Regulatory Compass
Your guide to navigating the ever-changing landscape of industry regulations.
Each Broker must ensure they are aware of and comply with their obligations under the AML Regulations. It is your responsibility to ensure that you have appropriate procedures in place and that you are prepared in the event you are audited by FINTRAC. Some of the changes that have affected your business are: client identification requirements, source of funds, third party determination, suspicious transaction reporting, development of AML/ATF procedures and auditing compliance and enforcement of the procedures. For more information or details regarding your obligations, we encourage you to visit the Financial Transactions and Reports Analysis Centre of Canada: https://www.fintrac-canafe.gc.ca/intro-eng
Canada Life Advisor AML/ATF Program Template
Empire Life Advisor AML/ATF Program Template
FINTRAC Audit Survival Guide
Anti-Money Laundering/Anti-Terrorist Financing Compliance Regime
Step-by-step guide to completing your AML program
Suspicious Transaction or Attempted Transaction Reporting FAQ
Canada Life Advisor AML/ATF Program Template
Empire Life Advisor AML/ATF Program Template
FINTRAC Audit Survival Guide
AML/ATF Compliance Regime
All life insurance advisors and advisor offices are covered under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (AML/ATF) which means that you are required to have a documented compliance regime for your office. The compliance regime is intended to ensure you understand, implement and comply with all your obligations under the Act. A well-designed, applied and monitored regime will provide a solid foundation for compliance with the legislation. Please review the regime to ensure that your office meets all five requirements.Anti-Money Laundering/Anti-Terrorist Financing Compliance Regime
Step-by-step guide to completing your AML program
Client Information Record
A Client Information Record is needed if your client pays $10,000 or more for the purchase of an annuity or life insurance policy, either at the time of sale or will deposit more than $10,000 into the product over its duration.Suspicious transaction or attempted transaction reporting
If you or one of your staff suspects that a transaction or attempted transaction is related to money laundering or terrorist financial activities you must complete and file a Suspicious Transaction form. Electronic versions of all reporting forms can be found on FINTRAC’s website.Suspicious Transaction or Attempted Transaction Reporting FAQ
FINTRAC Guidance Video Library: Verifying the identity of a client
Privacy: Your Responsibilities under the Act
1. Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the privacy principles. A good understanding of Canada’ Personal Information Protection and Electronic Documents Act (PIPEDA) will help offset privacy issues. For further information visit the website: www.privcom.gc.ca.
2. Identifying Purposes: The purposes for which personal information is collected shall be identified by the broker/organization at or before the time the information is collected. Define your purpose for collecting data as clearly and narrowly as possible so the individual can understand how the information will be used or disclosed.
3. Consent: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except when inappropriate. Consent is only meaningful if the individuals understand how their information will be used.
4. Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means. Only obtain the information necessary for the service or product being provided.
5. Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by the law. Personal information shall be retained only as long as necessary for fulfilment of those purposes. Conduct regular reviews to help determine whether information is still required.
6. Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. One way to determine if information needs to be updated is to ask whether the use or disclosure of out of date or incomplete information would harm the individual.
7. Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. Keep sensitive information files in a secure area or computer system and limit access to individuals on a "need-to-know" basis only.
8. Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information. Information about policies and practices may be made available in person, in writing, by telephone, in publications or on an organization's website.
9. Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. Keep personal information about individuals in one place to make retrieval easier or record where all such information can be found. Never disclose personal information unless you are sure of the identity of the requestor and that person's right to access.
10. Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals for the organization's compliance. How well you handle an individual's complaint may help preserve or restore the individual's confidence in an organization.
Office of the Privacy Commissioner of Canada
Templates to help you implement Privacy:
1. Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the privacy principles. A good understanding of Canada’ Personal Information Protection and Electronic Documents Act (PIPEDA) will help offset privacy issues. For further information visit the website: www.privcom.gc.ca.
2. Identifying Purposes: The purposes for which personal information is collected shall be identified by the broker/organization at or before the time the information is collected. Define your purpose for collecting data as clearly and narrowly as possible so the individual can understand how the information will be used or disclosed.
