Compliance

Remitware Payments Canada Inc. (RPCI) has a comprehensive Anti-Money Laundering & Counter-Terrorist Financing Compliance and Risk Program. Synopsis of the AML-CTF  Compliance and Risk policy of RPCI is as follows:

RPCI is committed to follow guidelines laid down by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) and to comply with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), and related Regulations.

RPCI is a Registered Money Services Business (MSB)  with FINTRAC and hence is a reporting entity under the laws of Canada. RPCI is currently not registered or licensed to operate in Québec as an MSB under Quebec’s Money Services Businesses Act.

RPCI is committed to preventing, detecting and deterring money laundering and terrorist financing.  It is the responsibility of every employee (including contractors and part-time employees) and agents to comply with this program and all related legislation for jurisdictions in which RPCI operates.

    Compliance Program

    We are required to have an anti-money laundering (AML) and counter terrorist financing (CTF) compliance program that consists of these five elements:

    1. Written policies and procedures: these list our responsibilities under the law, and what we are doing to meet them.
    2. A documented Risk Assessment: a document that describes and assesses the risks that our business could be used to launder money or finance terrorism
    3. The appointment of a Compliance Officer: the person who is ultimately responsible to develop and maintain our AML and CTF compliance program;
    4. AML Compliance Effectiveness Reviews: testing and reporting is completed at least every two years that assesses how well our compliance program is working; and
    5. Training: conducted at least annually to ensure that everyone understands his or her roles and responsibilities.

      Operational Compliance

      1. In addition to our documented program, we are required to operate in a compliant manner.
      2. This includes collecting and recording customer identification information, and/or know your customer (KYC) information.
      3. Reporting certain types of transactions to regulators and government agencies, as well as keeping records.

      The actions described in our procedures for this purpose are required (not optional) in all cases. Any activity that is outside our AML and CTF compliance procedures should be brought to the attention of the Compliance Officer immediately.

        Our AML and CTF compliance program:

        1. The Program has been designed to conform to the elements required under Canadian legislation.
        2. In addition to this policy, specific procedures have been designed for
          • Compliance
          • Staff and All Staff.
        3. There are also separate Risk Assessment, Training and Compliance Officer Appointment documents.

        Risk assessment

        1. RPCI’s Risk Assessment is summarized as follows
          1. The risk that RPCI’s activities could make it vulnerable to terrorist financing or money laundering activities.
          2. A mechanism to risk rate RPCI’s customers and business relationships; and
          3. The controls that RPCIhasin place to prevent, detect and deter money laundering and terrorist financing.
        2. The Risk Assessment is reviewed and updated by the Compliance Officer at least every two years, and more often where there are changes to Canadian legislation, the products and services that RPCIoffers, RPCI’s customer base, or RPCI’s controls.

        Record keeping

        1. In order to pass a FINTRAC examination or an AML Compliance Effectiveness Review, RPCI must be able to prove that RPCI has met its compliance obligations. This means that there are things that will need to be recorded (either on paper or electronically).
        2. These records must be kept for at least six years (but may be kept for longer) and be in a format that can be retrieved and sorted easily.
        3. Records are retained in accordance with RPCI’sData Retention and Disposal Policy and/or Information Classification and Handling Policy.

        Record keeping

        1. In order to pass a FINTRAC examination or an AML Compliance Effectiveness Review, RPCI must be able to prove that RPCI has met its compliance obligations. This means that there are things that will need to be recorded (either on paper or electronically).
        2. These records must be kept for at least six years (but may be kept for longer) and be in a format that can be retrieved and sorted easily.
        3. Records are retained in accordance with RPCI’sData Retention and Disposal Policy and/or Information Classification and Handling Policy.

        Compliance Effectiveness Review

        1. Compliance Effectiveness Review is like an audit that tests RPCI’s AML and CTF compliance program.
        2. The review tests two key elements: RPCI’s program documentation (what RPCI says it is doing) and RPCI’s operations (what RPCI has actually done during a specific period of time).
        3. These reviews must be completed at least once every two years. The results of the review are shared with Senior Management (this must be done within 30 days of the date that the final report is issued).

        Directives

        1. The Minister of Finance (Canada) may, from time to time, issue directives requiring reporting entities, including RPCI, to take additional measures in respect of transactions originating from or bound for a foreign jurisdiction or a foreign entity.
        2. There are currently no such directives issued. When a directive is issued, the Compliance Officer will ensure that RPCI’sAML/CTF program implements the requirements under the Directive and will update this policy accordingly.

        This AML program adopted by the board of RPCI and is subject to annual review.