Each Broker must ensure they are aware of and comply with their obligations under the AML Regulations. It is your responsibility to ensure that you have appropriate procedures in place and that you are prepared in the event you are audited by FINTRAC. Some of the changes that have affected your business are: client identification requirements, source of funds, third party determination, suspicious transaction reporting, development of AML/ATF procedures and auditing compliance and enforcement of the procedures. For more information or details regarding your obligations, we encourage you to visit the Financial Transactions and Reports Analysis Centre of Canada: https://www.fintrac-canafe.gc.ca/intro-eng

Canada Life Advisor AML/ATF Program Template
Empire Life Advisor AML/ATF Program Template
FINTRAC Audit Survival Guide

AML/ATF Compliance Regime

All life insurance advisors and advisor offices are covered under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (AML/ATF) which means that you are required to have a documented compliance regime for your office. The compliance regime is intended to ensure you understand, implement and comply with all your obligations under the Act. A well-designed, applied and monitored regime will provide a solid foundation for compliance with the legislation. Please review the regime to ensure that your office meets all five requirements.

Anti-Money Laundering/Anti-Terrorist Financing Compliance Regime
Step-by-step guide to completing your AML program

Client Information Record

A Client Information Record is needed if your client pays $10,000 or more for the purchase of an annuity or life insurance policy, either at the time of sale or will deposit more than $10,000 into the product over its duration.
 

Suspicious transaction or attempted transaction reporting

If you or one of your staff suspects that a transaction or attempted transaction is related to money laundering or terrorist financial activities you must complete and file a Suspicious Transaction form. Electronic versions of all reporting forms can be found on FINTRAC’s website.

Suspicious Transaction or Attempted Transaction Reporting FAQ

 

FINTRAC Guidance Video Library:

Verifying the identity of a client

To learn more about this topic, refer to FINTRAC’s guidance on Methods to verify the identity of persons and entities at: https://fintrac-canafe.canada.ca/guidance-directives/client-clientele/Guide11/11-eng

In 2018, industry saw the introduction of Fair Treatment of Customers (FTC) Guidance documents by Regulators. The FTC Guidance indicates a focus by regulators on market conduct with a primary concern on how customers are being treated. This Guidance provides direction for the conduct of business and seeks to strengthen public trust and consumer confidence in the financial services provided. 

Some of the core expectations within these guidance documents are as follows:

• Fair treatment of Customers to be a core component of the business culture of Distribution.
• Licensees to act with due skill, care and diligence at all times when dealing with consumers.
• Licensees to promote financial services and products in a manner that is clear, fair and not misleading or false.
• Licensees to recommend products that are suitable; taking into account the consumer’s disclosed personal circumstances and financial condition.
• Customer is given appropriate information to make an informed decision before entering into a contract.
• Licensees to disclose and manage any potential or actual conflicts of interest.
• Licensees to provide continuing service and keep consumers appropriately informed.
• Licensees to have policies and procedures in place to handle complaints in a timely and fair manner.
• Protection and confidentiality of personal information: policies and procedures adopted by Distribution to ensure compliance with Privacy legislation.

HUB encourages advisors to review the FTC Guidance contained her to ensure you have implemented the recommendations into your practices. 

Documents to help you Implement Fair Treatment of Customers

• CCIR-CISRO Fair Treatment of Customers Guidance
• AMF Fair Treatment & Sound Commercial Practices Guideline
• FSRA’s Fair Treatment of Customers in Insurance Approach

Privacy: Your Responsibilities under the Act

1. Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the privacy principles. A good understanding of Canada’ Personal Information Protection and Electronic Documents Act (PIPEDA) will help offset privacy issues. For further information visit the website: www.privcom.gc.ca.


2. Identifying Purposes: The purposes for which personal information is collected shall be identified by the broker/organization at or before the time the information is collected. Define your purpose for collecting data as clearly and narrowly as possible so the individual can understand how the information will be used or disclosed.


3. Consent: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except when inappropriate. Consent is only meaningful if the individuals understand how their information will be used.


4. Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means. Only obtain the information necessary for the service or product being provided.


5. Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by the law. Personal information shall be retained only as long as necessary for fulfilment of those purposes. Conduct regular reviews to help determine whether information is still required.


6. Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. One way to determine if information needs to be updated is to ask whether the use or disclosure of out of date or incomplete information would harm the individual.


7. Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. Keep sensitive information files in a secure area or computer system and limit access to individuals on a "need-to-know" basis only.


8. Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information. Information about policies and practices may be made available in person, in writing, by telephone, in publications or on an organization's website.


9. Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. Keep personal information about individuals in one place to make retrieval easier or record where all such information can be found. Never disclose personal information unless you are sure of the identity of the requestor and that person's right to access.


10. Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals for the organization's compliance. How well you handle an individual's complaint may help preserve or restore the individual's confidence in an organization.

Office of the Privacy Commissioner of Canada

Templates to help you implement Privacy:

• Best Practice FAQ Protecting PI
• Sample Internal Privacy and Breach Policy
• Broker Privacy Statement Client Consent
• Privacy Consent Document
• Compliance Program for Privacy
• Compliance Program for Privacy (Quebec)
• Sample Privacy Policy (Corporate)
• Sample Privacy Policy (Individual Advisor)
• Sample Privacy Statement & Client Consent

Cyber threats present a continuous and growing risk, particularly with the increased use of technology in conducting insurance business activities. Advisors should review their current cybersecurity practices, implement measures to prevent cybersecurity incidents and be ready to respond to them should an incident occur. Advisors have a duty to safeguard clients' personal information and to determine the appropriate safeguards necessary to meet their duty. 

Cybersecurity refers to any practice that safeguards the confidentiality, integrity, and availability of business, employee, and customer data using computer systems. Breakdowns in these safeguards are referred to as incidents. Cyber threats may be the result of a human error, a system not working properly, or a deliberate and calculated intrusion such as a cyber-attack. 

Being proactive in implementing appropriate measures against cyber threats is key to preventing cyber incidents that could compromise or lead to the theft of client information and mitigating impacts on both Advisors and their clients.

To aid Advisors in understanding the risks and measures to be taken, the Canadian Insurance Services Regulatory Organizations (CISRO) issued a publication and tool on Cybersecurity Readiness to support Advisors in improving cybersecurity practices and safeguarding confidential client information. Some of the key measures noted in the publication include:

• Understanding and complying with the businesses policies and procedures on cybersecurity;
• Reviewing cybersecurity practices and implementing appropriate measures to address or mitigate any identified risks; and
• Establishing a cybersecurity incident response plan to protect client information (see ‘Elements to include in a Cyber Incident Response Plan,’ page 7 in the publication).

There is also a companion publication called Cybersecurity readiness when using generative artificial intelligence, which addresses the use of generative AI to create new content, such as emails, marketing materials or translation documents. This publication is intended to raise Advisor awareness of the importance of adapting their cybersecurity strategy to their use of generative AI. It also identifies practices for individuals and organizations to consider, including:

• Reviewing and implementing policies and procedures regarding AI use and ensuring established practices are followed
• Participating in training that helps you understand the various types of AI solutions and how to use them safely
• Not sharing confidential information in public and open solutions

Advisors are encouraged to familiarize themselves with the practices outlined in CISRO’s publication to achieve and ensure cybersecurity readiness.

On July 1, 2014, Canada’s Anti-Spam Law (CASL) came into force. The law had major implications on how you conduct business. At its core, the new law prohibits someone from sending a commercial electronic message (CEM) unless:

1. a statutory exemption applies, or
2. the sender has the recipient’s implied or express consent

A CEM is not simply defined as an e-mail communication but rather a text or SMS message, for example, can also be identified as a CEM. An e-mail offering potential clients a free consultation of their financial well-being could be viewed as commercial activities. Statutory exemptions exist:

1. between individuals who have a personal or family relationship
2. if a Broker receives a referral about a potential new client, from someone who has an existing relationship with both Broker and prospect, the Broker can send one introductory message to that prospect
3. where there is an “active” existing business relationship. “Active” is defined as within a 2 year period from purchase or within a 6 month period since last service provided.
4. where the recipient visibly publishes their electronic address without stating it does not welcome CEMs
5. where you are handed the persons business card containing their electronic address

The law puts the onus on senders of electronic messages to keep on top of the nature and status of the relationship to each recipient, similar to the existing Do Not Call legislation. It is suggested that Brokers take the following steps to avoid violation of the new laws:

1. add to your existing consent and authorization document obtained from new clients to not only include your ability to collect and retain personal information but also to communicate with the client electronically
2. work through your existing client base to reach out and obtain their signed express consent as you complete annual reviews of their insurance/financial portfolios, provide administrative services of their inforce policies or recommend additional insurance needs
3. ONCE you have obtained client consent to communicate with them in an electronic fashion, reference their ability to remove themselves from your electronic listing and give them an easy way to remove, opt-out or unsubscribe themselves.
4. IMPLIED consent will continue for a period of three years only, unless withdrawn by the recipient.

It is important to note that electronic messages asking for consent will themselves be treated as violations of the act.

Gathering express consent from clients will make compliance with CASL easier. Don’t wait to act!

Each Broker must ensure that they are aware of and comply with rules and obligations under the National Do Not Call List & Telemarketing Rules.

The National Do Not Call List (DNCL) is an initiative of the Canadian Radio-Television and Telecommunications Commission (CRTC). HUB Capital Inc. Approved Persons and HUB Financial Inc. Brokers fall under the jurisdiction of DNCL rules. It is important that you are aware of what constitutes “telemarketing” under the guidelines of these rules, and that you and your practice are sufficiently informed so as to avoid contravention of these rules.

For more information or details regarding your obligations, we encourage you to visit the CRTC general website www.crtc.gc.ca