OSC-FINTRAC MOU for information sharing

On December 3, 2020 the Ontario Securities Commission (the OSC) and Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) announced that they have entered into a memorandum of understanding (the “MOU”) regarding information sharing between the two regulators. Securities dealers and advisers that are registered with the OSC are also “reporting entities” under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the "PCMLTFA") and are subject to oversight by both regulators. In 2020, FINTRAC conducted compliance examinations of 58 securities dealers, representing 15% of the total number of reporting entities audited.

The MOU will provide each of the OSC and FINTRAC with access to information regarding the other’s audit processes and findings with respect to the anti-money laundering/anti-terrorist financing (“AML/ATF”) compliance programs of registered firms. It is expected that information sharing will improve audit efficiency at both regulators, particularly the identification and remediation of deficiencies at registered firms. The table below sets out a summary of the information which will be shared between the OSC and FINTRAC:

OSC will provide FINTRAC

  • Annually: list of all registered firms
  • Annually: copy of the OSC’s audit procedures used to determine if registrants have the required compliance elements of an AML/ATF compliance program in place
  • Semi-annually: any findings made by the OSC pursuant to its audit of a registrant’s AML/ATF compliance program
  • Upon request: any other information about firms where the OSC has made AML/ATF compliance findings (the OSC may decline to provide or redact)
  • Upon receipt of list of names from FINTRAC, whether any such firm has been referred within the OSC for  further regulatory action

These arrows describe what the OSC will provide to FINTRAC and vice versa.

FINTRAC will provide OSC

  • Annually: list of OSC registrants examined by FINTRAC and outcomes (e.g., no further action, consider follow-up or consider enforcement), which the OSC may use as part of its risk assessment in determining which registrants it plans to review
  • Annually in February: name of each OSC registrant FINTRAC plans to examine
  • As available, dates of FINTRAC exams of registrants
  • Upon request: copies of correspondence, including findings letters between FINTRAC and an OSC registrant

The MOU seeks to address privacy concerns of registrants by providing that no information will be shared between the regulators that would breach other relevant legislation, policies, or guidance. Shared information is also subject to confidentiality safeguards, including a consultation right prior to the release of information to a third party where required by law.

While this is the first information sharing MOU that FINTRAC has entered into with a provincial securities regulatory authority, FINTRAC has had an MOU in place with the Investment Industry Regulatory Organization of Canada since May 2019 and with the Office of the Superintendent of Financial Institutions ("OSFI") since June 2004.  The collaboration between OSFI and FINTRAC entered a new phase in June 2019, spurred by initiatives to eliminate duplication and reduce regulatory burden. As noted in OSFI’s most recent update and consultation issued on October 16, 2020, FINTRAC will be the primary agency conducing AML/ATF assessments on federally regulated financial institutions, while OSFI will focus on the prudential implications of AML/ATF compliance as part of its overall assessment of the institutions’ regulatory compliance management frameworks.   

Registrants should be aware that there is increasingly broad-based information sharing amongst regulators, and that FINTRAC has jurisdiction to impose administrative monetary penalties when it has reasonable grounds to believe that a reporting entity has violated a requirement of the PCMLTFA and its regulations. It remains to be seen if other regulators enhance their co-operation and collaboration through similar formal information sharing and related initiatives. Regardless of the pace of formalized developments, convergence in financial regulation and oversight puts market participants on notice that approaches to compliance are not siloed, and their programs need to be tailored accordingly. By ensuring that their AML/ATF compliance programs are current, comprehensive and adequately recorded, firms will be better positioned to manage the regulatory risk associated with enhanced audit capabilities of both the capital market and other financial regulators reflected by the MOU.