Language selection

Government of Canada / Gouvernement du Canada

Search

Video – Mortgage Sector: Compliance program requirements

From: Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)

This video is intended for the mortgage sector and describes the five elements of a compliance program that you need to implement.

Video

Video length: 12:19 minutes

Catalogue number: FD4-41/2024E-MP4

ISBN: 978-0-660-74068-3

Descriptive transcript of the video “Mortgage Sector: Compliance program requirements”
Slide # Narration (audio) On screen description (text or image)

1

[Start of video]

If you’re in the mortgage sector, this video explains your compliance program requirements.

Text on screen: Mortgage sector

Compliance program requirements

2

As of October 11, 2024, you are considered a reporting entity under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and the associated Regulations if you are, or if you provide services of a:

  • mortgage administrator;
  • a mortgage broker; or
  • a mortgage lender.

You can use the self-assessment tool on FINTRAC’s website to confirm if you are a reporting entity.

Text on screen: Mortgage sector

Reporting entity as of October 11, 2024

Animation: A calendar appears on screen, and a red circle highlights the date of the 11th of October 2024.

Beside the calendar are three diamond shapes.

Text on screen:

  • mortgage administrator
  • mortgage broker
  • mortgage lender

3

As a reporting entity, you must comply with a number of requirements under the Act and associated Regulations. Specifically, you need to:

  • implement a compliance program
  • submit transaction reports to FINTRAC
  • keep various types of records
  • implement know your client measures and
  • apply Ministerial Directives

Let’s take a closer look at these requirements.

Text on screen: Reporting entity requirements

Animation: One by one, the five requirements of a reporting entity appear on screen.

Text on screen:

  • Implement a compliance program
  • Submit transaction reports to FINTRAC
  • Keep various types of records
  • Implement know your client measures
  • Apply Ministerial Directives

4

Do I still have to follow the requirements under the Act, such as verifying a client’s identity and submitting reports to FINTRAC, if I have a relationship with other businesses who are regulated by FINTRAC and who must also follow these same requirements?

Text on screen: Question

Animation: A cartoon woman appears on screen with a conversation bubble.

Text on screen: Do I still have to follow the requirements under the Act, such as verifying a client’s identity and submitting reports to FINTRAC, if I have a relationship with other businesses who are regulated by FINTRAC and who must also follow these same requirements?

5

Yes, you must still follow the requirements under the Act, even if another business is following these same requirements.

Text on screen: Answer

Animation: The women is replaced by a cartoon man with a conversation bubble.

Text on screen: Yes, you must still follow the requirements under the Act, even if another business is following these same requirements.

6

For example, if you are a mortgage broker and your process is to submit loan applications to ABC Mortgage Lender Company, you still have to implement a compliance program, submit transaction reports to FINTRAC, and keep records even if ABC Mortgage Lender Company has its own compliance program, keeps similar records and submits reports to FINTRAC.

Mortgage administrators, broker and lenders, as well as other businesses involved in the process of a mortgage transaction, have varying levels of involvement at different stages of the process. This means that each may have:

  • varying levels of contact with the borrowing client and
  • access to different information surrounding the transaction.

Further, each business has different risks associated with money laundering and terrorist activity financing, because of their unique business model.

Therefore, it is important for you, as a participant in the mortgage transaction process, to have your own compliance program, to keep your own records and to submit reports, even if another business is doing the same.

Text on screen: Example

Animation: A chart shows up on screen highlighting that a mortgage broker and ABC Mortgage Lender Company both have their own requirements, even if they work together.

Text on screen:

  • Implement a compliance program
  • Submit reports to FINTRAC
  • Keep records
  • Varying levels of involvement

7

FINTRAC has published guidance on its website that explains your compliance program requirements including what they are and what you need to do.

It is important that you read this guidance as this video only provides highlights of your compliance program requirements.

Let’s look at these requirements.

Text on screen: Published guidance

Animation: A screenshot of FINTRAC’s external site appears on screen.

8

A compliance program is a framework that helps you meet your other requirements under the Act and associated Regulations.

