Answer this section here
- What additional measures could the Government undertake with the private sector and international partners to address terrorist financing?
In its 2009 and 2013 review of the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the Office of the Privacy Commissioner found several unsatisfactory aspects in the Centre’s data collection and retention policies, putting at risk the privacy rights of Canadian citizens, permanent residents and foreign nationals. This included weaknesses in FINTRAC’s guidelines and procedures in working with private sector partners.
In particular, the OPC found that in at least one instance, FINTRAC’s guidance to private sector partners on the implementation of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) could be interpreted as encouraging the reporting of information that is not required by the Act. Further, it found that FINTRAC, which holds responsibility for the implementation of the Act’s requirements among its regulatory partners, has failed to review the guidelines issued by these partners, meaning that there is no way to ensure that the guidelines are compliant with the Act.
Faulty guidelines and lack of oversight put both the private sector at risk of fines for non-compliance and threatens the privacy rights of Canadians by collecting and retaining private information that is outside the scope of the FINTRAC’s mandate.
These issues were first identified by the OPC in its 2009 report and have yet to be adequately addressed by FINTRAC. A review of FINTRAC’s 2014 and 2015 annual reports shows no update on, or even recognition, of these issues.
We would recommend that FINTRAC act quickly to address the concerns as reported by the OPC in their report, Financial Transactions and Reports Analysis Centre of Canada, Section 37 of the Privacy Act, Section 72(2) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, Final Report 2013.
- What measures might strengthen cooperation between the Government and the private sector?
Once again, we would point to the OPC’s 2009 and 2013 reports on FINTRAC. By issuing clear and complete guidelines, and reviewing the guidelines issued by reporting organizations to their staff, FINTRAC would significantly strengthen its relationship with the private sector.
Further, the OPC’s reports also raises questions about front-end screening of data that is transmitted to FINTRAC. Currently, while the forms to be filled out have requirements for necessary information, there is no review for over-reporting of information. As the OPC suggests, having front-end screening would clarify what information is relevant for collection and retention purposes, clarify what is required of private sector and regulatory partners, and ensure that the privacy rights of Canadians are protected.
- Are the safeguards in the regime sufficient to protect individual rights and the interests of Canadian businesses?
We would argue that in the case of FINTRAC that no, the safeguards are not sufficient in protecting individual rights or the interests of Canadian businesses. Again, a lack of clear guidelines puts Canadian businesses at risk of over-collecting and over-reporting information. In an instance where this would breach the PCMLTFA, it would put the business at risk of substantial fines. Even more worrisome is the lack of clear guidelines and of front-end screening, as mentioned earlier, which means that the private information of Canadians is being collected and stored by FINTRAC without adequate oversight that this information is within their scope. The OPC found that extraneous information, such as Social Insurance Numbers were collected although FINTRAC is not supposed to, as well as reports that did not fit the reporting criteria. This included instances where reports of cash transaction, electronic funds transfers and CBSA reports did not meet the $10,000 reporting threshold and therefore should not have been reported, and reports that did not include the entity’s reason for suspected money laundering or terrorist financing activities, making it difficult to assess whether the “reasonable grounds” threshold had been met.
As of 2013, FINTRAC held some 165 million records. Because there is no electronic screening method for these records, it is impossible to know how many of these records are compliant or how any are extraneous and should be destroyed. As the OPC reports, FINTRAC informed it that only those records that are selected for further analysis are ever reviewed. Once they are reviewed, if the information is not relevant it is still stored for the mandatory 10 years as laid out in the PCMLTFA – meaning that even non-relevant information is still not destroyed; indeed, FINTRAC is currently working on a system that would simply segregate this information from the main database so it cannot be accessed by analysts. FINTRAC advised the OPC that they will be implementing a process to automate the identifying and disposing of these types of reports. We urge them to do so as soon as possible.
The sole heartening information is that the OPC recognizes that FINTRAC is correctly following guidelines governing the release of information to security agencies. Therefore, non-compliant information remains securely stored at FINTRAC and is not unnecessarily shared with security agencies. At the same time, two concerns remain: First, whether SCISA has made it easier for other security agencies to request the disclosure of information, or lowered the threshold for what FINTRAC can voluntarily disclose – this should be clarified as soon as possible. Second, the large-scale accumulation of private information remains a grave risk for the privacy rights of Canadians: future incidents could make this information available to either security agencies or to malicious parties. Extraneous information should not be collected in the first place, but, if it is collected, it should be identified and disposed of as quickly as possible.
- What changes could make counter-terrorist financing measures more effective, yet ensure respect for individual rights and minimize the impact on Canadian businesses?
We would urge FINTRAC to adopt the recommendations of the OPC as soon as possible in order to ensure:
- Reports from reporting organizations are as compliant as possible, contain only relevant information, and explain the reasons for reporting. This would include improving guidelines issued by both FINTRAC and reporting agencies
- That all non-compliant records are identified and disposed of as soon as possible
- That all records that are not part of disclosures are adequately disposed of after the 10 year retention period
We would also urge FINTRAC to report openly on these issues in their own annual reports, rather than simply responding to the OPC in their two-year reviews. Ensuring that only relevant information is collected and stored will help in upholding privacy rights, limit any potential future breaches, and also increase the efficiency of FINTRAC’s monitoring work.
We would also like to note that an increased focus on money laundering as well as tax havens would most likely serve the purpose of reducing funds for crimes, as well as increase the Canadian tax-base. A reinvestment of this new source of taxes into social services could help reduce the social inequalities that often lie at the root of what are seen as terrorist acts, and therefore serve as a just as – if not more – effective method of increasing the security of all Canadians.
Finally, we would urge the government to create an oversight and review body for FINTRAC to ensure it is compliant and that could receive complaints. In regards to their national security-related work, we would argue that this fall under an eventual integrated, independent review and complaint body for all national security agencies, as proposed in Section 1: Accountability.