Audit of the Financial Transactions and Reports Analysis Centre of Canada - page 8

AUDIT REPORT OF THE PRIVACY COMMISSIONER OF CANADA,
2013
6
FINANCIAL TRANSACTIONS AND REPORTS ANALYSIS CENTRE OF CANADA
WHAT WE FOUND IN OUR 2009 AUDIT
9. In 2009 the OPC found that FINTRAC had
received and retained information that exceeded
its legislative authority. FINTRAC’s controls,
including the screening and ongoing monitoring
of reports, needed to be improved to ensure that
FINTRAC’s information holdings are both
relevant and not excessive. FINTRAC had a
robust and comprehensive approach to security.
It had put into place elements of a privacy
management framework; however, there were
gaps which needed to be addressed. We had
also found that FINTRAC was unable to provide
assurance that the guidance provided by regula-
tory partners to reporting entities is consistent
with PCMLTFA requirements.
10. The progress made by FINTRAC to address the
2009 audit recommendations is presented in the
Observations and Recommendations section of
this Report.
FOCUS OF THE CURRENT AUDIT
11. The audit objective was to assess whether
FINTRAC has adequate controls to protect
personal information, and whether its processes
and practices for managing such information
comply with the fair information practices
embodied in sections 4 through 8 of the
Privacy
Act
. The act of “collection” under the terms of
the
Privacy Act
includes both the passive receipt
and the active collection of personal information.
12. The audit focused on reviewing the progress
made by FINTRAC to address the recommenda-
tions from our 2009 audit. We also examined
FINTRAC’s management of personal information
acquired, used and disclosed in its capacity
as a financial intelligence unit and also while
carrying out its compliance function as required
by the PCMLTFA.
13. We did not review FINTRAC’s handling of
personal information about its employees nor
did we assess the control frameworks imple-
mented by reporting entities to manage their
personal information holdings.
14. Information on the audit objective, criteria,
scope and approach is found in the About the
Audit section of this report.
1,2,3,4,5,6,7 9,10,11,12,13,14,15,16,17,18,...42
Powered by FlippingBook