Canada: FINTRAC Reveals Its Secret Formula For Determining "Harm Done", Calculating AMP Amounts

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) recently released its interpretation of the term "harm done" in the context of violations of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated regulations (Regulations). The "harm done" guidance should be read together with the administrative monetary penalties policy (AMP Policy) issued by FINTRAC in February 2019 (for more information about the AMP Policy, please see our February 2019 Blakes Bulletin: FINTRAC: All Amped Up).  

The "harm done" guidance (collectively, Guidance) is important for reporting entities (REs) to understand because "harm done" by a violation is one of the factors that FINTRAC is statutorily required to consider in determining the amount of a penalty for non-compliance with the PCMLTFA and Regulations. In that respect, FINTRAC interprets the term "harm done" to mean the degree to which a violation interferes with achieving the objectives of the PCMLTFA.

The Guidance provides seven "harm done assessment guides". These guides set out how FINTRAC approaches the harm done criterion under the PCMLTFA and the Administrative Monetary Penalty Regulations (AMP Regulations) in respect of the following category of offences:

• Compliance program violations
• Large cash transaction reports, electronic funds transfer reports and casino disbursement reports violations
• Suspicious transaction reports (STRs) violations
• "Know your client" requirements violations
• Record keeping violations
• Money services businesses registration violations.

The publication of this Guidance is part of a directed effort on the part of FINTRAC to ensure that it will be able to enforce any notices of violation that it issues against REs by being transparent in how it approaches the implementation of monetary penalties under the PCMLTFA. As noted in our previous Bulletin (see link above), this is part of a continuing effort to remedy FINTRAC's previous approach to the imposition of monetary penalties outlined in the decision of the Federal Court of Appeal in Canada v. Kabul Farms Inc., where the court harshly criticized FINTRAC's "secret" formula for determining the amount of a penalty that it imposed. In response, the Guidance now provides a transparent (and somewhat dogmatic) approach as to FINTRAC's methodology in determining the amount of a penalty for PCMLTFA violations.

It is noteworthy that while FINTRAC reiterates numerous times throughout the Guidance (and the AMP Policy) that the statutory purpose of imposing monetary penalties is to encourage compliance by REs (rather than to punish), recent changes to the PCMLTFA and much of FINTRAC's updated guidance shows a heightened readiness to impose monetary penalties against those who violate the policies and objectives behind the PCMLTFA including a "name and shame" policy for REs that violate the PCMLTFA.

In that regard, if an RE is served with a notice of violation under the PCMLTFA by FINTRAC, it is able to make representations to the director setting out why it believes the penalty is unjustified or why, in the RE's view, it did not violate the PCMLTFA. If the director disagrees with the RE's position, the RE has the right to appeal the notice of violation to the Federal Court. In that respect, the PCMLTFA, until recently amended, provided as follows:

"When proceedings in respect of a violation are ended, the Centre may make public the nature of the violation, the name of the person or entity that committed it, and the amount of the penalty imposed".

Accordingly, if an RE appealed a notice of violation to federal court, it could have the court record sealed and make appropriate representations in order to have the decision overturned or modified, before the results of any decision were made public.

However, not only did the changes made to the PCMLTFA by Bill C-97 remove the section that provided that a notice of violation against an RE could only be published when all proceedings are ended, it also removed any discretionary rights that FINTRAC had in determining whether to publish the name of any RE issued with a notice of violation. Specifically, the new language in section 73.22 of the PCMLTFA (which came into effect in June of 2019), provides that FINTRAC shall make public the nature of any violation, the name of the person or entity that committed it and the amount of the penalty imposed. Moreover, this mandatory requirement to publish arises before an RE has had a right to exhaust its appeal rights. For many REs, this publication obligation will negate any benefit in appealing a Notice of Violation in the first place, which was likely the reason for this change made to the PCMLTFA.

THE "HARM DONE" ASSESSMENT GUIDANCE

The PCMLTFA and the AMP Regulations set out three criteria that must be considered by FINTRAC when determining the amount of a penalty to impose under the PCMLTFA:

• The purpose of AMPs, which is to encourage compliance, not to punish (non-punitive)
• The harm done by the violation
• The RE's history of compliance.

The standard of "harm" is to be measured using the standards set out in the Guidance. They provide what FINTRAC considers to be the benchmark dollar amounts for the levels of harm for each specific violation of the PCMLTFA or the Regulations.

By way of example, in respect of violations of the requirement to implement a compliance program, the AMP Regulations classify such a violation as "serious" which carries a penalty that ranges from C$1 – C$100,000. For these violations, the Guidance attempts to quantify the degree of "harm done" by identifying four different degrees of harm for improperly implementing a compliance program with corresponding base penalties of C$100,000, C$75,000, C$50,000 or C$25,000. Level 1 harm, the highest degree of harm, would apply where there is complete or widespread non-compliance with the requirement (e.g., no policies and procedures have been developed or applied). Levels 2, 3 and 4 provide for situations of partial non-compliance with the "harm" based on FINTRAC's view of the importance of the missing compliance element in light of objectives of the PCMLTFA and FINTRAC's mandate.

For violations for suspicious transaction reporting, FINTRAC has identified six levels of harm for non-compliance with base penalties ranging from C$25,000 to C$500,000. The highest levels of harm (levels 1 and 2) relate to the failure to submit an STR while the other levels of harm relate to STRs submitted with data quality issues (with base penalties ranging from C$25,000 to C$100,000).

