Monday, December 18, 2006

New money laundering law requires Privacy Commissioner to review FINTRAC's compliance

Bill C-25, An Act to amend the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and the Income Tax Act and to make a consequential amendment to another Act, is now in force. For the purposes of attacking money laundering and the financing of terrorism, the statute expands the amount of personal financial information collected and the sources of that information. But this amendment also gives the Privacy Commissioner of Canada with a unique role. Under the statute, the Commissioner is to audit the personal information handling practices of FINTRAC every two years. We'll see how the first such audit goes ....

From the Commissioner's office:

New money laundering law requires Privacy Commissioner to review FINTRAC's compliance with Privacy Act

Ottawa, December 18, 2006 –The Privacy Commissioner of Canada, Jennifer Stoddart, has new oversight responsibilities under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Bill C-25), which just received Royal Assent. Under this new legislation, the Commissioner's Office is now required to regularly review the Financial Transactions and Reports Analysis Centre (FINTRAC's) compliance with the Privacy Act, the federal public sector privacy law.

Under the Privacy Act, the Privacy Commissioner already has the power to audit the personal information-handling practices of federal departments and agencies. However, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act specifically mandates the Office to review and report to Parliament on FINTRAC's activities every two years. The Commissioner's Office had already planned to conduct an audit of FINTRAC in 2007-08, pursuant to its authority under the Privacy Act.

"We understand the need to address suspected money laundering and terrorist financing activities, but we do have concerns about the potential impact on privacy rights resulting from an increase in the amount of personal information collected and disclosed by FINTRAC," said Ms. Stoddart. "In light of this, I am pleased to see that we will have increased oversight over these activities."

In the recent report of the Commission of Inquiry into the Actions of Canadian Officials in Relation to Maher Arar, Justice O'Connor also generally highlighted the need for increased oversight and review of activities that touch on national security. In Justice O'Connor's report, he recognized that the sharing and disclosure of personal information by government to foreign entities raises concerns.

Providing the Privacy Commissioner with mandated review of FINTRAC's activities is an important step because, as a result of the passage of Bill C-25, the number of organizations required to monitor and to collect information about their clients and customers will increase, the amount of personal information being collected will expand and more transactions will be subject to scrutiny and reporting. FINTRAC will be able to share more information with more organizations. FINTRAC is Canada's financial intelligence unit, a specialized agency created in July 2000 to collect, analyze and disclose financial information and intelligence on suspected money laundering and terrorist activities financing.

Last week, Ms. Stoddart appeared before the Standing Senate Committee on Banking, Trade and Commerce to discuss Bill C-25. Her statement and submission are available on the Office's Web site.

The Office of the Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman, advocate and guardian of privacy rights of Canada.

No comments: