Skip to main content Start of content

ETHI Committee Meeting

Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.

For an advanced search, use Publication Search tool.

If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.

Previous day publication Next day publication
Skip to Document Navigation Skip to Document Content






Standing Committee on Access to Information, Privacy and Ethics


NUMBER 056 
l
1st SESSION 
l
42nd PARLIAMENT 

EVIDENCE

Tuesday, April 11, 2017

[Recorded by Electronic Apparatus]

  (1605)  

[English]

     Welcome, everyone, to this 56th meeting of the Standing Committee on Access to Information, Privacy and Ethics.
    Pursuant to a standing order and our previous motion, we are glad to have with us today representatives from FINTRAC for a briefing session. From the Financial Transactions and Reports Analysis Centre of Canada, we have Mr. Gérald Cossette, director, who has been here before; and Barry MacKillop, deputy director, operations, compliance and intelligence.
     Thank you for coming, Barry.
    We also have with us Mr. Paul Dubrule, general counsel.
    Gentlemen, we thank you very much. We have about an hour to discuss the items that we would like to address. If you would like to start with an opening set of comments—I'm assuming that it's you, Mr. Cossette—we'll then proceed to some questions. Once we're satisfied with that, or if an hour elapses, whichever happens first, we'll be finished with this.
    Mr. Cossette, the floor is yours.
     Thank you, Mr. Chair, for inviting us to speak with you regarding our handling of an access to information request in relation to the penalty that FINTRAC levied against a Canadian bank in 2015.
     As Mr. Chair just mentioned, I am joined today by Barry MacKillop, our deputy director of operations, and Paul Dubrule, our general counsel.
    I would like to take a couple of minutes this afternoon to describe FINTRAC's mandate and the role we play in helping to protect Canadians and the integrity of Canada's financial system. I will then explain our administrative monetary penalty program and the decision I took in relation to the penalty imposed on a Canadian bank.

[Translation]

    FlNTRAC was created in 2000 by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. As a financial intelligence unit, FINTRAC facilitates the detection, prevention and deterrence of money laundering and the financing of terrorist activities, while ensuring the protection of personal information under its control.
    The legislation creates obligations for financial services entities, real estate brokers, money services businesses, casinos and other business sectors subject to the act to establish an internal compliance program; identify clients; monitor business relationships; keep certain records; and report specific types of financial transactions to FINTRAC, including suspicious transactions and international electronic funds transfers of $10,000 or more.
    As part of Canada’s anti-money laundering and anti-terrorist financing regime, FINTRAC houses both supervisory and intelligence functions, which allows it to effectively assess and ensure the compliance of regulated businesses and produce financial intelligence for its police, law enforcement and national security partners.
    Over the past year, we provided 1,655 disclosures of actionable financial intelligence to our police, law enforcement and national security partners to assist their investigations of money laundering, terrorism financing and other threats to Canada's security.
    Our financial intelligence has become increasingly valued by our partners as lead information to expand or define their investigations, and to obtain search warrants and production orders to gather information in pursuit of criminal charges.
    For example, just a few weeks ago, FINTRAC's contribution to Project Silkstone was singled out by the Ontario Provincial Police following the arrest of a number of individuals for allegedly trafficking 11,500 pills containing fentanyl and other illicit drugs in Ontario, Quebec and the United States. This is just one example of many dozens over the past couple of years where FINTRAC’s assistance in helping to protect Canadians was recognized by our police and national security partners.

  (1610)  

[English]

     In December 2008, FINTRAC received the legislative authority to issue administrative monetary penalties to businesses that are in non-compliance with their obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and its regulations.
    I want to be very clear that as set out in the act, the penalty regime is focused on changing the behaviour of entities to bring them into compliance. It is not to punish them for laundering money.
    There are other measures in place should FINTRAC have reason to believe that businesses are facilitating, or are knowingly being used to launder money or to finance terrorism. These include non-compliance disclosures to police. This was not appropriate when we penalized the bank for administrative deficiencies last year.
    Under the act, the centre may publish specific details of a penalty imposed once all proceedings in respect of the penalty have concluded. This means that all avenues of review and appeal, including court proceedings, have been exhausted. FINTRAC has established and published criteria to guide its decision-making in relation to the naming of businesses that are subject to a penalty.
    These internal criteria, however, do not supersede the authority that Parliament afforded FINTRAC's director under section 73.22 of the act to publish or withhold the name of a business that has been penalized.
    When we penalized Manulife for non-compliance with the act, I exercised my discretion to withhold its name. I did this because of the administrative nature of the violations. Again, the violations committed by the bank were not in relation to money laundering or the financing of terrorism. In making my decision, I also took into account the mitigation measures the bank had taken in this case.
    At the same time, by deciding not to name the entity, we were able to avoid a potentially lengthy court process. We have found that court proceedings often take many years, with information usually being sealed and outcomes uncertain. By not naming the entity, we sent a timely message of deterrence to the other 31,000 businesses subject to the act.
    In responding to numerous access to information requests in relation to this penalty, we had to take into account the fact that the bank's name had been withheld, and that we had signed a legally binding agreement with Manulife in order to conclude court proceedings. This meant that FINTRAC had to exempt details from information released under the Access to Information Act that would potentially identify the bank. The centre also withheld confidential proprietary information that was supplied to it by the entity.

  (1615)  

[Translation]

    As well, we were aware that the name of the entity was known. However, FINTRAC couldn’t confirm this. As a result, the Centre took care to exempt details of its assessment of the bank's non-compliance that, if released, would prejudice the competitive position of, or cause financial loss to, the entity. This is not the intended purpose of the penalty regime, which, I repeat, is non-punitive.
    From the increased reporting that we’ve received from businesses across the country and the discussions that we’ve had with them following the publication of the penalty, I believe our message of deterrence was heard very clearly.
    However, improvements can always be made. On that note, I’ve acknowledged the need to work with Finance Canada to review the legislation in relation to our penalty program. We’re also currently examining our administrative monetary penalty policies to ensure they strike an appropriate balance between the need for transparency and the requirements of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.
    Thank you, Mr. Chair. We’re now ready to answer your questions.

[English]

     Thank you very much, Mr. Cossette.
    We'll now go to Mr. Erskine-Smith, please, for questions.
    I have a number of questions. I understand that between 2008 and 2013, details and names were regularly published and that subsequently there was a change in disclosure policy. Do you think a move back to the previous policy would make sense in light of your experience with Manulife?
    We need to look at each case. It's very difficult to generalize the approach that should be taken.
    In 2013 the policy was changed because I thought that naming organizations that we penalize for smaller amounts of money gave them a bad name and did not necessarily change their behaviour. Therefore, we established different criteria for naming at that time.
    So a bank is fined over $1 million and their name is not disclosed. However, I have Toronto Star articles here that indicate that the CEO of Altaif Inc. was fined $42,600 for two of the same violations, that is, failing to report the sending and receiving of money transfers of more than $10,000. His name was publicly disclosed. The name of another individual who was fined $12,750 was also disclosed.
    Walk me through the consistency in your decision-making.
    I will start at the beginning of the process. We start with a risk-based assessment of entities, trying to identify which ones may be susceptible to not complying with their obligation to report—not to money laundering, but to their obligation to report. Once we've done that process we conduct an examination. The examination reveals a certain number of things. If the entity does not agree with the results of the examination, they have the right to ask for a review, which is conducted by a separate side of FINTRAC. The review unit makes recommendations to the director as to whether the penalties the examiners would propose should stand, based on a series of criteria, or attached to the violations themselves. For instance, some of them may be attached to the capacity of the entity to pay.
    Then, depending on my response, whether I want to stand with the suggestion or change the decision taken by the examiner, then entities have the right, if they want, to go to court.
    Could I jump in, because I'm confused. I understood that the policy indicates that FINTRAC will name an entity if one of three criteria is met: where a person or entity has committed a very serious violation—
    Mr. Gérald Cossette: Yes.
    Mr. Nathaniel Erskine-Smith: —where the base penalty amount is equal to or greater than $250,000—
    Mr. Gérald Cossette: Yes.
    Mr. Nathaniel Erskine-Smith: —and repeat significant noncompliance on the part of the person or entity.
    Mr. Gérald Cossette: Yes.
    Mr. Nathaniel Erskine-Smith: So if I understand that criteria correctly, why would the bank's name not have been disclosed?

  (1620)  

    The entity cannot be named and the penalty cannot be imposed until the full process is exhausted, which includes court proceedings. If an entity were to decide to go to court, the case might be sealed, which means that you might never know there was a penalty, you might never know the name of the entity, and the court decision might take years before we know what it is.
    Between the uncertainty of the potential court process and the certainty of the penalty and the deterrence attached to it, I decided to go for the penalty without naming the institution.
    So court sealings almost never happen and there's a very high wire for court sealings. In a regular civil or criminal suit.... I'll read. This is Richard Leblanc from York and Harvard universities:
Naming of the institution would cause media scrutiny, but the procedural rights of the bank would remain intact. If a person or firm is charged civilly or criminally, the name of the person or firm is almost always disclosed, as a matter of public interest and transparency, at the time the person or firm is charged, not after the sentence or appeal rights have been exhausted.
    Why would we treat banks differently in the FINTRAC regime?
    Under the provisions of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, the Federal Court is required to look at the need to hold hearings in camera, to seal documents, and to make sure that all the proceedings are confidential. Reporting entities have applied to the court pursuant to that provision and been granted the right to have confidential hearings.
     Sure, I don't dispute that there are court hearings, but that doesn't get away from my question. If we have a civil case and a criminal case and the name is disclosed and procedural rights are protected—if “as a matter of public interest and transparency” the name is disclosed—why would we treat the bank differently? The bank can seek the court sealing of the document under the rules, but—
    It did so.
    The court required this to be sealed in the first instance, or FINTRAC made the determination...?
    There was an appeal to the Federal Court pursuant to which the court said that all matters before it were to be confidential in relation to Manulife.
    When—
    Subsequently, if I may continue—
    —that is when the parties negotiated to come to an agreement to facilitate the payment of the penalty, the ability to say that the penalty had been imposed, and to use that as deterrence not just for Manulife, but for all other entities, which would see that a penalty of over $1 million was imposed for the violation set out.
    Mr. Cossette, you had said, “I understand that” non-disclosure and withholding the name of the bank “may not have met public expectations in relation to openness and transparency.” Do you still agree with the comments you made?
     I take it from the record today that you sort of stand by the decision to withhold the name. I got mixed messages. You say that you understand it may not have met public expectations, but the testimony here today is that “I believe our message of deterrence was heard very clearly”, and in fact, by all accounts, I think the message is that you've acted appropriately with respect to transparency and accountability. How do I square those two?
    The issue for me at the time was, do you face a potential court proceeding, which might take years before we see the results, or do you send a timely message of deterrence? Uncertainty versus certainty: I opted for the certainty at the time, and the message. Given the results we've seen with the increase in a number of transaction reports we've received, and given the conversation we're having with the financial sector, I think the message was received clearly by all entities under the regime.
    Thanks a lot.
    Thank you.
    Mr. Kelly.

  (1625)  

    Perhaps just to help me, and also to make it clear for the record of the meeting, if I understand correctly, there was a negotiation, an agreement, in this particular case, with the bank. There was an agreed statement of fact or a finding of facts, an agreement to pay a particular penalty, and an agreement to not disclose the name of the entity?
    Yes.
    You mentioned just at the end of my colleague's questions that it's your belief that the experience of what happened had the effect of modifying behaviour and that you saw an increase in compliance. With the increase in compliance, was there also a difference or a change in reporting that you could determine before or after the naming of Manulife? Or was the announcement of the fine the real attention-getter, if I may so, for industry?
    It's difficult to assess if it is one for one.
     What we know for a fact—and we could provide you with numbers for it—is that we see now and have seen over the recent three to five years a significant increase in the number of the suspicious transaction reports we receive. Last year, we received 125,000 suspicious transaction reports, which are really the bloodline of what financial analysis is all about. Therefore, if the purpose of the regime—and indeed this is the purpose of the regime—is to provide intelligence to our law enforcement partners and our national security partners, the first provider of that information is the private sector. It is the 31,000 businesses that contribute to the regime.
    Every increase in quality and every increase in the timeliness of these transaction reports we receive is of greater value to the regime. That's what we've seen over recent years: numbers, timeliness, quality, and openness. If we want to talk about the relationship that we have with the banking sector right now, for instance, we have participated in a project called “Project Protect”. It's not the project that is of interest to us—it's that it was initiated by the private sector, not by us. The relationship is changing, and the credibility of FINTRAC in that relationship is changing as well.
     Okay.
    That perhaps leads to another point about this, though, in terms of the relationship between FINTRAC and the reporting entities. If there was an agreement not to have Manulife's name disclosed, and yet we all know now that it was Manulife, how is that going to affect future negotiations or future discussions with a future entity that may be facing the same question of fines and disclosure?
    What's going to happen in the future is that we will look at the circumstances at the time. We will look at the results of the examinations, we will look at mitigation measures, we will look at how the entity behaves in terms of compliance with the regime, and we will take a decision on those grounds.
    I understand that the goal is to increase compliance and increase reporting, not to punish for the sake of punishing, and this is trying to modify behaviour. But I hope we'll continue to have increased compliance and that the fact of not being named and then being named wouldn't affect this.
    I'm going to turn it over now. I'm not sure if I have any time left.
    Sure, good.
    All right, Mr. Jeneroux, do you want to go?
    Sure. I have just one quick question, if you don't mind, Mr. Chair.
    I'm still just a little confused. In the fourth to last paragraph of your statement you said that you “were aware that the name of the entity was known. However, FINTRAC could not confirm this.”
    Are you saying that somebody knew it was Manulife, but you...? I'm confused by that sentence.
    We were receiving phone calls from the media inquiring whether it was this entity, that entity, or this entity, so obviously some journalists—

  (1630)  

    So, were they running through a list of entities?
    They were just asking, “Is it this one, this one, or this one?” So, obviously somebody either had guessed or got information from somewhere as to who the penalized entity was. Despite the fact that it was out there, and despite the fact that we had a confidential agreement with Manulife, we could not confirm whether it was Manulife or any other entity for that matter.
    Do you do an internal investigation, then, to find out how that was known?
    On if the information had been released from within FINTRAC...?
    Yes.
    We will look at basically....
    You will or you have?
    Well, we have done some work and we'll continue to do some work to establish whether, in fact, the leak came from our organization or not.
    Do you have a result of that?
    We have a result of the first phase, which doesn't show anything, and then we'll go to the second phase.
    There are phases to this. Okay.
    All right, I'm good.
    Are you phased out? All right.
    Mr. Blaikie, please.
    Thank you very much.
    I'm sure committee members missed your humour in the chair, Mr. Chair.
    Thank you very much for filling in for the chair and the vice-chair, Mr. Vice-Chair.
    You had mentioned earlier that a policy change took place with respect to which institutions are named, and how that's done. Who makes that policy? Is it FINTRAC itself that determines that policy?
    Yes, it is us.
    Okay, so it's you who decides on the policy of whom to name.
    I certainly agree that discretion is sometimes warranted and can be the best policy in certain circumstances. Do you feel, though, that when it's done on a case-by-case basis in the way that it's being done, it can contribute to undermining public confidence in the process if the decisions are seen as being arbitrary, or if certain types of institutions are not being named whereas other types of institutions are?
    I think, Mr. Chairman, the way for us to make the public understand that we don't do this on an arbitrary basis is to explain over and again the grounds on which the decision was taken. For us, that's the best way of proceeding so that the public can see that the decision was reasonable, given the circumstances at the time. I think that's how our organization will continue to build its credibility.
    Okay, so you don't feel that the kind of non-disclosure agreement you had with Manulife impedes your ability to clearly communicate how decisions are being made and the reasons why?
     The reason we signed an agreement with Manulife was to avoid a long court proceeding that might have taken years and would have meant that, at the end of the process, people might not remember why the individual was penalized. Moreover, we would have no control over what the court would decide. As I said before, in the choice between that uncertainty—years before it is known, if it is known—and the deterrent effect, we went for the deterrent effect.
    Are you concerned that your reasoning in this case might lead to scenarios in which organizations that are well funded and have the legal means to threaten a long, protracted legal battle will secure a kind of preferential treatment in that, because they're the ones in a position to make that threat, they would be less likely to be named, and that's a consequence of the amount of resources they have instead of other considerations? So players who don't have those same legal resources and financial resources are going to get named because they're not able to threaten delay, whereas larger institutions like large banks who do have that capacity are going to be in a position to protect themselves from being named through threat of lengthy court action.
    I don't think it would be appropriate for me, Mr. Chairman, to comment on accessibility to the legal system.
    All right. Fair enough. So you don't think—and I'm not speaking to any particular organization's access to the legal system—that access to the legal system, if that's the rationale for your decision, is a consideration in the kind of legal action that could be undertaken?
    In the case of smaller clients who don't have those resources.... Do you treat the potential of legal action the same for any organization regardless of their resources? Are you blind to the legal and financial resources of institutions when you make a decision based on the potential for legal delay?

