Reporting entities are required to implement a compliance program to meet reporting, record keeping and client identification obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.
The compliance program will help ensure that a reporting entity has a compliant culture, and to minimize risks to the reporting entity and its directors, officers and employees of criminal, civil or administrative liability.
Objectives of a compliance program
The objectives of a compliance program to combat money laundering and terrorist financing are to:
- Create and implement compliance standards and procedures to meet an organization’s anti-money laundering obligations.
- Ensure senior officers and directors of an organization are knowledgeable about the content and operation of the compliance program and exercise reasonable oversight with respect to its implementation and effectiveness.
- Ensure the reporting entity communicates its standards and procedures, and other aspects of the compliance program by conducting effective training programs.
- Detect and correct an organization’s violations of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.
Key components of a compliance program
A compliance program should have, at a minimum, the following elements:
- Appointment of a Compliance Officer to manage and oversee the operation of the compliance program. Among other responsibilities, the compliance officer will oversee the reporting entity’s anti-money laundering and terrorist financing requirements under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.
- Allocation of resources, including staff and financial resources to manage the compliance program.
- Client identification procedures, including the information required, the course of action to be taken when a client refuses to provide information or the client cannot be identified, in accordance with the obligations imposed by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.
- Procedures to meet reporting requirements, including the designation of responsible employees, FINTRAC submission procedures and record retention.
- Procedures to meet record keeping obligations, including the type of document, who has responsibility for the maintenance of files, confidentiality, the type of information collected and the length of time each record is required to kept.
- Description of the training program and outline of the training program.
- Procedures for the biennial compliance review, including who it will be performed by, what its focus will be, whether it will include an audit and to whom the findings will be reported.
- Procedures setting out how the risk assessment will be conducted, including what areas will be examined, by whom, the methodology used in the assessment, and how the findings will be reported and implemented by the reporting entity.
- Provisions for senior management review and approval of the compliance program.