FINTRAC publishes private-to-private information sharing guidance

Photo: Joe Raedle/Getty Images

Canadian government moves to close gaps in its AML regime.

Canada is moving to close long criticized information-sharing gaps in its AML regime. Alongside steps to strengthen public-private channels flagged by the 2022 Cullen Commission, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has now published guidance enabling private-to-private sharing under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA s.11.01) for reporting entities that join an approved code of practice.

FINTRAC explained that reporting entities may exchange certain personal information, without the individual’s knowledge or consent, with other reporting entities to detect or deter money laundering, terrorist financing, and sanctions evasion within a code of practice approved by the Office of the Privacy Commissioner of Canada (OPC) and submitted to FINTRAC.

Participation in the information sharing regime is voluntary and limited to reporting entities. Stakeholders have long been interested in the ability to freely share information about potential threats in situations where seeking consent would risk compromising the investigation.

Codes of practice and regulatory approval

According to the guidance, information sharing cannot occur until participating firms establish and implement a code of practice describing participants (legal names and FINTRAC reporting entity numbers), the categories of personal information that may be disclosed/collected/used, the purposes and methods of sharing, and the safeguards, retention, and recordkeeping procedures in place.

The code must demonstrate protections equal to or stronger than the Personal Information Protection and Electronic Documents Act (PIPEDA).

Boundaries and limitations

Only reporting entities may share information, and only with other reporting entities that are participants in the same approved code. The information must have been collected during the entity’s activities, and sharing without consent is only allowed when seeking consent would risk compromising detection.

Sharing must also be reasonable for the detection of money laundering, terrorist financing and sanctions evasion. Financial entities, life insurers, and securities dealers that have intra-affiliate exchange duties under PCMFTFA s.9.8, do not require a code, the guidance noted.

Topics

Latest News

ASIC roundup: 14 years imprisonment for fraudster, and freezing orders

FINRA disciplinary action update 2025/40

FINRA fines First Trust Portfolios for gifts and entertainment violations

Topics

Latest News

The longest pause – how the SEC shutdown is testing compliance resilience

FINTRAC ramps up: insights from the 2024-5 annual report

Algorithmic pricing is enforcement priority for EU and UK antitrust regulators

Topics

Latest News

The AI-first mandate: How tech giants are reshaping work with intelligent automation

OpenAI deal will allow UK firms to store their data on British soil

Crypto firms and bank trade groups submit comments on digital assets and surveillance

Topics

Latest News

NSCP Annual: Crypto grows up the hard way

Podcast: Laurent Louvrier on using AI to drive operational efficiency

GRIP Extra: HSBC to book $1.1B provision after losing Madoff appeal, EU coordinates enforcement on GDPR transparency

Topics

Latest News

ASIC roundup: 14 years imprisonment for fraudster, and freezing orders

NSCP Annual: Crypto grows up the hard way

FINRA disciplinary action update 2025/40