Witnesses provided comments with respect to areas of the regime that they believed could be improved by a number of changes; these areas include:

• virtual currency and money service businesses,
• compliance and the administrative burden,
• suspicious transaction reporting, and
• sanctions lists.

A.  Virtual Currency and Money Service Businesses

(i) Background

Money services businesses (MSBs) are traditionally those that exchange currencies, transfer money, and/or cash or sell money orders and traveller’s cheques. In Canada, MSBs are required to register with FINTRAC, follow the AML/ATF reporting and record-keeping requirements, verify the identity of clients for certain kinds of transactions, and operate a PCMLTFA compliance program.

Initial Coin Offerings (ICOs) occur when a company creates a new cryptocurrency or digital token and offers them to the general public who may purchase them in whatever manner that company specifies, such as using fiat currency or other cryptocurrencies.[24] ICOs could be viewed as similar to Initial Public Offerings (IPOs) where a company offers their stocks to the public for the first time. However, a company’s stock is connected to corporate ownership and/or performance, while the new crypto currency or digital token offered in an ICO may only be connected to a particular project that the company is pursuing. For example, a company could offer digital token through an ICO that can only be redeemed for a particular service that the company currently or hopes to provide in the future, and the monetary value of that token may fluctuate over time based on the market value of that service. The Canadian Securities Administrators published CSA Staff Notice 46-308 Securities Law Implications for Offerings of Tokens, which provides guidance on the applicability of securities laws to ICOs. Broadly speaking, the Canadian provincial/territorial securities regulators will have the jurisdiction to regulate an ICO if the offering constitutes a security.

In the U.S., FinCEN updated certain definitions and other regulations relating to MSBs in 2011 to include virtual currency exchange businesses as “money transmitters,” which are a type of MSB under FinCEN’s rules and therefore subjected virtual currency exchange businesses to the U.S. AML/ATF regime. In particular, any business that accepts and transmits a convertible virtual currency or buys or sells convertible virtual currency for any reason is a money transmitter under FinCEN’s regulations. Money transmission services are defined as “the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.” MSB’s must be registered with FinCEN, and must renew that registration every two years. In addition, certain American states require licences for virtual currency business activity; for example, the state of New York implemented a BitLicense Regulatory Framework.

On 19 April 2018, the European Parliament adopted the European Commission’s proposal for a Fifth Anti-Money Laundering Directive (AMLD5) to prevent terrorist financing and money laundering through the European Union’s financial systems, and addresses – among other things – the potential money laundering and terrorist financing risks posed by virtual currencies. AMLD5 responds to these risks by expanding the scope of the previous directives by including virtual currency exchanges and virtual currency wallet providers as “obliged entities” subject to EU regulations. Virtual currency exchanges and virtual currency wallet providers now face the same regulatory requirements as banks and other financial institutions, which include obligations to register with national anti-money laundering authorities, implement customer due diligence controls, regularly monitor virtual currency transactions, and report suspicious activity to government entities.

On 9 June 2018, the Department of Finance published proposed regulations under the Act, which included measures targeted at virtual currency exchanges. These exchanges will be treated as MSBs, and any persons or entities dealing in virtual currencies will need to implement a full AML/AFT compliance program and register with FINTRAC. In addition, all reporting entities that receive $10,000 or more in virtual currency will have similar record-keeping and reporting obligations. Furthermore, reporting entities such as MSBs will be required to conduct a risk assessment of their vulnerability to money laundering and terrorist financing activities, and take reasonable measures to determine the sources of a politically exposed person’s wealth.

(ii) Witness Testimony

Witnesses commented on the legal terminology used in the cryptocurrency space and the implications of this terminology on the PCMLTFA. The Dominion Bitcoin Mining Company suggested that Canada needs to have easily recognizable, clear, and defensible legal definitions of blockchain-backed digital tokens. To achieve this, they proposed that the PCAMLTF use definitions based on three readily identifiable functions: “cryptocurrency”, “utility tokens” and “security tokens”. Each is defined as follows:

• cryptocurrency: blockchain-based decentralized payment and settlement systems, for example Bitcoin, Bitcoin Cash, and others;
• utility tokens: blockchain-based digital tokens designed to represent future access to a company’s product or service, for example: Ethereum;
• security tokens: blockchain-based digital assets that derive their value from an external, tradable assets or equity, and are subject to provincial securities regulations. Commonly referred to as “tokenized assets.”

The Dominion Bitcoin Mining Company also proposed a multi-year “sandbox” initiative where regulated entities in the cryptocurrency space could operate in a somewhat self-regulated manner, sharing information at regular intervals with the regulator.

In their written submission to the Committee, Durand Morisseau LLP and IJW & Co. Ltd. indicated that the definition of “virtual currency” proposed in the Department of Finance’s newly published regulations concerning virtual currency exchanges is insufficient, as it promotes the perception that it is:

• 1) a “currency”, which they believe it is not;
• 2) a “digital currency,” which they believe it should not be, as there is no definition under current Canadian legislation;
• 3) a form of “electronic money”, for which no definition exists under current Canadian legislation; or
• 4) money, which they believe it is not.

Durand Morisseau LLP and IJW & Co. Ltd. went on to explain that it is not possible to ascertain whether the current definition of “virtual currency” would capture ICOs. Thus, it recommended that the definition of “virtual currency” should be replaced by “cryptoasset” so as to avoid ambiguity. Durand Morisseau LLP and IJW & Co. Ltd. argued that “cryptoasset” could be defined (as per the EU banking authorities) as: “a digital representation of value that is not issued or guaranteed by a central bank or a public authority, it is not necessarily attached to a legal established currency, and does not possess a legal status of currency or money, but is accepted by natural or legal persons, as a means of exchange, and which can be transferred, store and traded electronically.” On the other hand, Dominion Bitcoin Mining Company recommended that crypto-currency be defined as non-fiat money in the Currency Act, empowering the Governor in Council to dictate a matrix for valuation.

Prior to releasing their new regulations, the Department of Finance explained to the Committee that they intended on bringing those regulations forward with the aim of re‑establishing a level playing field for dealers in virtual currencies. They noted that the technology has the potential to revolutionize the financial technology sector but comes with risks and challenges, such as the tension between the anonymity of the currencies and KYC requirements. In his testimony to the Committee, Jeremy Clark – who appeared as an individual – identified two “postures” in dealing with illicit cryptocurrency activity, prevention and detection. In his opinion, prevention will fail given that cryptocurrencies are an open, internet-based technology, and hence the focus of these efforts should be invested in the detection of suspicious activity. The Blockchain Association of Canada reasoned that the detection of criminal activities should be done in collaboration with cryptocurrency exchanges. Académie Bitcoin also concluded that peripheral actors, such as exchanges, could deploy the security protocols required by the current money laundering and terrorist financing regime. Moreover, Jeremy Clark suggested that exchanging fiat currency into cryptocurrency and vice versa – also known as on ramps and off ramps – is where financial reporting should be dealt with. This opinion is also shared by Durand Morisseau LLP and IJW & Co. Ltd. as they underscored that it would be most prudent for Canada to concentrate its regulatory efforts on cryptocurrency exchanges to provide the greatest public benefit, and that this approach is imperative as users of cryptocurrency exchanges are theoretically able to transact in near complete anonymity. They further explained that in the absence of some degree of regulatory oversight, cryptocurrency transactions may be used by parties to swiftly move large amounts of wealth across borders, and that regulating the following conversion mechanisms would address the AML concerns of the cryptocurrency space:

• 1) cryptocurrency exchanges, which are operations that allow their users to exchange cryptocurrency for fiat currency or for other types of cryptocurrency and vice versa;
• 2) cryptocurrency ATMs, which are machines that allow users to exchange cryptocurrency for fiat currency and vice versa; and
• 3) conversion of fiat or cryptocurrency into an ICO, which is the method by which a user would exchange fiat currency or another cryptocurrency to purchase ICO tokens or coins issued by a start-up business.

Durand Morisseau LLP and IJW & Co. Ltd. stated that these are the points in which the enforcement of AML and KYC requirements pertaining to cryptocurrencies should occur, and that sufficient KYC information would consist of collecting the identities of the parties opening accounts (known as “wallets”) at cryptocurrency exchanges, as well as their sources of funds (e.g., fiat currency that is exchanged into cryptocurrency) that are deposited into the wallets to be used in transactions.

The Government of British Columbia informed the Committee that many money services businesses are unregistered and are a fixture of the underground economy as the modern embodiment of underground banking, serving to transfer ownership of money around the world without the need for the actual transmission of fiat currency.

When questioned on cryptocurrencies, the ATM Industry Association indicated that their ATM infrastructure does not support cryptocurrencies.

During the Committee’s travels, a number of witnesses spoke about the opportunities that cryptocurrencies might provide for criminal activities. Some witnesses estimated that 80% of the value of cryptocurrencies could be linked to the proceeds of illegal activities, and that while the risk of cryptocurrencies being used to launder money is low, it is a very high risk for being used as a payment method for criminal activity.

Certain witnesses commented that certain blockchain based technologies – such as secure key – should be able to fulfil the KYC requirements of reporting entities, but this is not permissible under the current legislative framework. Many of these witnesses also commented that the lack of any cryptocurrency regulation in Canada presents challenges and risks for both consumers and cryptocurrency related businesses.

With respect to the anonymity of cryptocurrency, certain witnesses during the Committee’s travels presented opposing views on whether and/or how this aspect of cryptocurrency facilitates ML/TF. For example, Bitcoin transactions have been described as “pseudo-anonymous” because a record of all bitcoin transfers is recorded on the blockchain. However, the identities of participants in a transaction are encrypted through the use of their digital wallet and no personal information is recorded or transferred. The latter characteristic leads some witnesses to described Bitcoin as functionally anonymous. Furthermore, other cryptocurrencies – such as Monero – advertise themselves as being completely anonymous and untraceable. On the other hand, witnesses informed the Committee that the U.S. government in partnership with the private sector has previously identified the personal identities of Bitcoin users for criminal prosecution. Government regulation could address some of these issues, such as regulations requiring a registry of wallet addresses linked to personal identities and placing KYC requirements on cryptocurrency exchanges and all ICOs.

Some of these witnesses identified ICOs as the largest risk to consumers in the cryptocurrency space, as those that are not characterized as a security have little or no consumer protection. Others highlighted that law enforcement requires training and education in the area of cryptocurrency and its uses.

B.  Compliance and the Administrative Burden

(i) Background

Compliance with the PCMLTFA comes at a cost to reporting entities, which may differ considerably between the business under the regime. Various witnesses spoke about reducing the AML/ATF reporting standards on entities that are relatively low risk for money laundering and terrorist financing and/or the financial costs of compliance with current standards, while other witnesses took the position that such standards must be maintained across all reporting entities to have an effective regime.

(ii) Witness Testimony

The Canadian Life and Health Insurance Association argued that the benefit of having reporting requirements for reporting entities should be weighed against the related implementation and operational costs for the government and the industry. HSBC Bank Canada signalled the need for additional action to reduce compliance costs and move to a more “risk-based” reporting standard.

The Canadian Credit Union Association indicated that money laundering and terrorist financing obligations impose a burden on smaller financial institutions, and recommended the adoption of a risk-based model in order to decrease the administration burden without affecting the value or quality of the gathered information. The Investment Industry Association of Canada highlighted the need to improve the efficiency of reporting and to reduce the compliance burden on securities dealers and other reporting entities; in particular, it suggested the following:

• legislation should be flexible to accommodate new technologies, such as digital identification in the verification process, and it should be sufficiently flexible to enable timely adaptation of a range of innovative technology;
• section 62(2) of the PCMLTFA – which provides certain exemptions from the record-keeping and verification requirements for reporting entities – could be expanded to certain foreign-regulated entities that are subject to a comparable regulatory regime to Canada so as not to duplicate efforts.

FINTRAC told the Committee that reviewing the administrative burden facing businesses is a priority for the organization, and that it will work with businesses in its review, but that the information required in these reports is necessary for a functional AML/ATF regime. With respect to smaller reporting entities having a disproportionate compliance burden, they explained that these organizations only file a fraction of the reports that large financial institutions do, and that they are taking steps to ascertain what – if any – burdens disproportionately affect smaller reporting entities.

During the Committee’s travels, witnesses disagreed about the effect and/or extent of the administrative burden in the AML/ATF regime. On the one hand, many witnesses contended that the extent to which reporting entities undertake AML/ATF is far greater than the efforts of the government, which is overly costly for their operations. Others commented on a disproportionate burden that is placed on lower ML/TF risk sectors, and/or a lack of capacity in smaller reporting entities to run similar AML/ATF operations as larger financial institutions. In particular, some witnesses favoured moving the AML/ATF regime to a risk-based compliance model to address these concerns. Certain witnesses explained that the U.K. favours a risk-based compliance model where credit unions are subjected to lower AML/ATF requirements then larger banks, and that U.S. reporting entities are capable of filing simplified “skinny reports” in certain circumstances.

On the other hand, witnesses commented that compliance measures should generally be placed equally on all businesses to prevent weak links in the AML/ATF regime, and that while businesses always argue in favour of lowering their operational costs, the cost of compliance is simply the cost of doing business in a properly functioning sector. Witnesses further explained that many of the U.K.’s AML/ATF oversight bodies are funded through the fees collected from the entities that they regulate.

Some of these witnesses also argued that the size and complexity of the AML/ATF regulations make them unnecessarily cumbersome, and that regulatory simplification and additional direction from FINTRAC would help lower the costs of compliance for reporting entities. They pointed to the U.K., which regularly undertakes a national risk assessment of its AML regime, and works with the private sector to improve its operation.

C.  Suspicious Transaction Reporting

(i) Background

Reporting entities in Canada must report to FINTRAC via a “Suspicious Transaction Report” (STR) on completed or attempted transactions if there are reasonable grounds to suspect that the transaction was related to the commission or attempted commission of a money laundering offence or a terrorist activity financing offence.

STR’s are reported separately from large cash transaction reports, under which reporting entities must report to FINTRAC within 15 calendar days if they receive an amount of $10,000.00 or more for a single transaction or a number of transactions from the same individual or entity within 24 hours.

In the U.S., a financial institution is required to file a Suspicious Activity Report (SAR) – roughly equivalent to a STR – on suspicious transactions with respect to possible violations of any law or regulation. The U.K. also makes use of SARs, which are submitted based on a threshold of knowledge or suspicions of money laundering, or belief or suspicions relating to terrorist financing.

(ii) Witness Testimony

The Canadian Life and Health Insurance Association encouraged officials to consider introducing a minimum dollar threshold for suspicious transaction filing, as there is currently no such threshold. However, Christian Leuprecht proposed removing the reporting threshold in large cash transaction reports for international transactions entirely, as he believes the $10,000.00 threshold was arbitrary and had no academic basis. Mr. Leuprecht also contended that removing the threshold would greatly improve FINTRAC’s transactional awareness, and make reporting easier, more efficient, and less costly because financial institutions would no longer have to filter transactions by this threshold. The Canadian Real Estate Association recommended modernizing FINTRAC’s “F2R online suspicious transaction report portal,” as certain aspects of the report are not relevant to the realtor industry and cause confusion and unnecessary reporting errors.

HSBC Bank Canada, the Canadian Credit Union Association and the Investment Association of Canada recommended action to reduce compliance costs through innovation and reporting reforms to streamline the reporting process, and the Blockchain Association of Canada suggested that government work with industry – particularly the exchanges – to build the systems for collecting actionable data.

During the Committee’s travels, witnesses debated the merits of the volume of reporting required under the U.S., U.K. and Canadian regimes, as well as the quality of the information being collected. Certain witnesses highlighted the high volumes of information that are provided to the respective financial intelligence units. They also questioned the value of this data or the extent to which it leads to immediate criminal investigations or prosecutions. Conversely, other witnesses argued that all such data is necessary to the development of a financial intelligence unit’s computer modelling and data analytics that underpin their operations. They contend that a ratio of reports submitted to investigations undertaken is not an appropriate measure of success, and that it would be more appropriate to measure success by the extent to which those reports are used to develop informative trends and typologies.

Some witnesses believed that it is problematic that the reporting activity of reporting entities is largely driven by the fear of being fined or otherwise reprimanded by their respective regulators, while others believed that such a situation is an example of a properly functioning regulatory regime.

Certain witnesses commented that the format of the STR could be updated in a number of ways; these included: simplification for ease of use and understanding, clearer directions on how to complete these forms, the use of “drop-down boxes” for greater clarity, and the possibility of adapting the forms to the needs of specific reporting entities as opposed to a “one-size fits all” report.

D.  Sanctions Lists

(i) Background

The FATF recommends countries implement a targeted financial sanctions regime to comply with the United Nations Security Council Resolutions relating to the prevention and suppression of terrorism and terrorist financing, and believes that efforts to combat terrorist financing are greatly undermined when countries do not quickly and effectively freeze the funds or other assets of designated persons and entities.

Canadian sanctions laws implement United Nations Security Council sanctions regimes under the United Nations Act, as well as Canadian autonomous sanctions regimes under the Special Economic Measures Act. In addition, the Justice for Victims of Corrupt Foreign Officials Act enables Canada to impose sanctions against foreign nationals in a foreign state for human rights abuses or against foreign public officials and their associates who are responsible or complicit in acts of significant corruption. A Consolidated Canadian Autonomous Sanctions List is made available by Global Affairs Canada.

(ii) Witness Testimony

During the Committee’s travels, certain witnesses brought to the Committee’s attention that lawyers and real estate agents do not check their clients against sanctions list, and that no list of ML/TF bad actors is readily accessible in Canada apart from that provided by Global Affairs Canada, which is of limited use to the AML regime. In contrast, witnesses said that the U.K.’s Office of Financial Sanctions Implementation keeps a consolidated sanctions list that reporting entities must use to screen their clients.

Chapter 4 Recommendations

Recommendation 25

That the Government of Canada regulate crypto-exchanges at the point that fiat currency is converted so as to establish these exchanges as money service businesses (MSB).

Recommendation 26

That the Government of Canada establish a regulatory regime for crypto-wallets so as to ensure that proper identification is required, and that true ownership of wallets is known to the exchanges and law enforcement bodies if needed.

• Ensure that bitcoin purchases of real estate and cash cards are properly tracked and subjected to AML regulation;
• Law enforcement bodies must be able to properly identify and track illegal crypto-wallet hacking and failures to report capital gains.

Recommendation 27

That the Government of Canada establish a license for crypto-exchanges in line with Canadian law, which includes an anti-money laundering program and look to the State of New York’s program as a model for best practices.

Recommendation 28

That the Government of Canada consider prohibiting nominee shareholders. However, if nominee shareholders are permitted, they should be required to disclose their status upon the registration of the company and registered as nominees. Nominees should be licensed and subject to strict anti-money laundering obligations.

Recommendation 29

That the Government of Canada include clearer directions and streamline the reporting structure of Suspicious Transaction Reports, such as through the use of ‘drop-down boxes,’ to increase ease of use by specific reporting entities and ensure better compliance.

Recommendation 30

That the Government of Canada change the structure of FINTRAC’s Suspicious Transaction Report to resemble the Suspicious Activity Reports used in the United Kingdom and the United States in order to focus on suspected violations rather than an arbitrary monetary threshold.

Recommendation 31

That the Government of Canada enhance the direct reporting system of casinos to FINTRAC through the suspicious transaction reports to include suspicious activities.

Recommendation 32

That the Government of Canada update reporting regulations for financial institutions to include bulk online purchasing of store gift cards or prepaid credit cards.

[24]            Initial Coin Offerings may also be referred to as Initial Token Offerings (ITOs).