Virtual Currency Transactions

 

Virtual currency is a digital representation of value, or the private key of a cryptographic system that enables access to a digital representation of value, that can be used for payment or investment purposes. It is not a fiat currency, but it can be readily exchanged for funds or another virtual currency that can be exchanged for funds.

 

The Company is obliged to report a Large Virtual Currency Transaction Report (LVCTR) to FINTRAC in the following events:

 

• if the Company receives virtual currency (VC) in an amount equivalent to CAD 10,000 or more in the course of a single transaction; or
• if the Company receives two or more amounts of VC, that total the equivalent of CAD 10,000 or more within a consecutive 24-hour window, by or on behalf of the same person or entity, or for the same beneficiary.

 

The Company must send an LVCTR to FINTRAC within five working days after the day you received the amount.

 

The Company does not have to submit an LVCTR to FINTRAC if the amount of VC is received as compensation for the validation of a transaction that is recorded in a distributed ledger, or is a nominal amount of VC received for the sole purpose of validating another transaction or transfer of information.

In addition, the Company will keep the virtual currency transaction record for amounts received in virtual currency of CAD 10,000 or more in a single transaction, or across multiple virtual currency transaction that total CAD 10,000 or more within a span of 24 hours.

 

1.13 What are other additional measures that we implement to comply with PCMLTFA?

 

The Company has implemented appropriate systems that internally control and prevent money laundering or terrorist financing activities. Our internal system monitors and identifies suspicious transactions or unusual customer behavior in accordance with FINTRAC guidance. The basis of the internal control process includes:

 

• well-defined authorisations,
• a segregation of duties,
• client identification,
• on-going due diligence,
• reporting suspicious transactions and activities.

 

1.14 Internal Control System

 

In order to ensure the effective work of our internal control system, the Company ensures our management and team are fully aware about our AML compliance policy.

 

The Company is required to keep certain records after conducting specified transactions. This includes specific requirements about identifying individuals with whom a reporting entity conducts a transaction. We follow FINTRAC guidance on record keeping.

 

The Company has no an internal audit department, but conducts an internal audit every two years by three employees that work with unrelated department unless the Company determines that a longer rotation cycle is appropriate. The responsible employees and the audit are approved by the Company’s board.

 

The Company periodically monitors the changes in relevant applicable laws to stay updated and stay efficient in mitigating and preventing risks associated with money laundering and terrorist financing.

 

The Company has appointed the Compliance Officer (Money Laundering Compliance officer or AML Officer).

 

1.15 Other Measures

 

Further, the Company implements the following measures:

 

• Implementation of written compliance policies and procedures;
• The assessment and documentation of money laundering and terrorist financing risks for the business, along with steps to mitigate those risks;
• Introduction of an ongoing compliance training plan;
• Establishing a plan for a review of the compliance program for the purpose of testing its effectiveness, and carrying out its review every two years at a minimum;
• Review of the compliance policies and procedures and risk assessment, and provision of tests of their effectiveness at least every two years;
• Appointment of a compliance officer.

 

1.16 Compliance Program

 

A compliance program is a program established and implemented by the Company and is intended to ensure its compliance under the PCMLTFA and associated regulations. A compliance program forms the basis for meeting all reporting, record keeping, client identification and other know-your-client requirements under the PCMLTFA and associated Regulations.

 

The Company implements the following elements of a compliance program by:

 

• appointing a compliance officer who is responsible for implementing the program;
• developing and applying written compliance policies and procedures that are kept up to date and, in the case of an entity, are approved by a senior officer;
• conducting a risk assessment business to assess and document the risk of a money laundering offence or a terrorist activity financing offence (ML/TF) occurring in the course of activities;
• developing and maintaining a written, ongoing compliance training program for employees, agents or mandatories, or other authorized persons;
• instituting and documenting a plan for the ongoing compliance training program and delivering the training (training plan); and
• instituting and documenting a plan for a review of the compliance program for the purpose of testing its effectiveness, and carrying out this review every two years at a minimum (two-year effectiveness review).

 

1.17 Penalties for violations

 

1. Administrative penalties

 

The Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations (AMP Regulations) list the non-compliance violations that could be the basis of an AMP. The AMP Regulations categorize violations by degree of importance, and assign the following penalty ranges:

 

Minor violation	From CAD 1 to CAD 1,000 per violation
Serious violation	From CAD 1 to CAD 100,000 per violation
Very serious violation	From CAD 1 to CAD 100,000 per violation for an individual From CAD 1 to CAD 500,000 per violation for an entity

 

Multiple violations can result in a total amount that exceeds these limits.

 

1. Criminal penalties

Every person or entity that is guilty of an offence is liable:

• on summary conviction, to a fine of not more than CAD 250,000 or CAD 1,000,000 and/or to imprisonment for a term of not more than two years less a day, or
• on conviction on indictment, to a fine of not more than CAD 500,000 or CAD 2,000,000 and/or to imprisonment for a term of not more than five years.

Criminal penalties may include:

• Failure to report suspicious transactions: up to CAD 2 million and/or 5 years imprisonment.
• Failure to report a large cash transaction or an electronic funds transfer: up to CAD 500,000 for the first offence, CAD 1 million for subsequent offences.
• Failure to meet record keeping requirements: up to CAD 500,000 and/or 5 years imprisonment.
• Failure to provide assistance or provide information during compliance examination: up to CAD 500,000 and/or 5 years imprisonment.
• Disclosing the fact that a suspicious transaction report was made, or disclosing the contents of such a report, with the intent to prejudice a criminal investigation: up to 2 years imprisonment.

FINTRAC may disclose cases of non-compliance to law enforcement when there is extensive non-compliance or little expectation of immediate or future compliance.

General offences

Every person or entity who is guilty of a general offence is liable:

• on summary conviction, to a fine of not more than CAD 250,000 or to imprisonment for a term of not more than two years less a day, or to both; or
• on conviction on indictment, to a fine of not more than CAD 500,000 or to imprisonment for a term of not more than five years, or to both.

General offences include (but not limited with) knowingly contravening the following:

• keeping records in accordance with the regulations;
• verifying the identity of a person or entity in accordance with the regulations;
• reporting to the Reports Analysis Centre of Canada under PCMLTFA or another Act of Parliament or any regulations under person or entity shall make the report in the form and manner and within the period prescribed for a report under this PCMLTFA or Act;
• opening, maintaining an account or having a correspondent banking relationship with a client if the person or entity cannot verify the identity of the client in accordance with the regulations;
• taking the measures referred to in the regulations for dealing with a person that there is a high risk of a money laundering offence or a terrorist activity financing offence;
• having a correspondent banking relationship with a shell bank as defined in the regulations;
• including prescribed information into electronic funds transfer that occurs in the course of financial activities, and taking reasonable measures to ensure that any transfer that the person or entity receives includes that information;
• establishment and implementation of a compliance program in accordance with the regulations;
• development of policies in respect of foreign branches and foreign subsidiaries and ensuring that those branches and subsidiaries apply those policies to the extent it is permitted by, and does not conflict with, the laws of the foreign state in which the branch or subsidiary is located;
• registration with the Reports Analysis Centre of Canada issuing or selling money orders to, or redeem them from, the public;
• taking addition measures specified in the Minister’s written directive  with respect to any financial transaction, or any financial transaction within a class of financial transactions, originating from or bound for any foreign state or foreign entity; compliance within the time and in the manner specified in the directive;
• ensuring that foreign branches and foreign subsidiaries that carry out activities similar to those of entities and that are either wholly-owned by the entity or have financial statements that are consolidated with those of the entity, comply with any directive issued;
• ensuring that foreign branches and foreign subsidiaries comply with any regulation to the extent it is permitted by, and does not conflict with, the laws of the foreign state in which the branch is located;
• reporting to an officer, in accordance with the regulations, the importation or exportation of currency or monetary instruments of a value equal to or greater than the prescribed amount;
• when a person arriving in or departing from Canada, answering truthfully any questions asked by the officer in the performance of the officer’s duties; present the currency or monetary instruments that are carrying or transporting, unload any conveyance or part of a conveyance or baggage and open or unpack any package or container that the officer wishes to examine;
• prohibition for using information by officials and the Reports Analysis Centre of Canada for any purpose other than exercising powers or performing duties and function, or disclosing the information set out in a report;

 

Reporting offences for suspicious transactions.

Every person or entity that is required to make a disclosure under the Criminal Code or under the Regulations Implementing the United Nations Resolutions on the Suppression of Terrorism shall report to the Centre in accordance with the regulations.

Every person or entity shall, in accordance with the regulations, report to the Centre every financial transaction that occurs or that is attempted in the course of their activities and in respect of which there are reasonable grounds to suspect that:

• (a)the transaction is related to the commission or the attempted commission of a money laundering offence; or
• (b)the transaction is related to the commission or the attempted commission of a terrorist activity financing offence.

Every person or entity that knowingly contravenes the above regulation, or any regulation made by The Governor in Council on the recommendation of the Minister, is guilty of an offence and liable:

• (a)on summary conviction, to a fine of not more than CAD 1,000,000 or to imprisonment for a term of not more than two years less a day, or to both; or
• (b)on conviction on indictment, to a fine of not more than CAD 2,000,000 or to imprisonment for a term of not more than five years, or to both.

Reporting offences for electronic funds transfers, large cash transactions, large virtual currency transactions, and casino disbursements

Every person or entity that contravenes determined measures for dealing with domestic and foreign politically exposed persons, heads of international organizations and their closely associates, is guilty of an offence and liable on summary conviction to a fine of not more than CAD 1,000,000.

Money services business registration information offences for providing false or misleading statements or information to FINTRAC.

Every person or entity that provides to the Centre information regarding application for registration with FINTRAC, any change to the information provided in the application or of any newly obtained information within 30 days after it became known, any clarifications that the Centre may request within 30 days after the day on which the request is made, or application for review of the decision of the Centre, and that knowingly makes any false or misleading statement or knowingly provides false or misleading information to a person responsible for carrying out functions under this Act is guilty of an offence and liable:

• (a)on summary conviction, to a fine of not more than CAD 250,000 or to imprisonment for a term of not more than two years less a day, or to both; or
• (b)on conviction on indictment, to a fine of not more than CAD 500,000 or to imprisonment for a term of not more than five years, or to both.

Penalties do not apply to those employees who report suspicious transaction to their senior employees.

 

2. Reporting Procedures

 

The information provided above forms our policies and procedures on identifying reportable transactions and reporting to FINTRAC, record keeping, record retention and ascertaining identity, risk-based approach, and training program.

 

2.1 Reporting to FINTRAC

 

As discussed in the previous section, the Company reports the following:

 

• Suspicious transaction
• Suspected sanctions evasion
• Large cash transaction
• Terrorist property
• Electronic funds transfer
• Large virtual currency transactions

 

The Company will submit to FINTRAC a terrorist property report (TPR) detailing all ‎property in their possession or control that the Company has reason to believe is owned, held or controlled by ‎or on behalf of a terrorist group/listed terrorist person.‎

 

The Company will also report separately each transaction where it receives an amount of ‎‎ CAD 10,000 or more in cash in the course of a single transaction. Each such transaction will be sent to ‎FINTRAC separately, in its own report.‎ Finally, the Company will also report situations where the aggregate of multiple transactions with a 24-hour period, conducted by and/or on the behalf of the same person, entity, or beneficiary, is equal to or greater than CAD 10,000.

When the Company receives or transfer the funds in a foreign currency or in virtual currency, the Company needs to determine whether the reporting threshold amount is reached. The Company converts the amount into Canadian dollars using the exchange rate published by the Bank of Canada in effect at the time of the transaction. If an exchange rate is not published by the Bank of Canada, then the Company must use the rate established in the normal course of business at the time of the transaction.

The normal course of business for foreign currencies is established as an average course of currency exchange established by Big Six Banks of Canada at the time of the transaction:

• Royal Bank of Canada (RBC);
• Toronto-Dominion (TD) Bank;
• Bank of Nova Scotia (Scotiabank);
• Bank of Montreal (BMO);
• Canadian Imperial Bank of Commerce (CIBC);
• National Bank of Canada.

 

The normal course of business for virtual currencies is established as an average course of virtual currency exchange established by the most popular cryptocurrency exchange brokers of Canada at the time of the transaction:

• Wealthsimple;
• Bitbuy;
• Crypto.com;
• VirgoCX;
• NDAX;
• Newton.

 

3. Client information and record keeping

 

3.1 General

 

The Company performs record keeping under the PCMLTFA and associated regulations.

 

Depending on a particular business relationship, the Company may collect certain information from the client. Such information may include, for example:

 

• If an individual – full name, ID or passport details, date of birth, occupation, address, tax residency, source of origin of funds, employment details, purpose and intended use of the products and services, third party involvement, and any known political exposure

 

• If a legal entity – information on each beneficial owner, nature of business, information about company incorporation, certificate confirming existence, etc.

 

To verify the documents, the Company shall rely on the following guidance:

https://fintrac-canafe.canada.ca/guidance-directives/recordkeeping-document/record/msb-eng

 

The Company keeps all the documents and records collected under PCMLTFA, associated regulations, and referred to in this Article throughout the business relationship with the customer and for a period of at least five years after the end of the business relationship.

 

3.2 Client information record

 

The Company retains client information for all clients who have a business relationship with the Company.

 

The Company completes client applications for payments products and services containing all of the required information, which depends on the type of client (individual or legal entity) and the nature and/or volume of the client’s transactions. In particular, the records should contain:

 

• Client identification information (individual or legal entity)
• Industry, occupation, business type
• Beneficial ownership information (for legal entities)
• Third party determination and information
• Politically exposed person determination
• Business relationship information (purpose and intended use of the products and services)

 

3.3 What is beneficial ownership?

 

Beneficial owners are the actual individuals who are the trustees, and known beneficiaries and settlors of a trust, or who directly or indirectly own or control 25% or more of a corporation or an entity other than a corporation or trust, such as a partnership. The ultimate beneficial owners cannot be another corporation or entity; they must be the actual individuals who are the owners or controllers of the entity. In order to determine who the beneficial owners are, it is required to search through as many levels of information as necessary in order to determine the actual individuals.

 

It is important to consider that the names found on legal documentation may not be the actual owners of an entity. For example, legal owners of a corporation, entity, or trust may not be the actual individuals who own or control the corporation, entity, or trust.

 

That is why it is vital to identify beneficial ownership to remove anonymity and identify the actual individuals behind the transactions and account activities, which is a key component of Canada’s anti-money laundering and anti-terrorist financing regime. The concealment of the beneficial ownership information of accounts, businesses, and transactions is a technique used in money laundering and terrorist activity financing schemes. Collection and confirmation of this information is an important step to aid in money laundering and terrorist activity financing investigations and ultimately protect the integrity of Canada’s financial system.

 

3.4 How to obtain information about beneficial owners?

 

Beneficial ownership information, as well as the ownership, control, and structure information, should be obtained from the Client, either verbally or in writing.

 

For example:

 

• the Client can provide with official documentation to confirm information
• the Client can refer to publicly available records to confirm information
• the Client can inform about the beneficial ownership information which should be written down for record-keeping purposes or
• the Client can fill out an application form with the relevant information included

 

In all cases it is information on the actual individuals who are the beneficial owners as well as information establishing the entity’s ownership, control, and structure that must be obtained.

 

All documents should be accurately retained in the client’s file. If necessary, it is required to search through as many levels of information in order to determine beneficial ownership. If there is no individual who owns or controls 25% or more, then the Compliance Officer must still keep a record of the information obtained.

 

The Compliance Officer is not required to identify senior managing officers if there is no individual who owns or controls 25% or more. Still, the Compliance Officer will need to retain the name of individuals who have a managing role or control over a percentage of shares that the Compliance Officer determines to be significant, even if it is less than 25%.

 

If the client refuses or fails to provide the requested information, the client shall be considered high risk, and enhanced due diligence is required. The Company may decide to refuse to proceed with doing business with this client.

 

For more clarification, please follow this FINTRAC’s Guidance: https://www.fintrac-canafe.gc.ca/guidance-directives/client-clientele/bor-eng

 

3.5 What is a third party? How is it determined?

 

A third party is a person or entity who instructs another person or entity to conduct an activity or financial transaction on their behalf. When determining whether a third party is giving instructions, it is not about who owns or benefits from the money, or who is carrying out the transaction or activity, but rather about who gives the instructions to handle the money or conduct a transaction or particular activity. If the client is acting on someone else’s instructions, that someone else is the third party.

 

When a person is acting on behalf of their employer, the employer is considered to be the third party, unless the person is making a cash deposit to the employer’s business account.

 

The PCMLTFA and associated Regulations require to take reasonable measures to make a third party determination for certain transactions and activities. Once the determination is made, it is required to identify and record the third party involved in any transaction reported to FINTRAC.

 

The Financial Action Task Force (FATF), FINTRAC, Egmont, and other anti-money laundering and anti-terrorist financing authoritative bodies have observed the use of third parties in several money laundering and terrorist financing cases. It is not uncommon for criminals to use third parties as a method to evade detection by distancing themselves from the proceeds of crime.

 

Third party determination

 

It is required to take reasonable measures to determine if there is a third party who is instructing the client to conduct an activity or a transaction.

 

Reasonable measures include asking the client if they are acting on someone else’s instructions, or by retrieving the information already contained in the Company’s records.

 

The Compliance Officer will need to document the information on applications and forms. If there is a third party involved, required information about the third party is also recorded on applications and forms such as:

 

• Name and address of third party
• Occupation or principal business of third party
• Date of birth (for individuals)
• Registration number and place of incorporation (for legal entities)
• Nature of relationship between third party and client

 

If there are reasonable grounds to suspect that there is a third party involved the Company records such information in client files. Further it is necessary to indicate:

 

• Whether the transaction is conducted on behalf of a third party
• Reasons why the Company suspects the individual acting on behalf of a third party

 

3.6 Politically exposed person (PEP) and Head of international organization (HIO)

a) Foreign PEP

 

A foreign PEP is a person who holds or has held one of the following offices or positions in or on behalf of a foreign state:

 

• head of state or head of government;
• member of the executive council of government or member of a legislature;
• deputy minister or equivalent rank;
• ambassador, or attaché or counsellor of an ambassador;
• military officer with a rank of general or above;
• president of a state-owned company or a state-owned bank;
• head of a government agency;
• judge of a supreme court, constitutional court or other court of last resort; or
• leader or president of a political party represented in a legislature.

 

These persons are foreign PEPs regardless of citizenship, residence status or birth place.

 

A person determined to be a foreign PEP, is forever a foreign PEP.

b) Domestic PEP

 

A domestic PEP is a person who holds — or has held within the last 5 years — a specific office or position in or on behalf of the Canadian federal government, a Canadian provincial government, or a Canadian municipal government:

 

• Governor General, lieutenant governor or head of government;
• member of the Senate or House of Commons or member of a legislature;
• deputy minister or equivalent rank;
• ambassador, or attaché or counsellor of an ambassador;
• military officer with a rank of general or above;
• president of a corporation that is wholly owned directly by Her Majesty in right of Canada or a province;
• head of a government agency;
• judge of an appellate court in a province, the Federal Court of Appeal or the Supreme Court of Canada;
• leader or president of a political party represented in a legislature; or

 

Mayor: in line with legislation across Canada, municipal governments include cities, towns, villages, and rural (county) or metropolitan municipalities. As such, a mayor is the head of a city, town, village, or rural or metropolitan municipality, regardless of the size of the population.

 

A person ceases to be a domestic PEP 5 years after they have left office.

 

A PEP also includes close associates and family members, such as:

 

• mother and father
• children
• spouse or common-law partner
• spouse’s or common-law partner’s mother or father
• brother, sister, half-brother, or half-sister (that is, any other child of the individual’s mother or father)

c) Head of international organization

 

The head of an international organization is a person who is either:

• the head of an international organization established by the governments of states; or
• the head of an institution established by an international organization;
• the head of an international sports organization.

 

The head of an international organization or the head of an institution established by an international organization (HIO) means the primary person who leads that organization, for example a president or CEO.

 

There is no requirement for an institution established by an international organization to operate internationally. It is possible that an institution that has been established by an international organization only operates domestically, or in one jurisdiction.

 

The Compliance Officer should use reasonable measures to determine if the person is the head of an international organization or the head of an institution set up by an international organization.

 

Once a person is no longer the head of an international organization or the head of an institution established by an international organization, that person is no longer a HIO.

 

For the purposes of application of Anti-Money Laundering Compliance Policy of the Company HIO is considered a PEP.

 

3.7. Procedure applicable to PEP

 

If the Company determines that the person is a foreign PEP, or a family member or close associate of a foreign PEP, the Compliance Officer takes reasonable measures to establish the source of the funds deposited or expected to be deposited and obtain senior management approval to establish the business relationship with the client. As a high-risk client, the person must be subject to the Company’s policies and procedures for high-risk clients in accordance to Paragraph 5.4 Enhanced due diligence.

 

3.8 What is a business relationship?

 

A business relationship is a relationship established between the Company, as a reporting entity, and a client to conduct financial transactions or provide services related to those transactions.

 

Business relationships are established once a client has an account with the Company. If the client does not have an account with the Company, a business relationship is formed when:

• the second time the Company is required to verify the identity of the individual or confirm the existence of the entity within a 5-year period; or
• when the Company enters into a service agreement with an entity to provide any of the following services:
• foreign exchange dealing;
• remitting or transmitting funds by any means or through any person, entity or electronic funds transfer network;
• issuing or redeeming money orders, traveller’s cheques or other similar negotiable instruments except for cheques payable to a named person or entity; or
• dealing in virtual currencies.

 

The Company must understand the purpose and intended nature of the business relationship and obtain information in this regard suitable with the risk profile of the client. If a customer is an entity, the Company also needs to understand the nature of the customer’s business.  

 

Examples of purpose and intended nature of business relationship between the Company and its clients:

• Foreign exchange for travel or purchase of goods;
• Funds transfers for family support or purchase of goods;
• Buying or redeeming money orders or traveler’s cheques;
• Virtual currency exchange to purchase goods;
• Virtual currency transfer to purchase goods or services or for family support.

Once the business relationship is established, the Compliance Officer is responsible for:

 

• Keeping a record of the purpose and intended nature of the business relationship
• Conducting ongoing monitoring of the business relationship with the client.
• Keeping a record of the measures taken to monitor the business relationship and the information obtained.

 

3.9 What is ongoing monitoring of clients and their transactions

 

The Compliance Officer ensures ongoing monitoring of the Company’s clients and their transactions during the entire business relationship period in order to:

(i) detect any transactions that need to be reported as suspicious,

(ii) keep client identification and beneficial ownership information, as well as the purpose and intended nature records up-to-date,

(iii) reassess clients risk level based on their transactions and activities,

(iv) determine if the transactions and activities are consistent with the information held about the client.

 

Ongoing monitoring measures consist of:

• Real-time transaction screening with respect to sanctions, high-risk jurisdictions and thresholds;
• Daily screening of the client base with respect to sanctions and PEP, HIO lists;
• Identification and assessment the transactions that are not typical for the client’s usual profile, volume of business or activities if it is not possible to ascertain their economic or legal purpose, relation to the client’s personal or business activity, which has previously been assessed by the Company as clear and acceptable;
• internal reporting of suspicious transactions to the Compliance Officer, as well as external reporting to FINTRAC;
• EDD during business relationship triggered by such events as potentially suspicious transactions, true match with PEP or HIO status, partner-bank or state authority requests involving ML/TPF and other;
• Periodic assessment based on the risk category assigned to the client. The Company shall regularly update and verify information about the business or personal activities of the client during the entire period of cooperation.