A compliance program has 5 elements:

  • a compliance officer
  • compliance policies and procedures
  • a risk assessment
  • a training program and plan, as well as
  • a two-year effectiveness review

Your organization must describe and explain your program in writing, as well as ensure that you, your employees, and agents follow your program.

Text on screen: Compliance program

Animation: 5 icons appear on screen with the compliance program requirements

Text on screen:

  1. Compliance officer
  2. Polices and procedures
  3. Risk assessment
  4. Training program and plan
  5. Two-year effectiveness review

Must be written and followed by your employees and agents.

9

The size of your compliance program generally depends on the size and complexity of your business model.

For example, a large mortgage brokerage firm with multiple business lines or delivery channels may have a more complex compliance program than a smaller lender with a single business line.

If you are an employee or if you are a person who is a representative or agent of an organization, it is that organization who is responsible for developing and implementing a compliance program.

If you are franchisee under your own legal entity, you must implement a compliance program. Your compliance program can be based on your franchisor template, but it must be tailored to your business.

Some associations may publish industry templates. We will address this later in this video.

Let’s look at the first element of a compliance program, appointing a compliance officer.

Text on screen: Variations in compliance programs size and complexity of your compliance program depends on the size and complexity of your business model.

Animation: An icon representing a mortgage broker with multiple business lines appears with the text “More complex compliance program” beside a simple business structure, representing a smaller lender with the text “Less complex compliance program”. A person beside a business appears, representing an employee or agent of an organization alongside the text “Organization’s responsibility to develop and implement the compliance program”. An icon of a business franchise appears, to represent a franchisee with their own legal entity, with the text “Franchisees under own legal entity must implement a compliance program”.

Text on screen:

  • More complex compliance program
  • Less complex compliance program
  • Organization’s responsibility to develop and implement compliance program
  • Franchisees under own legal entity must implement a compliance program

10

The first element is having a designated compliance officer.

You must appoint a compliance officer who is responsible for implementing the compliance program.

Who you choose to appoint may depend on the size of your business.

  • for a sole proprietor or an independent representative, you can appoint yourself as the compliance officer;
  • for a smaller business, the compliance officer might be the owner or a senior manager;
  • for a larger business, the compliance officer might be someone from a senior level who has access to senior management and the board of directors

Let’s move onto the next element, policies and procedures.

Text on screen: Designated compliance officer

You must appoint a compliance officer who is responsible for implementing the compliance program.

Animation: Three different cartoon characters appears, representing the compliance officer in the listed scenarios.

Text on screen:

  • Sole proprietor: appoint yourself
  • Small business: owner or senior manager
  • Larger business: Senior level employee

11

You may already have policies and procedures for your business activities such as collecting documentation for mortgage applications or administering loan payments.

As of October 11, 2024, you must have written policies and procedures that describe your requirements and processes to:

  • report transactions to FINTRAC
  • keep records
  • know your client and
  • apply Ministerial Directives

You can add these requirements to your current policies and procedures or you can create a new document.

 

Text on screen: Written policies and procedures

Animation: A clipboard with the 4 items of the policies and procedures appears.

Text on screen: You must have written policies and procedures that describe your requirements and processes to

  • report transactions to FINTRAC
  • keep records
  • know your client and
  • apply Ministerial Directives

12

These policies and procedures should be available to your employees, agents and anyone who is authorized to act on your behalf when dealing with clients, transactions and other activities. They should clearly describe the different processes implemented in your organization to operationalize these requirements in your day-to-day activities.

Text on screen: Written policies and procedures

Animation: A clipboard with the 2 items of the policies and procedures appears.

Text on screen: These policies and procedures must:

  • Be available to your employees and agents 
  • Clearly describe the different processes

13

The third element of a compliance program is a risk assessment.

Your business needs to assess the risk of a money laundering offence or a terrorist activity financing offence occurring in the course of your business activities. Therefore, when developing or updating your risk assessment, you must consider and review Canada’s National Inherent Risk Assessment as it provides an overview of the money laundering and terrorist financing threats, vulnerabilities and risks in Canada, including those in the real estate and mortgage sectors.

