Audit of the Financial Transactions and Reports Analysis Centre of Canada - page 9

AUDIT REPORT OF THE PRIVACY COMMISSIONER OF CANADA,
2013
7
Observations and Recommendations
COMPLIANCE WITH THE CODE OF
FAIR INFORMATION PRACTICES
15. The
Privacy Act
sets out the rules governing
the management of personal information held
by federal government institutions. Sections 4
through 8 of the
Privacy Act
, referred to as the
“Code of Fair Information Practices”, restrict the
collection of personal information and limit how
that information, once collected, can be used
and disclosed. The
Privacy Act
also addresses
the retention and disposal of personal informa-
tion. It balances the legitimate collection and use
requirements necessary to government programs
with an individual’s right to privacy.
16. To assess the extent to which FINTRAC is meeting
its obligations under the
Privacy Act
, we looked at
how FINTRAC manages personal information that
it acquires. We expected to find that:
• the receipt and collection of personal informa-
tion is limited to what is directly related to its
operating programs or activities;
• the information is used and disclosed for
authorized purposes; and,
• records are retained and disposed of in
accordance with established schedules.
Little progress has been made to address
over reporting
17. The
Proceeds of Crime (Money Laundering) and
Terrorist Financing Act
(PCMLTFA or the Act)
authorizes FINTRAC to receive information,
including personal financial information, from
individuals, reporting entities and other sources,
such as the Canadian Security Intelligence Service
(CSIS), the Royal Canadian Mounted Police
(RCMP) and other police forces. It also permits
FINTRAC to collect information it considers
relevant to money laundering or terrorist financ-
ing activities, as well as information required to
fulfill its compliance mandate. In March 2009,
FINTRAC’s databases contained approximately
101 million reports; this number increased to
approximately 165 million reports by March 2012.
18. The Act requires that certain financial transactions
undertaken by or on behalf of a single person or
entity be reported to FINTRAC. Among the data
that must be supplied to FINTRAC are cash
transactions, international electronic funds trans-
fers and casino disbursements worth $10,000 or
more, as well as transactions that, while individu-
ally lower than $10,000, collectively exceed this
amount within a 24-hour period, also known as
the 24-hour rule. Terrorist property reports and
suspicious transactions, regardless of value, must
also be reported. Reported transactions might
include down payments for house and vehicle
purchases, wire transfers received by international
students residing in Canada, or funds sent by
parents in Canada to children who are studying
abroad. Reporting entities that do not file reports
as required by the PCMLTFA are in non-compliance
and could face civil or criminal sanctions.
Observations and Recommendations
1,2,3,4,5,6,7,8 10,11,12,13,14,15,16,17,18,19,...42
Powered by FlippingBook