The issue of checklist compliance isn't limited to this area. We see it in all fields. You have to take it from the standpoint of why a company wants to comply.
We have the fundamental reason and the tone from the top: you don't want your people being crooked because that jeopardizes the business. But human nature being what it is, with people having personal incentives to juice the revenue for this quarter so that they can get the bonus for it or whatever, stuff happens, so the tone from the top is important.
The other thing that motivates companies is exposure to liability. When you have a complex regulatory scheme, like the one we have under the PCMLTFA...and I can point to other schemes that are similar. We've had the same thing happen with the securities law, by the way. The Securities Act, which was supposed to be blue sky legislation to allow investors to understand what there is, is now a quagmire of lack of transparency. But that's the whole point.
Companies invest enormously in mitigating liability. If you're an FI, a bank, a trust company, or an insurance company, and you can get amped because you didn't follow the right process, didn't report the right thing in a timely manner, this, that, and the other, you sit there and you establish systems that mitigate that risk. But that essentially means spending scarce compliance resources on the checklist to comply with the massive regime rather than preventing the harm that the regime is intended to mitigate. You're actually diverting resources away from true compliance.
Get me right. I am not against what FINTRAC does, and I am supportive of what the legislation does. FINTRAC does a certain job. The problem is the disconnect Peter was talking about between the regulatory regime and the enforcement—