Review of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Submission to the Standing Senate Committee on Banking, Trade and Commerce
June 21, 2006
Privacy Commissioner of Canada
The Standing Senate Committee on Banking, Trade and Commerce has been asked to undertake a review of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (S.C. 2000, c. 17) pursuant to section 72 of the Act. Section 72 provides that the Act is to be reviewed by a parliamentary committee within five years and a report submitted to Parliament setting out any changes that the committee recommends.
The Office of the Privacy Commissioner of Canada has taken an active interest in the Act and in Canada’s Anti-Money Laundering and Anti-Terrorist Financing (AMLATF) regime. When the former Privacy Commissioner appeared before the Senate Committee on Banking, Trade and Commerce in June 2000 to comment on Bill C-22, the Proceeds of Crime (Money Laundering) Act, he posed two questions:
“First is this legislation necessary—is it a major improvement on existing legislation? And second, if you decide it is necessary, are there ways to reduce the loss of privacy that will result from the passage of the legislation in its current form?”
While the government of the day determined that the legislation was necessary, we think that it is still important to ask whether it is possible to mitigate the privacy implications of the legislation.
Following the passage of Bill C-22, Bill C-36, the Anti-terrorism Act expanded the scope of the Act (and changed the name of the Act) to include provisions dealing with terrorist financing. Our understanding is that further changes to the legislation are being considered. In June 2005 the Department of Finance released a consultation paper, “Enhancing Canada’s Anti-Money Laundering and Anti-Terrorist Financing Regime”. Our expectations, based on comments that have been made before this Committee by various government officials and on media reports, are that some or all of the changes discussed in the consultation paper may find their way into amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and the regulations that have been issued under the Act. For example, Ms. Lafleur from the Department of Finance commented before the Committee that “It is critical that we have new legislation and regulations in place” before Canada's regime is evaluated by the Financial Action Task Force in early 2007.
Our comments relate not only to the legislation as it currently exists but also to some of the proposals discussed in Finance’s consultation paper.
The Challenge of Commenting on the AMLATF Regime
Assessing Canada’s AMLATF regime raises a number of questions, for example:
- how serious are the problems that the legislation is intended to address?
- is the existing legislation effective?
- are the changes being proposed necessary?
Answering these questions is extremely difficult for an organization such as the Office of the Privacy Commissioner. We have a limited knowledge of the world of money laundering or terrorist financing. We do not have a sense of the scope of the problem, nor do we know if the current regime is effective.
After reviewing the transcripts of the recent appearances before the committee of the officials from the Department of Finance, Justice, Public Safety and Emergency Preparedness and FINTRAC we still do not have a clear sense of the scope of the problems or the effectiveness of the legislation. One witness suggested that “Although it is difficult to measure the exact cost of the crimes that underlie money laundering, such as fraud, embezzlement, drug trafficking and arms trade, there is much anecdotal evidence as to the harmful impact of these crimes.” Another witness commented “I attempt to avoid estimating the amount of money being laundered. ? In my opinion, it is wrong to attempt to estimate the amount of money criminals are making and laundering.”
The Committee has heard testimony indicating that the Financial Transactions and Reports Analysis Center of Canada (FINTRAC) has made more than 442 case disclosures to enforcement and security agencies identifying thousands of individuals and businesses and tens of thousands of suspect financial transactions. The total dollar value of the financial transactions disclosed was $3.2 billion.
We appreciate the difficultly in estimating the amount of money being laundered or the overall extent of the problem, but without this information we are unable to make a reasoned assessment of whether the privacy implications of the regime are proportionate to the problems being addressed.
Canada’s AMLATF Regime
- Part 1 of the Act requires persons and entities subject to the Act to collect certain information, for example, to satisfy “know your customer” requirements; keep records prescribed by regulation; and report suspicious transactions to FINTRAC without their clients’ knowledge or consent;
- Part 2 of the Act deals with the cross-border movement of currency and monetary instruments; and
- Part 3 of the Act created an independent agency, FINTRAC, at arms length from law enforcement, to collect, analyze and, in appropriate circumstances, disclose designated information to law enforcement agencies.
Under the Act a broad range of “covered entities”, including financial institutions, foreign exchange dealers, casinos, security dealers, accountants and several other types of businesses and professionals are required to collect specified information about their clients and their transactions and maintain records required by the Act. Covered entities are also required to report certain information to FINTRAC, for example, transactions involving $10,000 or more and any completed transaction when there are reasonable grounds to suspect that the transaction is linked to money laundering or terrorist financing. Disclosures to FINTRAC are made without the knowledge or consent of the clients involved.
FINTRAC in turn analyzes the information it receives from the covered entities along with other information from publicly available sources, including commercially available databases, voluntarily provided information, information from law enforcement databases and information from similar national agencies.
After analyzing this information, FINTRAC can disclose designated information to law enforcement agencies, the Canada Revenue Agency, CSIS and Citizenship and Immigration based on “reasonable grounds to suspect” that the information would be relevant to investigating or prosecuting a money laundering or terrorist offence.
A Novel and Precedent Setting Regime
The regime created by the legislation is novel and quite remarkable. The regime is novel because of the degree to which the covered entities are required to act as agents of the state. There are other government initiatives in which private sector entities, airlines for example, are required to provide personal information to government agencies for investigatory purposes, but they are not required to collect personal information over and above what they need for business purposes solely for the purposes of providing it to the state. Nor are the airlines expected to make a judgment about what constitutes suspicious behaviour.
The regime is precedent setting because it creates a mandatory reporting scheme that allows government officials to obtain access to personal information for investigatory purposes without judicial authorization and without satisfying the standard requirement of reasonable and probable grounds. As Stanley Cohen, who appeared before this Committee has noted, “Canada’s money laundering agency, FINTRAC, and indeed the entire MSTR [mandatory suspicious transaction reporting] is of a ground-breaking or precedent setting character. It tests the limits of existing constitutional authority”Footnote 1
When the Privacy Commissioner appeared before the Senate Standing Committee on Transport and Communications in March 2004 to discuss Bill C-7, the Public Safety Act, 2002, she raised concerns about enlisting businesses in the fight against crime and terrorism that are equally appropriate with respect to the PCMLTFA:
“This legislation establishes a new and troubling precedent. What's next? Are we going to start requiring car rental firms, couriers and telecommunication companies to collect information for the purpose of turning it over to law enforcement agencies?
This runs directly counter to the increased recognition of the importance of privacy as reflected in Parliament's decision to pass the Personal Information Protection and Electronic Documents Act. PIPEDA, over which my Office has oversight, prevents private sector organizations from collecting or disclosing personal information without consent. As a nation we have decided that it is important to put restrictions on how private sector companies collect, use and disclose our personal information.
Are we now prepared to stand back and allow law enforcement and national security agencies to demand that same information and use it in ways that are dramatically at odds with fair information principles?”
By requiring a long list of private sector organizations to monitor and report on the activities of their customers, it forces these organizations to serve in support of law enforcement and national security activities. This is arguably one of the most troubling aspects of this legislation and of other public safety and national security initiatives
A more general concern with the PCMLTFA is that it has received surprisingly little public attention. While the Anti-terrorism Act, and the Public Safety Act and even the previous government’s proposed “lawful access” legislation have received a great deal of media and public attention, this legislation appears to be largely unknown to the public. This is surprising, and unfortunate, because in many ways this legislation is as intrusive and as much of a threat to privacy rights as these other initiatives. We would urge the Government to engage in meaningful public consultation before considering expanding the scope of the legislation.
The scope of the legislation is already far reaching. A senior official with FINTRAC commented when she appeared before this Committee, “We have millions of transaction reports in our database.” This suggests that FINTRAC collects information on a large number of individuals and a large number of transactions.
We recognize that the legislation contains certain safeguards. For example, FINTRAC is limited to providing “designated information” to the law enforcement and other agencies mentioned above; there are significant penalties for unauthorized disclosure of the information held by FINTRAC; FINTRAC is required to destroy information after 5 years, or 8 years in the case of information that is part of a disclosure; and law enforcement agencies must obtain a production order based on reasonable grounds to believe in order to receive additional information from FINTRAC about an individual.
As well, many of the covered entities are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA)that applies to organizations engaged in commercial activities such as banks and foreign exchange dealers and FINTRAC is subject to the Privacy Act. However, the PCMLTFA significantly weakensthe protections provided by the two federal Acts. The public's ability to lodge complaints and the Privacy Commissioner's power to investigate complaints depends on public awareness of the activity in question. Given the lack of awareness of the collection of information by FINTRAC, members of the public will not know that information is being collected about them or that they are being investigated.