 

3.10 Record Keeping

 

Pursuant to the PCMLTFR, the Company will comply with the record keeping requirements. ‎It will maintain detailed records of the following:‎

• a copy of every report sent to FINTRAC (suspicious transaction reports; ‎terrorist property reports; large cash transaction reports)‎;
• large cash transaction records;
• records of transactions of CAD 3,000 or more;
• records of remitting and transmitting CAD 1,000 or more in funds by means other ‎than an electronic funds transfer;
• records of electronic funds transfers of CAD 1,000 or more; and
• foreign currency exchange transaction tickets;
• records of virtual currency transfers equivalent to CAD 1,000 or more,
• virtual currency exchange transaction tickets,
• crowdfunding platform services records,
• created or received internal memorandums about MSB services,
• service agreement records.

 

A record of transactions should include the date as well as name, address, date of birth, and occupation ‎of the person making the transaction. If the transaction was made by an entity it should also ‎include its name, address, and nature of its principal business.‎

 

All documents and records mentioned above are kept throughout the business relationship with the customer and for a period of at least five years after the end of the business relationship.

 

3.11 Travel Rule

 

As per the travel rule, the Company will obtain specific information related to an electronic fund transfer (“ETF”) or virtual currency (“VC”) transfer‎. The travel rule applies when a financial entity receives or transmits an ETF or VC.‎

 

The required information for ETFs includes:‎

 

• the name, address and account number or other reference number (if any) of ‎the person or entity who requested the ETF; ‎
• the name and address of the beneficiary and recipient of the ETF; and ‎
• the beneficiary’s account number or other reference number.‎

 

When sending an incoming or outgoing EFT (after receiving it as an intermediary), the Company must include the travel rule information received or obtained through reasonable measures.

 

The required information for ETFs includes:‎

 

• the name, address and the account number or other reference number (if any) of the person or entity who requested the transfer (originator information); and
• the name, address and the account number or other reference number (if any) of the beneficiary.

The Compliance Officer needs to follow FINTRAC’s guidance for applying the Travel Rule: https://fintrac-canafe.canada.ca/guidance-directives/transaction-operation/travel-acheminement/1-eng

 

If the Company receives an EFT or a VC transfer that should include the travel rule information but does not, the Company takes reasonable measures to obtain that information from the sender of the transfer sending a request via electronic communication system.

While awaiting the response with the necessary travel rule information, the status of an EFT or a VC transfer is suspended.

If the sender of the transfer failures to provide the requested information, the Company rejects the transaction.

 

3.12 Correspondent banking relationships

 

Where the Company has a correspondent banking relation (financial arrangements or agreements) with a foreign financial institution, it will take necessary steps to verify information and records of the foreign financial institution, ensure that the foreign financial institution is not a shell bank, set out its obligations towards the foreign financial institution in writing, and take steps to determine that the foreign financial entity has not been liable for criminal or civil penalties in respect to money laundering.

The Correspondent banking relationship requirements are set up by FINTRAC quidance: https://fintrac-canafe.canada.ca/guidance-directives/relationship-relation/1-eng

 

When the Company enters into a correspondent banking relationship, the must keep the following records at least five years after the day on which the last business transaction is conducted:

• A record of the foreign financial institution’s name and address, primary business line and the names of its directors.
• A copy of the foreign financial institution’s most recent annual report or audited financial statement.
• A copy of one of the following:
• the foreign financial institution’s banking license, banking charter, authorization or certification to operate issued by the competent authority under the legislation of the jurisdiction in which it was incorporated
• its certificate of incorporation, or
• a similar document.
• A copy of the correspondent banking agreement or arrangement, or product agreements, defining the respective responsibilities of the Company’s financial entity and of the foreign financial institution.
• A record of the anticipated correspondent banking account activity of the foreign financial institution, including the products or services to be used.
• A written statement from the foreign financial institution that it does not have, directly or indirectly, a correspondent banking relationship with a shell bank.
• A written statement from the foreign financial institution that it is in compliance with anti-money laundering, and anti-terrorist financing legislation in every jurisdiction in which it operates.  
• A record of measures taken to determine the nature of the clientele and markets served by the foreign financial institution.
• A record of the measures taken to ascertain whether any civil or criminal penalties have been imposed on the foreign financial institution for not respecting anti-money laundering, and anti-terrorist financing requirements, and the results of those measures.
• A record of the measures taken to assess the reputation of the foreign financial institution with respect to its compliance with anti-money laundering and anti-terrorist financing requirements and the result of those measures.
• A record of the measures taken to assess the quality of the anti-money laundering and anti-terrorist financing supervision of the jurisdiction in which the foreign financial institution is incorporated and the jurisdiction in which it conducts transactions in the context of the correspondent banking relationship, and the results of those measures.
• A copy of every Suspicious Transaction Report and Terrorist Property Report sent to FINTRAC as a result of the Company’s correspondent banking relationship(s).

4. Sanction Policy

 

The Company does not enter into any transaction with individuals, companies and countries that are on prescribed sanctions lists.

 

The Company will therefore screen against:

 

1. US Consolidated Sanctions,
2. OFAC – Specially Designated Nationals (SDN),
3. EU Financial Sanctions,
4. UK Financial Sanctions (HMT),
5. Australian Sanctions,
6. Switzerland Sanctions List – SECO,
7. Interpol Wanted List,
8. Consolidated Canadian Autonomous Sanctions List,
9. Office of the Superintendent of Financial Institutions (Canada),
10. Bureau of Industry and Security (US),
11. Department of State, AECA Debarred List (US),
12. Department of State, Nonproliferation Sanctions (US),
13. other lists,

 

in all jurisdictions in which the Company operates.

 

The Company also acknowledges and takes into account requirements in the field of AML/CTPF and international and national sanctions imposed in other regions related to the Company’s activities, clients or the countries whose currencies are used in significant volumes in clients’ transactions, including requirements of the US and EU. When complying with the normative acts regulating AML/CTPF, international and national sanctions regime, as well as standards set by self-regulatory bodies, codes of professional conduct and ethics and other standards of best practice, the Company has zero tolerance towards intentional violations thereof.

 

The Company ensures compliance with international and national sanctions (Canada, UN, US and EU) in all currencies, including:

• does not commence or terminates business relations with persons under international or national sanctions;
• does not service a transaction if any person, goods or services under sanctions are involved in the transaction, or if the transaction is connected with any other sanctions risk;
• applies the principle of reasonable precaution by not engaging in transactions, which cause a suspicion of violation of international or national sanctions or any circumvention thereof;
• ensures independent fulfilment of requirements of international and national sanctions and the internationally recognized automated transaction screening in order to prevent execution of transactions under direct or indirect sanctions.

 

The Company ensures real-time transaction screening with respect to sanctions and daily screening of the client base with respect to sanctions lists.

 

5. Client verification and confirmation of the existence

 

The requirement to verify the identity of an individual and confirm the existence of a corporation or of an entity other than a corporation under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations applies to all reporting entities (REs).

Referring to FINTRAC guidance, the Company must verify the identity of clients for the following:

1. Large cash transactions (CAD 10,000 or more)
2. Large virtual currency (VC) transactions (CAD 10,000 or more)
3. Suspicious transactions
4. Issuing or redeeming traveller’s cheques, money orders, or similar negotiable instruments of CAD 3,000 or more
5. Transmitting CAD 1,000 or more in funds by means other than an electronic funds transfer (EFT)
6. Initiating an EFT of CAD 1,000 or more
7. Foreign currency exchange transactions of CAD 3,000 or more
8. Transferring VC in an amount equivalent to CAD 1,000 or more
9. Exchanging VC in an amount equivalent to CAD 1,000 or more
10. Remitting funds in the amount of CAD 1,000 or more to a beneficiary, by means other than an EFT
11. Remitting funds to the beneficiary of an international EFT of CAD 1,000 or more
12. Remitting VC to a beneficiary in an amount equivalent to CAD 1,000 or more
13. Information records
14. Crowdfunding platform donation

The Company must take reasonable measures to verify the identity of every person or entity that conducts or attempts to conduct a suspicious transaction, regardless of the transaction amount, and including transactions that would normally be exempt from client identification requirements, before sending a Suspicious Transaction Report (STR).

5.1 Customer Due Diligence

 

Prior to commencement of business relationship, the Company obtains all necessary information from the client required to make a reasoned assessment of the ML/TPF and sanctions risks inherent to the client, its business activities and ownership structure and performs Customer Due Diligence (CDD).

 

Types of Customer Due Diligence:

• Simplified Due Diligence – applied to Low Risk clients;
• Standard due diligence – applied to Medium Risk clients;
• Enhanced due diligence – applied to High Risk clients.

 

5.2 Customer Due Diligence of an individual

 

The Company implements the methods of verification of the Customers, persons and entities, following FINTRAC guidance.

There are several ways to verify the identity of an individual:

 

Government-issued photo identification method where the document must be:

 

• authentic, valid and current;
• be issued by a federal, provincial or territorial government (or by a foreign government if it is equivalent to a Canadian document);
• indicate the person’s name;
• include a photo of the person;
• include a unique identifying number;
• match the name and appearance of the person being identified.

 

It is possible to verify a document using a credit or dual-process method:

 

• Credit file method where the information must be valid and current; or
• Dual-process method where the information must be:
  • valid and current; and
  • from different sources.

If any of documents listed below is provided in Chinese, Hindu or any other non-Latin/non-Cyrillic scripts, certified translation into English has to be provided.

a)     Government-issued photo identification document method

 

A government-issued photo identification document must be issued by either a federal, provincial or territorial government in order to be used to verify the identity of an individual. It is possible to accept a foreign government-issued photo identification document if it is an equivalent to a Canadian document. Photo identification documents issued by municipal governments, Canadian or foreign, are not acceptable.

 

The photo identification document must:

 

1. indicate the individual’s name;
2. include a photo of the individual;
3. include a unique identifying number; and
4. match the name and appearance of the individual being identified.

 

To determine the authenticity of a government-issued photo identification document in person it is necessary to check the characteristics of the original physical document and its security features (or markers, as applicable) in the presence of the individual to be satisfied that it is authentic as issued by the competent authority (federal, provincial, territorial government) that is valid (unaltered, not counterfeit) and current (not expired).

 

If an individual is not physically present, the authenticity of a government-issued photo identification document must be determined by using a technology capable of assessing the document’s authenticity. For example:

 

• an individual could be asked to scan their government-issued photo identification document using the camera on their mobile phone or electronic device; and
• a technology would then be used to compare the features of the government-issued photo identification document against known characteristics (for example, size, texture, character spacing, raised lettering, format, design), security features (for example, holograms, barcodes, magnetic strips, watermarks, embedded electronic chips) or markers (for example, logos, symbols) to be satisfied that it is an authentic document as issued by the competent authority (federal, provincial, territorial government).

 

When an individual is not physically present, the government-issued photo identification document needs to match the name and photo of the person in the authenticated document provided. For example:

 

• An individual could participate in a live video chat session and the Company would then be able to compare the name and the features of the live video image to the name and photo on the authentic government-issued photo identification document; or
• An individual could be asked to take a “selfie” photo using the camera on their mobile phone or electronic device, and an application would apply facial recognition technology to compare the features of that “selfie” to the photo on the authentic government-issued photo identification document. A process would have to exist to also compare the name on the government-issued photo identification document with the name provided to the Company by the individual.

 

Note: It is not enough just to view a person and their government-issued photo identification document online through a video conference or any other type of virtual application. It is required to use a software or some type of technology that would be able to authenticate the government-issued photo identification document. Further, it is necessary to verify that the name and image match that of the individual on the authentic government-issued photo identification document.

 

The Compliance Officer should follow internal policies and procedures that describe the processes to authenticate a government-issued photo identification document, whether in person or not, and the confirmation that it is valid and current.

 

The processes to determine that a government-issued photo identification document is authentic, valid and current, and the verification step (ensuring that the name and picture matches the name and face of the person), do not need to happen concurrently.

 

What information needs to be recorded when using the government-issued photo identification document method?

 

When using the government-issued photo identification document method, it is required to record:

 

• the individual’s name;
• the verification date of the individual’s identity;
• the type of document used (for example, driver’s license, passport, etc.);
• the unique identifying number of the document used;
• the jurisdiction (province or state) and country that issued the document; and
• the expiry date of the document, if available (to record if the information appears on the document or card).

b)    Credit file method

 

To be deemed an acceptable method, the credit file must:

 

• be from a Canadian credit bureau (credit files from foreign credit bureaus are not acceptable); 
• have been in existence for at least three years; and
• match the name, address and date of birth that the individual provided.

 

A credit file provides a rating on an individual’s ability to repay loans; however, it is possible to request a credit file to verify an individual’s identifying information that does not include a credit assessment. Credit assessment is needed to verify the identity of an individual. Equifax Canada and TransUnion Canada are Canadian credit bureaus that provide credit file information for identification purposes.

 

To rely on the credit file method, it is necessary to conduct the search at the time of verifying the individual’s identity. Copies of credit files or previously obtained credit file cannot be used.

 

It is acceptable to use an automated system to match the individual’s information with the information contained in the individual’s credit file. A third party vendor needs to provide with valid and current information contained in the individual’s credit file. A third party vendor is an entity that is authorized by a Canadian credit bureau to provide access to Canadian credit information.

 

If any of the information provided by the individual (name, address, or date of birth) does not match the information in the credit file, that credit file cannot be used to verify the identity of this individual. The Company will need to use another source or method to verify the individual’s identity.

 

On occasion, information found within the credit file may contain a variation of the name or a discrepancy in the address that was provided by the individual. In these instances, the information in the credit file is compared against the information collected from the individual. For example:

• If there is a slight typo in the address or name, it is necessary to determine that the information still matches what the individual provided. 
• If there is a discrepancy in their date of birth, it is more likely that the information does not match.

In this case, if this is the Company’s determination, it is not possible to rely on the information referred to in the credit file for identification purposes. An alternative source or method (government-issued photo identification document or dual process) to verify the individual’s identity must be used.

• If there are multiple addresses in the credit file, it is possible that the address that the individual provided is not the primary address in the credit file but does appear in the credit file as a secondary address. It is possible that this may still meet the Company’s requirements for ensuring that the information matches what the individual provided.

 

What information needs to be recorded when using the credit file method?

 

In this method the following information is recorded:

 

• the individual’s name;
• the date the Company consulted or searched the credit file;
• the name of the Canadian credit bureau or third party vendor holding the credit file; and
• the individual’s credit file number.

c)     Dual-process method to verify the identity of an individual

 

It is possible to verify the identity of an individual using the dual-process method. This method involves referring to information from reliable sources.

 

How to use the dual process method to verify the identity of an individual

 

To verify an individual’s identity by using the dual-process method, the Company must refer to any two of the following:

 

• information from a reliable source that includes the individual’s name and address;
• information from a reliable source that includes the individual’s name and date of birth; or
• information that includes the individual’s name and confirms that they have a deposit account, credit card or other loan account with a financial entity.

 

Information for this purpose may be found in statements, letters, certificates, forms or other sources and can be provided through an original version or another version of the information’s original format, such as a fax, photocopy, scan, or electronic image. For further clarity, it is acceptable to rely on a fax, photocopy, scan or electronic image of a government-issued photo identification document as one of the two sources of information required to verify the identity of an individual.

 

The information obtained must originate from two different sources and cannot come from the individual whose identity is being verified nor can it come from the person or entity doing the verification. The name, address, date of birth or confirmation of a deposit account, credit card or other loan account must match the information that was provided by the individual.

 

Note: It is not acceptable to rely on information if the account number or number that is associated with the information is truncated or redacted. On occasion, information contained in a source may contain a variation of the name or a typo in the address. In these instances, it is necessary to determine whether the information matches the information collected from the individual. If it is a slight typo in the address or a misspelled name, it is required to determine that the information still matches what the individual provided. However, in the case of an incorrect date of birth, it is more likely that that the information does not match. In this case, it is not possible to rely on the information referred to in these two sources for identification purposes. An alternative source or method (government-issued photo identification or credit file) to verify the individual’s identity must be used or obtained a different source under the dual process method.

 

It is not possible to use the same source for the two categories of information used to verify the individual’s identity. For example, it is not possible to rely on a bank statement from Bank A that includes the individual’s name and address and another bank statement from Bank A that includes the individual’s name and confirms that the individual holds a deposit account, as Bank A would be the originating source of both categories of information. However, it is possible to refer to a bank statement from Bank A that contains the individual’s name and confirms that the individual holds a deposit account, and rely on an electronic image of a driver’s license to verify the individual’s name and address. For further precision:

 

• refer to one reliable source to verify an individual’s name and address, and refer to a different reliable source to verify their name and date of birth.
• refer to one reliable source to verify an individual’s name and address, and refer to a different source to verify their name and confirm a financial account (specifically a deposit account, credit card account or loan account).
• refer to one reliable source to verify an individual’s name and date of birth, and refer to a different source to verify their name and confirm a financial account (specifically, a deposit account, credit card account or loan account).

 

What is a reliable source of information?

 

A reliable source is an originator or issuer of information that the Company trusts. To be considered reliable, the source should be well known and considered reputable. For example, a reliable source could be the federal, provincial, territorial or municipal levels of government, crown corporations, federally regulated financial institutions, or utility providers.

 

Note: If the information (two of either of the following: name and address, name and date of birth, or name and confirmation of a deposit account, credit card or other loan account) obtained through the identification process does not match the information provided by the individual, the Company cannot rely on it. Social media of any kind is not an acceptable source of information to verify an individual’s identity.

 

If the Company has already verified the identity of an individual, the Company does not need to re-verify it upon subsequent account openings or transactions, unless the Company has doubts about the accuracy of the information that was used at the time of verification.

 

How to use a credit file under the dual process method to verify the identity of an individual?

 

A Canadian credit file can be used as one of the two sources of information required to verify the identity of an individual. It can be used to verify the individual’s name and address, name and date of birth, or to verify the individual’s name and confirm that the individual has a deposit account, credit card or loan account. The credit file must have existed for at least six months.

 

Information from a second source, for example, a property tax assessment, must be used to verify the second category of information under the dual process method. In this instance, the two reliable sources are the Canadian credit bureau that provided the credit file information and the municipal government that issued the property tax assessment. The information from these two sources must match the information provided by the individual.

 

The Company can rely on information from a Canadian credit bureau if it acts as an aggregator and if it compiles information from different reliable sources (often referred to as tradelines). In this instance, the Canadian credit bureau must provide with information from two independent tradelines that verify two of either: the individual’s name and address, the individual’s name and date of birth, or the individual’s name and confirmation of a deposit account, credit card or loan account. In this instance, each tradeline is a distinct source; the credit bureau is not the source.

 

The tradelines cannot be the Company’s own, as the reporting entity verifying the individual’s identity, and each tradeline must originate from a different source (for example, federally regulated financial institution, utility service provider, etc.).

 

What information needs to be recorded when using the dual-process method?

 

There is specific information to be kept when this method is used to verify an individual’s identity. The following information must be recorded:

 

1. the individual’s name;
2. the date when the information is verified;
3. the name of the two different sources that were used to verify the identity of the individual;
4. the type of information consulted (for example, utility statement, bank statement, marriage license); and
5. the number associated with the information (for example, account number or if there is no account number, a number that is associated with the information, which could be a reference number or certificate number, etc.).

If the Company receives two distinct sources from an aggregator of that information, the Company must record the tradeline account number or number associated to each tradeline, not the aggregator number.

 

5.3 Customer Due Diligence of an entity

 

There are three methods to verify the identity of an entity:

• Confirmation of existing method;
• Reliance method;
• Simplified identification method.

 

While an entity can be a corporation, a trust, a partnership, a fund, or an unincorporated association or organization, corporations are subject to different requirements than other entities (as explained below).

a) Confirmation of existence method

An entity can be a corporation, trust, partnership, fund, or unincorporated association or organization. However, corporations are subject to different requirements than entities other than corporations.

 

Corporation

 

To confirm the existence of a corporation, the Company can refer to certified copy of  paper record or an electronic record with digital signature/stamp that was obtained from a source that is accessible to the public, such as:

 

• its certificate of incorporation;
• a certificate of active corporate status;
• a record that has to be filed annually under provincial securities legislation; or
• any other record that confirms the corporation’s existence, such as the corporation’s published annual report signed by an audit firm, or a letter or notice of assessment for the corporation from a municipal, provincial, territorial or federal government.

The record must be authentic, valid and current.

The Company must verify the corporation’s name, address and the names of its directors. In the case of a corporation that is a securities dealer, the Company does not need to verify the names of its directors when the confirmation exists.

 

The Company can obtain a corporation’s name and address and the names of its directors from a provincial or federal database such as the Corporations Canada database, which is accessible from Innovation, Science and Economic Development Canada, or another similar database in the jurisdiction where the corporation is registered. To get this type of information the Company should subscribe to a corporation searching and registration service.

 

The Company does not have to re-confirm the existence of a corporation nor to verify the corporation’s name, address and the names of its directors unless the Company has doubts about the accuracy of the information or the record used.

 

If the document is provided in Chinese, Hindu or any other non-Latin/non-Cyrillic scripts, certified translation into English has to be provided.

 

An Entity other than a corporation

 

To confirm the existence of an entity, other than a corporation, the Company can refer to certified copy of paper record or an electronic record with digital signature/stamp that was obtained from a source that is accessible to the public, such as:

• a partnership agreement;
• articles of association; or
• the most recent version of any other record that confirms its existence and contains its name and address.

The record must be authentic, valid and current.

The Company does not have to re-confirm the existence of an entity unless the Company has doubts about the accuracy of the information or the record used.

The Company must follow record keeping requirements when verifying the identity of a corporation or other entity. When referring to a paper record or an electronic version of a record, the Company must keep the record or a copy of it. If the electronic version of the record is contained in a database that is accessible to the public, the Company must keep a record that includes the corporation or other entity’s registration number, the type of record referred to and the source of the electronic version of the record.

If the document is provided in Chinese, Hindu or any other non-Latin/non-Cyrillic scripts, certified translation into English has to be provided.

b) Reliance method

The Company may verify the identity of a corporation or other entity by relying on the measures that were previously taken by:

• another person or entity that PCMLTFA applies to; or
• an entity that is affiliated with the Company or with another person or entity and carries out activities outside of Canada that are similar to those of a person or entity referred to in PCMLTFA (an affiliated foreign entity).

Measures previously taken by an affiliated foreign entity

To rely on measures previously taken by an affiliated foreign entity, the Company must be satisfied, after considering the risk of a money laundering or terrorist activity financing offence in the foreign state in which it carries out its activities, that:

• the affiliated foreign entity has policies in place similar to the record keeping, verifying identity, and compliance program requirements under the PCMLTFA, including the requirement to develop and apply policies to assess, in the course of their activities, the risk of a money laundering offence or a terrorist activity financing offence, and the requirement to take enhanced measures where the risk has been identified as high; and
• the affiliated foreign entity’s compliance with those policies is subject to the supervision of a competent authority under the legislation of that foreign state.

Measures previously taken by another reporting entity or an affiliated foreign entity

To rely on the measures previously taken by another person or entity or an affiliated foreign entity to verify the identity of a corporation or other entity, the Company must:

• as soon as feasible, obtain from the other person or entity or affiliated foreign entity the information that was used to confirm the identity of the corporation or other entity, as the case may be, and be satisfied that:
• the information is valid and current; and
• for a corporation, its identity was verified by the other person or entity or affiliated foreign entity by referring to a record as described in the confirmation of existence method above, or if the measures to verify the corporation’s identity were performed prior to June 1, 2021, that the other RE or affiliated foreign entity confirmed the corporation’s existence and ascertained its name, address, and the names of its directors in accordance with the methods in the PCMLTFR as they read at that time; and
• for an entity other than a corporation, its identity was verified by the other RE or affiliated foreign entity by referring to a record as described in the confirmation of existence method above, or if the measures to verify the entity’s identity were performed prior to June 1, 2021, the other person or entity or affiliated foreign entity confirmed the entity’s existence in accordance with the methods in the PCMLTFR as they read at that time; and
• have a written agreement or arrangement in place with the other RE or affiliated foreign entity that upon request requires them to provide you, as soon as feasible, with all of the information that they referred to in order to verify the identity of the corporation or other entity, as the case may be.

The Company’s compliance program’s policies and procedures must describe the processes you will follow when using the reliance method to verify the identity of corporations and other entities and how you will ensure that the information is valid and current.

с) Simplified identification method

The Company may use the simplified identification method to meet the obligation to verify the identity of a corporation or other entity when, based on risk assessment, the Company considers there is a low risk of a money laundering offence or terrorist activity financing offence, and if:

• the corporation or other entity whose identity is being verified:

• is referred to in PCMLTFA;
• is a foreign corporation or entity that carries out activities that are similar to those of an entity referred to in the PCMLTFA;
• administers a pension or investment fund that is regulated under the legislation of a foreign state and that either is created by a foreign government or is subject to the supervision of a competent authority under the legislation of that foreign state;
• is one whose shares are traded on a Canadian stock exchange or a stock exchange designated under subsection 262 (1) of the Income Tax Act of Canada;
• is a subsidiary of a corporation or an entity that is referred to in paragraphs a. to d. in this section, and is one whose financial statements are consolidated with the financial statements of that corporation or entity;
• is an institution or agency of, or in the case of a corporation, is owned by, the government of a foreign state; or
• is a public service body, as defined in subsection 123 (1) of the Excise Tax Act of Canada; and

• the Company is satisfied that, within the applicable time period for which the identity had been verified, the corporation or other entity exists and that every person who deals with the Company on behalf of it is authorized by it to do so.

If the Company subsequently considers, based on its risk assessment, that the risk of a money laundering offence or terrorist activity financing offence has increased and is no longer low, then the Company must, as soon as feasible, verify the identity of the corporation or other entity as described in Confirmation of existence method.

The Company must follow the record keeping requirements for the simplified identification method that sets out:

• the grounds for considering there is a low risk of a money laundering offence or terrorist activity financing offence; and
• the information obtained about the corporation or other entity, as the case may be, and about the persons that assure that the corporation or other entity exists and that the persons the Company deals with are authorized to act on behalf of the corporation or the entity.

The Company’s compliance program’s policies and procedures must describe the processes to follow when using the simplified identification method to verify the identity of corporations and other entities.

Records required when confirming the existence of a corporation or of an entity other than a corporation

 

If the Company refers to a publicly accessible electronic record to confirm the existence of a corporation or of an entity other than a corporation, the Company must keep a record of:

 

• the corporation’s registration number or the entity’s registration number;
• the type of record consulted; and
• the source of the electronic version of the record.

 

If the Company consults a paper record to confirm the existence of a corporation or of an entity other than a corporation, the Company must retain the record or a copy of the record.

 

5.4 Enhanced due diligence

 

The enhanced due diligence measures for high-risk clients include:

 

• gathering additional information about the client (e.g. connected parties, accounts, or relationships), its beneficial owner and updating more regularly the client profile, including the identification data;
• gathering additional information on the planned substance of the business relationship;
• gathering information on the origin of the funds and wealth of the customer and its beneficial owner;
• gathering information on the underlying reasons of planned or executed transactions
• receiving permission from the senior management of the Company to establish or continue a business relationship;
• improving the monitoring of a business relationship by increasing the number and frequency of the applied control measures and by choosing transaction indicators that are additionally verified;
• demanding a customer make a payment from an account held in the customer’s name in a credit institution of a contracting state;
• preparing an investigation report with the use of enhanced due diligence software and agencies.

 

 

Below is the list of documents and information typically required for enhanced due diligence. This list is not exhaustive and may be expanded or substituted with other similar documents providing the same information on case-by-case basis.

 

For Businesses and other legal entities:

 

• Official corporate records from company’s management;
• Registration documents from the local Registrar of Companies;
• Articles of incorporation, partnership agreements, and business certificates;
• Names and locations of its customers and suppliers;
• Banking information and relationships with other financial institutions;
• Identity of board members and beneficiaries;
• Basic details on corporate history and structure;
• Standard documents, which confirm the sale of property, inheritance, salary, etc.;
• AML policies and procedures in place;
• Third-party documentation;
• Information on Local market reputation through review of media sources.

 

For all high-risk individuals and beneficial owners of high risk clients:

• Documents showing income or source of wealth (copy of the most recent tax return, bank account statement);
• Reference letter from bank, lawyer or auditor;
• CV

 

Additionally, For Politically exposed persons (PEP):

• Title and details on the position the PEP holds or held. This includes the level of influence of the position;
• If the PEP is a close associate or family member, their identity, title, role, and level of proximity to public office should be established;
• Documents showing salary.

 

If any of the documents listed in 3.9. have been provided in Chinese, Hindu or any other non-Latin/non-Cyrillic scripts, certified translation into English has to be provided.

 

All high-risk customers are subject to a minimum annual review.

 

The Company also takes into consideration all relevant adverse information. Whether an official document or something posted publicly on the Internet, any information that pertains to money laundering or corruption is thoroughly considered.

 

The Company may conduct an on-site visit to the physical address. Documents that cannot be provided digitally can be verified physically. A risk-based threshold is breached if the physical address does not correspond with the address stated on official documents.

 

The enhanced due diligence measures when we deal with a politically exposed person are:

 

• obtaining approval from the senior management of the Company to establish or continue a business relationship with the person and making sure that only senior management of the Company gives approval for a new business relationship;
• applying measures to establish the origin of the wealth of the person and the sources of the funds that are used in the business relationship or upon making occasional transactions;
• monitoring the business relationship in an enhanced manner.

 

5.5 Non-Face-to-Face Customers

 

The Company will apply equally effective customer identification procedures and ongoing monitoring standards for non-face-to-face customers for identification purposes as for those where the customer is available for interview. If a customer is not physically present for identification purposes the Company will proceed with online video streaming call to confirm their identity along with verifying ID documents using IT solutions and these mitigating measures will ensure that the customer is not considered as non – face-to-face customer for the purposes of this AML Policy. In the absence of video streaming call, the customer will be considered as non – face- to-face customer and, the Company will additionally obtain:

 

• additional information on the customer;
• additional information on the intended nature of the business relationship;
• information on the source of funds or source of wealth of the customer;
• information about the reasons for the intended or performed transactions;
• approval from senior officer for establishing business relationships.

 

In course of a future business relationships the Company will conduct enhanced monitoring of the relationship with non – face- to-face customer by conducting annual review, increasing the number and timing of controls applied, and selecting patterns of transactions that need further explanation.

 

5.6 Restrictions on the use of personal information

 

The use of personal information in Canadian commercial activities is protected by the Personal Information Protection and Electronic Documents Act (PIPEDA), or by similar provincial legislation. The Company has to inform clients about the collection of their personal information. However, the Company does not have to inform them when the Company includes their personal information in the reports the Company is required to submit to FINTRAC. 

 

The Office of the Privacy Commissioner of Canada can provide further guidance, and has created a Question and Answer document about PIPEDA and the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, to help clarify the responsibilities under both federal Acts.

 

6. Risk based approach

 

As part of the risk assessment, the Company conducts risk evaluation of the business, clients, and/or business relationships at least every 2 year in order to identify the areas that are vulnerable to being used by criminals for conducting money laundering or terrorist financing (ML/TF) activities.

 

The risk is assessed in accordance with the Company’s Risk Scoring. The Company’s vulnerabilities include weak controls within the Company that offer high risk products and services.

 

During the risk assessment, the following areas are examined:

 

• Products, services, and delivery channels;
• Geography risks;
• Clients and business relationships risks; and
• Other relevant factors.

 

6.1 Risk assessment of the Company

Products, services, delivery channels

The Company begins its risk assessment by taking a business-wide perspective. The Company assesses all its products, services and delivery channels to determine if they pose a high risk of ML/TF. This may include, but is not limited to:

• Foreign exchange transactions
• Electronic funds transfers
• Issuing or redeeming money orders
• Non-face-to-face services (Internet, mail or telephone), etc. 

Additionally, it is necessary to consider the following:

• Assess the products and services by the type of client they are meant for (e.g. corporate, individuals, wholesale, retail, etc.)
• Do the products and services provided allow a client to engage in high-risk transactions? For example, can the Company’s clients transfer funds on behalf of a third party? 
• How does the Company provide its product? Do clients have to come to the Company’s location to buy a product or service or can they conduct a transaction over the phone, by fax or online?

Some examples of potentially high-risk products, services and delivery channels are:

• Electronic funds transfers (EFTs) can pose a higher risk because they support the rapid movement and conversion of assets into, through and out of the financial system.
• Products offered through the use of agents. When a third party identifies clients on the Company’s behalf, this may pose a greater risk as they may not be properly following policies and procedures.
• Offering products and services through non-face-to-face (phone, fax, online) means. These delivery channels may pose higher risks because it may be more difficult to identify the client. 
• The business may be offering products and services that are based on new technologies such as electronic wallets, mobile payments, or virtual currencies. These may be considered higher risk as they can transmit funds more quickly or anonymously.

Geography

Geography location could pose a high risk for ML/TF activities. The factors that cannot increase a risk for ML/TF activities include:

 

• Proximity to high crime and rural areas, board-crossing, etc.
• Client connection to high-risk countries
• Client can make anonymized payments using online exchange services
• Global clients are harder to identify due to the difference in procedures of how customer identification documents are obtained and what they contain

Other factors

There can be other factors that do not fall in previous categories. Additional factors to be assessed within the operation of the Company’s business include: a client uses false or fictious documents, use of anonymized wallets, transfers from countries with higher money laundering risks.

 

6.2. Risk assessment of the client

 

The compliance officer identifies, records and evaluates four main risk criteria when assessing the extent of money laundering and terrorist financing risks by feeding the data regarding those criteria in automated Risk Rating Tool – Risk Scoring Matrix (Annex 1 – CADO FINANCIAL SERVICES LTD. _Risk Score). Based on the extent and the combination of the given risk criteria, the overall risk of a customer will be quantified by Risk Matrix as either High, Medium or Low.

 

The compliance officer considers the following risk criteria:

• Country or geographic risk
• Customer risk
• Products/services risk
• Delivery channel risk

 

Further analysis of the above risk criteria (individually or in combination) in assessing the overall risk of potential money laundering and terrorist financing is shown below.

The compliance officer should document and periodically review its risk assessment of the customer. 

Risk level of the client is determined based on the Risk Scoring, unless there are factors that on their own indicate that the client is a high risk regardless of other factors. The Company automatically considers a client as a high risk if:

 

• a client is PEP/HIO or close associate
• a client commits a suspicious transaction, and we have received a request for Information from Law Enforcement, Regulators etc.
• MLRO and Senior Management Request (based on internal investigations etc.)

 

Client categories

Based on the criteria clients will be categorised in the following three categories:

• Low risk
• Medium risk
• High risk

Mitigation measures

For high-risk clients the Company shall use mitigation measures, including:

 

• identification of all clients without exceptions in accordance with CDD and EDD requirements,
• no anonymous transactions are allowed,
• depositing the client’s wallet from known sources,
• performing enhanced monitoring of transactions and business relationships,
• obtaining additional information beyond the minimum requirements about the intended nature and purpose of the business relationship, including the type of business activity,
• monitoring transactions on a constant basis to be conducted by Company’s internal control system,
• obtaining and retaining client and transaction records for at least 5 years,
• no transactions are allowed with entities located in countries without adequate AML/CTF controls,
• setting transaction limits to avoid AML and CTF risks.

 

7. Ongoing training program

 

All individuals within the Company who:

 

• contact with client,
• see client transaction activity,
• handle transaction of funds,
• are responsible for implementing and overseeing the compliance regime,

 

are required to pass the training program to learn and understand about their obligations.

 

All new employees that communicate with clients complete the training on the first date of employment, while other employees are trained annually or more frequently in case of any legislation changes or new policies.

 

They need to know and understand, including:

 

1. the Company’s own personal statutory obligations and the possible consequences for failure to report suspicious transactions;
2. any other statutory and regulatory obligations that concern the Company under the PCMLTFA, and the possible consequences of breaches of these obligations;
3. the Company’s policies and procedures relating to AML/CFT, including suspicious transaction identification and reporting;
4. any new and emerging techniques, methods and trends in ML/TF to the extent that such information is needed by the staff and other personals to carry out their particular roles in the Company with respect to AML/CFT.

 

The training is assigned for all employees, agents, mandatories, or other persons authorized to act on the Company behalf:

 

1. all new staff, irrespective of seniority;
2. to the Compliance Officer;
3. back-office staff, depending on their roles;
4. managerial staff,
5. agents,
6. mandatories,
7. other persons authorized to act on the Company behalf.

 

Training program provides all personals with an understanding of the process of money laundering, the laws and regulations that make it illegal, and the responsibilities of employees to help detect and prevent it.

 

The training on AML/CFT issues raises awareness of financial crime risks, global laws and regulations, laws and regulations applicable the Company.

 

General training program designed for all operational staff includes:

 

1. general information: the background and history pertaining to money laundering controls, what money laundering and terrorist financing is;
2. legal framework: how AML/CFT laws and regulations apply to the Company and its employees;
3. penalties for anti-money laundering violations, including criminal and civil penalties, fines, jail terms, as well as internal sanctions, such as disciplinary action up to and including termination of employment;
4. how to react when faced with a suspicious client or activity;
5. internal policies, such as customer identification and verification procedures and CDD policies;
6. what the legal record keeping requirements are;
7. suspicious activity reporting requirements;
8. duties and accountability of employees.

 

Training is delivered annually. Additional training is provided regularly to all employees based on, but not limited to, changes in government regulations and the Company’s compliance program requirements.

 

The Company uses mix of training techniques and tools in delivering training, depending on the available resources and learning needs of its staff. These techniques and tools include online learning systems, focused classroom training, relevant videos as well as paper- or intranet-based procedures manuals. The Company also includes available FATF papers and typologies as part of its the training materials. All materials are kept up-to-date and in line with current requirements and standards. Instructors can be in-house personnel or an external service provider, but they should have knowledge of the PCMLTFA and associated Regulations.

 

Training program includes a record of the training that has been delivered (the date the training took place, a list of the attendees who received the training, the topics that were covered). The Company will keep the staff training records for at least 3 years after the training session has been completed.

 

8. Money Laundering Compliance Officer

 

Compliance Officer (Money Laundering Compliance Officer, or Money Laundering Reporting Officer, or MLRO) is the Company’s employee – appointed/designated person responsible for overseeing all activity related to anti-money laundering matters.

 

The Compliance Officer is responsible for regular monitoring of applicable laws so that the Company is updated with the recent developments and controls money laundering and terrorism financing risks. In particular, the Compliance Officer’s responsibilities include:

 

• Receiving disclosures from employees (also known as Suspicious Transaction Report STR’s);
• Deciding if disclosures should be passed on to the Financial Transactions and Reports Analysis Centre or the Royal Canadian Mounted Police (RCMP) or the Canadian Security Intelligence Service (CSIS);
• Reviewing all new laws and deciding how they impact on the operational process of the company;
• Preparing a written procedures manual and making it available to all staff and other stakeholders;
• Making sure appropriate due diligence is carried out on customers and business partners;
• Receiving internal Suspicious Transaction Report (STR) from staff;
• Deciding which internal STR’s need to be reported on to FINTRAC or RCMP or CSIS;
• Recording all decisions relating to STRs appropriately;
• Ensuring staff receive anti-financial crime training when they join and that they receive regular refresher training;
• Monitoring business relationships and recording reviews and decisions taken;
• Making decisions about continuing or terminating trading activity with particular customers;
• Making sure that all business records are kept for at least five years from the date of the last customer transaction as per FINTRAC regulations.

 

The Compliance Officer should remain completely independent and rely on applicable laws when taking necessary decisions. Senior management or other employees should not influence of the decisions taken by the Compliance Officer within the scope of its responsibility.