Posted by Brian Monroe - bmonroe@acfcs.org 08/25/2020
Regional Report: Canada has done ‘amazing things’ to fight crime through public-private partnerships, but still hampered by stringent privacy rules, lack of AML safe harbors
The skinny:
- In recent years, Canada has done “amazing things” in the arena of stronger information sharing between regulators, banks and law enforcement to target some of the most insidious financial crimes of our times, including human trafficking, which became a global model to help other regions.
- But some professionals say the region is still hampered by stringent privacy rules and a lack of formalized compliance safe harbors, similar to those in the United States, enshrined in Patriot Act Sections 314 (a) and 314(b).
- Those provisions in the seminal act allow law enforcement to query, and share information with banks, and banks to share information with each other on suspected instances of money laundering and terrorist financing.
- Those are just some of the takeaways from the “Canada Focus – FinCrime Trends and Case Studies,” session, a panel from ACFCS Fincrime Virtual Week, hosted by the Toronto Chapter.
- More than 5,600 attendees, speakers and thought leaders registered for the Association of Certified Financial Crime Specialists’ (ACFCS) first-ever fully online conference, which addressed the overarching themes of Disruption, Innovation and Resiliency.
- The event covered five days of learning between Aug. 3 and Aug. 7 with dozens of sessions and speakers, including top federal regulators, investigative agencies and thought leaders from the banking, consulting, insurance, crypto currency and other financial services sectors.
- Overall, the event highlighted the vital importance of collaboration, between banks, law enforcement and regulators, including illuminating the opacity of impenetrable beneficial ownership structures and finding ways to ensure criminals can’t hide behind shell companies, legal entities or evade investigators through virtual worlds.
In recent years, Canada has done “amazing things” in the arena of stronger information sharing between regulators, banks and law enforcement to target some of the most insidious financial crimes of our times.
Spearheaded by banks including BMO, HSBC, CIBC, RBC and Scotiabank, these groups have partnered with the Country’s financial intelligence unit to use data and investigator ingenuity to understand, report on and take down illicit networks.
The combined public-private sector might of these institutions and the government have come together under a single banner, to marshal their forces against money laundering, romance scams and other frauds, child exploitation and human trafficking – which became a global model to help other regions ally, align and attack criminals.
But some professionals say the region is still hampered by stringent privacy rules and a lack of formalized compliance safe harbors, similar to those in the United States, enshrined in Patriot Act Sections 314 (a) and 314(b).
Those provisions, created after the September 11, 2001 terrorist attacks in New York and Washington, D.C., allow law enforcement to query, and share information with banks, and banks to share information with each other on suspected instances of money laundering and terrorist financing.
Those are just some of the takeaways from the “Canada Focus – FinCrime Trends and Case Studies,” session, a panel from ACFCS Fincrime Virtual Week, hosted by the Toronto Chapter.
More than 5,600 attendees, speakers and thought leaders registered for the Association of Certified Financial Crime Specialists’ (ACFCS) first-ever fully online conference, which addressed the overarching themes of Disruption, Innovation and Resiliency.
The event covered five days of learning between Aug. 3 and Aug. 7 with dozens of sessions and speakers, including top federal regulators, investigative agencies and thought leaders from the banking, consulting, insurance, crypto currency and other financial services sectors.
Overall, the event highlighted the vital importance of collaboration, between banks, law enforcement and regulators, the need to illuminate the opacity of impenetrable beneficial ownership structures and the risks of shell companies, legal entities and crypto currencies.
PPPs – how all the stakeholders in the fight can see the bigger picture
Since 2016, Canada’s Financial Transactions and Reports Analysis Centre (Fintrac), the country’s financial intelligence unit (FIU), has forged innovative public-private partnerships (PPPs) with many of the largest banking groups in the region.
This has helped regulators, investigators and banks better understand the nuanced financial trails of crimes including human trafficking, money laundering, romance scams and other frauds and currently, child sexual exploitation.
The PPPs have been so successful, Fintrac’s strategy to counter human trafficking, for instance, has become a “global model,” where the regulator has traveled around the world to bolster capacity in this area, a framework that can improve effectiveness and immediate outcomes without the pitfalls or time delays of passing and implementing new regulations.
“Banks decided the subject,” of the PPP, which in recent years has included human trafficking, fraud and other crimes, said Michael Boole, the Manager of the Financial Intelligence Sector for AML/ATF at Fintrac, during the panel discussion.
The efforts have been extremely successful, domestically and internationally.
The PPPs have resulted in a “thousands of percent increase in the volumes of [suspicious transaction reports (STRs)] to this day,” he said, adding that Fintrac has “gone around the world to discuss this” model, which can improve reporting, investigations and help take down larger criminal networks with “no legislative changes needed.”
But even as these moves have cumulatively resulted in more and better STRs tied to these crimes in Canada, some longtime compliance professionals in the Great White North believe so much more could be done.
Why?
Banks have to balance their desire to better use their data and help law enforcement with a very real fear of violating recently-strengthened privacy rules – with failures resulting in penalties of more than $100,000 or more.
PPPs have resulted in a “thousands of percent increase in the volumes of [suspicious transaction reports (STRs)] to this day."
Canada FATF Mutual Evaluation Report 2016 Snapshot: Strong laws, but gaps in terms of casinos, gatekeepers and law enforcement effectiveness
Here is a snapshot of some of the strengths and weaknesses of Canada’s financial crime compliance regime, from the 2016 Financial Action Task Force (FATF) mutual evaluation.
The group, the world’s chief AML watchdog, lauded the country for its powerful laws, but noted gaps in high risk areas, including gatekeepers, such as lawyers, non-bank groups, for instance real estate, and wanted better results for law enforcement investigations.
- Strong framework to fight ML/TF with comprehensive set of laws/regulations
- Financial entities understand obligations, but there is a lack of awareness among DNFBPs, and in particular real estate agents
- Significant loophole – legal counsels, legal firms not subject to AML/ATF legislation
- Other gaps in high-risk areas: online casinos, open loop prepaid cards, white label ATMs
- Law enforcement results are not commensurate with risk. LEAs generally suffer from insufficient resources and expertise to pursue complex ML cases
- Legal persons and arrangements are at a high risk of mis-use, and that risk is not mitigated; BO information is difficult to verify
- Federal FIU (FINTRAC) is not authorized to obtain additional information related to suspicions of ML/TF
Canada AML regime as white as snow?
During the Canada panel, the country’s overall financial crime and compliance successes, and failures, were laid bare.
In particular Canada has been the subject of internal and external analyses, including top reviews by global watchdog bodies and several regional reports from British Columbia looking at money laundering through casinos, underground banking and real estate.
The reports, dubbed cumulatively as “Snow Washing,” have “really exposed Canada’s money laundering problems as of late,” said Bob Kapur, an independent AML/ATF consultant with more than 20 years of experience, including as the Deputy Chief AML Officer at a Big Five Canadian bank, during the Canada panel.
As well, the spotlight on British Columbia also “highlighted weaknesses in the ability to know and understand beneficial owners,” he said.
One report highlighted that many, as much as “80 percent of the top tier properties in terms of price were owned by numbered companies, investment holding companies or quasi-anonymous trusts.”
The starkness of those figures was not lost on FATF.
The FATF report was “generally good,” Kapur said. “We have done some amazing things to advance the fight against financial crime through public private partnerships, the triple Ps.”
“But we did have some significant loopholes identified,” he said, including the lack of “enscopement” of lawyers and certain areas of the legal sector in terms of formal AML duties.
The report, however, even while lauding the ability of Fintrac to engage in these partnerships and create “operational alerts” to help banks be privy to broad trends, patterns and the key red flags of certain crimes, noted that the regulator also has limits to its power.
To wit, in many cases Fintrac can’t even follow up with reporting entities for more details on certain filings tied to named subjects due to constraints by the country’s privacy laws.
Banks also “can’t share private to private,” Kapur said, adding that many top minds and banking groups have lobbied for Canada to adopt U.S.-style sharing provisions, such as Patriot Act Sections 314(a) and 314(b).
Part and parcel of this is not just the power for law enforcement to query and share information with banks, and banks to share information with each other, but broad safe harbors saying that if banks share information on suspected money laundering and terrorist financing cases – and the prevailing mentality is that includes the underlying specified unlawful activities – the banks are protected from civil and other suits.
In quest to share data, banks also must remember to protect it
The theme of PPP was also a focal point of the Canada session, but also the panel addressed the counterpoint of sharing data – the need to protect it and potential unwanted regulatory scrutiny and even penalties that could arise if failings occur.
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), what many refer to as Canada’s answer to the European Union’s Global Data Protection Rule (GDPR), got significantly more teeth in November 2018 tied to data protection requirements for industry to implement a system to report breaches to the government and potentially affected individuals.
What does this mean for bank anti-money laundering (AML) teams?
Banks can not only get in trouble if data captured for AML risk assessment purposes gets stolen in a data breach by outside attackers, they can also fall afoul of privacy rules if this data is improperly shared with outside entities, such as other banks, even if the purpose is ostensibly for the greater good.
Even with a tightrope to balance in Canada, there are a bevy of practical, tangible benefits for regions that engage in strong PPPs, domestically and internationally, according to a report released Monday by the Royal United Services Institute on the Future of Financial Intelligence Sharing (FFIS).
Here are a few points for collaboration:
- Provide regularly convened dynamic public–private dialogue on financial crime threats, based on shared and agreed objectives and priorities.
- Act within the law by making use of available information-sharing legislation, based on a shared public–private understanding of the legal gateways and boundaries of sharing information;
- Can enable, to some degree, private–private sharing of information
- Can boost knowledge between certain regulated entities, including examiners and investigators;
PPPs can help address one or more of the following issues:
- Sharing of tactical information, including the identities of entities of concern, to enhance ongoing investigations.
- Collaborative knowledge management processes to build understanding of threats and risks
- For example through the co-development of typologies (sometimes referred to as ‘alerts’) and the development and testing of indicators, to improve reporting from the private sector.
Practical takeaways from Canadian PPPs – better controlling the narrative
Finally, from a Canadian context, the advent of public-private partnerships designed at identifying and reporting on specific types of criminal activity have introduced welcome additions to the narrative section of suspicious transaction reports, according to thought leaders working on a forthcoming ACFCS Canadian STR Almanac.
Starting with Project Protect, the public-private model has expanded out from identifying indicators of human trafficking (#PROJECT PROTECT), to other types of crime such as romance fraud (Project CHAMELEON or #CHAMELEON), opioid and fentanyl trafficking (#PROJECT GUARDIAN or #FENTANYL).
Including the hashtag of the type of crime the suspicious activity or transaction is associated with facilitates Fintrac’s disclosure process, ensuring the STR is identified accordingly, and routed to the appropriate individuals.
This example is relevant to a Canadian context, but this is an important example of additional types of information that should be included in the narrative section of an STR or SAR, as they apply to one’s local jurisdiction.
Ironically, Canada does have a section in its criminal code allowing banks to reach out directly to law enforcement, but many banks are reticent to do so.
Under Section 462.47, the code states that, “a person is justified in disclosing to a peace officer or the Attorney General any facts on the basis of which that person reasonably suspects that any property is proceeds of crime or that any person has committed or is about to commit a designated offence.”
So if that section allows such sharing, that begs the question: are banks using it? Not really.
Section 462.47 is “used, but used very sparingly, especially amongst the big banks,” Kapur said. “From a reporting entity perspective, that can be done and is done in some situations. If the bank is the victim of a major loss, or a significant fraud, we might report that directly to law enforcement.”
But why are institutions and even law enforcement so worried about being direct partners?
Both sides fret that “not going through the Fintrac route could jeopardize any information given,” he said.
Banks in some cases worry about sharing information directly with law enforcement due to privacy concerns and a fear that "not going through the Fintrac route could jeopardize any information given."
- Bob Kapur, indepenent AML expert, former compliance officer