Nor will citizens be able to use the Privacy Act or PIPEDA to determine if information has been collected about them. Although FINTRAC is expressly subject to the federal Privacy Act, we have been informed that the Centre will routinely deny access requests pursuant to section 16 or subsection 22(1)(b) of the Privacy Act. As well, the PCMLTFA amended PIPEDA to prohibit private sector organizations from informing individuals that they have provided information to FINTRAC, or from providing access to the information, if on the advice of FINTRAC the disclosure of the information could reasonably be expected to be injurious to the detection, prevention or deterrence of money laundering.
Providing individual with a right of access to their own personal information is one of the fundamental fair information principles that underlie both the Privacy Act and PIPEDA. Allowing individuals to see the information that government agencies or private sector organizations hold about them, or have disclosed to others, acts as an important check on the practices of organizations. Individuals are able to determine how much information has been collected and whether it is being properly used and disclosed. The PCMLFTA removes these checks and balances. While the Office of the Privacy Commissioner could perhaps undertake to audit FINTRAC on a regular basis, auditing the thousands of Canadian businesses that are sending information about their customers to FINTRAC, without their customers’ knowledge is
impossible. This is one of the many reasons why, from a privacy perspective, it is critically important to minimize the scope of the regime.
Proposals to Expand the AMLATF Regime
Both the Finance consultation paper and government officials, who have appeared before the Committee have suggested a number of possible changes to the Act that would further expand the scope of the Act and, in some case, weaken the safeguards in the Act. These include:
- expanding the types of entities/businesses subject to reporting requirements to include dealers in precious stones and metals and real estate developers. As well, the contentious issue of applying the reporting requirements to lawyers has been raised (again);
- lowering the monetary threshold and expanding the types of transactions that trigger reporting requirements. For example, new provisions re: electronic funds transfers and requiring covered entities to report attempted suspicious transactions, not just completed transactions have been proposed;
- strengthening the “know your customer”/due diligence requirements. Covered entities may be required to take measures to verify identity in non-face-to-face transactions, to keep information up-to-date and to make greater efforts to identify individuals when there are doubts about previously obtained customer information;
- requiring covered entities to place special emphasis on “politically exposed persons”—heads of states, senior bureaucrats, military officials, etc.;
- introducing a registration process, including the collection of specified information, for money service businesses and foreign exchange dealers with FINTRAC acting as the registrar;
- expanding the list of designated information that FINTRAC can disclose to law enforcement and intelligence agencies;
- making it easier for FINTRAC to share compliance-related information with foreign entities that have similar compliance functions;
- adding an administrative and monetary penalties regime to existing penalties for non-compliance; and
- lowering the threshold for obtaining production orders for the release of additional information from FINTRAC from “reasonable grounds to believe” to “reasonable grounds to suspect”. This was proposed by a Deputy Commissioner of the RCMP who appeared before the Committee.
If these proposals are implemented, the number of organizations required to monitor and to collect information about their clients and customers will increase. The amount of personal information being collected will expand. More transactions will be subject to scrutiny and reporting. The number of people whose financial transactions will be scrutinized will be greater than ever and the safeguards governing the regime will be weakened.
Many of these proposed changes will exacerbate the intrusiveness of the regime. Even some of the proposed changes that do not directly relate to the collection, use or disclosure of personal information could have a privacy impact. For example, the proposals to create a new administrative and monetary penalties regime could increase the incentives that already exist to over report. The PCMLTFA provides for penalties of up to $2 million and five years in prison for non-compliance. One of the several concerns we expressed when Bill C-22 was being passed was that given the substantial penalties for non-compliance with the reporting requirement, financial service providers and other covered entities may have a strong incentive to over-report rather than under-report.
Why are these changes being proposed? No evidence has been provided to the Committee to suggest that the incidence or the quantum of money laundering or terrorist financing is increasing or that the existing provisions are inadequate. Our sense is that these proposals are being driven by two perceived needs:
- to respond to the Auditor General’s 2004 report on Canada’s AMLATF initiatives; and
- to meet international obligations.
In her report the AG concluded that restrictions on the type of information FINTRAC can share with law enforcement agencies may limit the effectiveness of AMLATF initiatives. However, the 2004 Auditor General’s report also concluded that “Canada has a comprehensive anti-money-laundering system that is generally consistent with international standards.” Many of the recommendations in the Auditor General’s report dealt with the relationship between the FINTRAC and law enforcement and national security agencies. The proposals in the Finance consultation paper appear to go beyond the recommendations in the report.