  (1635)  

    Yes, we are blind because, historically, we have seen organizations with different means going to court in response to penalties.
    The issue is not as much whether entities have the financial capacity to go to court. The issue is that the court may decide to seal the proceeding and, therefore, the deterrent effect or the transparency effect is nullified by the court process. That's the rationale behind the decision.
    I can appreciate a kind of blindness to access to legal resources as part of a procedural argument, but if the argument behind the policy is that you need to decide these things on a case-by-case basis in order to be able to exercise discretion, doesn't discretion usually tend toward the idea that we want to be able to take into consideration all of the various factors at play?
    If you're arguing for discretion on the one hand, why would you then say that you want to be blind to certain aspects of the situation that you're being asked to judge on a case-by-case basis?
    The decision that an entity may take to go to court or not to go to court is its own choice. They may take that decision for several reasons, including, for instance, because they think they're going to win on the disagreement they have with us on the violations. Their choice is based on their own analysis of their chance of success through a court proceeding. I cannot comment as to size, small or big.
    What we know and what the experience shows is that entities of different sizes, of different financial capacities, based on their own assessment, have taken FINTRAC to court.
    Your colleague did mention the fact that the appeal at Federal Court, if I'm correct, was one of the preponderant factors that brought you to negotiate with Manulife in order to reach that agreement.
    If Manulife hadn't yet made the appeal to Federal Court or never made the appeal to Federal Court, if you're blind in the way you suggest you are, would your decision not have been the same in the end because there was the possibility of going to court, or did the fact that Manulife in fact went to court bear on your decision?
    Mr. Chairman, I'm not too sure what the question is. I think it wouldn't be appropriate to go back to try to re-decide what I would do under different circumstances.
    I guess I'm trying to understand for future cases, if it's irrelevant whether companies or institutions in fact mount a legal challenge because you're blind to their ability and resources in that regard. I guess what I'm asking is this. I think that that intention, with the claim that the fact that an appeal had been made, was one of the reasons you decided to negotiate. The fact of their being able to mount a challenge, I think by your account, and this kind of blindness to the extent of their legal resources, would mean that you would have made the decision regardless of whether they had gone to court or not.
     When we issue our notice of decision to the institutions, the institutions may go to court, and then we have to act according to the position of the court at that moment. Alternatively, they may say that they want to go to court, and until the process is completed and exhausted, we do not name and do not penalize the institution, so there's a timing issue. Whether we know that they will go to court and that changes our decision at that time is not taken into consideration. We tell them what the penalties are, and then we proceed from there.
    Thank you, Mr. Blaikie and Mr. Cossette.
    We will now go to Mr. Ehsassi, please.
    I'm just going to read a portion of your testimony today. You stated that, “the violations committed by the bank were not in relation to money laundering or the financing of terrorism.” Given that we're talking about a fine of $1 million, what other bases do you have to impose fines under the regulations?
    We basically look at their obligations to report to us. Under the legislation, they have the obligation to report large cash transactions of more than $10,000. They have the obligation to report international electronic transfers. They have the obligation to report suspicious transaction reports. If they see people coming in and running financial operations that may look suspicious and can be used in the context of money laundering or terrorism financing, we may penalize them for that.
    We may also penalize them for not having a compliance regime, which includes policies, training, and processes. Based on the number of violations and the kinds of violations, we then establish what the penalty should be. Then, depending on the size of the organization, we also look at the capacity to pay.

  (1640)  

    My concern, much like Mr. Blaikie's, is that you're saying you did this to deter the 31,000 other entities from engaging in certain types of activity. To me, the bigger danger is that you really set a precedent whereby every single entity you now try to go after will say, “We're going to go to court”. So not only are you not deterring them, you're encouraging them to go to court in the event they actually have the necessary resources. Let's say that's not true. The next entity that you decide to name could bring a claim against you to say, “We were not dealt with equitably because you're treating us very differently than you did the bank.” How would you deal with those types of concerns?
    The first thing, Mr. Chair, is that we were taken to court long before we imposed the penalty on Manulife. The situation with Manulife and the fact that we did not name the organization has not necessarily incited other entities to take us to court. We were taken to court long before that. The first time we were taken to court was in 2009, so the idea of taking FINTRAC to court and trying to have the proceedings sealed dates from long before what happened with Manulife.
    The second thing is that we look at each case on its own merit, so it's not as if the results of an exam of bank A would be the same as the results of an exam of bank B. What are the violations, in what context were they carried out, is the regime solid, and is the lack of reporting a demonstration or a manifestation that the overall regime is weak? All these things are taken into account before we say it's $1 million or $2 million, or $2 million or five dollars for that matter.
    I appreciate that, but just by virtue of the fact that you're saying it's a case-by-case determination, that suggests you're open to charges that you're being arbitrary. I mean, there is a tension there. Given that you're explaining to us the complications with the legal framework and the legal regime, are there any oversights in the regulations that you think are responsible for the manner in which you've had to interpret and apply the regulations? Is there a gap?
    The regulations are what they are for the time being. We're working with the Department of Finance right now on whether there is a best way to manage the compliance regime, including the penalty program. One of the issues we have faced is basically that there were two cases—two court decisions—that are forcing FINTRAC to review its compliance program. That's what we're doing. We're working with the Department of Finance on that.
    What we're trying to do right now is to better connect the compliance violations with their value from an intelligence standpoint, so right now the two programs are a bit disconnected, so to speak, or disjointed. Where we're going with the process is to try to mesh these two things, so that our program, from compliance to financial analysis to disclosure, follows the same logic. Right now, our legislation flows from the Criminal Code, and the administrative monetary policy program flows from the civil side, so there's a little bit of a disconnect. There's a circle we're trying to square here, from a regulatory standpoint.
     Thank you.
    Mr. Erskine-Smith, there are a couple of minutes left.
    Thanks.
    When it comes to improving compliance by, in this case, agreeing to not to disclose the name, do you think our regime in Canada ensures greater compliance than the one in the United States, where they do name institutions that have had significant fines levied against them?
    The two regimes are similar, but they're not the same. The Americans do penalize for money laundering. We do not penalize for money laundering. We penalize for non-compliance with the legislation. If we were to see, through an examination, facts that are so egregious, we have the capacity to disclose to the RCMP. Then the RCMP would decide whether a criminal investigation on money laundering is warranted.
    I'll just read the following:
I'm in the United States, and they are saying, “What kind of Mickey Mouse system do you have? We name our large institutions!” said Garry Clement, a retired 30-year RCMP veteran who now specializes as a financial crimes investigator, trainer, and policy adviser.
    What do we say in response to Mr. Clement?

  (1645)  

    The two regimes are different. FINTRAC cannot penalize for money laundering. That's the first thing.
    That's not my question. My question is about naming institutions.
    In the American regime, the institution may be named and the amount may be named. We don't know if that is the final result. What we know is that this is what is being announced. Are there then negotiations in terms of what the final amount of money will be? We don't know.
    That's exactly why this 30-year RCMP veteran is suggesting that they're more powerful in the United States by naming institutions. If we talk about deterrents, naming has an incredibly powerful deterrent effect. Do we not see that?
    When you say, “I believe our message of deterrence was heard very clearly,” we've removed a significant deterrent power by not naming this institution. Have we not?
    The American regime is not our regime. When they penalize for hundreds of millions of dollars, they penalize for money laundering, not for not complying with institutions' obligations to report. They pay a fine for acting criminally.
    That's the end of that particular time slot.
    Mr. Cossette, you're exactly right. You're simply carrying out the legislation that the folks at this table or our predecessors thereto have passed, so we shouldn't hold you to account for the law that you didn't make.
    Are there any other colleagues who want to ask questions as we go through? We have a few minutes left. Are you guys finished?
    Next on the list is Mr. Jeneroux, and then we'll go to Mr. Bratina.
    Thank you.
    To follow up, part of the reason you're here is the leak about what happened. You've finished phase one of your investigation of the leak. You're now in phase two of the leak investigation.
    What's your capacity to do this, and do you report this to Finance? Is it internal? If the culprit does belong to FINTRAC, is it then, “Okay, great, we addressed that,” and you move on? Walk me through where the next steps are going with some of this.
    The first thing we need to do, and we've done, is to establish whether there are technical means of confirming that the information came from FINTRAC. We've been told that the information came from FINTRAC. I cannot assume that this is necessarily the case. So before going after—
    Sorry, who told you that? Is it from part of your investigation, or is it the media who told you that?
    No, it's not from part of the investigation. The fact that the leak came from FINTRAC was provided to us by somebody from the outside who said, “I know the name of the bank, and it was confirmed to me by a member of FINTRAC.” In all conscience, I cannot assume that, so I have to proceed cautiously to make sure we don't accuse people before having all the facts.
    As a first phase, we're trying to establish the facts. Secondly, if we have a sense that, yes, the leak might come from our organization, we will proceed to determine or to find clearly who it might be. A limited number of people are involved in this case, so it's not as if the whole organization might have leaked the information, but we have to proceed as cautiously as possible because we need to confirm a certain number of things instead of launching a witch hunt that might lead nowhere. That's why we're so cautious.
     What are we talking about, 100 people, five people? Those are two different numbers—
    No, we're talking about a number of people who have been working on this file.
    Again, is that 100 people, or is it five people—ballpark?
    It's people who conducted the investigations, people who reviewed the case, people who reviewed the appeal, the lawyers, me, and senior staff—
     I'll try again. Was it under 30? Was it under 20? Let's assume it was under 20.
    It was under 20.
    It was under 20, great. Then in phase two, you determine who this is.

  (1650)  

    Mr. Chair, I'm very sorry. I just hate the last line, “who this is”. We have no proof as we speak that the leak comes from FINTRAC. I would like that fact to be very clear. There is no proof, and I don't like insinuations that there may be. If we find who it is, there are measures in our legislation, and we will follow those measures. But until then I will not speculate in public about the fact that there may be somebody in FINTRAC who committed an act of that nature, which is very serious under our legislation. I'm very sorry.
    Fair enough. That's fine.
    I believe the line of questioning was about once you find who this is. That doesn't mean it's in FINTRAC. It could be somebody outside of FINTRAC. Your point is taken on whether or not it was someone in FINTRAC.
    However, I'm trying to understand the process here. Once this is done, and you find out it's someone either within or outside FINTRAC, then what happens? Is there any reporting mechanism anywhere else? Does it stay within FINTRAC? What are the next steps?
    This may stay within FINTRAC, because we have an internal process. People have obligations under our legislation and our code of conduct. Depending upon what we find, and the conditions under which the information was leaked, if it was leaked, then we'll decide what the next steps are. But there is a process within the organization and within the legislation that provides significant tools in terms of penalizing people, in terms of charging people. There are tools that we can use.
    Has this happened before?
    This has never happened before as far as I know.
    It's the first time.
    Since I've joined FINTRAC, it's never happened.
    How long have you been there?
    For almost five years.
    I remind colleagues that we should keep the questions in line with the spirit of this committee's purview, which is access to information, privacy, and related questions. As parliamentarians we can second guess all we want the effectiveness of the legislation, but that purview would actually fall under a different committee that would have a different mandate.
    Could colleagues keep that in mind with their questions, please.
    Mr. Blaikie, did you have anything else you would like to go for?
    Mr. Bratina, please.
    Just briefly, this is a huge old company, a multinational. I looked it up. It has $700 million in assets, 34,000 employees. They must know what they're doing. What didn't they do in terms of not complying with their obligations? Were there oversights? When this was investigated, what was the explanation, if you can share that, for how these obligations were not met? Was it at the managerial level, that somebody had a document that said $20,000 went to Lebanon, but didn't report it?
    Really, what happened?
    Barry may provide more detail, but there were basically four things. The first is that given the size of the organization and the maturity of Manulife, we had expected that their compliance framework would be more robust than it was, in terms of policies, training, procedures, reviews of their risk profile more often by senior officials. That was one component.
    The second component was that they did not report a suspicious transaction to us on a very specific individual who was well known. Given the fact that they knew the individual was well known, and the fact that they had reported that already to law enforcement agencies both in Canada and in the U.S., that suspicious transaction report from an intelligence standpoint could have been useful to us. They did not report that. They did not report, I don't know how many, but a certain number of large cash transactions of $10,000 and more, and they did not report a certain number of electronic funds transfers in and out of Canada of more than $10,000.
    Those were the four main components, main violations, if you wish.
    What would the Manulife people say as to how that happened and how it won't happen again? What would their approach be?
     Well, they had already put in place, between the time we conducted the examinations and the time we penalized them—because we have to analyze the results of the examination—a number of mitigation measures to make sure it would not happen again.
    Will it happen again? The next examination will reveal that, or not.
    Were you satisfied, when you saw the explanation of those measures, that this looked like they were seriously addressing the non-compliance?
    Yes.
    The fact that they did not...warranted the million dollars that they had to pay as a penalty.
    Finally, you're saying that this cascaded through the industry, that everyone has taken notice and pulled up their socks, so to speak.
    Yes.
    Thanks, Mr. Chair.
    No worries.
    Mr. Erskine-Smith.

  (1655)  

    I want clarity on how you arrived at the settlement to not disclose the name of the bank publicly. It was originally Manulife that sought a sealing order of some sort from the Federal Court, on an interim basis, before the full case was resolved. They won that, which gave them leverage to negotiate a settlement with you, and ultimately the settlement that you arrived at was to not disclose the name.
    That's generally the sense I have from—
    Yes.
    They achieved a decision from the court that the process of appeal would be confidential, which meant that until that process ended, there was no possibility of naming—
    Of naming them.
    It was then a decision of whether we would fight that appeal.
    Or, would you carry it out in a private way in court and win, and then disclose it after the fact? That would have been an option as well.
    Yes, knowing that.... I will use one example of a case that is public, so I can speak to it, the British Columbia Lottery Corporation, which is in litigation with Interac over a penalty. That case started in 2010, and it is still before the Federal Court. In that case, that entity was named, because there was a leak from the other end of the fact of the penalty.
     It just goes to show the nature of the litigation process.
    Sure. I can understand, especially with that court decision in the interim, that it changes the negotiating playing field, as it were.
    Mr. Cossette, I think you rightly pointed this out when you spoke about the public's expectations regarding transparency and why you want to engage in a general review of the disclosure policy. When you take a step back, from the public's points of view, it strikes me that the public ought to have a right to know if their financial institutions have been penalized for non-compliance.
    There are worries with respect to the application of discretion. My colleagues, Mr. Ehsassi and Mr. Blaikie, have indicated that there may be, by virtue of the ability to pay for high-powered lawyers, a disparity in the application of this discretion as it relates to small players and big players. Mr. James Cohen, from Transparency International Canada, says we should remove that discretion and clearly lay out the criteria for naming financial institutions so that it is publicly available.
    Do you think that would be a fair way of approaching it, given your history of the exercise of this discretion and the policy since 2013?
    Well, as I've said before, Mr. Chair, we're in a conversation with the Department of Finance as to what pieces of the compliance program and the penalty program need to be reviewed.
    What would it mean to name at the beginning of the process? We need to assess that from a legal standpoint, as well.
    To be fair, I think this is a conversation about the effectiveness of the legislation, which should actually be discussed either at the finance committee or the public safety committee.
    No, it's an access to information when it comes to the public's right to know the institutions that have been fined.
    I don't know if that was necessarily the answer that I got from your question, Mr. Erskine-Smith.
    Anyway, please continue.
    I have one or two more questions. We'll get right to the access to information.
    An access to information request was made in 2016. A number of bases were invoked to refuse to disclose that information.
    Can you summarize why that information was refused under the Access to Information Act?
    Well, I don't know specifically. Paul may know specifically which information you're referring to.
    The issue we had with this case was very different from the issues we face normally. Normally, of course, we redact according to the legislation. In this case, there were several factors that explain why it took so long. There was the confidential agreement that we had with Manulife, which explains.... For instance, we knew that the name was known by somebody. Therefore, in the way we redacted documents, we had to redact information that normally would not be of concern to us. For instance, a phone number might confirm the name of the entity.
     It was due to that confidential agreement that was made. That's the source ultimately of refusing to disclose the name under ATIP, correct?
    Of refusing to disclose the name of the bank, yes.
    Under the Access to Information Act.
    As a result of not disclosing the name in those initial access to information requests, other information that normally would have been exempt, had it gone with a name, was released.

  (1700)  

    Sure. Okay.
    My last question gets to that balance that the chair pointed out between compliance, which is a different question, and the public interest in transparency and accountability. I understand they're at odds sometimes. Between 2008 and 2013 names were routinely disclosed, and the policy has shifted since 2013.
    Has compliance increased since 2013 when you look at that balance?
    I think the entities are doing much better than they were doing before, yes.
    Do we have numbers to back that up?
    We can look at the kind of deficiencies and the number of reports we see now that we didn't see before. With the interface we have with them from an interrelationship standpoint, their commitment and engagement is very different today from what we had in 2008.
    My final comment would be that I very much encourage you to assess whether there has been a significant increase in compliance, because I think there is a significant public interest in transparency and accountability with respect to naming financial institutions, particularly to know whether there has been non-compliance. I certainly would want to know if my bank had been non-compliant with the act.
    Thanks very much.
    That's something, colleagues, we can all consider when it comes to legislative changes and reports that we issue as a committee as recommendations to the government.
    I want to thank our witnesses for coming today. I appreciate it. We had a good and frank discussion. It's not a normal thing that we do here at the committee, but certainly, I think it's a valuable one.
    I thank you very much for your patience and understanding and answering the questions as frankly as you could.
    Colleagues, we are going to take a break. We are going to suspend and go in camera for a minute to consider some committee business.
    [Proceedings continue in camera]
Publication Explorer
Publication Explorer
ParlVU