AML & KYC
AML & Compliance
Remitware Payments Canada Inc. (RPCI) has a comprehensive Anti-Money Laundering & Counter-Terrorist Financing Compliance and Risk Program. Synopsis of the AML-CTF Compliance and Risk policy of RPCI is as follows:
RPCI is committed to follow guidelines laid down by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) and to comply with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), and related Regulations.
RPCI is a Registered Money Services Business (MSB) with FINTRAC and hence is a reporting entity under the lawsofCanada. RPCI is currently not registered or licensed to operate in Québec as an MSB under Quebec’s Money Services Businesses Act.
RPCI is committed to preventing, detecting and deterring money laundering and terrorist financing. It is the responsibility of every employee (including contractors and part-time employees) and agents to comply with this program and all related legislation for jurisdictions in which RPCI operates.
- Compliance Program
We are required to have an anti-money laundering (AML) and counter terrorist financing (CTF) compliance program that consists of these five elements:
- Written policies and procedures: these list our responsibilities under the law, and what we are doing to meet them.
- A documented Risk Assessment: a document that describes and assesses the risks that our business could be used to launder money or finance terrorism
- The appointment of a Compliance Officer: the person who is ultimately responsible to develop and maintain our AML and CTF compliance program;
- AML Compliance Effectiveness Reviews: testing and reporting is completed at least every two years that assesses how well our compliance program is working; and
- Training: conducted at least annually to ensure that everyone understands his or her roles and responsibilities.
- Operational Compliance
- In addition to our documented program, we are required to operate in a compliant manner.
- This includes collecting and recording customer identification information, and/or know yourcustomer (KYC) information.
- Reporting certain types of transactions to regulators andgovernment agencies, as well as keeping records.
The actions described in our proceduresfor this purpose are required (not optional) in all cases. Any activity that is outside our AML and CTF compliance procedures should be brought to the attention of the Compliance Officer immediately.
- Our AML and CTF compliance program:
- The Program has been designed to conform to the elements required under Canadian legislation.
- In addition to this policy, specific procedures have been designed for
- Compliance Staff and
- All Staff.
- There are also separate Risk Assessment, Training and Compliance Officer Appointment documents.
- Record Keeping
- In order to pass a FINTRAC examination or an AML Compliance Effectiveness Review, RPCImust be able to prove that RPCI hasmet its complianceobligations. This means that there are things that will need to be recorded (either on paper or electronically).
- These records must be kept for at least six years (but may be kept for longer) and be in a format that can be retrieved and sorted easily.
- Records are retained in accordance with RPCI’sData Retention and Disposal Policy and/or Information Classification and Handling Policy.
- Everyone that deals with customers, customer funds or transactions, or that is responsible for implementing or overseeing the AML/CTF compliance program, must receive AML and CTF compliance training, at least annually.
- This includes part-time, seasonal and contract employees, as well as any third parties that act on RPCI’sbehalf and deal with customers, customer funds or transactions.
- It also includes members of senior management overseeing the AML/CTF program. Training under this program will be reviewed by the Compliance Officer prior to its delivery.
- Risk Assessment
- RPCI’s Risk Assessment is summarized as follows
- The risk that RPCI’sactivities could make itvulnerable to terrorist financing or money laundering activities.
- A mechanism to risk rate RPCI’scustomers and business relationships; and
- RPCI’s Risk Assessment is summarized as follows
- The controls that RPCIhasin place to prevent, detect and deter money laundering and terrorist financing.
- The Risk Assessment is reviewed and updated by the Compliance Officer at least every two years, and more often where there are changes to Canadian legislation, the products and services that RPCIoffers, RPCI’scustomer base, or RPCI’scontrols.
- Compliance Effectiveness Review
- Compliance Effectiveness Review is like an audit that tests RPCI’s AML and CTF compliance program.
- The review tests two key elements: RPCI’sprogram documentation (what RPCIsaysit isdoing) and RPCI’soperations (what RPCI has actually done during a specific period of time).
- These reviews must be completed at least once every two years. The results of the review are shared with Senior Management (this must be done within 30 days of the date that the final report is issued).
- The Minister of Finance (Canada) may, from time to time, issue directives requiring reporting entities, including RPCI, to take additional measures in respect of transactions originating from or bound for a foreign jurisdiction or a foreign entity.
- There are currently no such directives issued. When a directive is issued, the Compliance Officer will ensure that RPCI’sAML/CTF program implements the requirements under the Directive and will update this policy accordingly.
This AML program adopted by the board of RPCI and is subject to annual review.