PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Real Estate Sector – Identifying Individuals

We often hear friends and clients in the real estate sector say they are frustrated that there are not many ways to identify a customer other than meeting them face-to-face. Real estate developers, brokers and sales representatives have an obligation to ascertain a customer’s identity which requires them to refer to specific information and/or documentation to verify a customer’s identity.  However, this does not mean that identification must take place face-to-face. Below is a summary of all the different methods outlined in FINTRAC Guidance that are currently available to identify customers that are individuals and what’s coming.[1]

This article should not be considered advice (legal or otherwise). Throughout this article we refer to a purchaser of real estate as a customer, but you may refer to them as clients depending on your internal procedures. Also, your internal procedures may dictate what methods are acceptable in identifying a customer. If you are unsure, consult with your Compliance Officer where there is any doubt on what is acceptable within your organization.

Face-to-Face Identification for Individuals

When meeting customers face-to-face you may ask for a piece of identification that is:

  • Issued by a provincial, territorial or federal government in Canada or an equivalent foreign government (a foreign Passport would be acceptable for example);
  • Valid, not expired (if there is not expiry date this must be stated in the customer identification record);
  • Bears a unique identifier number (such as a driver’s license number);
  • Bears the name of the individual being identified;
  • Is an original (not a copy, photo, scan, video call, etc.); and
  • Bears a photo of the individual being identified.

Information that must also be collected and recorded includes things such as the customer’s full name (no initials, short forms or abbreviations), their occupation, date of birth, etc. The needed information is included in various fields on industry customer identification forms that are used so it is crucial they are complete and accurate.

Single Process Method

Under the single process method, a customer’s identify can be confirmed by completing  a credit header match on their Canadian credit file, provided it has been in existence for at least three years and has at least two trade lines.  This means there is not a ‘hard hit’, impacting the customer’s credit score. This must be completed at the time of confirming a customer’s identity and cannot take place earlier or later.  To be acceptable, the credit file details must match the exact name, date of birth and address provided by the customer. When using this method to confirm a customer’s identity a record of the following information must be retained:

  • The customer’s name;
  • The name of the Canadian credit bureau holding the credit file;
  • The reference number of the credit file; and
  • The date the credit file was consulted.

Dual Process Method

Where the single process method provides information that does not match what the customer has provided and/or the credit file does not meet the requisite requirements, the dual process method can be used to identify that customer.  This involves referring to information from reliable and independent sources and must be original, valid and the most recent.  In order to qualify as reliable, the sources should be well-known and reputable. Reliable and independent sources can be the federal, provincial, territorial and municipal levels of government, crown corporations, financial entities or utility providers. It is important to note that independent means neither of the sources can be the same, nor can they be you or your business.

Documentation being used must be in its original form.  This makes electronic documents the preference because the customer can send the originals via email, while retaining a copy for themselves. You cannot accept documents that have been photocopied, scanned or faxed.

Under the dual process method, you can refer to any two of the following options:

  • Documents or information from a reliable source that contain the customer’s name and date of birth;
  • Documents or information from a reliable source that contain the customer’s name and address; or
  • Documents or information that contain the customer’s name and confirms that they have a deposit, credit card or other loan account with a financial entity.

The table below provides some examples of the sources and documents that can be referred to when confirming a customer’s identification.  In order to meet the standards of the dual process method, two documents must be obtained but each document cannot be in the same column.

 

Documents or information to verify name and address

 

 

Column A

 Documents or information to verify name and date of birth

 

 

Column B

 Documents or information to verify name and confirm a financial account

 

Column C

 
Issued by a Canadian government body:

Any card or statement issued by a Canadian government body (federal, provincial, territorial or municipal):

·      Canada Pension Plan (CPP) statement;

·      Property tax assessment issued by a municipality; or

·      Provincially-issued vehicle registration.

·      Federal, provincial, territorial, and municipal levels.

CRA documents:

·      Notice of assessment;

·      Requirement to pay notice;

·      Installment reminder / receipt;

·      GST refund letter; or

·      Benefits statement.

 Issued by a Canadian government body:

Any card or statement issued by a Canadian government body (federal, provincial, territorial or municipal):

·      Canada Pension Plan (CPP) statement of contributions;

 

 

Issued by other Canadian sources:

·      Referring to a customer/customer’s Canadian credit file that has been in existence for at least 6 months; or

Insurance documents (home, auto, life);

 Confirm that your customer/customer has a deposit account, credit card or loan account by means of:

·      Credit card statement;

·      Bank statement;

·      Loan account statement (for example: mortgage);

·      Cheque that has been processed by a financial institution;

·      Telephone call, email or letter from the financial entity holding the deposit account, credit card or loan account; or

·      Identification product from a Canadian credit bureau (containing two trade lines in existence for at least 6 months);
Issued by other Canadian sources:

·      Referring to the customer/customer ‘s Canadian credit file that has been in existence for at least 6 months;

·      Utility bill (for example, electricity, water, telecommunications);

·      T4 statement;

·      Record of Employment;

·      Investment account statements (for example, RRSP, GIC); or

·      Identification product from a Canadian credit bureau (containing two trade lines in existence for at least 6 months).

 

Where the dual process method is used to confirm the identity of a customer, a record of certain information must be maintained. Specifically:

  • The customer’s name;
  • The name of the two different sources that were used to identify the customer;
  • The type of information (for example, utility statement, bank statement, etc.) that was referred to;
  • The account number associated with the information for each source (if there is account number, you must record a reference number); and
  • The date the information was verified.

Third Parties (Agent or Mandatary)

If you are unable to use any of the methods above (say in the case of a foreign buyer that you cannot meet with face-to-face), you can ask someone in their area to identify them on your behalf.  There must be a written agreement or arrangement in place before using this method and procedures must be in place on how the third party will identify a buyer.

 

What’s To Come?

On June 9th, 2018, draft amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its enacted regulations (there are five separate regulations that we’re going to collectively call regulations here for simplicity’s sake) were published. The draft amendments include some positive changes in respect to requirements related to identity verification.

With regards to the identification document used to identify a customer, the draft amendments replace the word “original” with “authentic” and state that a document used for verification of identity must be “authentic, valid and current.” This may[2] allow for scanned copies of documentation and/or for software that can authenticate identification documents to be used for the dual process method.

Under the draft amendments, regarding the single process method, information in a credit report must be derived from more than one source (this means there must be more than one trade line).

Under the draft amendments, real estate developers, brokers and sales representatives would be allowed to rely on identity verification undertaken by other regulated entities. This method requires a written agreement and a requirement to deliver the identity documentation within three days.

 

We’re Here To Help

If you have questions regarding the identification requirements in place currently or the requirements that are in draft form please contact us.

 

[1] Note that methods used to identify customers that are organizations are different from the ones discussed in this article.

[2] There is no certainty in this regard until a final version is published and FINTRAC has provided their guidance on the matter.

Sanctions This Week: July 25th – 29th, 2016

 

OSFISanctions Pic

There were no updates released from OSFI this week.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released four updates last week.  One update was related to the publication of Cuba-related Frequently Asked Questions (FAQ), covering some of the recent changes made to the sanctions that had previously been placed on Cuba.  Other updates included the removal of 12 individuals from the Counter Terrorism Designations List, the issuance of a Finding of Violation and the publication of Iran General License J.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

The update to the Cuba-related FAQs was for the issuance of a new FAQ (#38) and a revision of an existing FAQ (#39), relating to certain information collection and recordkeeping requirements for persons subject to U.S. jurisdiction who provide authorized carrier or travel services to or from Cuba for specifically licensed travelers.

The update to the Counter Terrorism Designations List included the removal of 12 individuals of Libyan origin who are currently residing in the UK.

The Finding of Violation was issued to Compass Bank, which uses the trade name BBVA Compass, for violations of the Foreign Narcotics Kingpin Sanctions Regulations. From June 12, 2013 to June 3, 2014, Compass maintained accounts on behalf of two individuals on OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”).

The final update of the week was related to OFAC issuing “General License J”, authorizing the re-exportation of certain civil aircraft to Iran on temporary sojourn and related transactions.

See the Cuba-related FAQ update on OFAC’s website.

See the Counter Terrorism Designations List update on OFAC’s website.

See the issuance of a Finding of Violation to Compass Bank on OFAC’s website.

See the Iran General License J details on OFAC’s website.

See OFAC’s recent actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Sanctions This Week: July 18th – 22nd, 2016

OSFIOutlier3_032

On July 18th and 22nd, 2016, the Office of the Superintendent of Financial Institutions (OSFI) released the United Nations Security Council’s (UNSC’s) Al’Qaida and Taliban regulations updates to the sanctions list, deleting one individual and amending another.

The individuals are subject to the assets freeze, travel ban and arms embargo set out in paragraph 2 of Security Council resolution 2253 (2015) adopted under Chapter VII of the Charter of the United Nations.

The review of the individual who was deleted from the list was triggered by regularly scheduled updates.  However, no additional information was available regarding the justification.

The amendment of one individual’s information included the following:

  • A physical description;
  • The confirmation of the most recent position held within the Taliban, as of April 2015; and
  • That they are currently involved in drug trafficking and operate a heroin laboratory in Afghanistan.

See the July 18th update on the United Nations (UN) website.

See the July 22nd update on the United Nations (UN) website.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released three updates last week.  One update was related to the addition of three individuals to the Counter Terrorism Designations list.  The second update was related to the addition of multiple individuals and entities to the Syria and Non-proliferation Designations lists.  The final update last week was to the Kingpin Act and Panama-related Frequently Asked Questions (FAQs) regarding General Licenses.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

The changes to the Counter Terrorism Designations list included three individuals of different nationalities, Saudi Arabia, Egypt and Algeria, though all have been linked to Al Qa’ida.

The update to the Syria Sanctions list included eight individuals, all of whom are Syrian.  The seven entities, which range from construction, to finance to manufacturing industries and vary in location, which include:

  • Syria;
  • Saint Kitts and Nevis;
  • Cyprus;
  • UAE; and

The update to the Kingpin Act and Panama-related FAQs are specific General License 5B and 6B

See the Counter Terrorism Designations list update on OFAC’s website.

See the Syrian and Non-proliferation Designations lists update on OFAC’s website.

See the Kingpin Act and Panama-related General License FAQs update on OFAC’s website.

See OFAC’s recent actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Sanctions This Week: July 11th – 15th, 2016

OSFIOutlier3_036

There were no updates released from OSFI this week.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released one update last week.  The update was related to the addition of two Russian individuals who were added to the Counter Terrorism Designations list.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

No other information was available on the individuals who were added.

See the Counter Terrorism Designations list update on OFAC’s website.

See OFAC’s Recent Actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Sanctions This Week: July 4th – 8th, 2016

OSFISanctions Pic

On July 5th, 2016, the Office of the Superintendent of Financial Institutions (OSFI) released the United Nations Security Council’s (UNSC’s) Al’Qaida and Taliban regulations update to the sanctions list, removing one individual.

Individuals who are included in the list are subject to the assets freeze, travel ban and arms embargo set out in paragraph 2 of Security Council resolution 2253 (2015) adopted under Chapter VII of the Charter of the United Nations. The individual delisted was decided following a review, initiated by a request that was submitted to the Ombudsperson.  The individual is a German national and has been imprisoned in Germany since 2007.

See the update on the United Nations (UN) website.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released three updates last week.  The first update, released on July 5th, 2016 was related to the settlement of a potential civil liability for apparent violations of the Iranian and Sudanese transactions and sanctions regulations.  The second update was related to the addition of multiple North Korean individuals and entities to the North Korean Designations List.  The final update was further clarification to the new Cuba-related Frequently Asked Questions (FAQ).

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

The settlement on July 5th for apparent violations of the Iranian and Sudanese sanctions was levied against Alcon Laboratories, Inc., Alcon Pharmaceuticals Ltd., and Alcon Management SA.  In the course of the investigations, Alcon produced documents and information where it appeared that from August 2008 to December 2011, Alcon violated Iranian sanctions on 452 occasions and Sudanese sanctions on 61 occasions.  Alcon engaged in the sale and exportation of medical end-use surgical and pharmaceutical products from the United States to distributors located in Iran and Sudan without OFAC authorization. OFAC determined that Alcon did not make a voluntary self-disclosure and that the apparent violations were not egregious. The statutory maximum civil monetary penalty amount for the Apparent Violations was $138,982,584 USD and the base penalty amount was $16,927,000 USD.  Ultimately, Alcon paid $1,317,150 USD.

The North Korean sanctions list update included numerous individuals and entities, some of whom are high-ranking officials with titles such as:

  • Director of the Fifth Bureau of the Reconnaissance;
  • Director of the Workers’ Party of Korea Propaganda and Agitation Department; and
  • Minister of People’s Security.

The update to the Cuba-related FAQs were specific to the issuance of two new questions added, #43 and #50, regarding the use of the U.S. dollar in certain transactions.

See the Enforcement Action update on OFAC’s website.

See the North Korea Designations List update on OFAC’s website.

See the Cuba-related FAQ update on OFAC’s website.

See OFAC’s Recent Actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Sanctions This Week: June 20th – 26th, 2016

 

OSFIOutlier3_032

On June 20th, 2016, the Office of the Superintendent of Financial Institutions (OSFI) released the United Nations Security Council’s (UNSC’s) Al-Qaida and Taliban Regulations (UNAQTR) update to the sanctions list, removing one individual.

The assets freeze, travel ban and arms embargo, set out in paragraph 2 of Security Council resolution 2253 (2015), no longer apply to the individual.  The review pursuant to Security Council resolution 1822 (2008) was concluded on July 30th, 2009, which is almost seven years ago.  For further information about the process for removing individuals and entities from the UNAQTR List, pursuant to a decision by the UN Security Council Committee, may be found in the “Press Releases” section on the Committee’s website.

Go to OSFI’s release of the UNAQTR update on the OSFI page.

Go to the United Nations Security Council Committee’s page on “Delisting”.

Go to the OSFI lists page.

OFAC

The U.S. Department of Treasury’s Branch, The Office of Foreign Asset Control (OFAC), released two updates last week.  One update involved the agreement to to settle potential civil liability for apparent violations of the Iranian Transactions and Sanctions Regulations.  The second update was the addition of a single individual to the Democratic Republic of the Congo Designations list.

OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals.  The sanctions target countries, regimes, terrorists, international narcotics traffickers, the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the U.S.

The OFAC penalty settlement amount for violations of the Iranian Transactions and Sanctions Regulations was $107,691.30 USD.  The stated violations are as follows:

  • On or about April 15, 2011, the company appeared to have violated the Regulations when it exported 3,600 medical products to its United Arab Emirates distributor with knowledge, or reason to know, that the goods were ultimately destined for Iran; and
  • Additionally, on or about May 27, 2011, the company exported an additional 400 units of the same product to its United Arab Emirates distributor with knowledge, or reason to know, that the goods were ultimately destined for Iran.

OFAC determined that the company voluntarily self-disclosed the apparent violations, and that the company constitutes a non-egregious case. The statutory maximum civil monetary penalty amount for the apparent violations was $1,129,912 USD and the base civil monetary penalty was $159,542.  The settlement amount reflects OFAC’s consideration of the following factors:

  • The company acted willfully by exporting products to its foreign distributor with knowledge, or reason to know, that the exports were ultimately destined for Iran in apparent violation of U.S. law, editing its destination control statement at the request of its distributor, and continuing to conduct business with its distributor after receiving confirmation that the distributor had re-exported the products to Iran;
  • The company’s former CEO and former International Sales Manager knew that the exports were ultimately destined for Iran; and
  • The company did not have a sanctions compliance program in place at the time of the apparent violations.

The company took remedial steps, including the implementation of an OFAC compliance program; and cooperated with OFAC’s investigation and agreed to toll the statute of limitations for a total of 513 days.

See the Enforcement Action Report on OFAC’s website.

See the Democratic Republic of the Congo updates on OFAC’s website.

See OFAC’s recent actions page.

Need A Hand?

We would love to hear from you.  If there are subjects in this post that you would like to know more about, or if you need assistance with your compliance program, please contact us.

AML Regulation Updates & Digital Currency

Amber AML Program_2On July 4th, 2015, draft amendments to Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations were published in the Canada Gazette. These updates are intended to, among other things, strengthen Canada’s anti-money laundering (AML) regime and address certain technical issues. The draft does expand the definition of a money services business (MSB) to include “dealers in digital currency,” but digital currency businesses may still consider submitting comments related to the draft, as the consultation period of 60 days is open to the public.

This round of amendments didn’t include ‘dealers in digital currency’ – so why should you comment?

While dealers in digital currency are not yet regulated as MSBs, it is reasonable to expect that this is the direction Canada is taking based on Bill C-31, which was passed last year. This means that the regulations could apply to digital currency businesses in the near future. The 60-day comment period is likely to be the only public comment period before a final version of the amended regulations is published.

One of the most significant changes in the current draft relates to customer identification. The current customer identification methods for non-face-to-face customers (which apply to all online MSB customers) are complicated and heavily reliant on an individual having at least six months of Canadian credit history (you can learn more here). The proposed amendments have the potential to broaden the range of available sources to include sources other than credit reporting bureaus.

Digital currency businesses should consider commenting on these amendments. While we at Outlier consider the changes to be positive overall, we’re aware that there are many identification solutions on the market (many of which don’t meet the current Canadian identification requirements). This has caused more than a few headaches for businesses that operate online. While the proposed changes may alleviate some of the current pain points, businesses should consider how these fit with your business model and service providers.

Customer Identification Measures

In the text below, the text that is struck through includes proposed deletions, while the green text includes proposed additions. You can also see a full marked-up version of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations here.

MEASURES FOR ASCERTAINING IDENTITY

  1. (1) In the cases referred to in sections 53, 53.1, 54, paragraph 54.1(a) and sections 55, 56, 57, 59, 59.1, 59.2, 59.3, 59.4, 59.5, 60 and 61, a person’s the identity of a person shall is to be ascertained, at the time referred to in subsection (2) and in accordance with subsection (3), in the following manner:

(a) By referring to the person’s birth certificate, driver’s licence, provincial health insurance card (if such use of the card is not prohibited by the applicable provincial law), passport or other similar document; or

(a) By referring to identification document that contains their name and photograph and that is issued by the federal government or a provincial government or by a foreign government other than a municipal government, and by verifying that the name and photograph are those of the person;

(b) if the person is not physically present when the account is opened, the credit card application is submitted, the trust is established, the client information record is created or the transaction is conducted,

(i) by obtaining the person’s name, address and date of birth and

(A) confirming that one of the following entities has identified the person in accordance with paragraph (a), namely,

(I) an entity, referred to in any of paragraphs 5(a) to (g) of the Act, that is affiliated with the entity ascertaining the identity of the person,

(II) an entity that carries on activities outside Canada similar to the activities of a person or entity referred to in any of paragraphs 5(a) to (g) of the Act and that is affiliated with the entity ascertaining the identity of the person, or

(III) an entity that is subject to the Act and is a member of the same association as the entity ascertaining the identity of the person, and

(B) verifying that the name, address and date of birth in the record kept by that affiliated entity or that entity that is a member of the same association corresponds to the information provided in accordance with these Regulations by the person, or

(ii) subject to subsection (1.3), by using one of the following combinations of the identification methods set out in Part A of Schedule 7, namely,

(A) methods 1 and 3,

(B) methods 1 and 4,

(C) methods 1 and 5,

 (D) methods 2 and 3,

(E) methods 2 and 4,

 (F) methods 2 and 5,

(G) methods 3 and 4, or

(H) methods 3 and 5.

 (b) by referring to information concerning them that is received by the     person or entity that is ascertaining their identity on request from a federal or provincial government body — or a body that is acting as the agent or mandatary of such a body — that is authorized in Canada to ascertain the identity of persons, and by verifying that either the name and address or the name and date of birth contained in the information are those of the person;

(c) by referring to information that is contained in the person’s credit file — if that file is located in Canada and has been in existence for at least      three years — and by verifying that the name, address and date of birth   contained in the credit file are those of the person;

(d) by doing any two of the following:

(i) referring to information from a reliable source that contains their name and address, and verifying that the name and address are those of the person,

(ii) referring to information from a reliable source that contains their name and date of birth, and verifying that the name and date of birth are those of the person, or

(iii) referring to information that contains their name and confirms that they have a deposit account or a credit card or other loan account with a financial entity, and verifying that information; or

(e) by confirming that one of the following entities previously ascertained their identity in accordance with any of paragraphs (a) to (d), and by verifying that the name, address and date of birth contained in the entity’s record are those of the person:

(i) an entity that is referred to in any of paragraphs 5(a) to (g) of the Act and that is affiliated with the entity that is ascertaining the person’s identity, 

(ii) an entity that carries on activities outside Canada similar to the activities of a person or entity referred to in any of paragraphs 5(a) to (g) of the Act and that is affiliated with the entity that is ascertaining the person’s identity, or

(iii) a financial entity that is subject to the Act and that is a member of the same financial services cooperative or credit union central as the entity that is ascertaining the person’s identity.

(1.1) In the case referred to in paragraph 54.1(a), the identity of a person shall be ascertained by a person or entity, at the time referred to in subsection (2) and in accordance with subsection (3),

(a) by referring to the person’s birth certificate, driver’s licence, provincial health insurance card (if such use of the card is not prohibited by the applicable provincial law), passport or other similar document; or

(b) where the person is not physically present when the credit card application is submitted,

(i) by obtaining the person’s name, address and date of birth and

(A) confirming that one of the following entities has identified the person in accordance with paragraph (a), namely,

(I) an entity, referred to in any of paragraphs 5(a) to (g) of the Act, that is affiliated with the entity ascertaining the identity of the person,

(II) an entity that carries on activities outside Canada similar to the activities of a person or entity referred to in any of paragraphs 5(a) to(g) of the Act and that is affiliated with the entity ascertaining the identity of the person, or

(III) an entity that is subject to the Act and is a member of the same association as the entity ascertaining the identity of the person, and

(B) verifying that the name, address and date of birth in the record kept by that affiliated entity or that entity that is a member of the same association corresponds to the information provided in accordance with these Regulations by the person,

(ii) subject to subsection (1.3), by using a combination of any two identification methods referred to in either Part A or Part B of Schedule 7, or

(iii) subject to subsection (1.3), where the person has no credit history in Canada and the credit limit on the card is not more than $1,500, by using combination of any two identification methods referred to in any of Parts A, B and C of Schedule 7.

(1.1) For the purposes of subparagraphs (1)(d)(i) to (iii), the information that is referred to must be from different sources, and the person whose identity is being ascertained and the person or entity that is ascertaining their identity cannot be a source.

(1.2) for the purposes of paragraphs (1)(b)(i) and (1.1)(b)(i), an entity is affiliated with another entity if one of them is wholly owned by the other or both are wholly owned by the same entity.

(1.2) The person or entity that is ascertaining the identity of a person who is at least 12 years of age but not more than 15 years of age may refer under subparagraph (1)(d)(i) to information that contains the name and address of one of the person’s parents or their guardian or tutor in order to verify that the address is that of the person.

(1.21) For the purposes of subparagraphs (1)(b)(i) and (1.1)(b)(i),

(a) a financial services cooperative and each of its members that is a financial entity are considered to be members of the same association; and

(b) a credit union central and each of its members that is a financial entity are considered to be members of the same association.

(1.3) A combination of methods referred to in sub-paragraph (1)(b)(ii) or (1.1)(b)(ii) or (iii) shall not be relied on by a person or entity to ascertain the identity of a person unless

(a) the information obtained in respect of that person from each of the two applicable identification methods is determined by the person or entity to be consistent; and

(b) the information referred to in paragraph (a) is determined by the person or entity to be consistent with the information in respect of that person, if any, that is contained in a record kept by the person or entity under these Regulations.

(1.3) If a document is used to ascertain identity under subsection (1), it must be original, valid and current. Other information that is used for that purpose must be valid and current and must not include an electronic image of a document.

(2) The identity shall be ascertained

(a) in the cases referred to in paragraph 54(1)(a) and subsection 57(1), and paragraph 60(a), before any transaction other than an initial deposit is carried out on an account;

(b) in the cases referred to in section 53, paragraph 54(1)(b), subsection 59(1) and paragraphs 59.3(a), 59.4(1)(a), 59.5(a), 60(b) and 61(b), at the time of the transaction;

(b.1) in the case referred to in section 53.1, before the transaction is reported as required under section 7 of the Act;

(b.2) in the case referred to in paragraph 54.1 (a), before any credit card is activated;

(c) in the cases referred to in paragraphs 55(a), (d) and (e), within 15 days after the trust company becomes the trustee;

(d) in the cases referred to in subsection 56(1) and paragraph 61(a), within 30 days after the client information record is created;

(e) in the cases referred to in paragraphs 59.1(a) and 59.2(1)(a), at the time of the transaction; and

(e.1) in the case referred to in paragraph 60(a), before any funds are disbursed; and

(f) in the case referred to in subsection 62(3), at the time a contribution in respect of an individual member of the group plan is made to the plan, if

(i) the member’s contribution is not made as described in paragraph 62(3)(a), or

(ii) the existence of the plan sponsor has not been confirmed in accordance with section 65 or 66.

(3) Unless otherwise specified in these Regulations, only original documents that are valid and have not expired may be referred to for the purpose of ascertaining identity in accordance with paragraph (1)(a) or (1.1)(a).

64.1 (1) A person or entity that is required to take measures to ascertain a person’s identity under subsection 64(1) or (1.1) may rely on an agent or mandatary to take the identification those measures described in that subsection only if that person or entity has entered into an agreement or arrangement, in writing, with that agent or mandatary for the purposes of ascertaining identity.

(2) A person or entity that enters into an agreement or arrangement referred to in subsection (1) must obtain from the agent or mandatary the customer information obtained by the agent or mandatary under that agreement or arrangement.

(2) The person or entity may rely on measures that were previously taken by an agent or mandatary to ascertain the person’s identity if the agent or mandatary was, at the time they took the measures,

(a) acting in their own capacity, whether or not they were required to take the measures under these Regulations; or

(b) acting as an agent or mandatary under a written agreement or arrangement — entered into with another person or entity that is required to take measures to ascertain a person’s identity — for the purposes of ascertaining identity under subsection 64(1).

(3) In order to rely on measures taken by an agent or mandatary under subsection (1) or (2), the person or entity shall

(a) have entered into a written agreement or arrangement with the agent or mandatary for the purposes of ascertaining a person’s identity under subsection 64(1);

(b) obtain from the agent or mandatary all of the information that the agent or mandatary used to ascertain the person’s identity; and

(c) be satisfied that the information is valid and current and that the agent or mandatary ascertained the person’s identity in the manner described in any of paragraphs 64(1)(a) to (d).

64.2 Every person or entity that is required under these Regulations to ascertain a person’s identity in connection with a record that the person or entity has created and is required to keep under these Regulations — or in connection with a transaction that they have carried out and in respect of which they are required to keep a record under these Regulations or under section 12.1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations — shall set out on or in, or include with, that record the person’s name and the following information:

(a) if the person or entity referred to an identification document under paragraph 64(1)(a), the type of document referred to, its reference number and the issuing authority and, if available, the place it was issued and its expiry date; 

(b) if the person or entity referred to information under paragraph 64(1)(b), the source of the information, the type of information referred to, a reference number associated with the information and the date on which the person or entity verified the information;

(c) if the person or entity referred to information under paragraph 64(1)(c), the source of the information, the reference number associated with the search of the credit file and the date on which the person or entity verified the information;

(d) if the person or entity referred to information under paragraph 64(1)(d), the source of the information, the type of information referred to and the account number contained in it — or if there is no account number contained in it, a reference number associated with the information — and the date on which the person or entity verified the information; or

(e) if the person or entity confirmed under paragraph 64(1)(e) that another entity had previously ascertained the person’s identity, the name   of that entity, the manner in which it previously ascertained the person’s identity under any of paragraphs 64(1)(a) to (d), the applicable information set out in one of paragraphs (a) to (d) of this section that is associated with that manner of ascertaining identity and the date on             which the person or entity verified the information.

Submit comments by September 12, 2015

Comments must be submitted in writing during the comment period, either by email or snail mail:

Snail Mail:

Lisa Pezzack, Director Financial Systems Division,

Financial Sector Policy Branch Department of Finance

90 Elgin Street Ottawa, Ontario K1A 0G5

Email:

fcs-scf@fin.gc.ca

Need a Hand?

At Outlier, we believe that it is important to participate in decisions that affect you and your business.  If you would like someone to look over your submission before you make comments to the Department of Finance, you can get in touch with us free of charge.  We will look over your submission and make suggestions, without any cost to you.  If you need a hand, please feel free to contact us.

 

Micro Deposits & Micro Withdrawals

The Big DisclaimerAmber looking at laptop blank screen

We’re not lawyers and nothing that we write should be considered a legal opinion. Whether or not a solution will be acceptable to your regulators will always depend on your implementation and documentation – please contact us if you need help with either.

Background

There are a limited number of ways for Canadian reporting entities to identify individuals without meeting face to face. Previously, we have sought opinions from the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) on whether or not micro deposits and micro withdrawals could be used to confirm a customer’s identity. Until recently, the answer had been no. We reached out to FINTRAC again on the issue after learning that technology had evolved in a way that could meet the requirements. We’re pleased to share with you that FINTRAC is of the opinion that – given the right technology conditions – micro deposits and micro withdrawals can indeed be used to confirm a customer’s identity.

Confirmation Of A Deposit Account

The methods that can be used to confirm a customer’s identity are listed in Schedule 7 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR). (Since this post was written, Schedule 7 has been repealed and replaced by FINTRAC’s Methods to Identify Individuals). The “Confirmation of a Deposit Account Method” involves confirming that the person has a deposit account (this means a chequing or savings type of account) with a Canadian financial entity (this means a bank, credit union or caisse populaire). To use this method, reporting entities must keep a record of the name of the financial entity where the account is held, the account number and the date of the confirmation.

The key elements of this method involve determining that the account belongs to the person that you are trying to identify and determining that the account is indeed a chequing or savings type of account.

Micro Deposits and Micro Withdrawals

Previously, micro deposits and micro withdrawals were viewed as failing on both of these key elements. Confirming the amount of a micro transaction proved that a person had access to the account, but not that they owned the account. It was also viewed as impossible to determine the type of account (for instance the account may have been a line of credit that had a similar account number structure).

Fortunately, technology has advanced and some payment processors are able to conduct name matching (in some cases, payments are even stopped if there isn’t a match) as well as the type of account. Not all payment processors may have the capabilities, but if you’re looking for a way to automate some of your non face-to-face customer identification, this could be an option.

Implementation Checklist

We’ve broken down the implementation into seven key questions. If you’re able to answer yes in each case, you’re likely to be ready to implement micro deposits or micro withdrawals as an identification method.

  1. Does my payment processor conduct name matching (our client’s name against the account being debited or credited) and what confirmation do we receive of a match?
  2. Is our system set up to keep a record that demonstrates that the name was matched?
  3. Does my payment processor have access to the account type when an account is being debited or credited and can they pass that information to us and/or confirm for us that the account is a deposit account?
  4. Is our system set up to keep a record of the type of account or confirmation that the account is a deposit account?
  5. Is our system set up to keep a record of the name of the financial entity where the account is held?
  6. Is our system set up to keep a record of the account number?
  7. Is our system set up to keep a record of the date of the confirmation?

In addition to this list, you should also give some thought to what happens when identification fails (for example if the name doesn’t match or the account isn’t the right type). You’ll need to consider an alternative way to identify your client, and you probably don’t want their account stuck in limbo.

Need a Hand?

If you want to be certain that you’re meeting the standard described in this blog, or just someone to chat with to make sure that you’re on the right track please contact us.

Full Text Response

Good afternoon Ms. Scott,

Thank you for contacting the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canada’s independent agency responsible for the collection, analysis, assessment and disclosure of information in order to assist in the detection, prevention, and deterrence of money laundering and financing of terrorist activities in Canada and abroad.

You indicated, “some payment providers have the capacity to match the customer’s name to the name on the account (and will not process transactions if there is not a match) and return information about the type of account to which the transaction was pushed.”

In light of this, you have asked whether micro-withdrawals and/or micro-deposits would be acceptable for use as confirmation of a deposit account provided that:

(a) there was a confirmed name match; and

(b) the account type was confirmed as a deposit account.

Subparagraph 64(1)(b)(ii) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR) states that non-face-to-face identification can be done by using a combination of identification methods as set out in Part A of Schedule 7, the confirmation of deposit account method being one. This method of ascertaining a person’s identity consists of confirming that the person has a deposit account with a financial entity, other than an account referred to in section 62 of the PCMLTFR. For the deposit account method, paragraph 67(c) of the PCMLTFR requires that the client name, the deposit account number, the financial entity name, and the date of the confirmation be recorded. Therefore, if the payment provider confirms the client name, the deposit account number, the financial entity name, and the date of the confirmation, then yes, the micro-withdrawals and/or micro-deposits is an acceptable means to confirm a deposit account with a financial entity as per Part A of Schedule 7 of the PCMLTFR, and would satisfy one of the two combination methods required.

Please note that FINTRAC does not endorse nor advertise any products, companies, or providers of consumer information.

I trust this information will be of assistance.

Non Face To Face Identification in Canada

Regulated entities in Canada must use specific methods listed in Schedule 7 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations to identify customers non face to face (NF2F). (Since this post was written, Schedule 7 has been repealed and replaced by FINTRAC’s Methods to Identify Individuals). There is also the option to use a mandatary, a person or organization that meets with your customers face to face and identifies them on your behalf. In order to use the mandatary method, you must have a written agreement in place before any customers are identified, and the mandatary must collect the same information that you would collect if you were meeting with your customer. The mandatary method is the only method that can be used for customers outside of Canada, and can also be used to identify customers within Canada.

Without using the mandatary method, reporting entities can identify customers NF2F using the following combinations of methods:

  • Identification Product and Attestation,
  • Identification Product and Cleared Cheque
  • Identification Product and Confirmation of a Deposit Account,
  • Credit File and Attestation,
  • Credit File and Cleared Cheque,
  • Credit File and Confirmation of a Deposit Account,
  • Attestation and Cleared Cheque, or
  • Attestation and Confirmation of a Deposit Account.

Each method comes with specific records that reporting entities need to maintain. It may come as a surprise to some reporting entities that these methods are required every time that a customer makes a qualifying transaction- unless the customer is recognized either visually or by voice.

We’ve summarized each method, including the records that need to be maintained and vendors that may offer these services, including pricing. There are additional methods that only apply to credit card account, but we’ve omitted these here to avoid confusion.

The Big Disclaimer

The information that follows is based on our recent conversations with vendors. The prices may be subject to change at any time at the vendors’ discretion. While we’ve done our best to include only reputable vendors in this list, we don’t endorse or guarantee any vendors’ products or services.

If you are a vendor, and we’ve misrepresented your services or price points (or left you out altogether) please feel free to contact us. Our goal is to get quality information to our friends and customers, and we’ll endeavor to correct any errors quickly.

Identification Product

From the regulations: This method of ascertaining a person’s identity consists of referring to an independent and reliable identification product that is based on personal information in respect of the person and a Canadian credit history of the person of at least six month’s duration.

Description: This method allows customers who have at least six (6) months of Canadian credit bureau history to be identified using their credit bureau data. Generally customers must answer a number of questions about their credit history, and if they “pass” by answering enough questions correctly, they are considered to be identified.

Records Required: You must keep a record of the name of the identification product, the name of the entity offering it, the search reference number and the date you used the product to ascertain the individual’s identity.

Vendors: Vendors are listed in alphabetical order.

Equifax offers a product called EID Verifier. There is an implementation cost as well as additional costs per query (the cost per query varies depending on the volume). For more information contact Christopher Downer (Christopher.Downer@equifax.com).

TransUnion offers a product called Authentication Engine.   No pricing was available for this product, however, it was stated that the price would vary depending on the volume of queries. For more information contact Darren Webster (dwebster@transunion.ca).

Credit File

From the regulations: This method of ascertaining a person’s identity consists of confirming, after obtaining authorization from the person, their name, address and date of birth by referring to a credit file in respect of that person in Canada that has been in existence for at least six months.

Description: In order to use the credit file method, you must match your customer’s name, date of birth and address with a credit file. The customer must have at least six months of Canadian credit history.

Records Required: You must keep a record of the name of the entity keeping the credit file and the date you consulted it.

Vendors: Vendors are listed in alphabetical order.

Equifax offers a product called EID Compare that matches the credit file header (name address and date of birth) to your customer’s data and returns a pass/fail.  There is an implementation cost as well as additional costs per query (the cost per query varies depending on the volume).   For more information contact Christopher Downer (Christopher.Downer@equifax.com).

IDology offers a product called ExpectID that may have the ability to do credit header matches based on name, address and date of birth, as well as return a flag if there is less than 6 months of Canadian credit bureau data. In our brief conversation with IDology’s representatives, they mentioned matching other data sources such as phone books (these cannot be used under the PCMLTFR to identify Canadian customers). Unfortunately, we’re of the opinion that the solution may not be suitable unless you are willing to push hard to ensure that implementation is in line with your Canadian requirements. The representative noted that the company “offers solutions, but not advice on whether or not the solution is compliant” (paraphrased). No pricing or contact information was provided, but a demo can be arranged via the company’s website at: www.idology.com.

TransUnion offers a product called Enhanced Bureau Verification Services (EBVS).   The implementation cost is about $1,500, and there are additional costs per query (about $0.70). For more information contact Darren Webster (dwebster@transunion.ca).

Attestation

From the regulations: (1) This method of ascertaining a person’s identity consists of obtaining an attestation from a commissioner of oaths in Canada, or a guarantor in Canada, that they have seen one of the documents referred to in paragraph 64(1)(a) of these Regulations. The attestation must be produced on a legible photocopy of the document (if such use of the document is not prohibited by the applicable provincial law) and must include (a) the name, profession and address of the person providing the attestation; (b) the signature of the person providing the attestation; and (c) the type and number of the identifying document provided by the person. (2) For the purpose of subsection (1), a guarantor is a person engaged in one of the following professions in Canada:

(a) dentist;

(b) medical doctor;

(c) chiropractor;

(d) judge;

(e) magistrate;

(f) lawyer;

(g) notary (in Quebec);

(h) notary public;

(i) optometrist;

(j) pharmacist;

(k) professional accountant (APA [Accredited Public Accountant], CA [Chartered Accountant], CGA [Certified General Accountant], CMA [Certified Management Accountant], PA [Public Accountant] or RPA [Registered Public Accountant]);

(l) professional engineer (P.Eng. [Professional Engineer, in a province other than Quebec] or Eng. [Engineer, in Quebec]); or

(m) veterinarian.

Description: You may ask yourself what the difference is between the attestation method and using a mandatary. The simple answer is that with a mandatary, you have a written agreement in place in advance (and the mandatary does not need to be a designated professional). In the case of an attestation, your customer must be identified in person by a designated professional. This method can be useful when an individual has less than six months of Canadian credit history.

Records Required: You must keep a copy of the attestation, including information about the person providing the attestation and their signature.

Vendors: Any designated professional may provide this service. Fees generally vary from $0 (free) to about $50.

Cleared Cheque

From the regulations: This method of ascertaining a person’s identity consists of confirming that a cheque drawn by the person on a deposit account of a financial entity, other than an account referred to in section 62 of these Regulations, has been cleared.

Description: In order to use the cleared cheque method, you must receive a preprinted cheque (in any amount) from your customer, drawn on a deposit (not credit) account from a Canadian financial institution, and that cheque must be processed. Some financial institutions that use this method request a cheque in the amount of $1 and credit the amount to the customer once the cheque has cleared.

Records Required: You must keep a record of name of the financial entity and the account number of the deposit account on which the cheque was drawn.

Vendors: Outside vendors are not required to use this method. You will want to check to be certain that the name on the cheque matches your customer’s name, and you’ll need to have a bank account in order to clear the cheque.

Confirmation of a Deposit Account

From the regulations: This method of ascertaining a person’s identity consists of confirming that the person has a deposit account with a financial entity, other than an account referred to in section 62 of these Regulations.

Description: This method involves confirming that your customer has a deposit (not credit) account with a Canadian financial institution. This can be done by looking at a bank statement that contains the account type and your customer’s name (the balances and other financial information are not required), or by getting a letter from your customer’s bank confirming that they have a chequing or savings account.

FINTRAC has indicated that microdeposits and/or microwithdrawals could be used if the payment processor is able to return information about the account type and customer’s name as part of the process. The onus is placed on the reporting entity to ensure that all requirements are met.

Records Required: You must keep a record of the date on which you made the confirmation as well as the name of the financial entity where the account is held and the number of the account.

Vendors: Outside vendors are not required to use this method.

Mandataries

From the regulations: (1) A person or entity that is required to take measures to ascertain identity under subsection 64(1) or (1.1) may rely on an agent or mandatary to take the identification measures described in that subsection only if that person or entity has entered into an agreement or arrangement, in writing, with that agent or mandatary for the purposes of ascertaining identity. (2) A person or entity that enters into an agreement or arrangement referred to in subsection (1) must obtain from the agent or mandatary the customer information obtained by the agent or mandatary under that agreement or arrangement.

Description: A mandatary can identify a customer on your behalf, provided that you have a written agreement in place with the mandatary. The mandatary does not need to be a designated professional.

Records Required: You must keep a copy of your agreement with the mandatary, as well as the customer information that they collect on your behalf and the date on which the customer was identified.

Vendors:  Vendors are listed in alphabetical order.

Canada Post offers a Digital Proof of Identity (dPOI) service that includes online integration with your website experience.  It can be used as a standalone, or combined with other online identification methods.  The customer enters their information, and the dPOI tool generates a form that can be printed or saved.  The form has a special barcode that can be scanned at any Canada Post location, where a Canada Post employee will check the customer’s identification in person.  The system automatically notifies you when the customer has been identified.  For more information, contact Petr Komarek (petr.komarek@canadapost.ca).

Sterling BackCheck offers a service in conjunction with Canada Post that allows customers to be identified at any Canada Post location after downloading a form from a website. The implementation cost is $99 and there is an additional cost per verification (ranging from $25-35 depending on the volume). For more information contact Karina Widyani (kwidyani@backcheck.net).

Looking Ahead

Draft regulations that would change NF2F identification were published in the Canada Gazette on July 4th, 2015.  If and when these amendments are finalized, we expect that NF2F identification (in particular in the online space) will be much more streamlined.

Need a Hand?

If you’re not certain whether your current identification processes are meeting Canadian regulatory standards, Outlier can assess compliance and recommend process changes. Please contact us for more information.

 

Return to Blog Listing