The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) recently updated its industry guidance in respect of suspicious transaction reporting (Guidance) and released:
While the Guidance is helpful in that it sets out FINTRAC’s expectations surrounding the filing of suspicious transaction reports (STRs), because FINTRAC views its Guidance as a regulatory expectation, the Guidance effectively provides new regulatory requirements for the filing of STRs and related compliance obligations. As such, regulated entities should review the Guidance carefully and update their compliance policies and procedures to address any requirements not currently addressed.
The following summarizes the key provisions of the Guidance:
- What does “Reasonable grounds to suspect” mean?
- Can service providers file STRs on behalf of regulated entities?
- How does FINTRAC review and validate STRs?
- What are FINTRAC’s expectations for completing STRs?
- What are some common STR deficiencies?
- Information on completion instructions.
- How will FINTRAC assess compliance?
1. WHAT DOES “REASONABLE GROUNDS TO SUSPECT” MEAN?
The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) requires regulated entities to file STRs for every financial transaction that occurs or is attempted in the course of their activities and in respect of which there are reasonable grounds to suspect that the transaction is related to the commission (or attempted commission) of a money laundering (ML) or terrorist financing (TF) offence.
The Guidance provides an overview of what FINTRAC views as “reasonable grounds to suspect”. In that regard, the Guidance makes a distinction between “reasonable grounds to suspect” and “reasonable grounds to believe” and provides that reasonable grounds to suspect is a lower threshold than reasonable grounds to believe. In making this distinction, FINTRAC notes that reasonable grounds to suspect is only a step above “simple suspicion” meaning that there is a possibility of a ML or TF offence. As such, there is no requirement to prove any facts that lead to the suspicion, but rather, the requirement is to assess the facts, context and ML/TF indicators associated with the transaction to determine if there are “reasonable grounds” to suspect the occurrence of a ML/TF offence.
In respect of ML/TF indicators, the Guidance provides general and industry specific indicators of what factors may give rise to the suspicion of a ML/TF offence. In respect of the indicators, FINTRAC notes the following:
“On its own, a single ML/TF indicator may not appear suspicious. However, observing ML/TF indicator(s) could lead you to conduct an assessment of the transaction(s) to determine whether there are further facts, contextual elements or additional ML/TF indicators that require the submission of a STR”.
This is different from the language in the previous Guideline 2 on STRs, which used the following language:
“A single indicator is not necessarily indicative of reasonable grounds to suspect ML or TF activity. However, if a number of indicators are present during a transaction…then you may want to take a closer look at other factors prior to making the determination of whether the transaction must be reported”.
Although the difference in the language used between the previous STR Guideline and the current Guidance seems subtle, the change is material. Specifically, in our experience, if FINTRAC finds that there is only one indicator of ML/TF, it will expect regulated entities to file a STR on that activity. The change in the language in the Guidance reflects this expectation. As such, regulated entities should pay careful attention to the industry specific indicators included with the Guidance to ensure that their compliance policies and procedures track the indicators and ensure that STRs are filed in respect of even a single indicator, absent compelling evidence.
2. CAN SERVICE PROVIDERS FILE STRs ON BEHALF OF REGULATED ENTITIES?
The Guidance addresses service providers filing STRs on behalf of regulated entities. While the Guidance provides that there are no issues with having a service provider file STRs on behalf of a reporting entity, it states that notwithstanding any such delegation, it is the regulated entity that will ultimately be responsible for any filing mistakes or glitches, which has always been implicitly understood.
3. HOW DOES FINTRAC REVIEW AND VALIDATE STRs?
FINTRAC provides useful information and transparency in its practices in respect of the rules that FINTRAC uses to validate STRs. In that regard, FINTRAC notes that it looks to the following factors in validation:
- Presence: Is there an entry in the field?
- Format: Is the entry in the correct structure?
- Content: Is the correct information entered in the appropriate field?
Regarding compliance requirements, FINTRAC notes that regulated entities should have their own proactive quality assurance (QA) practices independent of FINTRAC’s review and validation of reports. On this basis, we would expect FINTRAC to look for documented QA practices in its review of regulated entities’ compliance policies and procedures.
4. WHAT ARE FINTRAC’S EXPECTATIONS FOR COMPLETING STRs?
FINTRAC provides new guidance in respect of its expectations for completing STRs. The following summarizes their expectations:
- A regulated entity’s anti-money laundering (AML) policies must include details on the process used to identify, assess and submit STRs to FINTRAC
- A person with appropriate knowledge and training is expected to be able to determine whether a transaction is related to ML/TF
- Training employees to be able to identify transactions that may be ML/TF related is considered part of a regulated entity’s compliance program
- STRs submitted must be comprehensive and of high quality.
In respect of the quality of STRs submitted to FINTRAC, FINTRAC notes that a well completed STR should consider the following questions:
- Who are the parties to the transaction?
- FINTRAC provides detailed descriptions in respect of what it is looking for in this category, including listing signing authorities, providing clear information in respect of each person’s role in the transaction, explaining the relationship between the individual’s involved, etc.
- When was the transaction completed/attempted?
- What are the financial instruments or mechanisms to conduct the transaction?
- Where did the transaction take place?
- Why is the transaction related to the commission of a ML/TF offence?
- FINTRAC expects the indicators to be provided along with the suspected criminal offence if known.
- How did the transaction take place?
Based on the foregoing and FINTRAC changing its compliance examinations to focus on “effectiveness”, it is likely that the quality of STRs will become an examinable matter. This is reflected in the following statement found in the Guidance: “STRs must be detailed and of high quality, as they provide invaluable financial intelligence for FINTRAC’s analysis…”. It is likely that this expectation will be confirmed in the new guidance on compliance examinations that FINTRAC is expected to release shortly.
Another important matter in the Guidance addresses circumstances where a regulated entity has already filed a STR in respect of a client. Specifically, the Guidance provides that “[o]nce you have reached reasonable grounds to suspect, you must keep reporting as long as the suspicion remains”.
What this means on a practical level is that if a regulated entity has a suspicion that a client is involved in ML or TF and has filed a STR in respect of that client, the regulated entity is required to continue to file STRs in respect of all activity carried on by that client as long as that suspicion remains (unless presumably the source of funds from the transaction is clearly identifiable as not being related to the proceeds of crime). By way of example, if a client has a chequing account with a regulated entity, once a STR has been filed in respect of that client, all transactions related to the account (or any other account or product held or used by that client) must be reported to FINTRAC as STRs (i.e., deposits, ATM transactions, cheque writing, etc.).
Similarly, if a client has an arrangement with a regulated entity where it is required to make monthly payments (for example on a mortgage, an insurance policy or a loan) then in those circumstances, once a regulated entity has filed an STR in respect of a client, it is required to continually file STRs in respect of all monthly payments made by that client. Depending of the business of the regulated entity, this will likely lead to more de-risking practices.
5. WHAT ARE SOME COMMON STR DEFICIENCIES?
FINTRAC provides useful information in the Guidance regarding common STR deficiencies. These deficiencies should be viewed as a “heads up” as to what FINTRAC will look for in an examination when it is assessing the STRs filed by regulated entities. The identified deficiencies are as follows:
- Using a higher threshold as a basis for reporting: FINTRAC distinguishes between reasonable grounds to believe and reasonable grounds to suspect and clarifies that it is the lower standard that requires the filing of an STR.
- Failing to list all of the transactions and accounts relevant to your suspicion: FINTRAC notes that regulated entities are required to report all transactions and accounts that led to the determination to file a STR. Providing a summary in Part G is not sufficient. Again, regulated entities will likely be examined to this standard.
- Not listing or naming all parties to the transaction when the information is available: The Guidance provides that all parties to the transaction must be listed, including third parties (for example for wires including ordering client and beneficiary). One important point that FINTRAC makes is: “FINTRAC acknowledges that this information may not always be at your disposal, but when you know it, it should be provided”. This reflects a FINTRAC expectation that in the event that a regulated entity has any information in its possession in respect of a client or a transaction, that information must be included in the report.
- Part G does not elaborate on your grounds for suspicion or link them to the transactions reported in Parts B through F: FINTRAC notes that regulated entities are required to articulate the grounds upon which there are reasonable grounds to suspect that a transaction is related to the commission of a ML/TF offence. They also note that this deficiency is observed when a reporting entity does not articulate its reason for suspicion or does not explain why certain information is relevant to their suspicion.
6. FIELD COMPLETION INSTRUCTIONS
Similar to the previous STR Guideline, the Guidance provides detailed field completion instructions in respect of the STR form. Contained within those instructions are a few useful pieces of information. In respect of providing the address of the client, FINTRAC provides examples of addresses that are not considered to be valid addresses. These include a P.O. Box without a complete physical address, a general delivery address or only a suite number without additional address information. There is also guidance provided on the level of detail required when collecting and providing a person’s occupation.
7. HOW WILL FINTRAC ASSESS COMPLIANCE?
In respect of “reasonable grounds to suspect” the Guidance provides information on how FINTRAC will assess a regulated entity’s compliance in making that determination. Based on the Guidance, it is clear that FINTRAC will use these standards as part of their examination criteria. In that regard, during an examination, FINTRAC would expect a regulated entity to be able to:
- Confirm that it has an ongoing monitoring process that would allow it to detect, assess and when applicable, file STRs
- Explain how the regulated entity’s process for detecting and assessing suspicious transactions is reasonable, effective and consistent with the entity’s risk assessment
- Demonstrate how the regulated entity identifies relevant transactions
- Show the regulated entity’s record-keeping and decision-making process.
FINTRAC also notes that as a best practice a regulated entity “may want to document” the rationale and keep a record as to why suspicion was negated. It notes that “[k]eeping a record of these decisions is not required but may be useful to you in the context of a FINTRAC assessment”.
Given the foregoing, it is important for regulated entities to document their decision-making process in choosing not to file an STR. FINTRAC, in its examinations will often request unusual transaction reports that were not filed as STRs to determine if it agrees with a regulated entity’s decision-making process, in effect engaging in a subjective look back. This is different from the U.S. approach where the Bank Secrecy AML Manual provides that “[b]y their nature, SAR narratives are subjective, and examiners generally should not criticize the bank's interpretation of the facts.”
In addition to the foregoing, it should be noted that consistent with its public comments, the Guidance reflects FINTRAC moving away from a “tick the box” approach in regulatory examinations to an effectiveness approach. In other words, FINTRAC will look at the overall effectiveness of a regulated entity’s program in terms of identifying, assessing and submitting STRs.
FINTRAC provides some guidance on how a regulated entity can self-assess its compliance with its obligations to submit STRs. In that regard, FINTRAC provides some examples for regulated entities to consider, including:
- Assessing STRs with similar scenarios to ensure that a regulated entity is applying consistency to STR determinations
- The continuation of submitting STRs for clients in respect of which a regulated entity has already filed a STR
- Working with industry to identify how others are reaching the “reasonable grounds to suspect” threshold
- Being able to explain the reasons for suspicion in such a way that others with similar knowledge would reach the same conclusion
- Conducting reviews of files to ensure that timing requirements are complied with
- Assessing the quality of STRs (FINTRAC couples this process with the integrity of a regulated entity’s know-your-client information)
- Double checking the quality of STRs in order to ensure that if a regulated entity has access to information, that it is included in the STR reports.
It is likely that the above examples will form the basis of what FINTRAC will look to in a regulatory examination.
The Guidance sets out FINTRAC’s expectations in respect of an effective STR compliance program. However, many of the matters set out in the Guidance go beyond the legal requirements set out in the PCMLTFA. As such, regulated entities should review the Guidance and ensure that their STR policies and practices are aligned with FINTRAC’s expectations.
For further information, please contact:
Jacqueline Shinfield 416-863-3290
or any other member of our Financial Services Regulatory group.