Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations
71 (1) For the purpose of subsection 9.6(1) of the Act, a person or entity referred to in that subsection shall, as applicable, implement the compliance program referred to in that subsection by
(a) appointing a person — who, where the compliance program is being implemented by a person, may be that person — who is to be responsible for the implementation of the program;
(b) developing and applying written compliance policies and procedures that are kept up to date and, in the case of an entity, are approved by a senior officer;
(c) assessing and documenting, in a manner that is appropriate for the person or entity, the risk referred to in subsection 9.6(2) of the Act, taking into consideration
(i) the person’s or entity’s clients and business relationships,
(ii) the person’s or entity’s products and delivery channels,
(iii) the geographic location of the person’s or entity’s activities,
(iii.1) any new developments in respect of, or the impact of new technologies on, the person’s or entity’s clients, business relationships, products or delivery channels or the geographic location of their activities,
(iii.2) in the case of an entity that is referred to in any of paragraphs 5(a) to (g) of the Act, any risk resulting from the activities of an entity that is affiliated with it and that is referred to in any of those paragraphs or from the activities of a foreign entity that is affiliated with it and that carries out activities that are similar to those of entities referred to in any of those paragraphs, and
(iv) any other relevant factor;
(d) if the person or entity has employees, agents or mandataries or other persons authorized to act on their behalf, developing and maintaining a written, ongoing compliance training program for those employees, agents or mandataries or other persons; and
(e) instituting and documenting a review of the policies and procedures, the risk assessment and the training program for the purpose of testing their effectiveness, which review is required to be carried out every two years by an internal or external auditor of the person or entity, or by the person or entity if they do not have such an auditor.
(2) For the purposes of the compliance program referred to in subsection 9.6(1) of the Act, every entity referred to in that subsection shall report the following in written form to a senior officer within 30 days after the assessment:
(a) the findings of the review referred to in paragraph (1)(e);
(b) any updates made to the policies and procedures within the reporting period; and
(c) the status of the implementation of the updates to those policies and procedures.
- SOR/2007-122, s. 67
- SOR/2016-153, s. 80
- Date modified: