Public Safety Committee on Jan. 28th, 2019

They do things differently, and I'm sure they have proprietary issues. In terms of cybersecurity, I know they take it extremely seriously, but I can't speak to how well they're doing per se.

I would think so.

There's none coming from FINTRAC. I can't speak for the rest of government.

That would depend on the case. In some cases with the horse being out of the barn because the crime has been committed already, quite often very likely yes, and whether or not the ultimate crime has been committed, not always. There is a difference between broad-based money laundering schemes, for example, versus terrorist financing and the ultimate role of committing a terrorist act. I think that money laundering quite often is proceeds of crime, so the crime has been committed; whereas on the terrorist financing side it's proceeds for crime and hopefully we can play a role in preventing that.

Without giving away trade craft.

The reports come in. We have an air-gapped database. Contrary to most financial intelligence units in the world, police, law enforcement...no one else has access to our database, not unless you work at FINTRAC, and that's only if you work on the tactical intelligence side and only if you're working on that particular case. There is “need to know” within the agency as well.

Essentially, the information comes in. Let's say it's a suspicious transaction report and one of the two people who look at this finds some key words. It looks like #ProjectProtect, for example, dealing with human trafficking. They would read through the STR. They would give it to a team leader in the geographic area. STR teams are set up by geography. They would give it, for example, to the central region team leader, who would then take it and do some quick searches in the database to see if in fact we have transactions. They would give it to one of our analysts, who would then take that STR and go through it.

Often the STR, especially with Project Protect, will identify that money went from this account to this account, or this IP address to this IP address. We would take that and search the rest of the database to see if we had other additional transactions that could be brought together to provide a very good picture for law enforcement.

Once we have that, we will put our own case together. We have summary sheets. We have transaction tables. We have i2 charts. We have fact sheets that identify who is included in the disclosure and why. We will do some open source information. We'll also look in our database to see if this is related to any other previous cases on which we disclosed. If so, we will include that. Then we will send that out to the appropriate law enforcement agency.

None.

Correct.

It's not enforceable at this moment in time.

Yes, but not on the tactical side. If we're talking strategic general trends, we do trends and topologies. We've done reports on that. We do operational briefs. We've done operational alerts. Depending on the nature of the product, they may be made available publicly and available on the website. They may be sent specifically to reporting entities or they may be sent specifically to an international body, let's say, which will then use that information to create a broader product that would be available publicly.

FINTRAC's mandate is not necessarily to.... That's outside our mandate. We exist to detect, prevent and deter money laundering or terrorist financing. Most of it is on the tactical side. On the strategic side, whatever we have is on the website if it's publicly available. Do we send this directly to FCAC, for example? No. Would they get any tactical disclosures from us? Absolutely not. It would be illegal for us to do so.

All the reporting entities that report to us, we do provide them, if we do operational briefs or alerts or.... Our operational alert on fentanyl, for example, is available publicly. On Project Protect, on the public-private partnership and the indicators related to money laundering related to human trafficking, that is available. That is there. Above and beyond that, there is nothing we would have.