Guideline 6F: Record Keeping and Client Identification for Casinos

February 2014

This replaces the previous version of Guideline 6F: Record Keeping and Client Identification for Casinos issued in July 2010. This version includes guidance on obligations, which come into effect February 1, 2014, to better understand your clients and related business relationships.

Table of Contents

  1. General
  2. Record Keeping and Client Identification Obligations
  3. Records To Be Kept
  4. Client Identity
  5. Ongoing Monitoring of Business Relationship and Related Records
  6. Third Party Determination and Related Records
  7. How Should Records Be Kept?
  8. Penalties for Non-Compliance
  9. Comments?
  10. How to Contact FINTRAC

Guideline 6F: Record Keeping and Client Identification for Casinos (PDF version, 348 KB)

1. General

The objective of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act is to help detect and deter money laundering and the financing of terrorist activities. It is also to facilitate investigations and prosecutions of money laundering and terrorist activity financing offences. This includes implementation of reporting, record keeping, client identification and compliance regime requirements for casinos.

A casino means one that is authorized by a Canadian provincial, territorial or federal government to do business and that conducts its business in a permanent establishment. It only includes those where roulette or card games are played in the establishment, or where there is a slot machine. For these purposes, a slot machine does not include a video lottery terminal.

Registered charities may be authorized to carry on business temporarily as a casino for charitable purposes. If this type of business is carried out in the establishment of a casino for no more than two consecutive days at a time under the supervision of the casino, the activities are considered to be the supervising casino's. In this case, the supervising casino is responsible for the reporting, record keeping, client identification and compliance regime requirements related to the charity casino.

If you are a casino, this guideline has been prepared to help you meet your record keeping and client identification obligations.

This guideline uses plain language to explain the most common situations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act as well as the related Regulations. It is provided as general information only. It is not legal advice, and is not intended to replace the Act and Regulations. 

Record keeping and client identification obligations for other types of reporting persons or entities are explained by sector in other versions of this guideline (financial entities; life insurance companies, brokers and agents; securities dealers; money services businesses; agents of the Crown that sell or redeem money orders; accountants; dealers in precious metals and stones; British Columbia notaries; and real estate). 

For more information about money laundering and terrorist financing, or other requirements under the Act and Regulations applicable to you, see the guidelines in this series:

If you need more help after you read this or other guidelines, call FINTRAC's national toll-free enquiries line at 1-866-346-8722.

Throughout this guideline, several references are provided to additional information that may be available on external websites. FINTRAC is not responsible for the accuracy, reliability or currency of the information contained on those external websites. The links provided are based on information available at the time of publishing of this guideline.

Throughout this guideline, any references to dollar amounts (such as $10,000) refer to the amount in Canadian dollars or its equivalent in foreign currency. Furthermore, all references to cash mean money in circulation in any country (bank notes or coins). In this context, cash does not include cheques, money orders or other similar negotiable instruments. Also, any references to the term "securities dealer" means an individual or entity authorized under provincial legislation to engage in the business of dealing in securities or any other financial instruments or to provide portfolio management or investment advising services.

Your policies and procedures may cover situations other than the ones described in this guideline, for purposes other than your requirements under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. For example, the retention period for your records may vary for purposes other than what is described in this guideline.

2. Record Keeping and Client Identification Obligations

As a casino, you have the following record keeping and client identification obligations:

There are some exceptions and these are explained throughout each section.

The use of personal information in Canadian commercial activities is protected by the Personal Information Protection and Electronic Documents Act (PIPEDA), or by substantially similar provincial legislation. You have to inform individuals concerning the collection of personal information about them. However, you do not have to inform individuals when you include personal information about them in any of the reports that you are required to make to FINTRAC. You can get more information about your responsibilities in this area from the following:

3. Records To Be Kept

As a casino, in addition to the records described in sections 5 and 6, you have to keep the following records:

Details about each of these types of records are provided in subsections 3.2 through 3.9. Also, section 7 explains how your records should be kept.

See section 4 for information about identification requirements that may be associated to the events triggering record keeping requirements.

3.1 General exceptions to record keeping

If you keep information in a record that is already readily available in any other record that you have kept under these rules (as described throughout this guideline), you do not have to keep that information again.

You do not have to keep any of the records described in subsections 3.4 to 3.7 when you open an account or conduct a transaction for a public body or a very large corporation. The same is true regarding a subsidiary of either of those entities, if the financial statements of the subsidiary are consolidated with those of the public body or very large corporation.

In this context, a public body means any of the following or their agent:

Also in this context, a very large corporation is one that has minimum net assets of $75 million on its last audited balance sheet. The corporation's shares have to be traded on a Canadian stock exchange or on a stock exchange outside Canada that is designated by the Minister of Finance. The corporation also has to operate in a country that is a member of the Financial Action Task Force (FATF). For more information about stock exchanges outside Canada that are designated by the Minister of Finance, refer to the July 2, 2008 news release available in the News area of the Department of Finance's website (http://www.fin.gc.ca).

To find out which countries are members of the FATF, refer to its website (http://www.fatf-gafi.org).

3.2 Large cash transaction records

This is a record for every amount of cash of $10,000 or more that you receive from a client in a single transaction. For example, if your client deposits $10,000 in cash to an account, you have to keep a large cash transaction record. In addition to this record, a large cash transaction will also require a report to FINTRAC, as explained in Guideline 7: Submitting Large Cash Transaction Reports to FINTRAC

If you know that two or more cash transactions of less than $10,000 each were made within a 24-hour period (that is, 24 consecutive hours), by or on behalf of the same client, these are considered to be a single large cash transaction if they add up to $10,000 or more. In this case, you would have to keep a large cash transaction record, and report the transaction to FINTRAC as explained above. 

The transactions that you must keep a large cash transaction record for include the following:

Do not keep a large cash transaction record or make a large cash transaction report to FINTRAC if the cash is received from a financial entity or a public body. In this context, a financial entity means any of the following:

For information about what is considered a public body in this context, see subsection 3.1.

Contents of a large cash transaction record

For any large cash transaction, the information you have to keep in a large cash transaction record includes the following: 

In the case of a deposit, the large cash transaction record also has to include the time of the deposit. 

Be as descriptive as possible regarding the business or occupation. Record information that clearly describes it, rather than use a general term. For example, in the case of a consultant, the occupation recorded should reflect the area of consulting, such as "information technology consultant" or "consulting forester." As another example, in the case of a professional, the occupation should reflect the nature of the work, such as "petroleum engineer" or "family physician."

If you have to ascertain the identity of the individual conducting a large cash transaction, see subsection 3.10 for additional information that is required on the large cash transaction record.

If you are a supervising casino for a registered charity conducting business as a casino for two consecutive days or less on your premises, you are responsible for any large cash transaction records pertaining to the charity's casino activities.

3.3 Large disbursement records

For a casino disbursement of $10,000 or more, whether you pay it out in cash or not, a casino disbursement report is required - see subsection 3.8.

3.4 Records to be kept when opening an account

These records are those required when you open an account, such as signature cards, account operating agreements, deposit slips, debit and credit memos, copies of official corporate records (binding provisions) and other information as described below. 

Signature cards

When you open an account, you have to keep a signature card for each account holder. A signature card means any record that is signed by an individual authorized to give instructions for the account. 

If you have to ascertain the identity of an individual signing a signature card, see subsection 3.10 for additional information required on that record.

Accounts for corporations

If the account is opened for a corporation, you have to keep a copy of the part of the official corporate records showing the provisions that relate to the power to bind the corporation regarding the account. This could be a certificate of incumbency, the articles of incorporation or the bylaws of the corporation that set out the officers duly authorized to sign on behalf of the corporation, such as the president, treasurer, vice-president, comptroller, etc. If there were changes subsequent to the articles or bylaws that relate to the power to bind the corporation regarding the account and these changes were in effect at the time the account was opened, then the board resolution stating the change would be included in this type of record.

Accounts for individuals or entities other than corporations

If the account is opened for an individual or any entity that is not a corporation, you have to keep a record of the name, address and principal business or occupation of that individual or entity. For more information about recording business or occupation, see subsection 3.2, under the heading "Contents of a large cash transaction record."

If the record is about an individual, it also has to include the individual's date of birth.

Account operating agreements

An account operating agreement is any document that is received or created in the normal course of business and outlines the agreement between you and your client about the account's operation. 

Deposit slips

You have to keep a deposit slip for every deposit made to an account. A deposit slip means a record that sets out the date of a deposit, the amount of the deposit, and any part of it that was made in cash. A deposit slip also sets out the holder of the account in whose name the deposit is made and the number of the account. 

Debit or credit memos

You have to keep any debit or credit memo that you create or receive regarding an account in the normal course of business.

3.5 Extension of credit records

You have to keep an extension of credit record for every extension of credit to a client of $3,000 or more. This record has to indicate the following information:

If the record is about an individual, it also has to include the individual's date of birth.

If you have to ascertain the identity of an individual for an extension of credit record, see subsection 3.10 for additional information required on that record.

3.6 Foreign currency exchange transaction tickets

You have to keep a transaction ticket for any foreign currency exchange transaction, regardless of the amount. A transaction ticket means a record that sets out the following information:

If the transaction is $3,000 or more, the foreign currency exchange transaction ticket has to set out the name, address and date of birth of the individual who carried out the transaction.

A transaction ticket can take the form of an entry in a transaction register, as long as it contains the information required, as explained in this subsection.

If you have to ascertain the identity of an individual conducting the foreign currency exchange transaction, see subsection 3.10 for additional information required on that record.

3.7 Records about certain funds remitted or transmitted

Information to include with outgoing funds transfers

If you send an electronic funds transfer (EFT) of any amount, at the request of a client, you have to include originator information with the transfer. Originator information means the name, address and, if any, the account number or reference number of the client who requested the transfer. You should not send any EFTs without including originator information.

An EFT means the transmission–through any electronic, magnetic or optical device, telephone instrument or computer–of instructions for the transfer of funds to or from Canada. In the case of messages sent through the SWIFT network, only SWIFT MT 103 messages are included. In addition, only in the context of originator information, an EFT includes any transmission of instructions for the transfer of funds within Canada that is a SWIFT MT 103 message.

An EFT does not include the following transactions:

Information to be included with incoming funds transfers

If you receive an EFT, you have to take reasonable measures to ensure it includes originator information. In this context, reasonable measures could include contacting the institution that sent the payment instructions.

These requirements apply to the same EFTs, including the same exclusions, as those described above under the heading "Information to include with outgoing funds transfers."

Record about remitting or transmitting funds

If you remit or transmit funds, whether internationally or domestically, in an amount of $1,000 or more, you have to keep a record. This record has to include the following:

For more information about recording business or occupation, see subsection 3.2, under the heading "Contents of a large cash transaction record."

If you have to ascertain the identity of the individual who requests the remittance or the transmission of funds, see subsection 3.10 for additional information that is required on the record about the remittance or transmission of funds.

If the funds remitted or transmitted involved an exchange to or from a foreign currency, see subsection 3.6 for additional information required in a transaction ticket.

3.8 Casino disbursement report records

When you have to report a casino disbursement to FINTRAC, you have to keep a copy of the casino disbursement report.

A casino disbursement is any payout, whether in cash or not, of $10,000 or more in the following transactions:

A casino disbursement also includes two or more disbursements of less than $10,000 that you pay out to or on behalf of the same individual or entity within 24 consecutive hours of each other that total $10,000 or more.

If you are a supervising casino for a registered charity conducting business as a casino for two consecutive days or less on your premises, you are responsible for any casino disbursement reports as well as the related record keeping pertaining to the charity's casino activities. 

For more information about when and how to submit casino disbursement reports, see Guideline 10: Submitting Casino Disbursement Reports to FINTRAC.

3.9 Suspicious transaction report records

When you have to report a suspicious transaction to FINTRAC, you have to keep a copy of the report. See Guideline 3: Submitting Suspicious Transaction Reports to FINTRAC for more information about obligations related to this report.

3.10 Identification information on all records

If you have to ascertain the identity of an individual, as explained in section 4, in association with any of the records mentioned in section 3, you have to keep the individual's name with that record. You also have to keep the following with that record.

Identification documents

If you have to ascertain the identity of the individual using an identification document, the record has to include the type of document you used to ascertain the individual's identity, its reference number and its place of issue.

Identification of clients not physically present

If you do not use an identification document but use methods for a client who is not physically present (as described in subsection 4.8), you have to include whichever of the following, according to the methods used:

4. Client Identity

4.1 When and how do you have to ascertain client identity?

As a casino, you have client identification obligations. You have to take the following measures to ascertain the identity of individuals or to confirm the existence of entities (entities meaning: corporations, trusts, partnerships, funds, and unincorporated associations or organizations), subject to the general exceptions outlined in subsection 4.2.

If you cannot ascertain the identity of an individual or  confirm the existence of an entity when you open an account according to the identification requirements, you cannot open the account. This means that no transaction other than an initial deposit can be carried out unless you are able to ascertain the identity of the individual or confirm the existence of the entity as explained in subsection 4.5 and 4.9. As well, if you suspect that the transaction is related to a money laundering or terrorist financing offence, you must file a suspicious transaction report, as explained in Guideline 3: Submitting Suspicious Transaction Reports to FINTRAC.

Subsections 4.3 to 4.7 explain the need to ascertain the identity of individuals when an event triggers the requirement. In these events, you must ascertain the identity of an individual, unless an exception applies as explained below. Also, if you suspect that the transaction is related to a money laundering or terrorist financing offence, you must file a suspicious transaction report, as explained in section 4.4.

See section 3 for information about record keeping requirements that may be associated to the events triggering identification requirements.

Once you have conducted two transactions with a client that require you to ascertain the identity of the client, you have entered into a business relationship with that client. See section 5 for more information on business relationships and related records.

4.2 General exceptions to client identification

In addition to the exceptions explained throughout the rest of section 4, the following general exceptions apply to client identification requirements.

Existing clients

Once you have ascertained the identity of an individual as explained in this guideline, you do not have to ascertain their identity again if you recognize the individual (visually or by voice) at the time of a future event that would otherwise trigger the identification requirement. However, if you have any doubts about the identification information previously collected, you will have to ascertain that individual's identity again.

Once you have confirmed the existence of a corporation and confirmed its name, address and the names of its directors (as explained in subsection 4.9), you are not required to confirm that same information in the future.

Once you have confirmed the existence of an entity other than a corporation (as explained in subsection 4.9), you are not required to confirm that same information in the future.

You do not have to ascertain the identity of individuals as described in subsections 4.5 to 4.7, nor do the requirements described in section 6 apply, for an individual who already has an account with you.

Certain types of accounts

You do not have to confirm the existence of entities as described in subsections 4.5 nor do the requirements described in sections 5 or 6 apply, in the following situations:

For more information about what is considered a public body or a very large corporation in this context, see subsection 3.1.

4.3 Client identity for large cash transactions

You have to ascertain the identity of any individual with whom you conduct a large cash transaction, at the time of the transaction, if you have to keep a large cash transaction record for it, as described in subsection 3.2. If the transaction is a deposit to a business account, you do not have to ascertain the identity of the individual conducting it. 

See section 4.8 to find out how to ascertain the identity of an individual for large cash transactions. 

4.4 Client identity for suspicious transactions

When you have to send a suspicious transaction report to FINTRAC, you have to take reasonable measures, before the transaction is reported, to ascertain the identity of the individual who conducted or attempted to conduct the transaction. This does not apply in the following circumstances:

In this context, reasonable measures to ascertain the identity of an individual include asking the individual for an identification document. They also include using either of the options available to identify individuals who are not physically present. However, reasonable measures exclude any method that you believe would inform the individual that you are submitting a suspicious transaction report.

It is important to remember that all suspicious transactions and attempted transactions, including transactions that are normally exempt from client identification requirements, require you to take reasonable measures to ascertain your client's identity. See Guideline 2: Suspicious Transactions for more information.

4.5 Client identity for signature cards

You have to ascertain the identity of any individual who signs a signature card for an account that you open before any transaction (other than the initial deposit) is carried out. In the case of a business account, you do not have to ascertain the identity of more than three individuals who are authorized to give instructions for the account. 

See subsection 4.8 to find out how to ascertain the identity of an individual for signature cards.

The identification requirement related to a signature card does not apply if you already have an account with that individual. 

If you open an account for an entity, there are identification requirements in addition to the one regarding signature cards. Refer to subsection 4.9 for more information about this.

In addition, this identification requirement does not apply if the account holder is a public body or a very large corporation. For more information about the meaning of a public body or very large corporation, see subsection 3.1.

4.6 Client identity for disbursement records

You have to ascertain the identity of any individual who conducts any of the transactions described in subsection 3.8 that require a copy of a casino disbursement report. You have to do this at the time of the transaction.

See subsection 4.8 to find out how to ascertain the identity of an individual for large disbursements. 

4.7 Other client identity for individuals

You have to ascertain the identity of an individual in any of the following transactions:

If you are required to ascertain the identity of an individual in any of these cases, you have to do so at the time of the transaction. 

See subsection 4.8 to find out how to ascertain the identity of an individual for this purpose.

4.8 How to ascertain the identity of an individual

See subsection 3.10 for additional information that is required on certain records when you have to ascertain the identity of individuals.

To ascertain the identity of an individual, refer to the individual's birth certificate, driver's licence, passport, record of landing, permanent resident card or other similar document.

You can refer to an individual's provincial health card, but only if it is not prohibited by provincial or territorial legislation. For example, you cannot refer to an individual's provincial health card from Ontario, Manitoba, Nova Scotia or Prince Edward Island since health cards cannot be used for this purpose in these provinces. As another example, in Quebec, you cannot request to see a client's health card, but you may accept it if the client wants to use it for identification purposes. If you have questions about the use of health cards for identification, please contact the appropriate provincial issuer for more information.

For a document to be acceptable for identification purposes, it must have a unique identifier number. Also, the document must have been issued by a provincial, territorial or federal government. For example, a birth or baptismal certificate issued by a church would not be acceptable for this purpose. Also, an identification card issued by an employer for an employee (that is, an employee identification card) is not acceptable.

The document also has to be a valid one and cannot have expired. For example, an expired driver's licence would not be acceptable.

A social insurance number (SIN) card can be used to ascertain the identity of a client, but the SIN (that is, the number itself) is not to be provided to FINTRAC on any type of report. The Office of the Privacy Commissioner (https://www.priv.gc.ca) has produced a fact sheet concerning best practices for the use of SINs. Please consult it for more information on this topic.

Examples of other documents that can be used to ascertain the identity of a client include a certificate of Indian status or a provincial or territorial identification card issued by any of the following (or their successors):

Valid foreign identification, if equivalent to an acceptable type of Canadian identification document, would also be acceptable for the purposes explained in this guideline. For example, a valid foreign passport is acceptable.

When you refer to a document to ascertain the identity of an individual, it has to be an original, not a copy of the document. In cases where it is not possible for you to view the original yourself, you may choose to use an agent or mandatary to verify the original identification document on your behalf. Even if you use an agent or mandatary, you are responsible for making sure the identification requirements are met.

Use of an agent or mandatary

If you use an agent or mandatary for client identification, you have to enter into a written agreement or arrangement with the agent or mandatary outlining what you expect them to do for you. In addition, you have to obtain from the agent or mandatary the customer information that was obtained according to the agreement or arrangement.

Your agent or mandatary can ascertain the identity of your client for you using an identification document. In cases where your client is not physically present at the opening of an account or conducting of a transaction, your agent or mandatary can also use the options explained below.

Individual not physically present

If you have to ascertain the identity of an individual who is not physically present you will have to use a combination of two of the following methods. In each of the two methods you use, the individual's information has to be consistent with what you have in your records. The information also has to be consistent from one method to the other. For example, if each of the methods you use has the name, address and date of birth information about the individual, all of it has to agree with what you have in your records.

The methods below may not apply for all clients. For example, the methods would not be available to ascertain the identity of a client outside Canada who is conducting a transaction with you, but has no Canadian credit history, no access to a Canadian guarantor and no deposit account with a financial entity. In this case, ascertaining the identity of the client using an identification document may necessitate the use of an agent or mandatary, as explained above.

Identification product or credit file method

You can use either of the following methods but you cannot combine them:

Products for either of these methods are available commercially, such as those used for credit ratings.

Attestation method

Obtain an attestation that an original identification document for the individual has been seen by a commissioner of oaths or a guarantor. The attestation must be on a legible photocopy of the document and include the following information:

In this context, a guarantor has to be an individual engaged in one of the following professions in Canada:

Cleared cheque or deposit account method

You can use either of the following methods, but you cannot combine them.

For either method, the account has to be with a financial entity, as described in subsection 3.2.

The account cannot be one that is exempt from identification requirements for the financial entity, such as a registered retirement savings plan or a reverse mortgage. For more information about accounts that cannot be used for the cleared cheque or deposit account methods, see Guideline 6G: Record Keeping and Client Identification for Financial Entities.

4.9 Client identity for corporations or other entities

You have to confirm the existence of any corporation or other entity for which you open an account, before any transaction other than the initial deposit. In the case of a corporation, in addition to confirming its existence, you also have to determine the corporation's name, address and the names of its directors before any transaction other than the initial deposit.

Corporations

To confirm the existence of a corporation as well as the corporation's name and address, refer to the following documents:

You also have to confirm the names of the corporation's directors. To do this, you may need to see the list of the corporation's directors submitted with the application for incorporation. In the case of a corporation that is a securities dealer, you do not need to ascertain the name of the corporation's directors.

The record you use to confirm a corporation's existence can be paper or an electronic version. Although such information may be available verbally (such as by phone), it is not acceptable for these purposes, as you have to refer to a record. If the record is in paper format, you have to keep the record or a copy of it. 

If the record is an electronic version, you have to keep a record of the corporation's registration number, the type and source of the record. An electronic version of a record has to be from a public source. For example, you can get information about a corporation's name and address and the names of its directors from a provincial or federal database such as the Corporations Canada database which is accessible from Industry Canada's website (http://www.ic.gc.ca). As another example, you may also get this type of information if you subscribe to a corporation searching and registration service.

Entities other than corporations

To confirm the existence of an entity other than a corporation, refer to a partnership agreement, articles of association or any other similar record that confirms the entity's existence. The record you use to confirm the existence of an entity can be paper or an electronic version. Although such information may be available verbally (such as by phone), it is not acceptable for these purposes, as you have to refer to a record. If the record is in paper format, you have to keep the record or a copy of it. 

If the record is an electronic version, you have to keep a record of the entity's registration number, the type and source of the record. An electronic version of a record has to be from a public source.

4.10 Keeping client identification information up to date

Your compliance regime has to include an assessment, in the course of your activities, of the risk of money laundering or terrorist financing. Guideline 4: Implementation of a Compliance Regime provides more information about risk assessment requirements.  According to this assessment, you have to keep client identification information up to date as part of your ongoing monitoring obligations.

Measures to keep client identification information up to date include asking the client to provide information to confirm or update their identification information. In the case of an individual client, this can also include confirming or updating the information by using the same options that are available to ascertain the identity of individuals who are not physically present.

In the case of clients that are entities, measures to keep client identification information up to date include consulting a paper or electronic record as explained in subsection 4.9, or obtaining information verbally to keep client identification information up to date.

The frequency with which client identification information is to be kept up to date will vary depending on your risk assessment of your client. As part of your ongoing monitoring obligations, you have to keep all client identification information up to date. For high-risk clients, you must update client identification information more frequently and perform more frequent monitoring, as well as adopt any other appropriate enhanced monitoring measures (see examples in section 5).

If you have used one of the exceptions found in 4.2 (General exceptions to client identification) where you were not required to ascertain the identity of a client and therefore, do not have any client information in your records, there will be no client information to update as part of your ongoing monitoring obligations as described in section 5 (Ongoing Monitoring of Business Relationship and Related Records), but your other ongoing monitoring obligations still apply.

5. Ongoing Monitoring of Business Relationship and Related Records

Business relationship

A business relationship is a relationship that you establish with a client to conduct financial transactions or provide services related to those transactions. For casinos, these relationships can be established within or outside of an account.

Account-based business relationship: You are in a business relationship with a client that holds an account with you.  You enter into a business relationship when a client opens an account with you. For a new or existing client that has one or more accounts, the business relationship includes all transactions and activities relating to those accounts.

Non-account-based business relationship: If your client does not have an account, you enter into a business relationship when you conduct two or more transactions in which you have to:

In such a case, the business relationship only includes transactions and related activities for which you have to ascertain the identity of your client. See section 4 for more information on these transactions and activities.

If you use the exception to ascertaining the identity of a client where you recognize the individual (as described in 4.2 General exceptions to client identification) in the case of a second transaction that requires you ascertain the identity of a client, you have entered into a business relationship with that client nonetheless.  This is because it is the requirement to ascertain identity that triggers the business relationship.

You should determine that a business relationship has been established as soon as reasonably practicable following the second transaction requiring that the client's identity be ascertained.  As a best practice, this should be done within 30 calendar days.

If you have a client without an account who conducts two or more suspicious transactions, you still enter into a business relationship with that client, even if you are unable to ascertain the identity of that client. This is because suspicious transactions require you to take reasonable measures to ascertain the identity of the client (subject to the circumstances described in section 4.4), and so two or more of these transactions will trigger a business relationship. You must treat this business relationship as high-risk, and undertake more frequent ongoing monitoring and updating of client identification information, as well as any other appropriate enhanced measures (see examples under "Ongoing monitoring" below).

A business relationship is established when two transactions that require you to ascertain the identity of your client occur within a maximum of five years from one another. If a period of five years passes from the last transaction that required you to ascertain the identity of your client, the business relationship with that client ceases in the case of non-account-based business relationships. In the case of clients who hold an account, the business relationship ceases five years after the client closes that account.

Once the business relationship is established, you must also:

Ongoing monitoring

Ongoing monitoring means that you have to monitor your business relationship with a client on a periodic basis. Use your risk assessment of the client with whom you have a business relationship to determine how frequently you will monitor that business relationship. The risk assessment requires you to consider each one of your clients when assessing their risk for money-laundering and terrorist activities financing.  However, an individual written assessment is not required for each client, so long as you can demonstrate that you put your client in the correct risk category, according to your policies and procedures, and risk assessment.  You have to perform ongoing monitoring of each business relationship to:

The above-listed requirements do not need to follow the same timeframe, so long as you monitor your high-risk clients more frequently and with more scrutiny than you do your low-risk clients.

In order to keep client information up to date, you may ask clients with account-based business relationships to confirm the information you have on record periodically throughout your regular interactions with them.  For clients in non-account-based business relationships, you may update the information you have on record every time the client conducts a transaction that requires you to ascertain their identity.

As an example, you may choose to reassess the level of risk associated with a client's transactions and activities, and to determine whether the transactions or activities are consistent with the information you have on your client, for your low-risk clientele, every two years, while performing the same monitoring of your high-risk clients on a more frequent basis.  However, depending on the circumstances of your operations, a different ongoing monitoring period for low-risk clients may be appropriate.

In the context of monitoring on a periodic basis, your monitoring will vary depending on your risk assessment of your client.  As part of your ongoing monitoring obligations, you must monitor all of your business relationships, and you must monitor business relationships you consider high-risk more frequently, as well as update client identification information and adopt any other appropriate enhanced measures.

Here is a non-exhaustive list of enhanced measures you could take to mitigate the risk in cases of high-risk business relationships:

If as a result of your ongoing monitoring you consider that the risk of a money laundering or a terrorist financing offence in a business relationship is high, your risk assessment in your compliance regime must treat that client as a high risk. In this case, you must conduct more frequent monitoring of your business relationship with that client, update that client's identification information more frequently, and adopt any other appropriate enhanced measures (see examples above).

5.1 Business relationship record

When you enter into a business relationship with a client, you have to keep a record of the purpose and intended nature of the business relationship. You also have to review this information on a periodic basis and keep it up to date. This is done to ensure that you continue to understand your client's activities over time so that any changes can be used to assess or detect high-risk transactions and activities. This may lead you to increase the frequency of ongoing monitoring, update their client identification information more frequently, and adopt any other appropriate enhanced measures (see examples above).

The purpose and intended nature of the business relationship is information that should allow you to anticipate the transactions and activities of your client.

For clients who already hold accounts, you may use the information found in the intended use of the account record, in a client credit file, in a credit card account record or in an ongoing service agreement, as the purpose and intended nature of the business relationship with that client.  You do not need to create a new record if you are able to retrieve this information from the records you currently hold.  You must obtain this information at the opening of a new account.

For clients who do not hold an account but with whom you have a business relationship on the basis that they have completed two transactions that required you to ascertain their identity, or in the case of entities, to confirm their existence; you must document the purpose and intended nature of the business relationship that best describes your dealings with that client.

Here is a short, non-exhaustive list of examples of purpose and intended nature of a business relationship in your sector:

Guideline 4: Implementation of a Compliance Regime provides more information about risk assessment requirements.

6. Third Party Determination and Related Records

6.1 Third party determination

You have to make a third party determination when you have to keep any of the following records:

When you are determining whether a "third party" is involved, it is not about who "owns" the money, but rather about who gives instructions to deal with the money. To determine who the third party is, the point to remember is whether the individual in front of you is acting on someone else's instructions. If so, that someone else is the third party. 

In making a third party determination when employees are acting on behalf of their employers, they are considered to be acting on behalf of a third party. The only exception to this is when an employee deposits cash to the employer's account. In that case, the employee is not considered to be acting on behalf of a third party. This is true only if the account in which the employee deposits cash is a business account.

Reasonable measures

What constitutes reasonable measures will vary in accordance with the context in which they occur, and therefore could differ from one situation to the next. However, reasonable measures would include retrieving the information already contained in your files or elsewhere within your business environment, or obtaining the information directly from the client.

You do not have to make any third party determination about an account if the account holder is a financial entity or a securities dealer engaged in dealing in securities in Canada. 

6.2 Third party records

If you determine that there is in fact a third party, as explained above, you have to keep a record of the following information:

For more information about recording business or occupation, see subsection 3.2, under the heading "Contents of a large cash transaction record."

If you are not able to determine that there is in fact a third party, but you have reasonable grounds to suspect that there are instructions of a third party involved, you have to keep a record to indicate the following:

This record must also indicate details of why you suspect the individual is acting on a third party's instructions. 

You do not have to keep the third party record described above for an account if the following conditions are met:

If an account is for or on behalf of future and unknown clients, employees, etc., of the individual or entity opening the account, you should keep a record indicating that the account is to be used by or for third parties who are not known at the time of account opening.

7. How Should Records Be Kept?

You should maintain an effective record-keeping system to enable FINTRAC to have access to the records in a timely fashion. Your records have to be kept in such a way that they can be provided to FINTRAC within 30 days of a request to examine them.

For the requirements explained in this guideline, you can keep records in a machine-readable or electronic form, as long as a paper copy can be readily produced from it. For example, if you have a document imaging system, you do not have to produce the original document for these purposes, as long as you can print the imaged one.

The record keeping requirements explained in this guideline are about each record to be kept. Your record keeping system can store the information required for any one record separately, as long as you are able to readily retrieve and put the information together for the record whenever necessary.

Also, if you keep records electronically that require a signature on them, such as a signature card for example, an electronic signature of the individual who signed the record has to be retained. An electronic signature means an electronic image of the signature and does not include a personal identification number (PIN).

You are not required to keep a copy of the reports you make to FINTRAC (other than the suspicious transaction report, as explained in subsection 3.9 and the casino disbursement report, as explained in subsection 3.8), but you may choose to do so. It is recommended that you keep the information that FINTRAC sends you in the acknowledgement message about each report processed. This provides the date and time the report was received along with its identification number.

Timeframe for keeping records

In the case of signature cards, account operating agreements, and client credit files, these records have to be kept for five years from the day of closing of the account to which they relate. In the case of records to confirm the existence of an entity (including a corporation), they have to be kept for five years from the day the last business transaction was conducted.

In the case of a copy of a suspicious transaction report, the record has to be kept for a period of at least five years following the date the report was made.

In the case of all other records, including casino disbursement report records, the records must be kept for a period of at least five years following the date they were created.

Employees or contractors who keep records for you

Your employees who keep records (as described in section 3) for you are not required to keep those records after the end of their employment with you. The same is true for individuals in a contractual relationship with you, after the end of that contractual relationship. This means that you have to get and keep the records that were kept for you by any employee or contractor before the end of that individual's employment or contract with you.

8. Penalties for Non-Compliance

Failure to comply with your record keeping or client identification requirements can lead to criminal charges against you. Conviction of failure to retain records could lead to up to five years imprisonment, to a fine of $500,000, or both. Alternatively, failure to keep records or ascertain the identity of clients can lead to an administrative monetary penalty. For more information on penalties, you can also consult the "Penalties for non-compliance" section of FINTRAC's website.

9. Comments?

These guidelines will be reviewed on a periodic basis. If you have any comments or suggestions to help improve them, please send your comments to the mailing address provided below, or by email to guidelines-lignesdirectrices@fintrac-canafe.gc.ca.

10. How to Contact FINTRAC

For further information on FINTRAC and its activities, reporting and other obligations, please go to FINTRAC's website (http://www.fintrac-canafe.gc.ca) or contact FINTRAC:

Financial Transactions and Reports Analysis Centre of Canada
234 Laurier Avenue West, 24th floor
Ottawa ON  K1P 1H7
Canada

Toll-free: 1-866-346-8722
Date Modified: