Canada's AML/CFT regime may need a revamp, but problems raise questions about more systemic issues
I was privileged to work in Canada’s AML/CFT regime for nearly a decade, and continue to work on illicit financing issues both in Canada and internationally. Reform of the AML/CFT regime in Canada is of critical importance, because, as the article states, “Canada has five of the world’s largest 60 banks and is an increasing destination for global capital.”
As Canada’s appeal as a destination for global capital increases, so does its appeal to illicit financing actors, such as money launderers, terrorist financiers, sanctions evaders, those wishing to hide the proceeds of corruption, etc. Canada needs to update its AML/CFT regime, certainly. But beyond updating and enhancing the regime, there are other, more systemic issues, that need to be addressed. One is the use of FINTRAC information (or lack thereof), and the second is compliance with the regime.
The use of FINTRAC information by law enforcement (from the perspective of prosecutions relating to ML/TF) is dismal. That’s not to say that disclosure recipients do not make good use of the information - the information can be used to generate leads and corroborate other information. But the lack of prosecutions relating to ML and TF may point to other problems in the regime, such as exploitation of FINTRAC disclosures, understanding the ML/TF problem, and willingness to prosecute those cases.
One of the sources in the WSJ article cited Canadian privacy laws as part of the problem because of the difficulty that they create in getting a warrant. From my experience, that's not where the problem lies, since FINTRAC discloses information without a warrant (that's the entire premise of the regime). In fact, in 2016/17 (the last year that information is available), FINTRAC made 2,015 disclosures to law enforcement and security services. This issue does not appear to be with getting information out of FINTRAC; it’s what happens after that appears to be more of the issue.
Compliance issues in the Canadian banking sector raise even more concerns.
According to the article, "Fintrac said in a recent report to lawmakers that more than two-thirds of Canadian banks it examined had “significant levels” of noncompliance with anti-money-laundering rules.” It’s unclear from the article which of those rules were broken; however, that any Canadian bank would have any significant level of non-compliance raises questions about the integrity of the Canadian financial sector.
Are Canadian banks dedicating enough resources to ensure that they are complying with the laws and regulations? Are their systems optimized to ensure compliance, or are there legacy technologies that are preventing effective compliance? Do the banks have a culture of compliance, or do they have a culture of reducing costs? Finally, my view has always been that Canadian banks comply with the regulations and the law in order to reduce regulatory risk, but do not take their reputation risks seriously enough. It seems that I may be wrong, and that they do not take their regulatory risks seriously either.
If Canadian banks have these significant deficiencies in their compliance programs, the responsibility for enforcing the laws and regulations lies with FINTRAC and law enforcement. FINTRAC has a robust compliance function, which includes the ability to fine banks through administrative monetary penalties for non-compliance. To date, there have been very few fines against Canadian banks. In fact, only one administrative monetary penalty has been publicly imposed against a bank, for $1.1 million, the details of which were not immediately made public.
Between 2012 and 2016, FINTRAC publicly named and issued 23 administrative monetary penalties, totalling approximately 1.4 million (excluding the $1.1 million bank fine). FINTRAC has not issued an AMP since 2016, according to their website. This is at odds with their report indicating that there are significant levels of non-compliance.
Part of the problem appears to be legal in nature. Since May 2016, FINTRAC has been unable to impose those administrative monetary penalties. A review of the administrative monetary penalty system is expected this summer.It’s unfortunate that it’s taken the agency over two years (and counting) to deal with this issue. As we’ve seen, banks will not regulate themselves, and they need to be ‘incentivized’ in order to comply with laws and regulations.
FINTRAC also has the ability to make disclosures relating to criminal non-compliance to law enforcement. The most recent annual report does not indicate whether or not the organization made any such disclosures; however, this again requires that law enforcement be willing to investigate, and then prosecute, these types of offences. http://www.fintrac-canafe.gc.ca/publications/ar/2017/1-eng.asp#s4
To be honest, despite having spent close to a decade in the regime, I’m not entirely sure where all the problems lie. I do think that it’s facile to say that the problem is with the law or regulations. The problem may be more systemic than legal. However, in order to really determine where those problems are, and what measures can be implemented to fix them, a robust study is needed. That study needs to examine the legal frameworks involved, but also how FINTRAC receives and discloses information, what partners do with that information, how investigations are managed and concluded, and how prosecutorial decisions are made, amongst other things.
*Note: while this article has focused on banks, other reporting sectors are not without their faults. In fact, most of the administrative monetary penalties that FINTRAC has administered have been against money services businesses, and four notable fines against securities dealers.