FINTRAC: the national security conversation that’s flying under the radar

Posted on by

Privacy Commissioner Daniel Therrien

While eyes are focused on the rapid advance of Bill C-51, comparatively little light is being shone on some of the specific components of Canada’s national security and intelligence agencies that could be the subject of even further changes in law and policy.  Very quietly, the Standing Committee on Finance is doing a study of the “cost, economic impact and best practices to address the issue of terrorist financing both here in Canada and abroad”.

The BCCLA was asked to present to the Committee on the subject of terrorist financing and we took the opportunity not only to press the Committee on the dangerous failures of accountability in this sphere of national security operations, but also to highlight how Bill C-51 will make the situation infinity worse.

You can access our opening remarks from the hearing here.

Here is some of what we said to the Committee:   

FINTRAC (the Financial Transactions and Reports Analysis Centre) is a key component of Canada’s strategy with respect to deterring and detecting terrorist financing.

The Arar Inquiry’s policy phase remains the most comprehensive assessment of national security accountability that Canada has ever undertaken and, as you will know, the Inquiry’s recommendations included a consolidated review process for national security and intelligence agencies that would include FINTRAC.  However, no review mechanism has been created.

Meanwhile, audits of FINTRAC by the Office of the Privacy Commissioner of Canada (OPC) have consistently demonstrated deeply troubling over-collection and retention of personal information.  And while FINTRAC itself maintains that one of its primary safeguards for privacy is its independence from law enforcement, Bill C-51 if passed would make that “independence” all but fictional.

As the Privacy Commissioner has just stated in his submission to the Senate Committee on National Security and Defence, Bill C-51 would make available to  17 federal departments and agencies, including FINTRAC, the RCMP, CSIS, CSEC and the CRA,  potentially all the personal information that any department may hold on Canadians.  All the 17 federal departments would be in a position to receive information about any or all Canadians’ interactions with government in what would be an unprecedented blurring of the mandate of the 17 different institutions.

We anticipate a steady stream of legal challenges if these proposed powers are enacted, and these developments make very pressing the need for an assessment of FINTRAC’s proper mandate and role in relation to other national security agencies.  And this necessitates a review of its efficacy.

The OPC’s audit reports echo the assessments on efficacy cited in the 2013 Report of the Standing Senate Committee on Banking, Trade and Commerce entitled “Follow the Money: Is Canada Making Progress In Combatting Money Laundering and Terrorist Financing? Not Really.”

There would appear to be a dearth of information to accurately assess whether the Canadian regime is meeting its objectives.  No empirical evidence is being generated to suggest that the regime is successfully accomplishing its mission.  To the contrary, what little evidence is available could only suggest either that there is considerably less terrorist financing than feared, or that the regime is not proving very effective at addressing it.

And yet, much of the response to this situation of genuinely failing to understand the need and efficacy of the regime is simply repeated urgings for more invasive powers, broader disclosures of sensitive, highly prejudicial personal information, more onerous administrative burden on the private sector, and more resources for FINTRAC and agency partners.

FINTRAC, as part of our national security apparatus, works with some degree of necessary secrecy.  But currently, that secrecy is inadvertently allowing for a failure of accountability.  There is no dedicated review body that can tell us whether FINTRAC is operating properly, successfully, and legally.  We say, this is a critical juncture for a long-overdue study and sober assessment of what the genuine need is and the most efficacious, accountable and rights-protective means of addressing that need.


One thought on “FINTRAC: the national security conversation that’s flying under the radar

  1. Interesting reading these observations – here’s a piece I wrote for Embassy newsweekly a few months back. Unfortunately I couldn’t find anyone who could connect the dots between C-51 and FINTRAC at the time:

    FINTRAC looks to banks to monitor clients’ social media activities
    Agency presentation urges financial institutions to look for suspicious activity in customers’ ‘open source’ online activity.
    By Chris Plecash
    Feb 25/2015

    The federal agency responsible for monitoring potential money laundering and terrorist financing is encouraging financial institutions to go as far as analyzing their clients’ public social media activity when investigating suspicious transactions.

    A 2014 presentation prepared by FINTRAC for financial institutions contains a hypothetical scenario in which a bank examines the social media activity of its own client to assess a potential case of terrorist financing.

    “We are disclosing a [suspicious transaction report] relating to Heinrich TRAVELLER and based on adverse information revealed through our open-source research and activity in his account that does not correspond to his profile,” reads a fictional bank report to FINTRAC. The scenario is part of a presentation titled “Financial Intelligence and Counter Terrorism in Canada,” obtained by Embassy through an Access to Information request.

    “Mr. TRAVELLER has been one of our clients since June 20, 2012,” the mock correspondence goes on to state. “He is a 25-year-old retail sales clerk. At the time of this statement, the balance of his portfolio was $9,356.53. An online search using the client’s name revealed adverse information about the client pertaining to the promotion of terrorism, anti-Semitism and acts of martyrdom.”

    Financial institutions are required to report any suspicious client activity to FINTRAC under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, but the guidelines for determining suspicious activities are open-ended. Institutions are to report any activities that they have “reasonable grounds to suspect” are money laundering or terrorist financing offences. The legislation applies to a range of financial players, including life insurance companies, accountants, real estate dealers, casinos and money transfer agents.

    The presentation highlights just how much information financial institutions could be gathering on their clients in an effort to comply with the legislation.

    According to the faux report, Mr. Traveller’s family came to Canada from Lebanon as asylum seekers. Online posts by Mr. Traveller espousing jihadist views are included in the material forwarded to FINTRAC under the scenario.

    “[W]e discovered a website on which our client uses an alias,” the institution’s suspicious transaction report states. “In this forum, our client’s name is Johnny5. The following appears on the website: ‘I am jonny5, ALIAS infidel killer from the terrorist group ‘Name of Allah.’”

    The report also contains financial info for the fictitious Mr. Traveller, including bi-weekly payroll deposits for $3,783; eight Paypal transfers totalling $7,050; and 13 money transfers totalling $6,976.

    “The account activity is not in line with our client’s occupation, and his explanation appears suspicious. Furthermore, in our opinion, the adverse information discovered as a result of searches in open sources suggests that the individual is indeed our client. The source of the funds is unknown and the activities are suspicious,” the mock report concludes.

    Financial institutions are required to appoint a responsible officer to comply with the regime and implement a “Risk Based Approach” to monitoring potential money laundering and terrorist financing, said FINTRAC spokesperson Darren Gibb.

    “FINTRAC does not require businesses to investigate their clients. They are required to monitor their client’s transactions and related activities,” Mr. Gibb said in an email to Embassy. “As part of their ongoing monitoring obligations, they have to monitor all of their business relationships, and they must monitor business relationships they consider high-risk more frequently.”

    FINTRAC analyzes suspicious transaction reports it receives from financial institutions and forwards actionable reports to law enforcement agencies like the RCMP, CBSA and CSIS for investigation.

    The number of suspicious transaction reports received by FINTRAC has grown rapidly since the reporting regime was introduced under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act in 2001.

    In 2005-2006, FINTRAC received 29,367 STRs. The agency received 81,735 suspicious transaction reports from the financial services industry in 2013-14—a small fraction of the nearly 20-million pieces of intelligence it gathers under mandatory reporting requirements. In total, FINTRAC disclosed 1,143 cases of “actionable” financial intelligence to law enforcement agencies in 2013-14.

    Of the 1,143 cases FINTRAC forwarded to law enforcement last year, Mr. Gibb said that 234 of the disclosures were related to terrorist financing and threats to Canadian security, including the 2013 arrest of two men plotting to bomb a VIA passenger train en route to Toronto from New York. Raed Jaser and Chiheb Esseghaier are currently on trial for terrorism offences related to the plot.

    “FINTRAC can only make disclosures of financial intelligence to police when it has reasonable grounds to suspect that the information would be relevant to investigating or prosecuting a money laundering or terrorist financing offence,” Mr. Gibb said, adding that FINTRAC is required to protect all personal information from unauthorized disclosure under the regime.

    Embassy contacted the Royal Bank of Canada, Canada’s largest bank, for comment on how much monitoring it does of clients’ online activity. RBC did not respond. Embassy also contacted the Canadian Bankers’ Association for comment on whether it advises its members to monitor clients online activity.

    “The banking industry complies fully with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and reports suspicious activity based on the requirements of the Act and its regulations to FINTRAC,” CBA spokesperson Kate Payne stated in an email.

    [email protected]