Audit of the Financial Transactions and Reports Analysis Centre of Canada - page 6

AUDIT REPORT OF THE PRIVACY COMMISSIONER OF CANADA,
2013
4
FINANCIAL TRANSACTIONS AND REPORTS ANALYSIS CENTRE OF CANADA
We examined two of FINTRAC’s areas of
respons­ibility. The first is its role to analyze
and disclose financial intelligence. The second
is a compliance function where it verifies whether
reporting entities are meeting their obligations
under the PCMLTFA and its regulations.
In carrying out its analysis and disclosure functions,
FINTRAC continues to receive and retain personal
information not directly related to its mandate. Plans
to enhance current controls, including front-end
screening and ongoing monitoring of reports, have
yet to be implemented. Until these controls are
implemented, FINTRAC will be unable to provide
assurance that its information holdings are relevant
to its mandate and not excessive.
We found that FINTRAC has enhanced its process
to manage threat and risk assessments. Likewise, it
has a comprehensive approach to security, including
controls to safeguard personal information. However,
instances of non-compliance with established security
policies were noted during the audit.
FINTRAC has enhanced its privacy management
program. It has created a formal Chief Privacy
Officer position, a privacy impact assessment process
and privacy breach guidelines have been developed.
FINTRAC has also enhanced employee awareness
of core privacy principles.
FINTRAC receives inquiries that deal with interpre­
tation and practical application of the PCMLTFA
and its regulations from reporting entities. We found
an instance where FINTRAC’s guidance could be
interpreted as encouraging the reporting of infor­
mation that is not required by the PCMLTFA.
As part of its compliance function, FINTRAC obtains
records from reporting entities. Although FINTRAC
issued internal guidelines to ensure that the collection
of data is limited to what is directly related to its
operating programs and activities, we found instances
where this practice is not consistently applied,
resulting in the collection of data where there
was no demonstrated need to collect and retain it.
FINTRAC has responded to our findings. Its responses
follow each recommendation throughout the report.
1,2,3,4,5 7,8,9,10,11,12,13,14,15,16,...42
Powered by FlippingBook