FINTRAC guidance relating to the Ministerial Directive on the Democratic People’s Republic of Korea (DPRK) issued on December 9, 2017

This guidance is related to a Ministerial directive issued by the Minister of Finance on December 9, 2017 at

This Ministerial directive requires that you, as a reporting entity, treat all transactions originating from, or destined to North Korea (Democratic People's Republic of Korea) as high risk for the purposes of subsection 9.6(3) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the Act).

The Minister of Finance issued this directive in response to a public statement from the Financial Action Task Force (FATF) on November 3, 2017, in which the FATF expressed its particular and exceptional concerns about North Korea's failure to address the significant deficiencies in its anti-money laundering and combatting the financing of terrorism (AML/CFT) regime and the serious threat this poses to the integrity of the international financial system.  The FATF reaffirmed the call on its members to apply effective preventive measures to protect their financial sectors from such risks.

This Ministerial directive requires that all transactions to and from North Korea be treated as high risk, regardless of the amounts of the transactions.

In addition, FINTRAC's expectation is that you implement specific measures to mitigate the risk posed by these transactions and document the measures taken. When conducting these transactions, regardless of the transaction amounts, the measures you must take to mitigate the risk could include:

• keeping a record of all transactions to and from North Korea, regardless of the amount. This record must include details such as the client's name and address, the amount, currency, date and type of transaction. If the client is a person, their date of birth and the nature of their principal business or their occupation, as applicable; and if the client is an entity, the nature of their principal business. If the transaction is an electronic funds transfer, you must record the ordering client and the beneficiary client as well as their addresses, the amount, currency and date of transaction. If the ordering client is a person, their date of birth and the nature of their principal business or their occupation, as applicable; and if the ordering client is an entity, the nature of their principal business.  These details must specify whether funds are coming from, or destined to North Korea;
• identifying clients for all transactions and ensuring that the information you have about the identity of these clients are up to date;
• exercising customer due diligence, including asking for the:
  • source of the funds;
  • purpose of transactions; and
  • beneficial ownership (if the client is an entity);
• conducting enhanced ongoing monitoring of the client and/or the business relationship and/or the account involved in the transaction;
• keeping records of all of the above actions; and
• reporting suspicious transactions (if applicable).

Policies and procedures should already include general information on how your organization becomes aware of ministerial directives issued by the Minister of Finance as well as identify what you will do in response.  Once a directive has been issued, you are expected to take steps to meet the requirements of each directive.  In response to this directive, FINTRAC expects you to include the fact that transactions to and from North Korea are high risk as part of your documented risk assessment of clients and business activities.

Guidance on how to conduct and document your risk assessment can be found in the Risk assessment guidance and workbooks. Reporting entities are required to implement certain measures to mitigate risk for any transactions involving jurisdictions that are identified in these Ministerial directives and examples of some of these measures can be found in General information on Part 1.1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act provided by the Department of Finance Canada.

During a compliance examination, FINTRAC may assess compliance with any directive in order to verify that you have complied and taken appropriate mitigating measures in relation to these transactions. FINTRAC may also review your overall risk assessment to verify that you have documented and assessed the risk of your entity in relation to your business activities involving these jurisdictions.