AML compliance in Canada: Regulation of Payment Service Providers

Payment service providers (PSPs) in Canada must put a risk-based AML/CFT program in place to comply with an AML Law, otherwise, they face regulatory risks. Find out how money services businesses (MSBs) and PSPs fall under AML regulations and what compliance represents for these businesses.

The FINTRAC has updated the Money Laundering Laws. These regulations set up increased oversight and expand the monitoring regime to cover recent innovations. As currently drafted, the regulations apply to MSBs, among other institutions. Given the increased focus on addressing AML/CFT compliance, and the significant penalties for noncompliance, MSBs, and PSPs in Canada should be familiar with their regulatory obligations, and know how to deploy appropriate AML/CFT measures to detect and prevent money laundering cases.

According to the Canadian AML law, an MSB is an institution that delivers any of these services:

• Foreign exchange dealing;
• Money transfer;
• Dealing in virtual currency,
• Account issuance,
• Merchant acquiring.

Under the new regulation, such institutions now are required to follow certain rules, one of with is registration with FINTRAC and compliance with certain MSB obligations under the regulatory framework.

The point of contention

Money transferring often leads to many discussions and seems to have not enough clarity. Specifically, there arises a question of whether a PSP is treated to be involved in money transfer and whether, because of this service, they are deemed to be an MSB which will make them comply with the same regulations applicable to such service provisions.

Overview of current regulations in Canada

Payment service businesses, defined as 3rd-party entities that assist commercial customers to accept a variety of online payment methods, are not determined in the PCMLTFA, related regulations, or by the regulatory body FINTRAC, and thus would only fall under the regulation if they satisfy the criteria of a defined reporting organization. Given that PSPs efficiently handle funds transfers between a buyer and a seller; it has not been clarified whether this offering is regarded as a funds transferring service and whether this would make a PSP considered an MSB.

As to FINTRAC, an establishment handling money transfers for the sake of the service is deemed as an MSB, while an establishment transferring funds to carry its actual services is not. For instance, companies that make money transfers under utility, payroll, lease, or other payments are not regarded as MSBs, as the funds dealing is an outcome to their main activity. Similarly, companies that offer settlement services to traders in the name of their customers for the acquirement of products or services, are not deemed as MSBs, because the transfer of funds is accomplished solely to maintain the company’s merchant services.

Based on FINTRAC’s explanation, PSPs that do not deliver money transfers for the sake of the service, are not MSBs and are not obliged to follow specific requirements. Nevertheless, not officially regulated, financial establishments and other 3rd parties often view PSPs to be involved in a business that features higher ML/TF risks, and consequently, they regularly require PSPs to register as an MSB.

Mоnеy Lаundering and Tеrrorist Finаncing Vulnerabilities of PSPs

The Financial Action Task Force equates payment business the services of which include funds used for purchases within a limited amount of merchants with a limited value for products and services with closed loop cards. Thus the guidance on AML/CFT regulation is not intended to apply to these services. Hence, the FATF regards these types of payment service businesses as having lesser risk for criminal proceeds.

Other PSPs that do not cover by this definition are unprotected from higher ML/TF risks. Their exemption from the PCMLTFA and related regulations in Canada does not coincide with the FATF’s approach to the risks connected with such businesses. The risks related to these types of PSPs can be substantial:

• Anonymous transaction

Services that deliver an opportunity to a customer to buy, register, or use payment methods without any identification elevate the risk the customer is not the person they state they are.

• Time of operation

Services that are done via the Internet and allow any transfer or acceptance of payments, can be used to move money quickly around the globe. This creates difficulties in tracing the origin of capital.

• Scope of reach

Services that enable the transfer of funds globally can be used for ML/TF purposes, especially if such offerings are available in countries with undeveloped AML CFT regimes.

• Different jurisdictions – different rules

The PSP may be registered in one jurisdiction while customers are based in another and therefore ruled by different AML CFT regimes; this is particularly important if the business operates in a jurisdiction with weakened AML CFT controls.

• Source of financing

Services that allow 3rd-party funding from faceless sources are at a higher risk for ML/TF as the origin of capital can be complicated to control.

• Decentralization extent

Such business models that are based on a certain number of parties in the supply chain are causing anxiety when the parties belong to different AML CFT regimes or when some of them come from sectors not covered in ML/TF regulations.

• No direct relationship with an underlying customer

Lack of such relations can make it difficult for PSPs to estimate the value and volume of transactions made by the underlying customer, to rate whether this coincides with expectations for that customer or serves as a sign or indication of fraud or a money laundering or terrorist financing operation. Besides, the PSP must focus on due diligence measures. As payment service providers cannot determine the source of capital and identify the customer, they could bear the risk of infringing AML and sanctions regulations in their jurisdiction.

• Credit risk

If an underlying customer is involved in credit card fraud, etc., the PSP will take the responsibility for covering those losses.

• Risk of reputational damage

In the case of accidentally becoming associated with a money laundering or terrorist financing scheme, PSPs may face negative reactions by a large number of people.

Not only do PSPs face risks, the organizations that hold accounts with a PSP also are at risk under this relation. Particularly, the financial institutions must undertake customer diligence measures; they cannot identify the underlying customer, track the source of money, or the nature of the relations on their own. Moreover, as the financial institutions eventually process the transactions, they may unintentionally process false or illegal transactions and for that reason are exposed to the risk of AML CFT breech.

Summing up

Since payment service providers are now not regulated, there are no specific requirements to have an AML program, unless at the insistency of your financial business partner or another 3rd-party. But, even so, these businesses should develop an AML/CFT program to control the ML/TF risks related to their business to prepare for future regulatory changes.

Contacts

For more information about compliance with anti-money laundering rules in Canada or another jurisdiction you are interested in, please contact our specialists. You can also see our offers in the category “Ready-made companies” and “Licenses for sale”.