As the largest trading partner to the largest economy on the planet — and sharing the world’s longest international border with that same country — Canada shoulders an immense burden when it comes to protecting North America against money laundering and financial fraud.
Complicating its border defense position, Canada also has different international sanctions than the United States, most notably its long-standing open trade and travel policy with Cuba.
And yet, the home nation of hockey has been a leader in fighting money laundering, terrorist financing, and proliferation of weapons of mass destruction dating back to 1990, when it became a founding member of the Financial Action Task Force (FATF). The FATF sets standards for global Anti-Money Laundering (AML) regulations and also measures the effectiveness of country efforts.
In 2016, when Canada fell short of FATF’s expectations, the country spent the next five years shoring up its technical compliance and continues to amend its efforts to remain compliant.
Overview of KYC in Canada
The Canadian government views the fight against money laundering and terrorist financing as a team effort among divisions, international partners, and Canada’s public and private sectors.
Key to AML efforts are Know Your Customer (KYC) regulations, which help banks and financial institutions better understand who is using their products well before any illicit funds can be integrated into the financial system.
KYC first became a law in Canada in 1991 with the passage of the Proceeds of Crime (Money Laundering) Act, which was notably enhanced in December 2001 as part of a global response to the Sept. 11 terrorist attacks. It was renamed the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).
One of the primary objectives of the PCMLTFA is to standardize the following protective measures across an estimated 24,000 businesses in Canada:
- Customer identification and verification
- Record keeping
- Monitoring
- Reporting
Which entities are required to follow Canada’s KYC laws?
Canada has an extensive list of entities currently required to follow Know Your Customer (KYC) laws, including:
- Money Services Businesses
- Real estate brokers (or sales representatives) and developers if transactions exceed C$10,000 (USD$7,300) within 24 hours
- Insurance companies if policies exceed C$10,000 (USD$7,300) in life, annuity, or group plans
- Professional services, such as law offices and accounting firms
- Casinos and gaming establishments if exchange activities exceed C$3,000 (US$2,200) or more in foreign currency, C$1,000 (US$730) or more in local currency exchange, or payouts exceed C$10,000 (USD$7,300) or more in a single transaction or multiple within 24 hours
- Fintech if activity involves large transactions over C$10,000 (USD$7,300) within 24 hours
- E-commerce if there are age-regulated sales (such as alcohol)
The list also includes banks and other financial institutions undertaking the following activities:
- Opening accounts and/or creating signature cards
- Opening credit cards
- Supporting trusts with settlors or co-trustees
- Facilitating large cash transactions, defined as electronic funds transfers worth C$1,000 (USD$730) or more, foreign currency exchange worth C$3,000 (USD$2,200) or more, and redemption or issuance of C$3,000 or more in traveler’s checks, money orders, or other forms
Cryptocurrency transactions are the most recent allowable activity for certain eligible businesses if they receive more than C$10,000 (USD$7,300) in crypto funds.
Key regulatory bodies
In Canada, 13 federal departments and agencies oversee the AML process, which is ultimately coordinated by the Department of Finance Canada. These are some of the key agencies:
FINTRAC
The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) oversees the PCMLTFA in addition to investigating suspicious transaction reports filed with law enforcement and government agencies and prosecuting parties involved in confirmed reports of money laundering and terrorist financing. From 2018-19, FINTRAC received 235,661 such reports representing 10 percent of the total reports filed.
OSFI
The Office of the Superintendent of Financial Institutions (OSFI) is an independent agency of the Canadian government that regulates and supervises financial institutions and private pension plans. It mandates the soundness of these institutions as well as the adoption of risk mitigation policies.
CSA
Per the Canadian Securities Administrators (CSA), KYC obligations also apply to investment advisors, who must verify the following customer details as part of the New Account Application Form:
- Identification
- Date of birth
- Marital status
- Occupation
- Income
- Net worth
Prior to any investments or trades, they must also understand their client’s risk tolerance, investment objectives, and horizon as well as ascertain the client’s level of investment knowledge. This information is auditable and must be updated regularly if there are any material changes.
KYC Canada requirements for onboarding
The four objectives of KYC are to identify the customer, verify their true identity, understand their activities and source of funding, and monitor the customer’s activities.
The heart of the KYC process hinges on identifying the individuals opening accounts as well as those responsible for the business decisions of corporate clients. This is the responsibility of financial institutions and banks.
Canada has three approved methods for identity verification:
- Government-issued photo identification
- Credit file
- Dual-process
Government-issued photo identification method
To qualify for identity verification of an individual, a government-issued photo identification document must have been issued by either a federal, provincial, or territorial government. A foreign government-issued photo identification document can be accepted for verification if it is the equivalent of a Canadian document. Photo identification documents by municipal governments, Canadian or foreign, are not valid.
Credit file method
A credit file document represents an independent rating of an individual’s ability to repay loans. Companies can also request a credit file that does not include a credit assessment in order to verify a person’s information.
Dual-process method
Verifying the identity of a person using the dual-process method requires two separate and “reliable” sources that have originated or issued the information. These options can include digital sources. One of the sources can also be a photocopy of a government-issued ID. Other examples include statements, letters, certificates, and forms.
It should be noted that in 2019, FINTRAC amended the rules to allow for remote verification of photo ID documents.
How to stay compliant with Canadian laws and regulations
KYC doesn’t stop after initial identification measures are taken. Banks and financial institutions need to proactively protect against new threats and changing regulations as well as ensure that existing clients continue to be monitored and understood. FINTRAC expects its reporting entities to build out a fully responsive and dynamic compliance program.
Develop a compliance policy and procedures
A written set of guidelines that outlines the full scope of KYC and related measures, including employee training, should be created and not only kept on file but treated as a living reference document that is updated regularly.
Appoint a compliance officer
FINTRAC suggests appointing a chief compliance officer who is, ideally, not directly involved in the receipt, transfer, or payment of funds. Simply appointing this individual does not meet requirements; the company needs to fully address all regulations.
Perform customer due diligence
In addition to verifying client identification and individuals responsible for managing corporate clients as part of customer due diligence procedures, there are requirements for collecting information on beneficial ownership, third parties, expected transaction size and scope, and the rationale for account usage as well as any nexus with high-risk or sanctioned jurisdictions, politically exposed persons (PEPs), and applicable third parties.
Apply enhanced measures as needed
High-risk clients and activities require additional controls, also known as enhanced due diligence. These enhancements might include obtaining additional information from the client or about the client based on public records research; requiring additional information about the source of funds for a company or the source of wealth for an individual; and detailed rationale for certain transactions, whether due to size, frequency, geography, or some other risk indicator.
Conduct screening
Banks and financial institutions must conduct screening of transactions to monitor for suspicious activity and also have a process in place for reviewing and reporting. They should also regularly screen names of individuals for their presence on sanctions lists, watch lists (such as for PEPs), and negative news, as these can not only change without warning but they can also increase a financial institution’s risk of money laundering.
Become KYC compliant in Canada with Persona
Whether your organization is entering or expanding within Canada, it’s crucial that you understand which KYC obligations apply to your industry. It’s also crucial to select a KYC and AML tool kit that’s flexible enough to adapt to these varied requirements.
Here at Persona, just like we know that Canada has runners and toques, not sneakers and beanies, we also know that an approach in one country or company doesn’t work for all. That’s why we’ve designed our identity infrastructure with flexibility in mind so that our partners are empowered to build the verification workflows that make the most sense to their unique business needs and regulatory environment.
With our Verifications solution, you can quickly and easily collect and analyze government IDs, other identifying documents, and selfies from your clients — either for initial verification or for periodic reverification. Our variety of reports allows you to build out a fuller picture of your users via watch list checks, sanctions checks, PEP scans, and other database queries. Cases can be built to act as the central dashboard for your team to conduct manual reviews. And all of this can be done knowing that your customers’ personal data is safe and secure.
For the fintech firm Brex, which created a new cash management product for businesses, Persona’s suite of identity tools enabled the company to seamlessly comply with KYC regulations in over 100 jurisdictions — including Canada. The company leverages Persona to verify government-issued IDs supplied by customers looking to scale their use of Brex products. By automating the cross-checking of ID information to existing information on file with Brex, the company is able to ensure that its customers are legitimate. Persona helps Brex standardize its processes, save time, and reduce the frequency of identification requests from its users.
Interested in learning more? Start for free or get a demo today.