Guidance and Information
PIPEDA and the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)
Detailed questions and answers
The Proceeds of Crime (Money Laundering) and Terrorist Financing Act requires organizations subject to the Act to undertake certain compliance activities, such as client identification and record keeping activities. As well, certain transactions are required to be reported to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).
The Office of the Privacy Commissioner of Canada supports efforts to combat money laundering and terrorist financing.
We advocate that programs or initiatives should be implemented in a manner that is privacy sensitive and consistent with privacy laws. As such, the collection of personal information must be limited to what is required and identified by legislation and regulations, and in addition to that, what is required for an organization’s specific business purposes.
Below are some questions and answers related to privacy that may be of interest:
- Do organizations have to take privacy laws into account when complying with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act?
- What should an organization’s policies and procedures explain about their personal information management practices?
- Does PIPEDA require an individual’s knowledge or consent if a disclosure (report) is made to FINTRAC, as required by section 7 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act?
- Is it important to limit the collection of personal information?
- Why is limiting the collection of personal information a good thing?
- Should an identity document be photocopied when ascertaining an individual’s identity?
- Should a health card be used to ascertain a customer’s identity?
- Should a Social Insurance Number be used to ascertain a customer’s identity?
- What should an organization be aware of if an individual requests information about disclosures made to FINTRAC?