You must also address the following 5 factors in your risk assessment:

  1. Your clients and business relationships, including their activity patterns and geographic locations. For example, who are your clients? Do you serve a specific category of clients? Do any of your clients have a connection to a country that has weak money laundering and terrorist financing controls?
  2. Your products, services and delivery channels. Do you offer brokering, lending and administrative services or do you just offer one type of service? Do you meet your clients in person or virtually? Do you use agents?
  3. The geographic locations where you conduct your activities. Do you have a single office in a small town or do you have multiple offices in major cities across Canada?
  4. New developments or new technologies. Are you using new technologies like facial recognition software for identification purposes or auto-approve application? If so, what is the risk level compared to meeting the client in person?
  5. Any other relevant factors affecting your business. This can be anything else that might affect your risk level such as employee turnover or other industry rules and regulations that you follow.

You must assess each factor and provide a risk rating such as high, medium or low. Regardless of the level you determine, you will need to have written rationale that supports the risk level for the 5 prescribed factors.

Text on screen: Risk assessment

Animation: Image of Canada’s Anti-Money Laundering and Anti-Terrorist Financing Regime Strategy appears, where the National Inherent Risk Assessment can be found.

Text on screen: Provides an overview of the money laundering and terrorist financing threats, vulnerabilities and risks

Animation: Text and image disappear.

Text on screen: Risk Assessment Factors Written rationale that supports the risk level

Animation: Five bubbles appear with the elements of a risk assessment in each one.

Text on screen:

  • Your clients and business relationships
  • Your products, services and delivery channels
  • The geographic location(s) where you conduct your activities
  • New developments or new technologies
  • Any other relevant factors affecting your business

14

For example:

  • a business with a single location in a rural community that provides broker services to local clients and meets them in person may have a lower risk rating for some of their factors than a business with multiple locations in large cities across Canada that provides lending services to international clients, and meets with them virtually.

If you determine that some of the factors have a high risk for money laundering or terrorist activity financing, you will need to take enhanced measures to manage and reduce this risk. For example, this can be obtaining more information on a client or monitoring client transactions or activity on a more frequent basis.

The enhanced measures that you decide to adopt need to be written and included in your policies and procedures.

Let’s move on to the fourth element, a written training program.

Text on screen: Is your risk high, medium or low?

Animation: A gauge appears on screen under the heading “Is your risk high, medium or low?”. The gauge’s needle swings back and forth from low to high and back to low as an icon of a single business shows up. The needle then moves to high as an icon of a business with multiple locations shows up.

15

You must develop and maintain a written training program and plan that covers anti-money laundering and anti-terrorist activity financing for your employees, agents or mandataries, or other persons authorized to act on your behalf.

This plan should be tailored to ensure that they know and understand their responsibilities under the Act and associated Regulations.

Your written training plan should indicate things such as:

  • who gets training. For example, will all your employees and agents receive the same training?
  • what topics are covered. Does it cover background information on money laundering and terrorist activity financing and how the mortgage industry or your profession could be vulnerable to money laundering and terrorist activity financing activities?
  • when training is delivered. For example, do you provide training on a monthly, semi-annual or, annual basis or do you deliver training after an event such as the introduction of new regulatory requirements?
  • how training is delivered. Do you deliver training or does an external consultant provide training? Does training take place in a class room or virtually or is it a combination of both?

Once training is delivered, you need to keep track of when training took place, who attended and the topics that were covered.

On to the fifth element, called the two-year effectiveness review.

Text on screen: Written training program and plan

Animation: A computer shows up with “training plan” on the screen.

A page appears, with the 4 elements of a training program.

Text on screen: Contents:

  • who gets training
  • what topics are covered
  • when training is delivered
  • how training is delivered

Text on screen: Keep track of your training.

16

This exercise of conducting a review completes the full circle to ensure your compliance program is effective.

Every two years, you must conduct an effectiveness review of your compliance program, including the following elements:

  • policies and procedures
  • risk assessment, and
  • training program and plan

This review should determine if there are any gaps or weaknesses that may prevent your business from effectively detecting and preventing money laundering and terrorist activity financing.

The review should also help you confirm whether or not your documentation is up to date. For example, when you add new services or delivery channels for your clients, or when there is a change to a regulatory requirement, you should update your documentation to reflect these changes as soon as possible. Therefore, when you perform your two-year review, you can confirm whether or not these updates had been made on a timely basis.

Finally, the review should determine if you are complying with the Act and associated Regulations.

Text on screen: Two-year effectiveness review

Animation: A circle appears, highlighting the need to conduct a review of the compliance program every 2 years.

3 text bubbles appear.

Text on screen:

  • Policies and procedures
  • Risk assessment
  • Training program and plan

Animation: Those words are replaced.

Text on screen:

  • Gaps or weaknesses?
  • Updates to documentation?
  • Complying with the Act and associated regulations?

17

There are many methods that you can use to conduct a review. For example, you can:

  • sample your records to check if your client identification policies and procedures are being followed
  • interview your employees and agents to determine their knowledge of money laundering
  • review a sample of loan files to assess if suspicious transactions were reported to FINTRAC, and
  • review your compliance program documents to see if updates need to be made

Your review should be done by someone who is knowledgeable of your requirements under the Act and its associated Regulations. As a best practice and to ensure that your review is impartial, it should not be conducted by someone who is directly involved in your compliance program.

The review, including the results, must be documented.

Finally, you must take steps to fix any gaps and update your compliance documentation as necessary.

Given that the coming into force date is October 11, 2024, it is expected that all mortgage businesses that are subject to the Act on this date should have their first two-year review completed before October 11, 2026.

Text on screen: Conducting a review

Animation: Icons appear on the screen

Text on screen:

  • Sample your records
  • Interview employees and agents
  • Review a sample of loan files
  • Review compliance program documents

Animation: The icons disappear and are replaced with a clipboard.

Text on screen:

  • Document the review and results
  • Take steps to fix gaps
  • Update documentation as necessary

18

As mentioned previously, some businesses or industry associations offer templates or services to help you implement a compliance program. You should conduct your own due diligence when deciding to use these templates or services.

FINTRAC does not endorse any templates or services provided by businesses or industry associations nor does FINTRAC have templates or examples for any compliance elements.

Please keep in mind that if you rely on templates and services provided by another business or industry association, you must tailor them to your business model. In addition, it is still your responsibility to meet your requirements under the Act and associated regulations.

You can refer to FINTRAC’s website for more information on implementing a compliance program.

Text on screen: Templates

Businesses and industry associations may offer templates or services to help you implement a compliance program.

Animation: A sticky note appears.

Text on screen:

  • Due diligence
  • You are still responsible
  • Refer to FINTRAC’s website for more information on implementing a compliance program

19

FINTRAC can perform supervisory activities to confirm if you are complying with your requirements. Some of these activities include:

  • Examinations
  • Monitoring meetings, and or
  • Supervisory risk assessment questionnaires

Text on screen: FINTRAC supervisory activities

Animation: One by one, three arrows appear.

Text on screen:

  • Examinations
  • Monitoring meetings
  • Supervisory risk assessment questionnaires

20

FINTRAC is committed to working with you and will typically provide an opportunity to correct the non-compliant behaviour before a penalty is considered.

FINTRAC can issue an administrative monetary penalty if you do not comply with your requirements.

You can find information about penalties for non-compliance on FINTRAC’s website.

Text on screen: Administrative monetary penalties

Animation: A man appears asking a question.

Text on screen: What happens if I don’t comply?

Animation: A sticky note appears.

Text on screen: FINTRAC:

  • is committed to working with you
  • will typically provide an opportunity to correct the non-compliant behaviour
  • can issue an administrative monetary penalty

21

For more information about your compliance obligations visit FINTRAC’s website.

Text on screen: For more information about your compliance obligations, including information on penalties for non-compliance , visit: fintrac-canafe.canada.ca

22

End of video

Text on screen: Canada wordmark

Related links

Date Modified: