New Bitcoin Law
By Christine Duhaime, B.A., J.D., Financial Crime and Certified Anti-Money Laundering Specialist
At the end of this week, the Parliament of Canada approved what is likely the world’s first national Bitcoin law, and certainly the world’s first treatment in law of Bitcoin under national anti-money laundering law.
Late Thursday, Canada’s Governor General gave Royal Assent to Bill C-31, An Act to Implement Certain Provisions of the Budget Tabled in Parliament on February 11, 2014 and Other Measures (“Bill C-31“). Bill C-31 amends Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Act, S.C. 2000, c. 17 (“PCMLTFA“) to legislate over Bitcoin as a matter of anti-money laundering law.
Five Key Changes
The five most important aspects of Bill C-31 as they relate to Bitcoin are as follows:
- Regulates Bitcoin as MSB – Bitcoin dealing, more specifically referred to as “dealing in virtual currencies” in Bill C-31, will be subject to the record keeping, verification procedures, suspicious transaction reporting and registration requirements under the PCMLTFA as a money services business.
- Does not define “dealing in virtual currencies” - The phrase “dealing in virtual currencies” was left undefined and it is not known what the defined term will encompass in terms of business activities once defined by regulation.
- Registration with FINTRAC - Bitcoin dealers will be required to register with FINTRAC and if successfully registered, to implement a complete anti-money laundering compliance regime.
- Captures foreign Bitcoin companies targeting Canada – Bill C-31 extends to: (a) entities that have a place of business in Canada; and (b) entities that have a place of business outside Canada but who direct services at persons or entities in Canada. Bitcoin captured businesses in Canada, however, that provide services to persons or entities outside of Canada are exempt from Bill C-31 for those external services.
- Prohibits banks from opening accounts for Bitcoin entities if unregistered - Under Bill C-31, banks will be prohibited from opening and maintaining correspondent banking relationships with Bitcoin dealers that are not registered with FINTRAC. This is an extremely important aspect of Bill C-31 and Bitcoin businesses should ensure they understand what a correspondent banking relationship is in anti-money laundering law and how it can affect the provisions of banking services to them.
Under Canadian law, the fact that legislation received Royal Assent does not necessarily make it in force. Certain parts of Bill C-31 come in force on dates determined in Bill itself and others will come in force on a date determined by the Governor General. See “Next Steps” below for what the next steps in the legislative process involve in Canada.
Pursuant to the amended PCMLTFA, Bitcoin businesses that are the subject of Bill C-31 will be required to undertake the following obligations. For consistency, referred to below as a “bitcoin dealer”:
A. Report Suspicious Transactions
Bitcoin dealers will be required to report to FINTRAC every suspicious financial transaction and attempted suspicious financial transaction. There is no monetary threshold (i.e., dollar amount) that triggers the requirement to report a suspicious transaction.
A suspicious transaction is a financial transaction where the Bitcoin dealer has reasonable grounds to suspect is related to a money laundering offence or a terrorist activity financing offence or an attempted commission of any of those offences.
An attempted suspicious financial transaction is one which is suspicious but not completed. It may not be completed because the Bitcoin dealer refuses to complete it or the client decides not to complete it.
A money laundering offence involves using, transferring, delivering, transmitting, altering, dealing with or disposing of any property, or proceeds of property, with the intent to convert or conceal the proceeds, knowing or believing that they were derived from the commission of an indictable offence under the Criminal Code of Canada, R.S.C., 1985, c. C-46 or other federal legislation such as murder, child pornography, forgery, bribery or insider trading.
A terrorist activity financing offence involves providing, using or possessing property for terrorist activity, dealing with property owned by a terrorist group, facilitating a transaction involving terrorist property or providing financial or other related services either at the direction of a terrorist group or to financially benefit a terrorist group.
In order to trigger the suspicious transaction or attempted suspicious transaction reporting requirement, there must be reasonable grounds to conclude that the financial transaction is related to either a money laundering offence or a terrorist financing offence.
If a Bitcoin dealer, or its employee, knows that a financial transaction is related to a terrorist activity financing offence, it is prohibited from completing the transaction or providing any financial services. It must effectively freeze the property. This is akin to the sanctions laws that already apply to Bitcoin companies in Canada.
B. Report Terrorist Property Transactions
Bitcoin dealers will have to file with FINTRAC, a terrorist property report when it has property in its possession or control that it knows is owned or controlled by or on behalf of a terrorist or terrorist group; and when it has property in its possession or control that it has reason to believe is owned or controlled by or on behalf of a listed person.
A “terrorist group” is a trust, a partnership or a fund, an unincorporated association or an organization that facilitates or carries out any terrorist activity as one of its purposes or activities and includes anyone who is a “listed entity” on the Listed Entity list published by the Minister of Public Safety and Emergency Preparedness.
A “listed person” is a person, organization or entity who is designated as such by the Regulations Implementing the United Nations Resolutions on the Suppression of Terrorism.
Bitcoin dealers are prohibited from dealing with terrorist property in any manner or providing any financing or related services in connection with terrorist property. Terrorist property is required to be immediately frozen.
The obligations in respect of sanctions and terrorist property are extremely important for Bitcoin companies because several agencies, including the IRS, have taken the position that Bitcoin is “property” and therefore every conceivable digital part of a Bitcoin transaction that involves suspected or known terrorist property or the property of a sanctioned person or entity must be frozen. It is self-evident that this presents enormous legal challenges as a matter of technology law and international law.
The obligations in respect of terrorist financing and economic sanctions are not new and do not arise solely in Canada by virtue of Bill C-31 – they have always applied to Bitcoin-related businesses and Bitcoin-related transactions.
C. Large Cash Transactions
Bitcoin dealers will be required to report to FINTRAC when they receive an amount of $10,000 or more in cash in the course of a single transaction, unless the funds are received by a public body or a financial entity. Two or more cash transactions of less than $10,000 each that are made within 24 consecutive hours that together total $10,000 or more, are considered one transaction of $10,000 or more if the Bitcoin dealer knows that the cash transactions are conducted by, or on behalf of, the same person or entity.
D. Electronic Funds Transfers
The Bitcoin dealer will be required to report to FINTRAC when it sends out of Canada at the request of a person, an electronic funds transfer of $10,000 or more in a single transaction or receives from outside Canada at the request of a person, an electronic funds transfer of $10,000 or more in a single transaction.
E. Politically Exposed Persons
When a Bitcoin dealer sends or receives an international money transfer of $100,000 or more, it must determine if it involves a politically exposed person (“PEP“) inside or outside of Canada, and if it determines that the funds involve a PEP, it must confirm the source of funds. Determining PEPs is a difficult part of anti-money laundering compliance because the obligation is a worldwide one and online search services that check PEPs are often not much better than the Internet.
Types of PEPs
There are now three different types of PEPs under Bill C-31, a foreign PEP, a domestic PEP and the head of an international organization.
A foreign PEP is a person who holds, or has held, one of the following offices or positions in or on behalf of a foreign state: head of state or head of a government; member of the executive council of a government or member of a legislature; deputy minister or equivalent rank; ambassador or attaché or counsellor of an ambassador; military officer with a rank of general or above; president of a state-owned company or a state-owned bank; head of a government agency; judge; and leader or president of a political party represented in a legislature.
It includes persons who are closely associated with the PEP in business or personally, such as family members, business partners, joint venturers, etc.
A domestic PEP is a person who holds, or has held, one of the following in Canada: Governor General, lieutenant general or head of government; member of federal or provincial Parliament; deputy minister; ambassador, attaché or their counsellor; military officer with a rank of general or above; head of federal or provincial Crown corporation; head of government agency; judge; or mayor.
It includes persons who are closely associated with the PEP in business or personally, such as family members, business partners, joint venturers, etc.
Head of International Organization
The head of an international organization means the head of such an organization established by a government and also includes their close associates and family members.
F. Ascertaining ID
Bitcoin dealers will have to undertake obligations to ascertain the identity of persons and companies using their services to complete certain financial transactions.
G. Records Retention
Bitcoin dealers will be subject to fairly onerous record-keeping obligations under the PCMLTFA. They must keep large cash transaction records, records regarding third parties when certain transactions are conducted for third parties. They must also retain client identification information and client account documents such as signature cards, deposit slips, account operating agreements and debit and credit memos. They also have to keep transaction ticket records for every foreign currency exchange regardless of the amount, and keep records of PEPs.
H. Risk Assessments
Bitcoin dealers will have to undertake a risk assessment to evaluate and identify, in the course of its activities, the risk of the commission of money laundering offences and terrorist activity financing offenses. If the risk is high, the Bitcoin dealer must implement measures in writing to:
- Keep client identification information up to date.
- Monitor activities to detect suspicious transactions.
- Mitigate the identified high risks.
Risk assessments should involve an analysis of potential threats and vulnerabilities to money laundering and terrorist financing crimes to which a the Bitcoin business is exposed. It should involve gathering information on the nature and extent of money laundering and terrorist financing crimes, and identifying weaknesses in anti-money laundering systems and controls that may make the Bitcoin business attractive to money launderers and persons engaged in terrorist financing.
I. Compliance Regime
Bitcoin dealers will be required to implement a compliance program to meet reporting, record keeping and client identification obligations under the PCMLTFA. A compliance program is intended to help ensure that a Bitcoin dealer has an ethical and compliant culture, and to minimize risks to the business and its directors, officers and employees of criminal, civil or administrative liability.
An effective compliance program to address anti-money laundering and combating terrorist financing should have the following elements:
- Designation of compliance officer – the compliance officer is a key element of the compliance program. The compliance officer’s principal responsibility is managing and overseeing the operation of the compliance program. Among other responsibilities, the compliance officer will oversee the anti-money laundering and terrorist financing requirements under the PCMLTFA.
- Adequate staff – the compliance program should allow for the allocation for adequate staff and financial resources to manage the compliance program.
- Identification procedures – the compliance program should have specific procedures for client identification, including the information required, the course of action to be taken when a client refuses to provide information or the client can’t be identified, etc., in accordance with the obligations imposed by the PCMLTFA.
- Identification of terrorist financing – the compliance program should have procedures for identifying terrorist financing activity or property under the PCMLTFA and for reporting such activity.
- Written procedures - the program should procedures for the compliance plan, including for training and review of the effectiveness of the regime.
- Record keeping – the compliance program should have policies and procedures with respect to record-keeping, including the type of document, who has responsibility for the maintenance of files, confidentiality, the type of information collected and the length of time each record is required to kept in accordance with the obligations imposed by the PCMLTFA.
J. Criminal Offences, Fines, Penalties and Imprisonment
The offence provisions under the PCMLTFA are important to be cognizant of. Some obligations apply to the Bitcoin entity and others apply to employees of the Bitcoin entity. Failures to comply with certain obligations under the PCMLTFA are criminal offences and can subject directors, officers, employees and the Bitcoin entity to terms of imprisonment and fines. The largest fine is $2 million per occurrence for a repeat offence and a term of incarceration of up to five years. In addition, there are administrative penalties that can be imposed on the Bitcoin entity, directors, officers and employees. A due diligence defence is available for many criminal and administrative sanctions under the PCMLTFA. Bitcoin entities should obtain compliance advice in respect of their exposure and should understand the connection in Canada between the compliance regime and a due diligence defence.
Moreover, the PCMLTFA empowers the government to enter into any premises (other than a dwelling house) at any time, without notice or warrant, where there are reasonable grounds to suspect that there are records relevant to ensuring compliance with the PCMLTFA. When Bitcoin entities are required to keep records pursuant to the PCMLTFA, then there will be reason to believe that the office of every Bitcoin entity will have such records and hence be liable to being searched at any time without notice.
The next steps in the process is the finalization of Regulations in respect of the changes, a consultation period, drafting of Guidance in respect of the Regulations and the amendments, a consultation in respect of the Guidance, and then the amendments will be brought into force. It is estimated that this process will take from between six to twelve months.