Finance Committee on March 28th, 2018

Thank you, Mr. Chair.

As you mentioned, my name is Ethan Kohn. I'm Counsel at the CLHIA. My colleague Jane Birnie from Manulife Financial is here. She is the Assistant Vice-President, compliance.

We'll begin with an opening statement, and then we'd be pleased to address any questions the committee might have.

The Canadian Life and Health Insurance Association is a voluntary association with member companies that account for 99% of Canada's life and health insurance business. The life and health insurance industry is a significant economic and social contributor in Canada. It protects over 28 million Canadians and makes $88 billion a year in benefit payments to residents in Canada. In addition, the industry has over $810 billion invested in Canada's economy. In total, 99 life and health insurance providers are licensed to operate in Canada, and three Canadian life companies rank among the 15 largest life insurers in the world.

Our industry is proud to do its share in fighting money laundering and terrorist financing. When proceeds of crime are introduced, layered, and integrated into the financial system, public confidence is eroded. Companies with weak controls risk having significant administrative penalties imposed, and they also risk considerable damage to their reputation.

This committee has heard from a number of witnesses, including FINTRAC, that a risk-based approach to compliance and to enforcement is an objective of Canada's AML regime. Because neither reporting entities nor government agencies enjoy unlimited resources, it is important that they focus on the areas of greatest potential exposure. In this regard, I would note that the insurance industry is relatively low risk. We offer long-term protection products for which a significant majority have a clear source of funds, which makes it unlikely that bad actors will exploit the insurance sector. To illustrate this point, in 2016 over three-quarters of premiums received were in regard to products that carry a low risk for money laundering and terrorist financing. These products include term life, group life, registered annuities, disability insurance, and uninsured health contracts.

I would also note that the personal insurance industry is unique among all reporting entity sectors—not only are insurers subject to the act, but so too are their primary distribution network, life insurance advisors.

Each individual advisor must have controls in place similar to those required of insurers.

For our industry, there really are belts and suspenders in place.

I will turn now to the question at hand, this committee's examination of the PCMLTFA as part of the five-year review. You've heard from previous witnesses that the FATF assessed Canada's regime as being largely effective in containing ML-TF threats, and that Canadian financial institutions have a good understanding of their risks and obligations, and generally apply adequate mitigation measures. We agree with that, though there is always room for improvement.

With that, I'll turn the floor over to Ms. Birnie.

Policy-makers have made good strides in examining and improving aspects of the system that present real challenges for insurers. One example is the requirement that institutions identify the beneficial owners of corporations. As you know, the government is working with the provinces in devising a system that would have corporations report their controlling shareholders. We understand there could be sensitive information in such a repository, and unfettered access may not be appropriate. Limited access by authorized financial institutions, however, would avoid the need for each institution to replicate the work of determining beneficial ownership. It would make a better customer experience when applying for our products, as there would be fewer questions to ask and less documentary evidence to produce. This would have a dual benefit of enhancing privacy rights and reducing regulatory burden on every legal entity in Canada.

We also appreciate recent enhancements to identification requirements. Last year, the government responded to industry and introduced greater flexibility in the documents that constitute acceptable forms of identification. Going forward, we support further efforts to expand ID methodologies, such as digital identification.

Over the past couple of years, amendments have also been made to enable FINTRAC to exchange information with more of its federal and provincial partners, such as securities regulators and national intelligence agencies. If this were extended to allow FINTRAC to share information with reporting entities, there would be benefit to industry and to Canadians alike.

In each of these areas, we see real signs of progress, and we encourage Finance, FINTRAC, and OSFI to continue their efforts in identifying and addressing other aspects of the regime that would benefit from streamlining, bearing in mind the primary objective of the act: minimizing the abuse of Canada's financial system by money launderers and terrorists.

Thank you for inviting us today, and we're pleased to answer any questions.

I will be pleased to answer your questions.

FINTRAC is given information. It currently doesn't have the ability to provide information back down to private industry. There is sharing at the governmental level, obviously, but there's no ability to share back down.

No, but that is also one of our recommendations: that they have the ability to come back. Again, that would allow for more targeting, so you're not boiling the ocean so much with all of this reporting. With information sharing, etc., you can have a more targeted approach.

I think this is an incremental change. There's already a provision in PIPEDA under paragraph 7(3)(d.2) that allows for sharing for preventative purposes for fraud. It states specifically that it's where it's likely to be committed. It's not a wholesale sharing of information. It's a limited purpose for where it's likely to be committed. If you swapped in money laundering for fraud, it would be where money laundering is likely to be committed. I think it's an incremental ask. There are already constraints around how you could use it, to protect privacy.

Exactly. It would just be adding in another element. It's not just fraud but predicate offences to money laundering, as well as money-laundering offences.

I'll start with the framing. You're right. In the larger urban centres, that's where we tend to find the larger credit unions, as you might expect. In the rural settings, I would hazard to say that most credit unions do know most of their members. You're right. In the bigger institutions, there would be more challenges in that respect.

Similar to our friends at the CBA, we are advocating for a risk-based approach. That's where the simplified due diligence approach would help address the regulatory burden side of things while still keeping the trappings of the broader framework. Again, we know that other countries have implemented this, and this is a good way to address the regulatory burden side while still maintaining a robust system. Australia and the U.K., for example, have set thresholds where you report if a transaction goes above a certain amount or you do it on a periodic basis.

I might get my colleague Sabrina to add to this, if she has anything she'd like to build on.

Your comment that perhaps the smaller credit unions are not able to use technology as much is partially true, but most do have very sophisticated banking systems that do allow detection of the types of transactions you're talking about. For transactions that would violate the 24-hour rule, definitely, we do have the ability to pick those out from a technological perspective.

That said, there certainly is a component of knowing your customer, because it's a small community. In the larger credit unions, that is lost somewhat, but I don't think we're in any different position there than a bank or any other financial institution.

I'll start off and then I'll ask my colleague to fill in.

The U.K. example is one that we've documented a little bit, and we'd be pleased to share more information after the meeting as well. In the U.K., they would approach the application of the simplified due diligence approach in cases where, for example—and I'll just read off my list here—the person's total annual turnover in terms of financial activity does not exceed 64,000 pounds, for example; the financial activity does not exceed 5% of the person's total annual turnover; the financial activity is ancillary and directly related to the person's main activity.... There is a long list of instances in which they would apply this simplified due diligence approach.

I don't know if Sabrina would like to add anything to that.

The FATF has actually, within its recommendations on financial inclusion in particular, put out quite a significant paper on how a simplified approach to due diligence can encourage financial participation in the economy. Some of the things they are citing are issues like verifying the customer identity or beneficial ownership after the establishment of a business account so that in cases of a small business you're not crippling that business from moving ahead financially by putting all this process around it. Then they put limits on it. Once you have done this for 12 months, you have to start meeting the full requirements of customer due diligence, or if you exceed certain transaction thresholds, you start doing it.

The idea is not dissimilar to the idea of fintechs and sandboxes in which, for a certain length of time, you allow participation on a compliance-relief basis, and then slowly move to a full compliance.