AML and CTF policy

 

Entreprises Equibytes Inc.


 

Anti-Money Laundering

&

Counter Terrorist Financing

Policy


 


 


 


 


 


 


 

Implementation Date: September 2018

Version Number: 1.0

Last Updated: September 2018

Next Update: September 2019

 


 

Table of Contents


 

  1. Policy Statement

    1. Our Commitment

Equibytes Inc. (Equibytes) is committed to preventing, detecting and deterring money laundering and terrorist financing. To that end, it is the responsibility of every employee (including contract and part time employees) and agent to comply with this program and all related Canadian legislation

Our procedures for implementing this policy are described in separate documents, as is our Risk Assessment. To be read in addition to this policy, specific procedures have been designed for:

  • Compliance Staff; and

  • All Staff

There are also separate training materials for staff, which include quizzes designed to test the effectiveness of training.

    1. Canadian Regulatory Background and Context

While Equibytes is not currently a reporting entity under current Canadian anti-money laundering (AML) and counter terrorist financing (CTF) legislation, Canadian federal Bill C-311, passed in 2014, stipulated that “dealers in virtual currency” will be considered money services businesses (MSBs).
Draft regulations published in the Canada Gazette on June 9, 20182 provided additional insight in relation to the proposed regime.

As Equibytes is engaged in the purchase and sale of virtual currency, it is probable that we will be captured by this definition, once it has been enacted. Additionally, we understand that our business model carries some risk related to money laundering and terrorist financing, and that the mitigation of these risk is necessary to satisfy our Senior Management team, and financial services suppliers.

While legislation specific to dealing in virtual currency has not yet been enacted, requirements for MSBs are reflected in this policy and corresponding AML and CTF Compliance Program documents.

Where it is not yet possible for Equibytes to comply with existing federal level requirements for MSBs (for instance, MSB registration with the Financial Transaction and Reports Analysis Centre of Canada3, also known as FINTRAC, and certain types of regulatory reporting), notations have been added (either directly to the copy of the document, or as footnotes).

On a provincial level, we have obtained licensing with the Authorité des Marchés Financiers in Québec4. To date, this is the only province to have enacted separate MSB related requirements. These provincial requirements have taken a broader view than existing federal level requirements, having included in their mandate automated teller machines and cheque cashing businesses.

    1. Compliance Program

Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its regulations (Regulations), we are required to have an anti-money laundering (AML) and counter terrorist financing (CTF) program that consists of these five elements:

  1. Written policies and procedures: these list our responsibilities under the law, and what we are doing to meet them;

  2. A documented Risk Assessment: a document that describes and assesses the risk that our business could be used to launder money or finance terrorism;

  3. The appointment of a Compliance Officer: the person who is ultimately responsible to develop and maintain our AML and CTF compliance program;

  4. AML Compliance Effectiveness Reviews: testing and reporting completed either annually or every two years that assesses how well our compliance program is working; and

  5. Training: conducted at least annually to ensure that everyone understands his or her roles and responsibilities.

These five elements are discussed in detail later in this policy.

    1. Operational Compliance

In addition to our documented program that consists of the five elements, we are required to operate in a compliant manner. This includes:

  • Collecting and recording client identification information,

  • Know your customer (KYC) information,

  • Reporting certain types of transactions to regulators and government agencies,

  • Maintaining appropriate registration and licensing, and

  • Keeping records.

The actions described in our procedures for this purpose are required (not optional) in all cases. Any activity that is offside with our AML and CTF procedures should be brought to the attention of the Compliance Officer immediately.

  1. AML and CTF Basics

Money laundering is the process of taking money obtained by committing a crime and disguising the source to make it appear legitimate. Under the Criminal Code of Canada, it is illegal to launder money or to knowingly assist in laundering money. Under the PCMLTFA and Regulations, as well as legislation applicable in other jurisdictions in which we operate, we must take steps to be sure that our business is not used to launder money and if we suspect that money laundering may be taking place, we must report it.

Terrorist financing is the process of moving funds in order to pay for terrorist activities. Unlike money laundering, the source of the funds is not always criminal but the intended use of the funds is criminal. Under the Criminal Code of Canada, it is illegal to knowingly assist in the financing of terrorism, including the possession of terrorist funds or property. If we know or suspect that we have terrorist property in our possession, it must be reported immediately.

    1. How Money Laundering & Terrorist Financing Work

Money laundering is described as having three phases by the Financial Action Task Force (‘FATF’). These are ‘Placement’, ‘Layering’ and ‘Integration.’

Terrorist financing, as opposed to money laundering can, occur with legitimate funds. Meaning; funds which are not the proceeds of crime. Legitimate funds can be transferred and used by those who would commit terrorist activities. In this, it can be said that terrorist financing most often acts in the ‘Layering’ and ‘Integration’ phases described by the FATF. But rather than luxury items, the funds are used for the commission or support of terrorist activities and/or organizations. These phases are described in detail below:

Placement: In the initial - or placement - stage of money laundering, the launderer introduces illegal profits into the financial system. This might be done by breaking up large amounts of cash into less conspicuous smaller sums that are then deposited directly into a bank account, or by purchasing a series of monetary instruments (cheques, money orders, etc.) that are then collected and deposited into accounts at another location.

