Guideline 6A: Record Keeping and Client Identification for Life Insurance Companies, Brokers and Agents

June 2015

This replaces the previous version of Guideline 6A: Record Keeping and Client Identification for Life Insurance Companies, Brokers and Agents issued in February 2014. This version includes guidance on obligations, which come into effect June 19, 2015.

The changes made are indicated by a side bar to the right of the modified text in the PDF version.

Table of Contents

  1. General
  2. Record Keeping and Client Identification Obligations
  3. Records To Be Kept
  4. Client Identity
  5. Ongoing Monitoring of Business Relationship and Related Records
  6. Records about Beneficial Ownership and Control
  7. Third Party Determination and Related Records
  8. Politically Exposed Foreign Person Determination and Related Records
  9. Foreign Subsidiaries or Branches
  10. How Should Records Be Kept?
  11. Penalties for Non-Compliance
  12. Comments?
  13. How to Contact FINTRAC

Guideline 6A: Record Keeping and Client Identification for Life Insurance Companies, Brokers and Agents (PDF version, 260 KB)

1. General

The objective of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act is to help detect and deter money laundering and the financing of terrorist activities. It is also to facilitate investigations and prosecutions of money laundering and terrorist activity financing offences. This includes reporting, record keeping, client identification and compliance regime requirements for life insurance companies, life insurance brokers and independent life insurance agents.

A life insurance company means one regulated by provincial legislation, or a life company or foreign life company to which the Insurance Companies Act applies. A life insurance broker or agent means an individual or entity that is registered or licensed provincially to carry on the business of arranging contracts of life insurance.

If you are a life insurance company, a broker or an independent agent, this guideline has been prepared to help you meet your record keeping and client identification obligations, including those applicable for certain foreign subsidiaries or branches. If you deal in reinsurance, certain of the requirements explained in this guideline do not apply to those dealings. These are noted at the beginning of each section as applicable.

This guideline uses plain language to explain the most common situations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act as well as the related Regulations. It is provided as general information only. It is not legal advice, and is not intended to replace the Act and Regulations.

Record keeping and client identification obligations for other types of reporting persons or entities are explained by sector in other versions of this guideline (financial entities; securities dealers; money services businesses; agents of the Crown that sell or redeem money orders; accountants; real estate; dealers in precious metals and stones; British Columbia notaries; and casinos).

For more information about money laundering and terrorist financing, or other requirements under the Act and Regulations applicable to you, see the guidelines in this series:

If you need more help after you read this or other guidelines, call FINTRAC's national toll-free enquiries line at 1-866-346-8722.

Throughout this guideline, several references are provided to additional information that may be available on external websites. FINTRAC is not responsible for the accuracy, reliability or currency of the information contained on those external websites. The links provided are based on information available at the time of publishing of this guideline.

Throughout this guideline, any references to dollar amounts (such as $10,000) refer to the amount in Canadian dollars or its equivalent in foreign currency. Furthermore, all references to cash mean money in circulation in any country (bank notes or coins). In this context, cash does not include cheques, money orders or other similar negotiable instruments. Also, any references to the term "securities dealer" means an individual or entity authorized under provincial legislation to engage in the business of dealing in securities or any other financial instruments, or to provide portfolio management or investment advising services.

Your policies and procedures may cover situations other than the ones described in this guideline, for purposes other than your requirements under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. For example, the federal or provincial regulator for your sector may require you to apply additional policies and procedures, the retention period for your records may vary for purposes other than what is described in this guideline, or you may have to request an individual's social insurance number for income tax purposes.

2. Record Keeping and Client Identification Obligations

As a life insurance company, broker or independent agent, you have to do the following:

If you deal in reinsurance, certain of the record keeping and client identification requirements explained in this guideline do not apply to you regarding those dealings. These are explained throughout each section.

There are other exceptions and these are also explained throughout each section.

The use of personal information in Canadian commercial activities is protected by the Personal Information Protection and Electronic Documents Act (PIPEDA), or by substantially similar provincial legislation. You have to inform individuals concerning the collection of personal information about them. However, you do not have to inform individuals when you include personal information about them in any of the reports that you are required to make to FINTRAC. You can get more information about your responsibilities in this area from the following:

3. Records To Be Kept

As a life insurance company, broker or independent agent, in addition to the records described in sections 5 to 9, you have to keep the following records: 

Details about each of these types of records are provided in subsections 3.2 through 3.4. Also, section 10 explains how your records should be kept.

See section 4 for information about identification requirements that may be associated to the events triggering record keeping requirements.

If you deal in reinsurance, the requirements for large cash transaction records and client information records do not apply to you regarding those dealings.

3.1 General exceptions to record keeping

If you keep information in a record that is already readily available in any other record that you have kept under these rules (as described throughout this guideline), you do not have to keep that information again.

You do not have to keep any of the records described in subsections 3.2 and 3.3 or in section 8 for any of the following:

Transactions for a public body or very large corporation

If you conduct a transaction for a public body or a very large corporation, the record keeping requirements described in subsection 3.2 or 3.3 do not apply. The same is true regarding a subsidiary of either of those entities, if the financial statements of the subsidiary are consolidated with those of the public body or very large corporation.

In this context, a public body means any of the following or their agent:

Also in this context, a very large corporation is one that has minimum net assets of $75 million on its last audited balance sheet. The corporation's shares have to be traded on a Canadian stock exchange or on a stock exchange outside Canada that is designated by the Minister of Finance. The corporation also has to operate in a country that is a member of the Financial Action Task Force (FATF). For more information about stock exchanges outside Canada that are designated by the Minister of Finance, refer to the July 2, 2008 news release available in the News area of the Department of Finance's website (http://www.fin.gc.ca).

To find out which countries are members of the FATF, refer to its website (http://www.fatf-gafi.org).

3.2 Large cash transaction records

This is a record for every amount of cash of $10,000 or more that you receive from a client in a single transaction. For example, if your client makes a cash deposit of $10,000 for a life insurance policy, you have to keep a large cash transaction record. In addition to this record, a large cash transaction will also require a report to FINTRAC, as explained in Guideline 7: Submitting Large Cash Transaction Reports to FINTRAC.

If you know that two or more cash transactions of less than $10,000 each were made within a 24-hour period (that is, 24 consecutive hours), by or on behalf of the same client, these are considered to be a single large cash transaction if they add up to $10,000 or more. In this case, you would have to keep a large cash transaction record, and report the transaction to FINTRAC as explained above.

Do not keep a large cash transaction record or make a large cash transaction report to FINTRAC if the cash is received from a financial entity or a public body. In this context, a financial entity means any of the following:

For information about what is considered a public body in this context, see subsection 3.1.

Contents of a large cash transaction record

For any large cash transaction, the information you have to keep in a large cash transaction record includes the following: 

Be as descriptive as possible regarding the business or occupation. Record information that clearly describes it, rather than use a general term. For example, in the case of a consultant, the occupation recorded should reflect the area of consulting, such as "information technology consultant" or "consulting forester." As another example, in the case of a professional, the occupation should reflect the nature of the work, such as "petroleum engineer" or "family physician."

If you have to ascertain the identity of the individual conducting the large cash transaction, see subsection 3.5 for additional information that is required on the large cash transaction record.

3.3 Client information records

If your client is expected to pay you $10,000 or more for an annuity or a life insurance policy, over the duration of the annuity or policy, you have to keep a client information record. This has to be kept no matter how the client paid for the annuity or policy, whether or not it was in cash.

A client information record sets out your client's name, address and the nature of the client's principal business or occupation. In the case of a group life insurance policy or a group annuity, the client information record is about the applicant for the policy or annuity.

For more information about recording business or occupation, see subsection 3.2, under the heading "Contents of a large cash transaction record."

A client information record about an individual also has to include the individual's date of birth, whether or not you had to ascertain the identity of that individual. Furthermore, for a client information record about an individual, if you have to ascertain the identity of that individual, see subsection 3.5 for additional information that is required on the client information record.

Client information record about a corporation

For a client information record about a corporation, you also have to keep the following additional record. If, in the normal course of business, you get a copy of the part of the official corporate records showing the provisions that relate to the power to bind the corporation regarding the purchase, you have to keep a copy of it. This could be a certificate of incumbency, the articles of incorporation or the bylaws of the corporation that set out the officers duly authorized to sign on behalf of the corporation, such as the president, treasurer, vice-president, comptroller, etc. If there were changes subsequent to the articles or bylaws that relate to the power to bind the corporation regarding the purchase and these changes were applicable at the time that the record had to be kept, then the board resolution stating the change would be included in this type of record.

3.4 Suspicious transaction report records

When you have to report a suspicious transaction to FINTRAC, you have to keep a copy of the report. See Guideline 3: Submitting Suspicious Transaction Reports to FINTRAC for more information about obligations related to this report.

3.5 Identification information on all records

If you have to ascertain the identity of an individual, as explained in section 4, in association with any of the records mentioned in section 3, you have to keep the individual's name with that record. You also have to keep the following with that record:

Identification documents

If you have to ascertain the identity of the individual using an identification document, the record has to include the type of document you used to confirm the individual's identity, its reference number and its place of issue.

Identification of clients not physically present

If you do not use an identification document but use methods for a client who is not physically present (as described in subsection 4.7), you have to include whichever of the following, according to the methods used:

4. Client Identity

4.1 When and how do you have to ascertain client identity?

As a life insurance company, a broker or an independent agent, you have client identification obligations. You have to take the following measures to ascertain the identity of individuals or to confirm the existence entities (entities meaning: corporations, trusts, partnerships, funds, and unincorporated associations or organizations), subject to the general exceptions outlined in subsection 4.2.

Subsections 4.3 to 4.5 explain the need to ascertain the identity of an individual when they conduct a large cash transaction or any other transaction for which a record is required. In these events, you must ascertain the identity of an individual, unless an exception applies as explained in subsection 4.2.

Refer to section 3 for information about record keeping requirements that may be associated to the events triggering identification requirements.

Once you have conducted two transactions with a client that require you to ascertain the identity of the client, you have entered into a business relationship with that client.  See section 5 for more information on business relationships and related records.

If you deal in reinsurance, the client identification requirements for large cash transactions (subsection 4.3) and client information records (subsections 4.5 and 4.8) do not apply to you regarding those dealings.

4.2 General exceptions to client identification

In addition to the exceptions explained throughout the rest of section 4, the following general exceptions apply to client identification requirements:

Existing clients

Once you have ascertained the identity of an individual as explained in this guideline, you do not have to ascertain their identity again if you recognize the individual (visually or by voice) at the time of a future event that would otherwise trigger the identification requirement. However, if you have any doubts about the identification information previously collected, you will have to ascertain that individual's identity again.

Once you have confirmed the existence of a corporation and confirmed its name, address and the names of its directors (as explained in subsection 4.8), you are not required to confirm that same information in the future.

Once you have confirmed the existence of an entity other than a corporation (as explained in subsection 4.8), you are not required to confirm that same information in the future.

Certain types of transactions

You do not have to ascertain the identity of clients as described in subsections 4.3, 4.5, 4.6 or 4.8, nor do the requirements described in section 5, 6 or 8 apply, in the following situations:

Transactions for a public body or very large corporation

If you conduct a transaction for a public body or a very large corporation, the requirements described in subsections 4.3, 4.5 and 4.7 or section 6, do not apply. The same is true regarding a subsidiary of either of those entities, if the financial statements of the subsidiary are consolidated with those of the public body or very large corporation.

For information about what is considered a public body or a very large corporation in this context, see subsection 3.1 under the heading "Transactions for a public body or very large corporation."

4.3 Client identity for large cash transactions

You have to ascertain the identity of any individual with whom you conduct a large cash transaction, at the time of the transaction, if you have to keep a large cash transaction record for it, as described in subsection 3.2.

See subsection 4.7 to find out how to ascertain the identity of an individual for a large cash transaction.

4.4 Client identity for suspicious transactions

When you have to send a suspicious transaction report to FINTRAC, you have to take reasonable measures, before the transaction is reported, to ascertain the identity of the individual who conducted or attempted to conduct the transaction. This does not apply in the following circumstances:

In this context, reasonable measures to ascertain the identity of an individual include using Option 1 or Option 2 as explained in subsection 4.7 under the heading "Individual not physically present." They also include asking the individual for an identification document. However, reasonable measures exclude any method that you believe would inform the individual that you are submitting a suspicious transaction report.

It is important to remember that all suspicious transactions and attempted transactions, including transactions that are normally exempt from client identification requirements, require you to take reasonable measures to ascertain your client's identity. See Guideline 2: Suspicious Transactions for more information.

4.5 Client identity for client information records: individuals

You have to ascertain the identity of any individual who purchases an annuity or a life insurance policy for whom you have to keep a client information record (as explained in subsection 3.3), within 30 days of creating this record. This is true whether the transaction is conducted on the individual's own behalf, or on behalf of a third party. However, if you have reasonable grounds to believe that another life insurance company, broker or agent has ascertained the individual's identity as explained in subsection 4.7 for the same transaction, you do not have to ascertain their identity again.

See subsection 4.7 to find out how to ascertain the identity of an individual for the purposes of a client information record. 

4.6 Client identity for group plan account individual members

In the case of a group plan account, you do not have to ascertain the identity of any individual member of the plan if the plan's sponsor is an entity and you have already confirmed its existence. However, unless the plan is exempt from identification requirements as explained in subsection 4.2, you have to ascertain the identity of any individual members for whom a contribution is made that is other than a contribution made by payroll deductions or by the plan's sponsor. In this case, you have to ascertain the identity of individual members when they make contributions to the plan.

4.7 How to ascertain the identity of an individual

See subsection 3.5 for additional information that is required on certain records when you have to ascertain the identity of individuals.

To ascertain the identity of an individual, refer to the individual's birth certificate, driver's licence, passport, record of landing, permanent resident card, or other similar document.

You can refer to an individual's provincial health card, but only if it is not prohibited by provincial or territorial legislation. For example, you cannot refer to an individual's provincial health card from Ontario, Manitoba, Nova Scotia or Prince Edward Island since health cards cannot be used for this purpose in these provinces. As another example, in Quebec, you cannot request to see a client's health card, but you may accept it if the client wants to use it for identification purposes. If you have questions about the use of health cards for identification, please contact the appropriate provincial issuer for more information.

For a document to be acceptable for identification purposes, it must have a unique identifier number. Also, the document must have been issued by a provincial, territorial or federal government. For example, a birth or baptismal certificate issued by a church would not be acceptable for this purpose. Also, an identification card issued by an employer for an employee (that is, an employee identification card) is not acceptable.

The document also has to be a valid one and cannot have expired. For example, an expired driver's licence would not be acceptable.

A social insurance number (SIN) card can be used to ascertain the identity of a client, but the SIN (that is, the number itself) is not to be provided to FINTRAC on any type of report. The Office of the Privacy Commissioner (http://www.priv.gc.ca) has produced a fact sheet concerning best practices for the use of SINs. Please consult it for more information on this topic.

Examples of other documents that can be used to ascertain the identity of a client include a certificate of Indian status or a provincial or territorial identification card issued by any of the following (or their successors):

Valid foreign identification, if equivalent to an acceptable type of Canadian identification document, would also be acceptable for the purposes explained in this guideline. For example, a valid foreign passport is acceptable.

When you refer to a document to ascertain the identity of an individual, it has to be an original, not a copy of the document. In cases where it is not possible for you to view the original yourself, you may choose to use an agent or mandatary to verify the original identification document on your behalf. Even if you use an agent or mandatary, you are responsible for making sure the identification requirements are met.

Use of an agent or mandatary

If you use an agent or mandatary for client identification, you have to enter into a written agreement or arrangement with the agent or mandatary outlining what you expect them to do for you. In addition, you have to obtain from the agent or mandatary the customer information that was obtained according to the agreement or arrangement.

Your agent or mandatary can ascertain the identity of your client for you using an identification document. In cases where your client is not physically present at the conducting of a transaction, your agent or mandatary can also use the options explained below.

Individual not physically present

If you have to ascertain the identity of an individual who is not physically present you will have to use one or the other of the following options to confirm the identity of that individual.

OPTION 1: Affiliate or co-member

To ascertain the identity of an individual using this option, you have to first obtain the individual's name, address and date of birth. Then, you have to confirm that one of the following has ascertained the identity of the individual by referring to an original identification document:

To use this option, you have to verify that the individual's name, address and date of birth provided to you correspond with the information kept in the records of that other entity.

In this context, an entity is affiliated with you if you fully own it or it fully owns you, or you are both fully owned by the same entity.

OPTION 2: Combination of methods

To identify an individual using this option, you have to use a combination of two of the following methods. In each of the two methods you use, the individual's information has to be consistent with what you have in your records. The information also has to be consistent from one method to the other. For example, if each of the methods you use has the name, address and date of birth information about the individual, all of it has to agree with what you have in your records.

The methods below may not apply for all clients. For example, the methods would not be available to identify a client outside Canada who is purchasing a life insurance policy with you, but has no Canadian credit history, no access to a Canadian guarantor and no deposit account with a financial entity. In this case, identification of the client using an identification document may necessitate the use of an agent or mandatary, as explained above.

Identification product or credit file method

You can use either of the following methods but you cannot combine them:

  • Refer to an independent and reliable identification product. It must be based on personal information as well as Canadian credit history about the individual of at least six months duration. This type of product can use a series of specific questions, based on an individual's credit file, to help you ascertain client identity.
  • With the individual's permission, refer to a credit file. The credit file must have been in existence for at least six months.

Products for either of these methods are available commercially, such as those used for credit ratings.

Attestation method

Obtain an attestation that an original identification document for the individual has been seen by a commissioner of oaths or a guarantor. This attestation must be on a legible photocopy of the document and include the following information:

  • the name, profession and address of the commissioner of oaths or the guarantor;
  • the signature of the commissioner of oaths or the guarantor; and
  • the type and number of the identifying document provided by the individual whose identity you must ascertain.

In this context, a guarantor has to be an individual engaged in one of the following professions in Canada:

  • a dentist, a medical doctor or a chiropractor;
  • a judge, a magistrate or a lawyer;
  • a notary (in Quebec) or a notary public;
  • an optometrist or a pharmacist;
  • an accredited public accountant (APA), a chartered accountant (CA), a certified general accountant (CGA), a certified management accountant (CMA), a public accountant (PA) or a registered public accountant (RPA);
  • a professional engineer (P. Eng., in a province other than Quebec) or engineer (Eng. in Quebec); or
  • a veterinarian.
Cleared cheque or deposit account method

You can use either of the following methods, but you cannot combine them.

  • Confirm that a cheque drawn on a deposit account that the individual has with a financial entity has cleared. This means a cheque that was written by the individual, cashed by the payee and cleared through the individual's account. It does not include pre-authorized payments as these are not cheques written by the individual.
  • Confirm that the individual has a deposit account with a financial entity. You could do this by viewing an original bank statement.

For either method, the account has to be with a financial entity, as described in subsection 3.2.

The account cannot be one that is exempt from identification requirements for the financial entity, such as a registered retirement savings plan or a reverse mortgage. For more information about accounts that cannot be used for the cleared cheque or deposit account methods, see Guideline 6G: Record Keeping and Client Identification for Financial Entities.

4.8 Client identity for client information records: corporations and other entities

You have to confirm the existence of any corporation or other entity that purchases an annuity or a life insurance policy and for which you have to keep a client information record, within 30 days of creating this record. In the case of a corporation, in addition to confirming its existence, you also have to determine the corporation's name, address and the names of its directors within 30 days of creating the client information record.

When you have to confirm the existence of an entity, you also have to obtain and take reasonable measures to confirm the entity's beneficial ownership information, as explained in section 6.

Corporations

To confirm the existence of a corporation as well as the corporation's name and address, refer to the following documents:

You also have to determine the names of the corporation's directors. To do this, you may need to see the list submitted at the time of their application for incorporation. In the case of a corporation that is a securities dealer, you do not need to determine the name of the corporation's directors.

The record you use to confirm a corporation's existence can be paper or an electronic version. Although such information may be available verbally (such as by telephone), it is not acceptable for these purposes, as you have to refer to a record. If the record is in paper format, you have to keep the record or a copy of it.

If the record is an electronic version, you have to keep a record of the corporation's registration number, the type and source of the record. An electronic version of a record has to be from a public source. For example, you can get information about a corporation's name and address and the names of its directors from a provincial or federal database such as the Corporations Canada database which is accessible from Industry Canada's website (http://www.ic.gc.ca). As another example, you may also get this type of information if you subscribe to a corporation searching and registration service.

Entities other than corporations

To confirm the existence of an entity other than a corporation, refer to a partnership agreement, articles of association or any other similar record that confirms the entity's existence. The record you use to confirm the existence of an entity can be paper or an electronic version. Although such information may be available verbally (such as by telephone), it is not acceptable for these purposes, as you have to refer to a record. If the record is in paper format, you have to keep the record or a copy of it.

If the record is an electronic version, you have to keep a record of the entity's registration number, the type and source of the record. An electronic version of a record has to be from a public source.

4.9 Keeping client identification information up to date

Your compliance regime has to include an assessment, in the course of your activities, of the risk of money laundering or terrorist financing. Guideline 4: Implementation of a Compliance Regime provides more information about risk assessment requirements.  According to this assessment, you have to keep client identification information up to date as part of your ongoing monitoring obligations.

Measures to keep client identification up to date include asking the client to provide information to confirm or update his or her identification information. In the case of an individual client, this can also include confirming or updating the information by using the same options that are available to ascertain the identity of individuals who are not physically present.

In the case of clients that are entities, measures to keep client identification information up to date include consulting a paper or electronic record as explained in subsection 4.8, or obtaining information verbally to keep client identification information up to date.

The frequency with which client identification information is to be kept up to date will vary depending on your risk assessment of your client. As part of your ongoing monitoring obligations, you have to keep all client identification information up to date. For high-risk clients, you must update client identification information more frequently and perform more frequent monitoring, as well as adopt any other appropriate enhanced monitoring measures (see examples in section 5).

If you have used one of the exceptions found in 4.2 (General exceptions to client identification) where you were not required to ascertain the identity of a client and therefore, do not have any client information in your records, there will be no client information to update as part of your ongoing monitoring obligations as described in section 5 (Ongoing Monitoring of Business Relationship and Related Records), but your other ongoing monitoring obligations still apply.

5. Ongoing Monitoring of Business Relationship and Related Records

Business relationship

A business relationship is a relationship that you establish with a client to conduct financial transactions or provide services related to those transactions.

You enter into a business relationship when you conduct two or more transactions in which you have to:

If you use the exception to ascertaining the identity of a client where you recognize the individual (as described in 4.2 General exceptions to client identification) in the case of a second transaction that requires you ascertain the identity of a client, you have entered into a business relationship with that client nonetheless.  This is because it is the requirement to ascertain identity that triggers the business relationship.

You should determine that a business relationship has been established as soon as reasonably practicable following the second transaction requiring that the client's identity be ascertained.  As a best practice, this should be done within 30 calendar days.

For life insurance companies, brokers and agents, the business relationship only includes transactions and related activities for which you have to ascertain the identity of your client. See section 4 for more information on these transactions and activities.

A business relationship is established when two transactions that require you to ascertain the identity of your client occur within a maximum of five years from one another. If a period of five years passes from the last transaction that required you to ascertain the identity of your client, the business relationship with that client ceases.

Once the business relationship is established, you must also:

Ongoing monitoring

Ongoing monitoring means that you have to monitor your business relationship with a client on a periodic basis. Use your risk assessment of the client with whom you have a business relationship to determine how frequently you will monitor that business relationship. The risk assessment requires you to consider each one of your clients when assessing their risk for money-laundering and terrorist activities financing.  However, an individual written assessment is not required for each client, so long as you can demonstrate that you put your client in the correct risk category, according to your policies and procedures, and risk assessment.  You have to perform ongoing monitoring of each business relationship to:

The above-listed requirements do not need to follow the same timeframe, so long as you monitor your high-risk clients more frequently and with more scrutiny than you do your low-risk clients.

In order to keep client and beneficial ownership information up to date, you may update the information you have on record every time the client conducts a transaction that requires you to ascertain their identity.

As an example, you may choose to reassess the level of risk associated with a client's transactions and activities, and to determine whether the transactions or activities are consistent with the information you have on your client, for your low-risk clientele, every two years, while performing the same monitoring of your high-risk clients on a more frequent basis.  However, depending on the circumstances of your operations, a different ongoing monitoring period for low-risk clients may be appropriate.

In the context of monitoring on a periodic basis, your monitoring will vary depending on your risk assessment of your client.  As part of your ongoing monitoring obligations, you must monitor all of your business relationships, and you must monitor business relationships you consider high-risk more frequently, as well as update client identification information and adopt any other appropriate enhanced measures.

Here is a non-exhaustive list of enhanced measures you could take to mitigate the risk in cases of high-risk business relationships:

If as a result of your ongoing monitoring you consider that the risk of a money laundering or a terrorist financing offence in a business relationship is high, your risk assessment in your compliance regime must treat that client as a high risk. In this case, you must conduct more frequent monitoring of your business relationship with that client, update that client's identification information more frequently, and adopt any other appropriate enhanced measures (see examples above).

5.1 Business relationship record

When you enter into a business relationship with a client, you have to keep a record of the purpose and intended nature of the business relationship. You also have to review this information on a periodic basis and keep it up to date. This is done to ensure that you continue to understand your client's activities over time so that any changes can be used to assess or detect high-risk transactions and activities. This may lead you to increase the frequency of ongoing monitoring, update their client identification information more frequently, and adopt any other appropriate enhanced measures (see examples in section 5).

The purpose and intended nature of the business relationship is information that should allow you to anticipate the transactions and activities of your client.

For clients with whom you have a business relationship on the basis that they have completed two transactions that required you to ascertain their identity, or in the case of entities, to confirm their existence; you must document the purpose and intended nature of the business relationship that best describes your dealings with that client.

Here is a short, non-exhaustive list of examples of purpose and intended nature of a business relationship in your sector:

Guideline 4: Implementation of a Compliance Regime provides more information about risk assessment requirements.

6. Records About Beneficial Ownership and Control

When you have to confirm the existence of  an entity, at the same time, you have to obtain, take reasonable measures to confirm, and keep records of the information about the entity's beneficial ownership. Beneficial ownership refers to the identity of the individuals who ultimately control the corporation or entity, and cannot be another corporation or another entity.  You must search through as many levels of information as necessary in order to determine beneficial ownership. However, there may be cases where there is no individual who owns or controls 25% or more of an entity. You must still keep a record of the measures you took and the information you obtained in order to reach that conclusion.

In this context, reasonable measures to confirm the accuracy of beneficial ownership information would include asking the client to provide documentation. You can rely on the information provided by clients, but you should use discernment when determining if the documentation is appropriate. Documents and references that you obtain to confirm the information (such as the website where you found the information) have to be kept in your records.

Here is a short, non-exhaustive list of documents that could be provided by clients to confirm beneficial ownership information:

In the case of corporations:

In the case of entities other than corporations:

You have to obtain, take reasonable measures to confirm and keep a record of the following beneficial ownership information:

The following is an example of ownership, control and structure of a corporation:

ABC Canada Inc. is a for-profit corporation with 100 privately traded shares in circulation. It is incorporated pursuant to the Canada Business Corporations Act.  John Brown owns 15 of the shares and Green Company Ltd. owns the remaining 85 shares.  James Smith is President of ABC's board of directors; his wife, Jane Smith, is ABC's Chief Financial Officer; and their three children make up the other members of the board.

In this example:

The trust deed will provide you the information on the control and structure of the trust. If you are unable to obtain the names and addresses of the trustees, beneficiaries or settlors of the trust, you must find the name of the senior managing officer of the trust, that is, the person in the trust company who is in fact responsible for the management of that trust, such as an account manager.

The following is an example of ownership, control and structure of an entity that is neither a corporation nor a trust:

Rainbow Money Services is a money services business (MSB) in Vancouver owned by Howard and Betty. Howard and Betty paid a lawyer to draft a partnership agreement for the business, which they both signed. According to the agreement, Howard will invest $100,000 in the partnership to buy equipment and rent space for the MSB, and Betty will be solely responsible for operating the MSB and performing its business. All decisions related to the partnership must be unanimous; in case of a disagreement, either partner can decide to end the partnership.  Howard and Betty will split the income from the MSB 50/50, and if they decide to end the partnership, Howard will get 85% of the proceeds of the sale of the business assets, while Betty will get 15%.

In this example:

If this information cannot be obtained or its accuracy cannot be confirmed, you have to:

You do not need to ascertain the identity of the most senior managing officer when there is no individual who owns or controls 25% or more of an entity.

In the context of this section, the senior managing officer of a corporation or an entity may include but is not limited to its director, chief executive officer, chief operating officer, president, secretary, treasurer, controller, chief financial officer, chief accountant, chief auditor or chief actuary, as well as any individual who performs any of those functions. It also includes any other officer who reports directly to the entity's board of directors, chief executive officer or chief operating officer. In the case of a sole proprietor or a partnership, the senior managing officer can be the owner or the partner.

In the context of this section, the senior managing officer of a trust is the trustee, that is, the person who is authorized to administer or execute on that trust.

To ascertain the identity of the most senior managing officer, use one of the methods described in section 4.12 or obtain it through public sources. You also have to keep a record of this information.

If you deal in reinsurance, the beneficial ownership requirements do not apply to you regarding those dealings.

Not-for-profit organization

If you have to confirm the existence of an entity that is a not-for-profit organization, you also have to do the following:

Keeping beneficial ownership information up to date

According to your compliance regime's assessment of risk, in all situations, you have to keep beneficial ownership information up to date. Measures to keep beneficial ownership information up to date include those explained at the beginning of section 6.

The frequency with which beneficial ownership information is to be kept up to date will vary depending on your risk assessment of your client. As part of your ongoing monitoring obligations, you have to keep all beneficial ownership information up to date. For high-risk clients, you must update beneficial ownership information more frequently and perform more frequent monitoring, as well as adopt any other appropriate enhanced monitoring measures (see examples in section 5).

7. Third Party Determination and Related Records

7.1 Third party determination

You have to make a third party determination when you have to keep any of the following records:

In this context, a third party is an individual or entity other than the individual who conducts the transaction. When you are determining whether a "third party" is involved, it is not about who "owns" the money, but rather about who gives instructions to deal with the money. To determine who the third party is, the point to remember is whether the individual in front of you is acting on someone else's instructions. If so, that someone else is the third party.

In making a third party determination when employees are acting on behalf of their employers, they are considered to be acting on behalf of a third party. The only exception to this is applicable to deposit taking institutions when they have to make a third party determination: an employee depositing cash to his or her employer's account is not considered to be acting on behalf of a third party. This is only true if the account in which the employee deposits cash is a business account.

If you deal in reinsurance, the third party determination requirements do not apply to you regarding those dealings.

Reasonable measures

What constitutes reasonable measures will vary in accordance with the context in which they occur, and therefore could differ from one situation to the next. However, reasonable measures would include retrieving the information already contained in your files or elsewhere within your business environment, or obtaining the information directly from the client.

7.2 Third party records

If you determine that there is in fact a third party, as explained above, you have to keep a record of the following information:

For more information about recording business or occupation, see subsection 3.2, under the heading "Contents of a large cash transaction record."

If you are not able to determine that there is in fact a third party, but you have reasonable grounds to suspect that there are instructions of a third party involved, you have to keep a record to indicate the following:

This record must also indicate details of why you suspect the individual is acting on a third party's instructions.

8. Politically Exposed Foreign Person Determination and Related Records

If you deal in reinsurance, the requirements regarding politically exposed foreign persons do not apply to those dealings.

A politically exposed foreign person is an individual who holds or has ever held one of the following offices or positions in or on behalf of a foreign country:

A politically exposed foreign person also includes the following family members of the individual described above:

Exceptions

The requirements described in this section do not apply in the exceptions described under the heading "Certain types of transactions" in subsection 4.2.

8.1 Politically exposed foreign person determination

If you receive a lump-sum payment of $100,000 from an individual for an annuity or a life insurance policy, you have to take reasonable measures to determine whether you are dealing with a politically exposed foreign person. This has to be done within 14 days after the transaction occurred.

In this context, reasonable measures to determine whether or not you are dealing with a politically exposed foreign person include the following:

Once you have determined that an individual is a politically exposed foreign person, you will not have to do it again. However, if you initially determined that an individual was not a politically exposed foreign person, you must still take reasonable measures to determine whether you are dealing with a politically exposed foreign person for every prescribed electronic funds transfer, since the client's status may have changed.

If the individual from whom you received the lump-sum payment described above is a politically exposed foreign person, you also have to do the following:

You have to make the determination and get senior management to review the transaction within a single period of 14 days. For example, if it takes you 5 days after the transaction to make the determination that you are in fact dealing with a politically exposed foreign person, you have 9 days left to get senior management to review the transaction.

In establishing the source of funds, reasonable measures also include asking the client or consulting available information about the transaction. Also in the context of this section, senior management means an individual who has the following:

8.2 Politically exposed foreign person records

Once a transaction has been reviewed, as explained in subsection 8.1, you have to keep a record of the following:

9. Foreign Subsidiaries or Branches

The following requirements concerning foreign subsidiaries or branches apply only to life insurance companies, not to life insurance brokers or agents.

Foreign Branches or Foreign Subsidiaries

If you are a life insurance company that has foreign branches or foreign subsidiaries which carry out activities similar to those of a financial entity, securities dealer or insurance company; and that are wholly owned by you or have consolidated financial statements with you, you have the following requirements:

If you have a Board of Directors, they shall approve these policies

You must ensure that your foreign branches or foreign subsidiaries apply these policies to the extent it is permitted by the laws of the country in which the foreign subsidiary or foreign branch is located. If they cannot implement these policies or part of them because they conflict with the laws of the country in which they are located, you must keep a record including the reasons why these policies cannot be implemented and provide a copy, within a reasonable time period, to your regulating body and FINTRAC.

Exceptions to definition of Foreign Subsidiaries

These requirements do not apply to you if you are a foreign company within the meaning of section 2 of the Insurance Companies Act.

These requirements do not apply to subsidiaries of foreign subsidiaries.  For example, if Insurance Company A has a foreign subsidiary (Subsidiary A) and there is a Subsidiary B of Subsidiary A, then these requirements do not  apply to Subsidiary B. 

These requirements do not apply to you if you are the Canadian subsidiary of a foreign entity, when the foreign entity has developed policies that are similar to Canada's compliance regime requirements and also has in place policies to assess the risk of money laundering and terrorist activity financing.  For example, when Foreign Company A with subsidiaries A and B in Canada already has policies regarding client identification, record keeping and the establishment of a compliance regime, then these requirements do not apply to the Canadian subsidiaries A and B. 

For more information about the compliance regime requirements, refer to Section 3 of Guideline 4: Implementation of a Compliance Regime. The Canadian record keeping and client identification requirements are those explained in this guideline, except that requirements concerning politically exposed foreign person determination and related records (see section 8) do not apply to a foreign branch or subsidiary.

Information Exchange between Domestic and Foreign Affiliated Entities

If you are a life insurance company that is affiliated with another entity or a foreign entity that carries out activities similar to those of a financial entity, securities dealer or insurance company, you must develop and apply policies and procedures in relation to the exchange of information between you and your affiliated entities. The purpose of this exchange of information is to help detect and deter money laundering and the financing of terrorist activities and to assess the risk of such an offence.

As part of your risk assessment, you may want to keep a record including the rationale as to why these policies cannot be implemented by the affiliated entities.

Affiliated entity means if one of you is wholly owned by the other, if both of you are wholly owned by the same entity or if your financial statements are consolidated.

10. How Should Records Be Kept?

You should maintain an effective record keeping system to enable FINTRAC to have access to the records in a timely fashion. Your records have to be kept in such a way that they can be provided to FINTRAC within 30 days of a request to examine them.

For the requirements explained in this guideline, you can keep records in a machine-readable or electronic form, as long as a paper copy can be readily produced from it. For example, if you have a document imaging system, you do not have to produce the original document for these purposes, as long as you can print the imaged one.

The record keeping requirements explained in this guideline are about each record to be kept. Your record keeping system can store the information required for any one record separately, as long as you are able to readily retrieve and put the information together for the record whenever necessary.

You are not required to keep a copy of the reports you make to FINTRAC (other than the suspicious transaction report as explained in subsection 3.4), but you may choose to do so. It is recommended that you keep the information that FINTRAC sends you in the acknowledgement message about each report processed. This provides the date and time the report was received along with its identification number.

Timeframe for keeping records

In the case of client information records, records to confirm the existence of an entity (including a corporation), beneficial ownership records, and politically exposed foreign person records, these records have to be kept for five years from the day the last business transaction was conducted.

In the case of a copy of a suspicious transaction report, the record has to be kept for a period of at least five years following the date the report was made.

In the case of all other records, the records must be kept for a period of at least five years following the date they were created.

Employees, contractors, or agents who keep records for you

Your employees who keep records (as described in section 3) for you are not required to keep those records after the end of their employment with you. The same is true for individuals in a contractual relationship with you, after the end of that contractual relationship. This means that you have to get and keep the records that were kept for you by any employee or contractor before the end of that individual's employment or contract with you.

If you are an independent life insurance agent or broker, you are required to keep records as explained throughout this guideline. 

11. Penalties for Non-Compliance

Failure to comply with your record keeping or client identification requirements can lead to criminal charges against you. Conviction of failure to retain records could lead to up to five years imprisonment, to a fine of $500,000, or both. Alternatively, failure to keep records or ascertain the identity of clients can lead to an administrative monetary penalty. For more information on penalties, you can also consult the "Penalties for non-compliance section" of FINTRAC's website.

12. Comments?

These guidelines will be reviewed on a periodic basis. If you have any comments or suggestions to help improve them, please send your comments to the mailing address provided below, or by email to guidelines-lignesdirectrices@fintrac-canafe.gc.ca.

13. How to Contact FINTRAC

For further information on FINTRAC and its activities, reporting and other obligations, please go to FINTRAC's website (http://www.fintrac-canafe.gc.ca) or contact FINTRAC:

Financial Transactions and Reports Analysis Centre of Canada
234 Laurier Avenue West, 24th floor
Ottawa ON  K1P 1H7
Canada

Toll-free: 1-866-346-8722
Date Modified: