Administrative monetary penalty on Exchange Bank of Canada

From: Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)

[2024-12-11]

Exchange Bank of Canada (the Bank), a bank headquartered in Toronto, Ontario, was imposed an administrative monetary penalty of $2,457,750 on November 5, 2024, for committing 3 violations. The violations were found during the course of a compliance examination conducted between December 2022 and April 2024. This penalty was imposed for violations committed by the Bank under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and its associated Regulations. The Bank has filed a Notice of Appeal.

FINTRAC’s examination determined that for the period under review, the Bank failed to develop and implement an effective AML/ATF compliance program relative to its business model and global reach. The Bank’s compliance program has not sufficiently evolved to an acceptable level of maturity in a number of key program pillars, as evident in gaps identified with Chief Anti-Money Laundering Officer (CAMLO) oversight, transaction monitoring, case investigation practices, and ongoing monitoring of high-risk business relationships.

Nature of violation

Violation #1

Failure to report financial transactions that occurred in the course of its activities and in respect of which there are reasonable grounds to suspect that the transactions are related to the commission or the attempted commission of a money laundering or a terrorist activity financing offence, which is contrary to section 7 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and subsection 9(1) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations

Exchange Bank of Canada (the Bank) failed to submit 5 Suspicious Transaction Reports (STRs) out of 26 case files reviewed, where there were reasonable grounds to suspect that one or more transactions were related to the commission or attempted commission of a money laundering (ML) or terrorist activity financing (TF) offence. FINTRAC's examination revealed gaps in the Bank’s application of its unusual transaction review processes, and identified a number of open source references that were not considered during the Bank’s investigations of its high-risk clients.

The 5 instances of non-compliance represent approximately 20% of the files reviewed, indicative of a significant intelligence gap to FINTRAC. These 5 instances include:

• Instances where the Bank did not consider the elevated risks of its high-risk business relationships in jurisdictions that are known to be at higher risk of ML/TF offences, despite relevant indicators present. For example, a client transacted millions in USD during the examination period. The majority of the funds were deposited into holding accounts at the Bank, and then quickly transferred out via wire payments to the client’s correspondent accounts in a country known for elevated ML/TF vulnerabilities. The Bank’s review failed to consider the multiple ML/TF indicators present, such as unnecessarily complex transactions for the stated business purpose, and the quick movement of funds on an in-and-out basis using cash and wire transfer methods. The method of moving funds in these instances fit the typology of well-known ML techniques as outlined in Financial Action Task Force’s (FATF) 2015 report titled Money Laundering Through the Physical Transportation of Cash.
• Instances where the Bank closed investigations without conducting an adequate review of clients’ transactions against ML/TF indicators present, such as not validating some of the information relied on to justify the closure of the investigation. For example, a high-risk client’s transactions were more than ten times the expected weekly volume, and totaled millions in USD over a one-year period. Each of the Bank’s alerts and monthly transaction monitoring review noted the high deviation from expected activities but closed the reviews without considering or questioning the reasons for the sudden change in the client’s pattern of activity or expected transactions.
• An instance where the Bank closed a review pertaining to a high-risk client without considering the transactions against relevant ML/TF indicators, such as a relevant negative media article. Furthermore, the Bank failed to obtain additional details on the client’s source of funds, despite the context outlined in the negative media article.

FINTRAC’s examination found the Bank’s transaction monitoring (TM) rules and alerts generated by the automated system to be ineffective in assisting the Bank to investigate, assess, and ultimately report suspicious transactions in a timely manner. The majority of alerts are false positives or do not provide any meaningful indication of increased risk, and hindered the Bank’s ability to identify suspicious activity and transactions.

Complete failure to submit an STR (Level 1 harm) is the most severe case of non-compliance as it results in a complete loss of financial information, as the report is not available for FINTRAC’s analysis to produce financial intelligence that can be disclosed for the investigation and prosecution of ML/TF offences. Violation #1 is classified by regulations as a Very Serious violation. The imposed penalty takes into account the criteria in section 73.11 of the Act and section 6 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations.

Violation #2

Failure to periodically conduct ongoing monitoring, based on a risk assessment referred to in subsection 9.6(2) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act that is undertaken in accordance with paragraph 156(1) (c) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations, which is contrary to section 123.1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations

FINTRAC’s examination assessed 26 case files, of which 17 clients represented the Bank’s high-risk business relationships. FINTRAC identified 8 instances out of 26 case files where the Bank failed to conduct the prescribed ongoing monitoring of its business relationships, FINTRAC also identified an area for enhancement as it related to the Bank’s frequency schedule of periodic reviews.

The 8 instances include all instances in Violation #1 where the Bank did not conduct sufficient review and monitoring of a client’s activity to determine whether the transactions were consistent with the information obtained and the risk assessment of the client. FINTRAC’s review of case files identified a systemic issue in the Bank’s ongoing monitoring processes. Specifically, the Bank failed to assess all relevant accounts, balances, or transactions before closing its investigations. This gap had a direct impact on the Bank’s ability to assess whether or not reasonable grounds to suspect (RGS) threshold had been met, resulting in un-submitted STRs.

Additionally, FINTRAC’s examination identified that, while the Bank had developed and documented its enhanced due diligence (EDD) measures for its high-risk clients, a review of case files identified instances where the EDD information collected from its clients were not leveraged during the ongoing monitoring process.

Lastly, FINTRAC identified that the Bank’s automated transaction monitoring (TM) rules and alerts were ineffective in investigating, assessing, and submitting STRs in a timely manner. The following issues were identified:

• The Bank’s TM system did not include a complete coverage of the Bank’s products and services;
• The Bank’s TM system did not accurately alert the Bank to a client’s volume deviations, hindering the Bank’s ability to identify suspicious activity and transactions; and
• The Bank’s TM system did not contain sufficient coverage of ML/TF indicators.

The root cause of the above noted issues relate to a lack of adequate testing and tuning of rules to ensure TM performance effectiveness.

The requirement to conduct ongoing monitoring of a business relationship is in place to protect reporting entities and Canada's financial system from ML/TF. When a reporting entity fails to conduct ongoing monitoring of business relationships, it is unaware of changes to the client's transactions, activities, and circumstances, especially those that may pose a higher risk of ML/TF. Consequently, when the reporting entity is unaware, the client's information and risk assessment are not updated to reflect the true level of risk. This can potentially result in ineffective risk mitigation and unreported transactions. Additionally, when a high-risk client or business relationship is undetected because of a lack of ongoing monitoring, the reporting entity's operations and Canada's financial system could be at risk. Where a lack of ongoing monitoring results in the failure to submit STRs, it negatively affects FINTRAC's mandate to analyze and disclose information to assist in the detection, prevention and deterrence of ML/TF.

Violation #2 is classified by regulations as a Minor violation. The imposed penalty takes into account the criteria in section 73.11 of the Act and section 6 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations.

Violation #3

Failure to report the receipt from a person or entity of an amount of $10,000 or more in cash in a single transaction, which is contrary to subsection 9(1) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, and paragraph 7(1) (a) and Schedule 1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations

FINTRAC found 3 instances where the Bank did not report large cash transactions as required under the Act and associated Regulations. The Bank acknowledged that the missed large cash transactions were misclassified. When FINTRAC enquired about how the Bank complies with Large Cash Transaction Report (LCTR) requirements in instances where the Bank physically receives USD banknotes, FINTRAC received conflicting responses from the Bank regarding the movement of USD banknotes. This raises significant concerns about whether the Bank understands when and how to comply with LCTR requirements.

Prescribed financial transaction reports, such as LCTRs, are critical to FINTRAC’s ability to produce the financial intelligence that assists in the investigation and prosecution of ML/TF offences. FINTRAC uses these reports to create a picture of financial relations between individuals and businesses and to identify high-risk transactions and ML/TF trends, which in turn help FINTRAC identify vulnerabilities in Canada's financial system.

Violation #3 is classified by regulations as a Minor violation. The imposed penalty takes into account the criteria in section 73.11 of the Act and section 6 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations.

Related link

• News Release : FINTRAC imposes an administrative monetary penalty on Exchange Bank of Canada