3. Consent: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except when inappropriate. Consent is only meaningful if the individuals understand how their information will be used.
4. Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means. Only obtain the information necessary for the service or product being provided.
5. Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by the law. Personal information shall be retained only as long as necessary for fulfilment of those purposes. Conduct regular reviews to help determine whether information is still required.
6. Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. One way to determine if information needs to be updated is to ask whether the use or disclosure of out of date or incomplete information would harm the individual.
7. Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. Keep sensitive information files in a secure area or computer system and limit access to individuals on a "need-to-know" basis only.
8. Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information. Information about policies and practices may be made available in person, in writing, by telephone, in publications or on an organization's website.
9. Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. Keep personal information about individuals in one place to make retrieval easier or record where all such information can be found. Never disclose personal information unless you are sure of the identity of the requestor and that person's right to access.
10. Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals for the organization's compliance. How well you handle an individual's complaint may help preserve or restore the individual's confidence in an organization.
Office of the Privacy Commissioner of Canada
Templates to help you implement Privacy:
- Best Practice FAQ Protecting PI
- Sample Internal Privacy and Breach Policy
- Broker Privacy Statement Client Consent
- Privacy Consent Document
- Compliance Program for Privacy
- Compliance Program for Privacy (Quebec)
- Sample Privacy Policy (Corporate)
- Sample Privacy Policy (Individual Advisor)
- Sample Privacy Statement & Client Consent
On July 1, 2014, Canada’s Anti-Spam Law (CASL) came into force. The law had major implications on how you conduct business. At its core, the new law prohibits someone from sending a commercial electronic message (CEM) unless:
Gathering express consent from clients will make compliance with CASL easier. Don’t wait to act!
- a statutory exemption applies, or
- the sender has the recipient’s implied or express consent
- between individuals who have a personal or family relationship
- if a Broker receives a referral about a potential new client, from someone who has an existing relationship with both Broker and prospect, the Broker can send one introductory message to that prospect
- where there is an “active” existing business relationship. “Active” is defined as within a 2 year period from purchase or within a 6 month period since last service provided.
- where the recipient visibly publishes their electronic address without stating it does not welcome CEMs
- where you are handed the persons business card containing their electronic address
- add to your existing consent and authorization document obtained from new clients to not only include your ability to collect and retain personal information but also to communicate with the client electronically
- work through your existing client base to reach out and obtain their signed express consent as you complete annual reviews of their insurance/financial portfolios, provide administrative services of their inforce policies or recommend additional insurance needs
- ONCE you have obtained client consent to communicate with them in an electronic fashion, reference their ability to remove themselves from your electronic listing and give them an easy way to remove, opt-out or unsubscribe themselves.
- IMPLIED consent will continue for a period of three years only, unless withdrawn by the recipient.
Gathering express consent from clients will make compliance with CASL easier. Don’t wait to act!
Each Broker must ensure that they are aware of and comply with rules and obligations under the National Do Not Call List & Telemarketing Rules.
The National Do Not Call List (DNCL) is an initiative of the Canadian Radio-Television and Telecommunications Commission (CRTC). HUB Capital Inc. Approved Persons and HUB Financial Inc. Brokers fall under the jurisdiction of DNCL rules. It is important that you are aware of what constitutes “telemarketing” under the guidelines of these rules, and that you and your practice are sufficiently informed so as to avoid contravention of these rules.
For more information or details regarding your obligations, we encourage you to visit the CRTC general website www.crtc.gc.ca
The National Do Not Call List (DNCL) is an initiative of the Canadian Radio-Television and Telecommunications Commission (CRTC). HUB Capital Inc. Approved Persons and HUB Financial Inc. Brokers fall under the jurisdiction of DNCL rules. It is important that you are aware of what constitutes “telemarketing” under the guidelines of these rules, and that you and your practice are sufficiently informed so as to avoid contravention of these rules.
For more information or details regarding your obligations, we encourage you to visit the CRTC general website www.crtc.gc.ca