The clock is ticking for financial institutions to comply with new regulations on how they verify the identities of their clients.
Financial institutions have until June 17, 2017 to ensure they’re following the new rules introduced under the Proceeds of Crime (Money Laundering) Anti-Terrorist Financing Act (PCMLTFA).
“It’s a short time to put a solution in place,” Julia Szadowski, senior legal counsel with Equifax Canada, told participants in an ITWC webinar on the regulatory changes. “It’s a challenge the whole industry is facing and the best way to face it is to be as vigilant and agile as possible.”
What’s new?
The new rules are intended to provide more flexibility on the methods regulated organizations use to check the identity of their clients. But, as Szadowski pointed out, a high degree of diligence is still required. Authorities have placed greater emphasis on anti-money laundering efforts in recent years in an effort to cut the flow of money to fraudsters and terrorists.
Financial institutions are obliged to make sure that the identifying information on a client’s account application matches with other reliable records. The simplest way to do this is the “single source method”, explained Sinéad Gleason, senior product manager with Equifax. The bank can obtain the client’s credit file from a reporting agency like Equifax to confirm the client’s name, address and date of birth. The credit file must be Canadian and at least three years old. It’s best to have a robust file containing records from a range of sources like credits card, telecom and utility companies, said Gleason.
If there is any doubt, or if the credit file is less than three years old, the bank must use the dual source method. Gleason said this approach should be used if, for example, the client uses a post office box for an address, or where the client’s name on the application doesn’t match the credit file exactly. In this case, the bank must refer to information from two independent and reliable sources, such as a credit file and an original document containing identity information. The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) provides guidelines on what constitutes a “reliable” source.
“The key thing is that when the regulator comes knocking, they are going to ask you to tell the story of what you did and why you decided that this person was a match,” said Szadowski.
Why it Matters:
Financial institutions need to be prepared because there are serious consequences for non-compliance with the rules, said Jim Love, ITWC CIO and host of the webinar. They include monetary penalties, criminal sanctions, and more importantly, reputational risk. FINTRAC has imposed fines totaling more than $3.5 million under the Act since December 30, 2008.
Financial institutions have a duty to protect their clients, said Szadowski. “The fraudsters are getting more savvy every day and the next victim could be you.”
“We all have to think about the big picture,” said Szadowski. “It’s about fighting fraud. You have to be a superhero against fraud, because there’s a real impact on individuals when you don’t do it properly.”
Watch the on demand webinar