Layering: After the funds have entered the financial system, the second – or layering – stage takes place. In this phase, the launderer engages in a series of conversions or movements of the funds to distance them from their source. The funds might be channeled through the purchase and sales of investment instruments, or the launderer might simply wire the funds through a series of accounts at various banks across the globe. This use of widely scattered accounts for laundering is especially prevalent in those jurisdictions that do not co-operate in anti-money laundering investigations. In some instances, the launderer might disguise the transfers as payments for goods or services, thus giving them a legitimate appearance.

Integration: Having successfully processed funds through the first two phases the launderer then moves them to the third stage – integration – in which the funds re-enter the legitimate economy. The launderer might choose to invest the funds into real estate, luxury assets, or business ventures.

  1. Canadian Regulatory Background & Requirements

    1. Money Services Businesses

Money Services Businesses (MSBs) are considered reporting entities under the law in Canada. This means that we must comply with certain requirements and answer to our regulator. Our regulators, federally, define MSB activity in the following way:

“You are a money services business (MSB) if your business in Canada offers any of the following services to the public:

  • Foreign exchange dealing - conducting transactions where one type of money or currency (like US dollars, Canadian dollars, Euros and so on) is exchanged for another.

  • Money transfer service - transferring funds from one individual or entity to another using an electronic funds transfer network or any other transfer method such as hawala, hundi, fei ch'ien, and chiti.

  • Cashing or selling money orders, traveller's cheques or anything similar - this does not include cashing cheques made out to a particular individual or entity.”5

While legislation, pertaining to dealing in virtual currency not yet been enacted, requirements for MSBs are reflected in this policy and corresponding AML and CTF compliance program documents. Equibytes will continue to monitor compliance requirements as they evolve, and implement additional regime elements.

In Québec, the additional activities that are included in the MSB Act are:

  • Cheque cashing (including the types of activity that are excluded under the last point of the federal definition); and

  • The operation of automated teller machines, including the leasing of a commercial space intended as a location for an automated teller machine if the lessor is responsible for keeping the machine supplied with cash.

Equibytes has completed licensing in the province of Québec.

    1. FINTRAC

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)6 is the agency that regulates our industry to ensure that we are meeting our obligations. They have the power to review our documentation and to levy significant penalties if we are not compliant. Individuals that deliberately attempt to circumvent the law may also be charged criminally in addition to monetary penalties.

FINTRAC is also Canada’s financial intelligence unit (FIU). The agency receives reports from reporting entities, like us, about transactions and analyses the data that they receive. This data is used to assist law enforcement investigations into crimes related to money laundering and terrorist financing. It is vital to this process that the information that we submit to FINTRAC is accurate, on time and as complete as possible.

FINTRAC also requires MSBs to maintain an up to date MSB registration7. This includes keeping information about our business activities, key persons and banking services relationships up to date. If there are any changes, we need to inform FINTRAC within 30 days. If our business stops operating in Canada, or no longer offer MSB services we must cancel our MSB registration.

    1. AMF

The Autorité des marchés financiers (AMF)8 is the body mandated by the government of Québec to regulate the province's financial markets and provide assistance to consumers of financial products and services.

The AMF enforces Québec’s Money-Services Business Act (MSB Act) and its enacted regulations. The MSB Act defines MSB’s more broadly than the Canadian federal definition and includes provincial licensing and registration requirements.

Equibytes does maintain operations, including automated teller machines (for the purpose of buying and selling bitcoin) in the province of Quebec. As such, Equibytes has registered and is licensed by the AMF.

    1. Provincial Securities Regulators9

Provincial bodies, regulate securities dealers and derivatives markets. These bodies require reporting from MSBs that conduct foreign exchange transactions that meet the following criteria10:

  • Settle over a period longer than 2 business days, and/or

  • Contain a rollover provision, and/or

  • Are conducted for the purpose of financial speculations (i.e. that are not conducted with an expectation of delivery of the physical currency).

These transactions are required to be reported to a local Trade Repository (TR) along with the Legal Entity Identifiers (LEIs) of all entities party to the transaction, the Unique Product Identifier (UPI) describing the type of product sold, and the Unique Transaction Identifier (UTI) attached to the particular transaction reported.

Equibytes does not currently conduct transactions that fall under OSC requirements. Should we consider these types of activities at any time, the compliance program will be updated to include all relevant requirements before any qualifying products and/or services are offered.

    1. Regulator Examinations & Compliance Assessment Reports11

FINTRAC, and in Quebec the AMF, are responsible for ensuring that we (as a reporting entity) are meeting our obligations. To do this, they will periodically request information. We may receive these requests by email, phone or in writing. All requests should be forwarded to the Compliance Officer for handling immediately.

Most requests will be time sensitive. This means that we only have a certain amount of time to reply by law. For most information requests, this is 30 calendar days. If we do not respond to these requests or respond late, we may be subject to penalties.

    1. Ministerial Directives

From time to time, the Minister of Finance will issue additional directives for AML reporting entities. The Compliance Officer will ensure that our policies, procedures and Risk Assessment are updated accordingly. This may include the implementation of new processes in order to comply with directives, and to test the effectiveness of compliance measures.

  1. Roles and Responsibilities

Everyone has a responsibility to ensure that our AML and CTF compliance program runs smoothly.

  • Senior Management & Board of Directors:

    • Overseeing the AML and CTF Program on a high level;

    • Receiving regular (at least annual) status reports on the AML and CTF Program;

    • Being accessible to the Compliance Officer as needed where AML or CTF related issues arise;

    • Ensuring that the Compliance Officer has the resources to run an effective AML and CTF program;

    • Ensuring that the Compliance Officer is adequately qualified to manage the AML and CTF Program (understand Canadian AML and CTF requirements and the business model); and

    • Signing off on the results of completed AML Compliance Effectiveness Reviews (within 30 days of the issue of the report).


 

  • Compliance Officer:

    • Developing and maintaining the AML and CTF Compliance Program and Risk Assessment, which includes regularly reviewing and updating these documents and maintaining a record of all updates;

    • Ensuring that all employees, agents and other relevant parties received appropriate AML and CTF training at least annually;

    • Reporting the Senior Management and the Board of Directors (if applicable) on the status of the AML Program, including any AML Compliance Effectiveness Reviews (within 30 days of the issue of the report) and regulatory examinations;

    • Overseeing AML Compliance Effectiveness Reviews and ensuring that the reviewer has sufficient knowledge of Canadian AML and CTF requirements and our business to conduct the review;

    • Maintaining complete and accurate records;

    • Maintaining up to date registration with FINTRAC;

    • Maintaining up to date licensing with the AMF;

    • Corresponding with FINTRAC and the AMF;

    • Maintaining up to date knowledge of Canadian AML and CTF requirements as they apply to our business model; and

    • Obtaining appropriate training, including continuing education, in order to develop and maintain knowledge of AML and CTF compliance requirements and industry best practices.


 

  • All Employees:

    • Complying with the requirements set out in the AML and CTF program;

    • Reporting certain types of transactions to the Compliance Officer;

    • Keeping up to date and accurate customer records;

    • Obtaining customer identification when required;

    • Completing AML and CTF training when required (at least annually); and

    • Being vigilant in identifying potential money laundering or terrorist financing activities.

The steps that Equibytes will take to meet these responsibilities are described in procedural documents.

If staff aren’t sure what to do to meet these responsibilities, speak with the Compliance Officer.

  1. Canadian AML Compliance Program Components

MSBs operating in Canada are required to have in place an AML Compliance Program made up the elements described below. Our Canadian AML/CTF program has been designed to conform to the elements required under Canadian legislation.

    1. Policy & Procedures

Our policy statements describe what we are required to do, while our procedures describe how we will meet these obligations. Our procedures should be detailed enough that someone could read and follow the steps described. This program document includes both policies and procedures.

All staff are required to read the Policy and Procedures for All Staff.

All staff with compliance related duties are required to read the Policy, Risk Assessment, Procedures for All Staff, and Procedures for Compliance Staff.

    1. Risk Assessment

Our company’s Risk Assessment is summarized in a separate document. It describes in detail:

  • The risk that our activities could make us vulnerable to terrorist financing or money laundering and

  • The controls that we have in place to prevent detect and deter money laundering and terrorist financing12.

The risk Assessment is reviewed and updated by the Compliance Officer at least every two years, and more often where there are changes to Canadian legislation, the products and services that we offer or our controls.

    1. Compliance Officer

Senior management must approve the Compliance Officer’s appointment. While the Compliance Officer may or may not be a member of the senior management team, the Compliance Officer must always have access to management and the authority to carry out their duties. It is also vital that the Compliance Officer be educated about the ongoing compliance requirements that apply to our business. This is accomplished by attending education and training sessions, checking FINTRAC’s website on a regular basis, and signing up for FINTRAC’s mailing list13.

The Compliance Officer must be accessible to all staff members who may have questions about anti-money laundering, counter terrorist financing or compliance related processes. In the case of an extended absence, a designate should be in place (and the duties of the designate should be clearly communicated to other staff members in case questions arise). For larger organizations, an assistant Compliance Officer should be appointed to act in the Compliance Officer’s absence.

    1. AML Compliance Effectiveness Review

An AML Compliance Effectiveness Review is like an audit that tests our company’s AML and CTF program. The review tests two elements: our program documentation (what we say we’re doing) and our operations (what we’ve actually done during a specific period of time). These reviews must be completed at least once every two years. The results of the review are shared with Senior Management (this must be done within 30 days of the date that the final report is issued).

The information gathered for these reports is very specific. If you receive a request related to a review, please check to be certain that you are able to provide all of the information that was requested. The review process may also include interviews with staff. If you are interviewed, it is fine to have a copy of our AML and CTF compliance program and other documentation with you and to refer to these during the interview.

The Compliance Officer will work to correct any issues that are noted in the report. This may include:

  • Updating the AML Compliance Program;

  • Creating new controls;

  • Updating processes;

  • Updating client records;

  • Providing additional staff training on specific topics;

The results of AML Compliance Effectiveness Reviews may also be shared with potential business partners, financial service providers and FINTRAC. It is a best practice for the Compliance Officer to keep a record of the updates that have been made based on the AML Compliance Effectiveness Review. This can be done in a simple spreadsheet.

    1. Training

Everyone that deals with customers, customer funds or transactions must receive AML and CTF training at least annually. This includes part-time, seasonal and contract employees.

New hires must receive AML and CTF training within their first 30 days on the job, as well as specific role based training, which includes AML and CTF components, prior to dealing with customers or customer funds independently.

Anyone that is on a leave of absence that causes them to miss regularly scheduled training will complete training within 30 days of their return to work.

The Compliance Officer will create an annual training plan and track the completion of all training, and may require additional training sessions if compliance issues arise.

AML and CTF Compliance Training will cover (at minimum) these elements:

  • What is money laundering?

  • What is terrorist financing?

  • Who is FINTRAC?

  • What is a MSB?

  • What are our responsibilities under Canadian law?

    • AML Compliance Program

      • Compliance Officer

      • AML Program

      • Risk Assessment

      • AML Compliance Effectiveness Review

      • Training

    • AML Compliance Operations

      • Reporting

      • Recordkeeping

      • Identifying Customers

      • Customer Risk

      • Transaction Monitoring

  • Who is our Compliance Officer?

  • What do I do if I believe that money laundering or terrorist financing is taking place?

  • What indicators should I look for in our transactions and customer behaviours?

The completion of this training is mandatory (non-negotiable) and training must be completed within the time frames communicated by the Compliance Officer or their designate. Failure to complete training could expose Equibytes to regulatory penalties. For this reason, it is vital that you contact the Compliance Officer immediately if you believe that you may not be able to compete your scheduled training session.

If you have any questions about AML and CTF compliance, please contact the Compliance Officer.

  1. Operational Compliance

Operational Compliance is everything that we do in order to meet our obligations. This includes identifying our customers in some cases, reporting certain types of transactions to FINTRAC and other agencies, and keeping records.

    1. FINTRAC MSB Registration14

We must register as an MSB with FINTRAC before conducting any transactions defined above in section 3. The registration must be maintained and we must:

  • Keep registration information up to date;

  • Respond to requests for, or to clarify information, in the prescribed form and manner, within 30 days;

  • Renew our registration before it expires; and

  • Let FINTRAC know if we stop offering MSB services to the public.

All communication with FINTRAC will be handled by the Compliance Officer or a trained delegate.

    1. Reporting15

Equibytes must report certain transactions to FINTRAC and other agencies as necessary. FINTRAC provides secure online forms to report these transactions. Reporting to FINTRAC should always be completed by the Compliance Officer or a designate (a person that has been trained to submit reports in the Compliance Officer’s absence).

All other employees should use the internal forms included in this program to submit reports to the Compliance Officer. If you aren’t sure whether or not you will need to submit a report, speak with the Compliance Officer for clarification. If it is not possible to speak with the Compliance Officer at that time, err on the side of caution by collecting the information that you need to fill out the form(s) and submit the report(s). This includes collecting the customer’s identification information.

All reports have specific timelines in which they must be submitted to FINTRAC. All internal reports should be submitted to the Compliance Officer on the same day that the incident or transaction takes place.

Reports submitted by staff members are reviewed as soon as possible. Where there are issues with the reports, such as missing or incomplete information, the Compliance Officer will conduct follow up coaching sessions. The Compliance Officer will also work with the staff member to contact the customer (where possible) in order to obtain any missing or incomplete information.

The Compliance Officer will report all prescribed transactions within the required timeframes via F2R (where possible) or on paper (where electronic submissions are not possible).

Report Type

Applicability

Timing

Reported To

How is it submitted?

Electronic Fund Transfer Report (EFTR)

 

Only Reporting Entity

5 working days from the transaction date

FINTRAC

Electronically via F2R

Large Cash Transaction Report (LCTR)

 

Only Reporting Entity

15 calendar days from the transaction date

FINTRAC

Electronically via F2R

Suspicious Transaction Report (STR)

Only Reporting Entity

30 calendar days from the date that a fact is discovered that causes us to have reasonable grounds to suspect that the activity could be related to money laundering and/or terrorist financing

 

FINTRAC

Electronically via F2R

Attempted Suspicious Transaction Report (ASTR)

Only Reporting Entity

30 calendar days from the date that a fact, related to the incomplete transaction, is discovered that causes us to have reasonable grounds to suspect that the activity could be related to money laundering and/or terrorist financing

 

FINTRAC

Electronically via F2R

Terrorist Property Report (TPR)

 

Only Reporting Entity

Immediately

FINTRAC, RCMP, CSIS

On paper (via fax)

Voluntary Information Report (VIR)

Current State

None prescribed, 30 days standard adopted by Equibytes

 

FINTRAC

Electronically via web form


 

      1. Electronic Funds Transfers (EFTs)16

Financial entities, money services businesses and casinos have to report incoming and outgoing international EFTs of CAD 10,000 or more in a single transaction. These include the transmission of instructions for a transfer of funds made at the request of a client through any electronic, magnetic or optical device, telephone instrument or computer.

EFTs of CAD 10,000 or more, including two or more transactions of less than CAD 10,000 that total more than CAD 10,000 conducted by or on behalf of the same person or entity in the same 24-hour period are detected by our trade software. The 24-hour period is calculated using a rolling clock as the time for all transactions is logged in our system. An alert is generated, and the Compliance Officer resolves the alert and completes FINTRAC reporting.

Electronic funds transfers must be reported to FINTRAC within five (5) business days of the date on which the transaction takes place.

      1. Large Cash Transactions17

Large Cash Transaction Reports (LCTRs) are submitted when a customer conducts transactions, in cash, valued at CAD 10,000 or more (in any currency or combination of currencies) in the same 24-hour period. This may be in a single transaction or several separate transactions.

When an LCTR is required, the customer’s identification must be verified and identification information must be recorded.

A third party determination must also be made. This means that we must ask the customer if they are completing the transaction(s) on their own behalf or someone else’s. If the transactions are being completed to the benefit of someone else, we must obtain information about that person and their relationship to the person conducting the transaction.

Unlike STRs and ASTRs, it is ok to let the customer know that we must fill out an LCTR form and to fill out this form with the customer present.

LCTRs must be submitted to FINTRAC within 15 calendar days.

      1. Suspicious Transactions & Attempted Suspicious Transactions18

Suspicious Transaction Reports (STRs) and Attempted Suspicious Transaction Reports (ASTRs) are submitted to FINTRAC where there are ‘reasonable grounds’ to suspect that an activity is related to money laundering or terrorist financing. These reports must be submitted whether or not the transaction or activity is completed. ASTRs are used for transactions that are not completed (whether the transaction is declined by Equibytes or cancelled by the customer). These reports must be submitted to FINTRAC within 30 calendar days of the discovery of a transaction or attempted transaction that have reasonable grounds to suspect it may be related to money laundering or terrorist financing.

It is important not to let the customer know that we are suspicious. It is against the law to deliberately “tip off” a customer about a potential investigation. We are, however, protected under Canadian law from any action when we submit a report “in good faith.” In most cases, even when a case goes to court, the customer will not know that this report has been filed.

It is important to try to identify customers that conduct or attempt suspicious transactions. The customer may ask us why we need their identification information. In such cases, let the customer know that it is company policy to collect this information. If this information is not used for additional marketing activities, let the customer know that as well (often customers are more concerned about privacy and security issues, and reassuring them may be helpful).

      1. Terrorist Property19

Terrorist Property Reports (TPRs) are completed if we believe that Equibytes may be in possession of funds or property that belong to a terrorist (either an individual or an organization).

These reports should be escalated to the Compliance Officer immediately. In some cases, property or funds must be frozen. Like STRs and ASTRs, the contents of these reports (or the fact that we are filing a report) should not be disclosed to the customer.

These reports are submitted as soon as possible to FINTRAC as well as to the Canadian Security Intelligence Service (CSIS) and the Royal Canadian Mounted Police (RCMP).

      1. Voluntary Information Reports on Suspicious Activity

While we cannot currently submit STR or ASTR reports, the Voluntary Information Report (VIR) is submitted by non-reporting entities in instances where there are reasonable grounds to suspect that an activity is related to money laundering or terrorist financing.

These reports can be submitted whether or not the transaction or activity is completed.

While submission of these reports is voluntary, and there are no specified timelines, Equibytes has elected to adopt the 30-day standard applicable to STRs and ASTRs for VIRs.

It is important not to let the customer know that we are suspicious. It is against the law to deliberately “tip off” a customer about a potential investigation. We are, however, protected under Canadian law from any action when we submit a report “in good faith.” In most cases, even when a case goes to court, the customer will not know that this report has been filed.

It is important to try to identify customers that conduct or attempt suspicious transactions. The customer may ask us why we need their identification information. In such cases, let the customer know that it is company policy to collect this information. If this information is not used for additional marketing activities, let the customer know that as well (often customers are more concerned about privacy and security issues, and reassuring them may be helpful).

    1. Record Keeping20

In order to pass a FINTRAC review or an AML Compliance Effectiveness Review, we must be able to prove that we’ve met our obligations. This means that there are things that will need to be recorded (either on paper or electronically). These records must be kept for at least five years (but may be kept for longer) and be in a format that can be retrieved and sorted easily.

Generally, when FINTRAC or the AMF makes a request, the information must be delivered to them within 30 calendar days. Depending on the type of information request and the way that the information is stored, the Compliance Officer or a designate may need time to format and organize the information. For this reason, the following information must be stored in a format that can be retrieved and delivered to the Compliance Officer quickly:

  • Certain records created in the normal course of business (i.e. records for certain transactions of CAD 3,000, currency exchange transaction tickets, etc.);

  • Complete customer identification information;

  • Complete records for Politically Exposed Persons (PEPs) and Heads of International Organizations (HIOs);

  • Large cash transaction records (including a record of the third party determination);

  • Internal unusual transaction forms (whether or not they were reported to FINTRAC by the Compliance Officer) and a record of the Compliance Officer’s investigation process, including a rational that describes why the transaction or attempted transaction was or was not reported to FINTRAC;

  • A record of the content, date and completion/attendance of any AML or CTF related training sessions, including internal staff training sessions;

  • AML Compliance Effectiveness Review reports, including a record of Senior Management sign-off on the final report;

  • All FINTRAC correspondence and reporting;

  • All AML and CTF program documents, including policies, procedures and our Risk Assessment;

  • All customer and business relationship risk ranking documentation;

  • All records of enhanced due diligence for higher risk customers and business relationships;

  • All records of transaction monitoring for higher risk customers and business relationships;

  • Records related to business relationships;

  • Copies of signed agreements with our agents and/or service providers; and

  • Any “reasonable measures” that have been taken, as well as an explanation where these have not been successful.

Additional records must be maintained under the Quebec MSB Act, including21:

  • Identification information for all co-contracting agreements;

  • Sources of liquidity;

  • Register for balance sheet;

  • Income statements;

  • Bank account information; and

  • Bank reconciliation information and reports.

    1. Customer Identification22

In some cases, we need to identify our customers and record specific information about the customer. This includes, but is not limited to cases in which we are required to make a report to FINTRAC:

  • Any customer with whom we have an ongoing service agreement;

  • Large cash transactions (valued at CAD 10,000 or more in a single transaction or multiple transactions within 24 hours);

  • International electronic funds transfers valued at CAD 1,000 or more;

  • Foreign exchange transactions valued at CAD 3,000 or more; and

  • Cashing monetary instruments valued at CAD 3,000 or more.

And, without letting the customer know that we may have suspicions about the nature of their activities in instances of23:

  • Suspected money laundering or terrorist financing activity; and

  • Terrorist property.

Where it is not possible to identify a customer in the case of suspicious activity or suspected terrorist property, we must keep a record of the reasonable measures that we have taken to do so, as well as the reason that those measure were not successful.

      1. Face-to-Face Identification for Individuals

If we meet with the customer face to face, we must ask for a piece of identification that is:

  • Issued by a provincial, territorial or federal government in Canada or an equivalent foreign government;

  • Valid (not expired);

  • Bears a unique identifier number (such as a driver’s license number);

  • Bears the name of the individual being identified;

  • Is an original (not a copy, photo or scan); and

  • Bears a photo of the individual being identified.

We must also collect and record the following information:

  • The customer’s full name (no initials, short forms or abbreviations);

  • The customer’s occupation (this should be as detailed as possible and be full form, without abbreviations or acronyms);

  • The nature and purpose of our business relationship with the customer (if applicable);

  • The customer’s date of birth (if this appears on the identification document, the date of birth that we record must match the document);

  • The customer’s full home address (post boxes, office addresses and general delivery addresses are not acceptable for this purpose; if the customer wishes to provide a separate mailing address we can collect this as well, but we must always record the full home address);

  • The type of document used to identify the customer;

  • The place that the identification was issued (this should be a province, territory, or state and a country, not a city);

  • The unique identification number (such as the driver’s license number);

  • The expiry date of the identification provided (if the document has an expiry date; if it does not, please make a note to say that there was no expiry date on the document); and

  • The date on which we verified the document.

If a customer has been identified previously and the information in our records is up to date (the identification document used has not expired) and we recognize the customer (either by seeing them or hearing their voice) then we do not need to request identification to complete a transaction.

      1. Non-Face-to-Face Identification for Individuals

We can also use non-face to face methods to identify our customers. However, if the customer is present, face-to-face methods are preferred.

        1. Single Process Method

We may confirm the identity of a customer by referring to their Canadian credit file (Equifax or TransUnion), provided it has been in existence for at least three years, by doing a credit header match. Meaning, we do not have to collect a credit assessment (hard hit) but simply a credit header match (soft hit). This must be completed at the time we are confirming our customer’s identity. To be acceptable, the credit file details must match the name, date of birth and address provided by the customer. If any of the information does not match, we will need to use the dual process method to confirm the customer’s identification.

When using this method to confirm our customer’s identity, we must record the following information:

  • The customer's name;

  • The name of the Canadian credit bureau holding the credit file (Equifax or Transunion);

  • The reference number of the credit file; and

  • The date we consulted the credit file.

        1. Dual Process Method

Where the single process method provides information that does not match what the customer has provided us, we must use the dual process method. This involves referring to information from reliable and independent sources and must be original, valid and the most recent. In order to qualify as reliable, the sources should be well known and considered reputable. Independent means the sources providing the information cannot be us (as the reporting entity) or the customer, and the documents referred to cannot be from the same source. For example, reliable and independent sources can be the federal, provincial, territorial and municipal levels of government, crown corporations, financial entities or utility providers.

We must also ensure that the documentation being referred to is the original, whether this is an electronic or paper copy. This makes electronic documents the preference because the customer can send the originals via email, while retaining a copy for themselves. We cannot accept documents that have been photocopied, scanned or faxed. The customer may download a version directly from their provider, which would be considered an original, and email it to us. Where a customer is unable to provide an original digital document, they will be required to physically mail the original documents to us.

Under the dual process method, we can refer to any two of the following options:

  • Documents or information from a reliable source that contain the customer's name and date of birth;

  • Documents or information from a reliable source that contain the customer's name and address; or

  • Documents or information that contain the customer's name and confirms that they have a deposit, credit card or other loan account with a financial entity.

      1. Organizations

When our customers, who are organizations, conduct transactions that require identification, we must collect and record the following information. Some of the information that we collect will be different depending on the type of organization being identified. For all organization types, we must collect:

  • Their full legal name (no initials, short forms or abbreviations);

  • The organization’s structure (incorporated company, trust, partnership, etc.);

  • The organization’s “principal business” (this should be as detailed as possible and be full form, without abbreviations or acronyms);

  • The organization’s physical address (post office boxes and general delivery addresses are not acceptable for this purpose; if the customer wishes to provide a separate mailing address, we can collect this as well, but we must always record their full home address);

  • The organization’s telephone number; and

  • Information about the organization’s Directors and Beneficial Owners.

    1. Client Authentication & KYC

Equibytes takes additional steps to conduct know your customer (KYC) and authentication. These processes may be in addition to the identification methods listed above in the customer identification section of this policy.

 

Authentication and KYC measures are applied for all customers, including customers that we are not required to identify. For transactions conducted at Equibytes Bitcoin Automated Teller machines (Bitcoin ATMs), customers are required to provide their phone number.

 

An SMS message is used to authenticate the customer before any purchase transactions can proceed, as well as informing a customer when their cash is available for sell transactions.

 

Where a transaction is conducted over-the-counter (OTC), customers are required to meet face-to-face with Equibytes and provide a piece of photo identification. Equibytes also requires that all funds used in OTC transactions are from a Canadian financial institution from an account held in the name of the customer.

    1. Business Relationships24

We have a business relationship with anyone that has conducted two or more transactions that require identification. For these individuals, we also need to keep a record of the nature of their business relationship with us. Although this will generally seem self-evident (for example sending money to support family) it is still something that needs to be recorded.

We must also monitor business relationships that and keep information up to date (including customer identification, if the customer is active with us). The Compliance Officer will determine whether or not information about our customers and/or businesses relationships is up to date may contact staff for additional information.

    1. Risk Ranking & Transaction Monitoring

Most of our customers are considered low risk, however, certain customers will be considered higher risk than others. This does not mean that these are “bad” people or that they have committed any crimes. High-risk customers are not treated differently when they interact with our staff, but their activities are reviewed more carefully behind the scenes.

High-risk customers are subject to regular transaction monitoring and enhanced due diligence. The Compliance Officer or a designate completes these activities. Transaction monitoring involves the review of customer transaction patterns to look for suspicious indicators. Enhanced due diligence involves additional investigation, and in some cases, the Compliance Officer may ask you to collect additional information from the customer, such as details about a specific transaction.


 

  1. Appendix: Definitions & Acronyms


 

AMF: Autorité des marchés financiers

AML: Anti-Money Laundering

Anti-Money Laundering: actions taken to detect, deter and prevent money laundering from occurring through our business.

ASTR: Attempted Suspicious Transaction Report

Attempted Suspicious Transaction Report: a report that is filed with FINTRAC when we have reasonable grounds to suspect that a customer’s activities may be related to money laundering or terrorist financing when no transaction was completed. This can include transactions that were cancelled by us, or by the customer. FINTRAC reports are filed by the Compliance Officer or designate within 30 days of the date that the attempted transaction is deemed to be suspicious. If you suspect that an attempted transaction is related to money laundering or terrorist financing, you must submit an unusual transaction form to the Compliance Officer on the date that the request occurs.

Autorité des marchés financiers: The Autorité des marchés financiers is the organization responsible for financial regulation in the Canadian province of Québec. It regulates the province's financial markets and provides assistance to consumers of financial products and services.

Counter Terrorist Financing: actions taken to detect, deter and prevent terrorist financing from occurring through our business.

CTF: Counter Terrorist Financing

Money Services Business: a business that provides services in Canada: foreign exchange, remittance and/or issuing or redeeming monetary instruments. A business may also be considered a money service business in the province of Québec by providing any of the mentioned services and/or cheque cashing and/or the operation of automated teller machines.

MSB: Money Services Business.

Financial Transactions and Reports Analysis Centre of Canada: Canada’s financial intelligence unit and our regulator for AML and CTF. We submit reports to FINTRAC and they have the right to examine us to test our compliance with Canadian requirements. All FINTRAC correspondences and inquiries should be passed immediately to the Compliance Officer.

FINTRAC: The Financial Transactions and Reports Analysis Centre of Canada

Large Cash Transaction: any cash transactions valued at CAD 10,000 or more that take place within the same 24 hour period for the same customer. This may include one or several transactions.

Large Cash Transaction Report: a report that is filed with FINTRAC when a large cash transaction has taken place. This report must be filed with FINTRAC within 15 calendar days of the transaction. Staff are required to report large cash transactions to the Compliance Officer on the day that they occur using our internal Large Cash Transaction Reporting form.

LCTR: Large Cash Transaction Report.

Money Laundering: the process of taking money obtained by committing a crime and disguising the source to make it appear legitimate. Under the Criminal Code of Canada, it is illegal to launder money or to knowingly assist in laundering money. Under the PCMLTFA and Regulations, we must take steps to be sure that our business is not used to launder money and if we suspect that money laundering may be taking place, we must report it.

STR: Suspicious Transaction Report

Suspicious Transaction Report: a report that is filed with FINTRAC when we have reasonable grounds to suspect that a transaction is related to money laundering or terrorist financing. The Compliance Officer files FINTRAC reports within 30 days of the date that the transaction is deemed to be suspicious. If you suspect that a transaction is related to money laundering or terrorist financing, you must submit an unusual transaction form to the Compliance Officer on the date that the transaction occurs.

Terrorism: is any attempt to influence or intimidate a government or the public at large through violent or illegal means or means that are intended to induce fear or panic.

Terrorist Financing: funding any act of terrorism or committing any act or omission that facilitates the funding of terrorism.

Terrorist Property Report: A report that is filed with several government bodies, including FINTRAC, when we believe that we may be in possession of property or funds that are owned or controlled by terrorists. The Compliance Officer files these reports as soon as possible. If you suspect that we are in possession of terrorist property or funds, you must submit a Possible Terrorist Property Report to the Compliance Officer on the same day.

TPR: Terrorist Property Report

Unusual Transaction Report: An internal form that is used to record the details of any transactions (attempted or completed) that is suspected of being related to money laundering or terrorist financing.

UTR: Unusual Transaction Report

Voluntary Information Report: A report that is filed, by non-reporting entities when there is suspicion of money laundering, terrorist financing or terrorist property.

VIR: Voluntary Information Report


 

  1. Appendix: Sample Training Plan & Log

For all staff and agent training sessions, including training sessions that are delivered by external service providers.

Content

Delivered by (Person, Role & Organization)

Delivery Method (In person, webinar, phone, etc.)

Plan Date

Completed Date

Date Persons Trained

Type of Training

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 


 

1 https://www.ourcommons.ca/Content/Bills/412/Government/C-31/C-31_3/C-31_3.PDF

2 http://www.gazette.gc.ca/rp-pr/p1/2018/2018-06-09/html/reg1-eng.html

3 http://www.fintrac.gc.ca/msb-esm/intro-eng.asp

4 https://lautorite.qc.ca/en/other-amf-mandates/msb-money-services-businesses/

5 http://www.fintrac-canafe.gc.ca/publications/brochure/2012-06/1-eng.asp

6 http://www.fintrac.gc.ca/

7 Currently, registration with FINTRAC does not apply to Equibytes. Requirements related to MSB registration are discussed in greater detail later in this document but will apply only at such a time where we are considered a regulated entity.

8 https://www.lautorite.qc.ca/en/index.html

9 Equibytes does not currently conduct transactions that fall under securities requirements. Should we consider these types of activities at any time, the compliance program will be updated to include all relevant requirements before any qualifying products and/or services are offered.

10 Some exemptions apply. The complete criteria may vary from province to province, despite the existence of standardized guidance at the federal level.

11 This section will apply to Equibytes at such a time where we are considered a regulated entity.

12 Our controls are described at a high level in the Risk Assessment documentation.

13 http://www.fintrac.gc.ca/contact-contactez/list-liste-eng.asp

14 This section will apply to Equibytes at such a time where we are considered a regulated entity.

15 This section will apply to Equibytes at such a time where we are considered a regulated entity.

16 Equibytes does not currently conduct these types of transactions. This has been included for educational purposes or in the event that our business model changes.

17 Equibytes is not considered a regulated entity, and therefore, is not registered with FINTRAC and cannot submit LCTRs. This section has been included for included for educational purposes only.

18 This section will apply to Equibytes at such a time where we are considered a regulated entity. Prior to this Voluntary Information Reports (VIR) will be filed for all Attempted Suspicious and Suspicious Activity.

19 Currently, Equibytes does not meet the definition of an entity that must file terrorist property reports with FINTRAC. This requirement will apply to at such a time where we are considered a regulated entity. Prior to this, VIRs will be filed.

20 This section will apply to Equibytes at such a time where we are considered a regulated entity.

21 Due to the fact the Equibytes is registered with the AMF in Quebec, the following requirements are obligatory and strictly adhered to by Equibytes.

22 This section will apply to Equibytes at such a time where we are considered a regulated entity. However, we have implemented best practices related to certain situations where customer identification is required.

23 Customer identification for instances of suspected money laundering or terrorist financing activity and terrorist property have been implemented as a best practice. Where the information is collected, it will be included in the subsequent VIR.

24 This section will apply to Equibytes at such a time where we are considered a regulated entity.