FINTRAC will then take the other statutorily mandated factors into account (history of compliance and the fact that penalties are meant to encourage compliance rather than to punish) and apply those factors to the base penalty amount to calculate the amount of the penalty to be imposed. By way of example, FINTRAC indicates that for a first-time violation, it will typically reduce the penalty by two-thirds while for a second time violation the penalty is reduced by one-third. For violations occurring a third time or more, the full base penalty amount will be typically applied.

It is noteworthy that in the vast majority of FINTRAC audits, REs will have at least one or two elements of non-compliance. As such, FINTRAC's determination in whether to apply a penalty in the first place will have significant ramifications because once FINTRAC has issued a notice of violation, the director rarely strays from the position that a violation has occurred, despite the possibility of being open to reducing the amount of the penalty. It follows then that once an RE receives a notice of violation, it is very probable that the notice of violation will be published. As such, an evidenced culture of compliance will be critical for REs to demonstrate in FINTRAC examinations so that FINTRAC does not feel the need to issue a notice of violation to encourage compliance.

The Guidance is detailed in terms of the calculation of the level of harm. While a complete summary of the Guidance is beyond the scope of this Bulletin, the following are some interesting takeaways for consideration:

• For compliance program violations, as noted above, FINTRAC has identified four levels of harm with penalties ranging from C$25,000, C$50,000, C$75,000 and C$100,000. Interestingly, and consistent with FINTRAC's earlier guidance, FINTRAC notes that it will consider it to be a compliance violation if the person appointed as a compliance officer does not have adequate knowledge of the PCMLTFA or the Regulations or does not possess the authority or have adequate resources to implement the compliance program. As such, the person that an RE puts before FINTRAC in the context of an audit should have an in-depth understanding the of the Canadian regulatory scheme.
• The Guidance repeatedly states that violations of requirements under the PCMLTFA "may" lead to certain actions or "could" result in certain issues thereby warranting certain base fines (the potential harm). In that regard, it is not entirely clear that the harm done assessment will focus on the actual harm done as opposed to the potential of harm that could have occurred. As an example, the Regulations require REs, when performing foreign currency conversions, to use the Bank of Canada official exchange rate to determine if a transaction meets the reporting threshold. FINTRAC notes that failing to use the Bank of Canada conversion rate will merit the same fine as failing to report a transaction. There is no discussion in respect of mitigating factors (for example, no filings were in fact missed as a result of the calculation).
• In respect of the Guidance on violations for suspicious transaction reporting, there are a few noteworthy observations. In respect of mitigating factors that FINTRAC will consider in reducing the amount of an AMP, FINTRAC will take into consideration the fact that an RE gave information to law enforcement or if it reversed, cancelled or rejected the transaction in question. It is interesting that in respect of unreported suspicious transactions that are reported by the RE to law enforcement, FINTRAC will only reduce the penalty by C$75,000 (for a C$500,000 penalty) because even if a matter was reported to law enforcement "there is still harm to the regime and to FINTRAC's mandate as the information was not made available to FINTRAC".
• In respect of the requirement to verify identity, FINTRAC speaks to accounts that have been opened for a client in circumstances where client identity has not been established. In this regard, FINTRAC notes that if no transaction has been conducted on the account, "FINTRAC may consider this to be a mitigating factor and reduce the penalty". In that regard, it is hard to see the "harm done" where no transaction has been undertaken on an account. This seems to be more in keeping with a technical, as opposed to a holistic approach to compliance.
• One of the more challenging things about the PCMLTFA in general is that certain provisions of the legislation are drafted on the underlying premise that if a person is going to be using an account for money laundering, they will be transparent about that in their interactions with REs. Nowhere is that underlying assumption more evident then in the discussion in the Guidance in respect of the third-party determination requirement. In that regard, in respect of the requirement for an RE to determine if an account is being used by or on behalf of a third party, FINTRAC notes that "an RE who does not take any measures to make a third party determination has fully interfered with the purpose of the requirement which is to eliminate anonymity and identify the individuals/entities that are giving instructions on the transactions/activities conducted". FINTRAC then goes on to note that "given the importance of removing anonymity in financial transactions and activities", the maximum prescribed penalty of C$1,000 will apply. This position assumes that a person who is taking instructions from a third party to launder funds will be fully transparent with the RE with which it is dealing, an unrealistic assumption for any sophisticated person involved in illicit activities.
• In respect of the requirement for certain REs to maintain "signature cards" (defined as a document that is signed by a person who is authorized to give instructions regarding an account, or electronic data that constitutes that signature of such a person), FINTRAC notes that "failure to keep a signature card poses harm at the highest level (Level 1) because the information that identifies a person is non-compliant". This is an interesting rationale given that not all sectors of REs in fact require "signature cards" to be obtained. Moreover, the Regulations effectively allow a four-digit PIN to serve as a "signature".

REs are encouraged to review the Guidance to better understand FINTRAC's process in respect of the application of AMPs. Of course, compliance with the PCMLTFA and a strong culture of compliance will avoid any issues associated with the implementation of AMPs. However, as most REs are aware, it is rare to come through a FINTRAC examination without FINTRAC finding any violations. Given the new publication standard in the PCMLTFA, it will be critical for REs to illustrate that they understand the requirements of the PCMLTFA and are making "gold star" efforts to comply. Hopefully, FINTRAC will use a holistic approach to implementing AMPs as it indicates in the AMP Policy and Guidance. Documentation of programs and actions taken (or chosen not to be taken) will be critical and in respect of the filing of STRs, given FINTRACs recent guidance and position on the filing of STRs, a "better safe than sorry" approach is warranted.

For permission to reprint articles, please contact the Blakes Marketing Department.

© 2019 Blake, Cassels & Graydon LLP.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.