PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Suspicious Transaction Reporting Updates

FINTRAC has published updated resources related to upcoming changes to suspicious transaction reports (STRs) on its Draft Documents page. This includes updated draft guidance on STRs, expected to come into force in September 2023.

While the updated forms are not yet in use, it is important that you communicate these changes to your information technology (IT) teams and service providers. The documentation published this week includes JSON schemas and API endpoints.

For reporting entities that complete STR reporting manually through FINTRAC’s online reporting portal, it is also important to familiarize yourself with updated structured reporting fields, including:

  • URL,
  • Type of device used,
  • Username,
  • Device identifier number,
  • Internet protocol address, and
  • Date and time in which online session request was made.

These can be reviewed in the draft STR form.

Of course, if you require assistance, Outlier Compliance is here to help, please contact us.

Fraud & Reasonable Grounds to Suspect

One of the themes that was prevalent in Canadian AML for 2021 was the relatively low bar represented by “reasonable grounds to suspect” (RGS) and the types of transactions for which FINTRAC expected suspicious transaction reports (STRs) to be filed. One of our astute colleagues worked with us to craft some specific scenarios (the full version, including FINTRAC’s response, can be viewed here), and FINTRAC’s response seems to confirm a significant shift in position from previous discussions. Specifically, STRs are expected in cases of fraud, including cases in which the reporting entity’s client is believed to be the victim of fraud.

Here is a scenario that we asked about:

Scenario 2

A client reaches out to notify us that they sent the virtual currency to another party who promised them a generous short-term return. The client never received the promised funds and believes they have been defrauded. We review the customer account activity and do not find any anomalous activity either prior to or after the client sent the virtual currency to the wallet provided by the fraudster. The client appears to have sent their own funds to the fraudster and there is no account activity corresponding to any irregular transactions, including money mule indicators. Our client is simply a victim of fraud.

Based on strictly these facts, context and indicators, we have not reached reasonable grounds to suspect any money laundering or terrorist financing offences by our client. There may be downstream suspicion related to the wallet where the fraudulently obtained funds were sent but we do not have any suspicion based solely on our client’s transactions which include the transmission of virtual currency to that other wallet. We do not have any information or suspicion related to the other wallet except for the knowledge that our client’s virtual currency was sent to it.

Given the above, we believe no STR would be required. Could you please confirm our position? If the position taken here does not seem correct, please provide an underlying rationale.

And an excerpt from FINTRAC’s response:

In scenario 2, an STR should be submitted if the reporting entity reached reasonable grounds to suspect that the transaction or attempted transaction is related to fraud.

Not Just for Virtual Currency

While the scenario that we’ve provided is specific to virtual currency, the implications of this policy interpretation are not limited to transactions that involve virtual currencies. Every reporting entity type will deal with suspected and confirmed cases of fraud that touch their business models.

Why Does It Matter

To really get to why this matters so much, we need to first look at the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), which is where the requirement is first defined in Section 7:

Transactions if reasonable grounds to suspect

7 Subject to section 10.1, every person or entity referred to in section 5 shall, in accordance with the regulations, report to the Centre every financial transaction that occurs or that is attempted in the course of their activities and in respect of which there are reasonable grounds to suspect that

(a) the transaction is related to the commission or the attempted commission of a money laundering offence; or

(b) the transaction is related to the commission or the attempted commission of a terrorist activity financing offence.

This is important as the provision of the PCMLTFA (the section number) is what’s listed in the Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations, where potential penalties are defined. Violations of Section 7 of the PCMLTFA are considered “very serious”. In turn, a “very serious” violation can lead to a penalty of up to $500,000 – for each instance.

If you’re a quantitative type quietly working out the rough number of fraud cases that your reporting entity has had recently, multiplying by $500,000, and feeling a bit nervous, you are not alone.

What’s Next?

While guidance and policy interpretations do not carry the force of law, this is often a distinction without a difference. Might a reporting entity take an appeal to federal court and win? Perhaps…though under the existing rules, that reporting entity’s name will be published (required where the violation is considered to be “very serious”), which for some reporting entities would have significant consequences, including the loss of vital banking partner relationships. Further, the cost of competent representation in a federal appeal process is well beyond the means of most small and mid-sized reporting entities.

Industry associations will, no doubt, continue to lead important conversations with FINTRAC and seek clarification for their members.

In the meantime, for most Canadian reporting entities, the most pragmatic decision will likely be to devise internal guidelines that include reporting STRs related to fraud cases.

Need a Hand?

If you want to make updates to your compliance program to reflect this new policy interpretation, or assistance with Canadian AML generally, please contact us.

Suspicious Transaction Reporting in 2015

Preparing for a FINTRAC examination

At the Canadian Institute’s 14th Annual AML Forum, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) reviewed its expectations for suspicious transaction reporting. FINTRAC emphasized that suspicious transaction reports (STRs) are vital to the agency’s mandate as Canada’s financial intelligence unit (FIU) and ongoing collaboration with law enforcement agencies. While reporting entities (REs) in Canada have been required to report transactions for quite a few years, we’ve had many questions from REs about what FINTRAC expects and looks for in examinations. FINTRAC’s most recent guidance is useful in tuning your technology, enhancing your processes, and asking the right questions at industry association meetings.

What is FINTRAC Looking for in STRs?

When FINTRAC conducts compliance examinations, they will be applying three tests to STR data, including:

  1. Entity Practitioner: FINTRAC will look for transactions that are similar to those involved in STRs that you have reported. If there are similar transactions or transaction patterns that have not been reported to FINTRAC, there should be an explanation for the difference. Where possible, this explanation should be documented.
  2. Sector Practitioner: FINTRAC will compare the number and type of STRs submitted by similar entities. The size and type of business are taken into consideration.
  3. Reasonable Practitioner: FINTRAC will analyze a sample of reported STRs and unreported transactions against relevant guidance. In this case, relevant guidance means the suspicious transaction indicators from FINTRAC’s Guideline 2 that are applicable to your business.

These are terms that we’re likely to hear more about over the coming months, and there are compliance program adjustments (most of them relatively simple) that can be made to ensure that you’re meeting this standard.

Tune Your Technology

Amber looking at laptop FINTRAC screen

Most REs use software solutions to detect potentially suspicious transactions. Almost all transaction monitoring software uses some type of rules-based system to determine when alerts should be generated. These rules should, at minimum, reflect the indicators that are applicable to your business. Not all of the indicators from FINTRAC’s Guideline 2 will be applicable to your business. Where possible, you should document the decisions that you make about your transaction monitoring rules, including the rationale for those decisions.

The most sophisticated software platforms have machine learning functions. These can take the decisions that have been made about previous alerts and use this information to refine how the program works. For example, if a particular pattern of transactions was deemed to be suspicious, the program may look for similar patterns.

If you’re not using software that does this on its own, don’t panic. You can review the STRs that you’ve submitted to FINTRAC to determine whether your transaction monitoring rules are tuned to reflect the types of money laundering and terrorist financing threats that you’ve previously encountered. This should be done on a regular basis (for example, as part of your Risk Assessment updates). If you have an STR that is related to a pattern that you don’t have a rule to cover, you may want to do this sooner, rather than waiting for the next scheduled update.

Train Your Staff

Training

Over the years, I’ve heard many Compliance Officers express frustration about not knowing whether or not STR data has been useful to FINTRAC or law enforcement. To close this gap, I’ve looked for articles and speakers from FINTRAC and law enforcement that could provide meaningful information about the type of information that is most useful. The same principle applies to your staff.

You can use existing cases (you’ll want to remove any personal information for training purposes) to demonstrate the type of transactions that you want your staff to escalate to compliance for review. Existing cases from the media, and end to end cases provided by training companies like TAMLO, are also excellent resources. Keeping your annual training fresh is a challenge, and using your STRs as cases is one way to do that, while also meeting FINTRAC’s expectations.

Refine Your Audits & Effectiveness Reviews

AML Compliance Effectiveness Review

Are your auditors and/or reviewers using the same tests that FINTRAC is using to assess your compliance? If you’re not certain, ask.

If you perform self-assessment testing, you may want to include these tests as well.

As of 2015, all AML Compliance Effectiveness Reviews performed by Outlier will use these three key tests to assess STR data.

Ask Your Industry & Working Groups for More

Hanshake

Most REs have excellent industry associations and working groups such as the Canadian Banker’s Association (CBA), Canadian MSB Association (CMSBA) or the Canadian Jewellers Association (CJA). These groups are excellent resources and can help you understand STR trends across your industry. If you’re not a member, you may still be able to attend regular conferences or events.

Need A Hand?

We would love to hear from you. If there are topics that you would like to know more about, or if you need assistance with your compliance program, please contact us.

Return to Blog Listing