The Finance consultation paper and the witnesses who have appeared before this Committee have suggested that it is necessary to update Canada’s AMLATF regime to honour international commitments and incorporate recommendations by the Financial Action Task Force (FATF). The FATF is an inter-governmental body founded in 1989 by the G7.Footnote 2 The purpose of the FATF is to develop policies to combat money laundering and terrorist financing.
We are not convinced by the argument that Canada has to update its AMLATF regime to meet international commitments. One of the difficulties with this rationale for amending the Act is that it is a “one size fits all” approach. Some of the FATF’s recommendations may be more relevant in some jurisdictions than in others, but it would appear that all countries are expected to adopt them. We recognize the need to ensure that Canada does not become a safe haven for money launderers, but Canada should not be expected to adopt every measure proposed by the FATF without asking whether it is really necessary and appropriate to Canadian circumstances. One example is the proposal in the consultation paper that financial institutions should have systems in place to determine if a customer is a “politically exposed person” and that additional measures should be put in place for customers who are politically exposed persons.
The justification for this proposal is not clear, particularly in Canada. The definition of a politically exposed person in the paper is extremely broad and would capture large numbers of people. The notion that people will be subjected to extra scrutiny, not because of suspicion, but simply because of their position is alarming. In many cases, this scrutiny would be in addition to the security checks and other screening that would have taken place prior to their appointments.
This harmonized international approach to dealing with money laundering and terrorist financing also fails to recognize that different countries have different approaches to privacy and the protection of personal information. Some of the members of the FATF have relatively weak or even non-existent privacy/data protection laws. Canada, in comparison, has a recent and comprehensive private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA) and three provinces—Quebec, Alberta and British Columbia—have private sector legislation. As well, the federal Privacy Act applies to government departments and agencies.
The Proceeds of Crime (Money Laundering) and Terrorist Financing Act is an inherently intrusive Act that is at odds with the protection of privacy. The Act treats everyone as a potential suspect. The Act weakens existing privacy protections. The Act enlists a wide range of businesses and professionals in the fight against money laundering and terrorist financing by requiring them to monitor the activities of their customers and make judgments about their behaviour. As the defender of the privacy rights of the people of Canada we can hardly approve of the AMLATF regime.
Witnesses from FINTRAC have assured the Committee that it takes protection and privacy extremely seriously, “Our legislation requires us to ensure that the information we collect is protected.” We have no reason to doubt that FINTRAC does an excellent job of protecting the information it holds, but privacy involves more than protecting information. Privacy entails ensuring that the amount of information that is being collected is kept to an absolute minimum and that the information is only used and disclosed appropriately. A privacy sensitive regime also requires transparency, openness and effective oversight. Security—protecting personal information—is important but it is only one part of a sound privacy management framework. FINTRAC should make use of internal controls—for example, robust internal audit processes—to ensure that covered entities do not over report and that FINTRAC does not disclose personal information inappropriately. As well, it is critical to have accountability structures in place to assess the regime’s performance and promote openness and transparency.
We understand that money laundering both rewards and supports criminal activities and we are certainly aware that the financing of terrorist groups threatens our security and the security of the rest of the world. We are not here today to deny or question the need to combat money laundering and terrorist financing. We are here to ask whether this is the best way to identify money launderers and people who fund terrorist groups and subject them to the rule of law. We urge the Committee to consider carefully the effectiveness of the legislation in meeting its stated purposes given the inherent intrusiveness of the regime.
We would also ask you to carefully consider the constitutionality of the current regime. Aside from the question of the application of the Act to lawyers and the resulting implications for solicitor-client privilege this issue does not appear to have been addressed directly by the witnesses who have appeared before this Committee. We do not have the expertise to comment on this matter, nor does this question fit squarely within our mandate, but as we have noted above, this is a novel regime. The legislation allows an agent of the state—FINTRAC—to obtain sensitive personal information for investigatory purposes without the benefit of prior judicial authorization. Since the Charter of Rights and Freedoms was introduced in 1982 the courts have determined that many instances of warrantless searches and seizure were in violation of section 8 of the Charter. This question takes on added importance given the proposal to lower the standard required for disclosures from FINTRAC to law enforcement agencies from reasonable grounds to believe to reasonable grounds to suspect.
- Date modified: