Proceedings of the Standing Senate Committee on
Banking, Trade and Commerce
Issue 12 - Evidence - March 1, 2012
OTTAWA, Thursday, March 1, 2012
The Standing Senate Committee on Banking, Trade and Commerce met this day at 10:30 a.m. for the review of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (S.C. 2000, c. 17), pursuant to section 72 of the said Act.
Senator Irving Gerstein (Chair) in the chair.
[English]
The Chair: Honourable senators, it is a pleasure to call this meeting of the Standing Senate Committee on Banking, Trade and Commerce to order.
This morning we continue the five-year parliamentary review of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. This is our seventh meeting on the subject. To date, the committee has heard from a number of so-called regime partners involved in the implementation and administration of this legislation, including the Department of Finance, Public Safety Canada, the RCMP, CSIS, CBSA, OSFI, the Information Commissioner, the Public Prosecution Service of Canada, Canada Revenue Agency, Foreign Affairs and International Trade Canada, and FINTRAC.
This morning we will be hearing from the Office of the Privacy Commissioner of Canada. We are pleased to welcome Jennifer Stoddart, who has served as Privacy Commissioner since December 2003. She is accompanied by Carman Baggaley, Senior International Research and Policy Analyst; and Mike Fagan, Manager, Audit and Review.
Colleagues, unfortunately, the commissioner and her staff are only able to appear for one hour this morning, but rest assured, whether it be through written submission or a further appearance on a future date, Ms. Stoddart has assured us that she will do everything she can to answer our questions and provide us with the information we need to complete our review.
Jennifer Stoddart, Privacy Commissioner, Office of the Privacy Commissioner of Canada: Thank you, honourable senators, for inviting me to appear before this committee. I am pleased to have the opportunity to share my comments on the review of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, which you are presently revising.
My office has commented frequently on this act and its associated anti-money laundering and anti-terrorist financing regime. As such, we appeared before your committee in 2006 to comment on Bill C-25, which significantly expanded the number of organizations covered by the act and the types of transactions subject to scrutiny and reporting.
Bill C-25 also gave, for the first time, to my office a statutory mandate to conduct a two-year review of measures taken by the Financial Transactions and Reports Analysis Centre, known as FINTRAC, to protect the information it receives or collects. Our first audit report was published in 2009, and we are currently conducting our second review of FINTRAC.
I would like to speak now about some of my general concerns with the anti-money laundering and anti-terrorist regime. We know that money laundering supports criminal activities. As well, we are certainly aware that the financing of terrorist groups leads to an increased threat to our security. That said, my concerns with respect to the current regime have remained consistent over the years.
Although the regime cost over half a billion taxpayer dollars to implement — and this does not include the cost borne by the private sector to fulfill its own obligations — it is not a transparent regime and it is not widely understood by the public.
FINTRAC operates what is probably Canada's largest data-mining undertaking. The personal information collected allows FINTRAC to create a comprehensive profile of an individual's life and behaviour. Moreover, our 2009 audit report found that FINTRAC received and retained information beyond its legislative authority.
Over 300,000 reporting entities are currently required to collect specified information and to maintain detailed records on their clients' identities and transactions, which are not needed for their own business purposes, all the while making speculative assessments based on their customers' transactions.
The threat of fines for failing to report creates an incentive to over-report information. Indeed, our first audit report found cases of suspicious transaction reports sent to FINTRAC that actually did not meet the threshold of reasonable grounds to suspect — which is in the law — that the transaction was related to money laundering or terrorist financing.
Finally, and perhaps most important, while the scope of the regime has expanded significantly since 2000, assessing the necessity, proportionality and effectiveness of the measures put in place has remained very difficult for my office, as well as for other observers.
Even the 10-Year Evaluation of Canada's Anti-Money Laundering and Anti-Terrorist Financing Regime report, which you are now reviewing, which otherwise endorses the regime, is unable to assess how many investigations led to actual charges and convictions. In fact, it could only conclude that the regime likely contributed to the creation of an environment hostile to money laundering and terrorist financing. This does not appear, to my mind, to be conclusive evidence.
I would now like to turn to some of the specific concerns we have about the proposals contained in the Department of Finance consultation paper. The first one is eliminating the current threshold.
One of the proposals in the paper seeks to eliminate the $10,000 threshold that triggers the reporting obligation to FINTRAC of an electronic funds transfer, known as an EFT. If the proposal were to be adopted, reporting entities would be required to report all electronic funds transfers entering or leaving Canada.
Beyond the very pragmatic issue of how to handle and safeguard the sheer volume of EFTs to be reported, which in and of itself is a cause for concern, I expect many ordinary Canadians to be deeply affected by such a measure. Think of the naturalized Canadian citizens who regularly send remittances to family members in other countries. According to the most recently available data from Statistics Canada, one in five Canadians were born out the country. Think of the small and medium enterprises that sell goods and services in other countries. Think of the parents who are sending money to their children studying abroad. There are apparently some 20,000 Canadian students abroad in a given year. The majority of ETFs in these cases would presumably fall below the $10,000 threshold.
Even if a case could be made for lowering the threshold to detect more terrorist financing, I would suggest that capturing large numbers of harmless transactions constitutes a significant unintended consequence that would be disproportionate to the intended objective of the proposal.
[Translation]
Let us move on to the issue of prepaid access devices. Another proposal deals with prepaid access devices, which include retail gift cards, prepaid cards issued by financial institutions and mobile payment devices.
As an attempt to tackle potential money laundering and terrorist financing risks posed by prepaid access products, the government proposes to impose customer due diligence requirements on the providers of prepaid access devices.
Introducing customer due diligence requirements would result in the increased collection of personal information. Given the popularity of prepaid access devices, to require providers of these products to obtain identifying information would be a significant undertaking. Also, it would potentially extend customer due diligence obligations to an even greater number of organizations — many presumably in the retail sector — and require them to collect and create large databases of personal information that they do not need for internal business purposes.
If the government is convinced that it needs to address the risk created by the growth of prepaid access products, I would strongly suggest that it consider measures that do not necessitate the additional collection of personal information and the creation of databases.
For instance, a 2010 Report by the Financial Action Task Force suggests that the risk posed by an anonymous product can be effectively mitigated by measures other than the identification and verification procedures, such as imposing value limits.
Let us now discuss the issue of the quantity of information contained in FINTRAC disclosures. The 2000 legislation had built-in safeguards that limited the information that FINTRAC could provide to law enforcement and other authorities. However, these safeguards have been gradually weakened. The act has been expanded to allow FINTRAC to share information with the Communications Security Establishment, the RCMP, CSIS, the Canada Revenue Agency, the Canada Border Services Agency and Citizenship and Immigration.
It is now proposed that FINTRAC be permitted to, and in some cases, required to share more information with law enforcement and intelligence agencies.
The government has not given any good arguments to justify an increase in the amount of information and the number of organizations who can receive this information. I think that the government should do that before going ahead with this proposal.
Moreover, if FINTRAC were to be given the ability to share more information with more organizations, the government should also consider increasing oversight of FINTRAC to ensure these disclosures are appropriate.
My Office has responsibility for conducting audits every two years, but this is retrospective and not the same as operational oversight.
[English]
I would like to talk now about broadening the requirement to report suspicious transactions.
The current legislation requires reporting entities to report suspicious transactions as well as completed or attempted financial transactions that give rise to a suspicion of money laundering or terrorist financing. As I already mentioned, this has always been one of the most troubling aspects of the act because it requires reporting entities to make judgments about the motives of their clients and customers. We are not aware of any other legislation that imposes similar requirements on this scale.
It is now proposed that a suspicious transaction be redefined to include an activity undertaken for the purpose of a financial transaction that gives rise to a suspicion of money laundering or of terrorist financing. While this proposal is presented as a simple clarification of the current definition, it would presumably encompass activities that can occur before a financial transaction is actually made, such as opening a bank account. This will further increase the likelihood of over-reporting.
I would suggest that the government may wish to address the issue of over-reporting before considering new measures that could exacerbate the problem further.
To conclude, honourable senators, I would like to reiterate that I recognize that the objective of combating money laundering and terrorist financing is important. I also understand that Canada has international commitments to honour. However, I am concerned that Canada's anti-money-laundering and anti-terrorism-financing regime would again be expanded without any clear assessment of whether these changes are really needed to address domestic problems.
Canada already has an expensive, secretive, intrusive regime that collects and, we found out in our audit, over- collects vast amounts of personal information at Canadians while failing, so far, to provide conclusive evidence as to its effectiveness and its impact on Canadians.
In fact, rather than considering further changes to the act, it may be time to fully assess the effectiveness of the regime and to explore whether other measures could be more demonstrably efficient and less privacy-intrusive to combat money laundering and terrorist financing.
If it is the government's view that additional changes to the regime are absolutely necessary for law enforcement and national security purposes, it is important that the government provide public justifications for these changes, supported by data and evidence. Increasingly sophisticated forms of surveillance require increasingly higher thresholds of justification, and I would suggest that the case has not yet been made to justify the proposed changes to Canada's anti-money-laundering and anti-terrorism-financing regime.
With that, I look forward to your questions, which I will do the best to answer.
The Chair: Thank you, Ms. Stoddart, for your opening remarks. I will move immediately to our speakers list, and I would ask that you keep your questions tight.
I will go first to the deputy chair of the committee, Senator Hervieux-Payette.
[Translation]
Senator Hervieux-Payette: Good morning everyone. Following several hearings with testimony from various departments, we realized that several government entities were sharing information.
Do you have any comments about the fact that this information is circulating from one department to another, one structure to another, et cetera, and that for all intents and purposes, this could threaten peoples' privacy?
Ms. Stoddart: Yes, indeed, the unnecessary sharing of information may constitute a threat to privacy. However the way information is currently shared by FINTRAC is authorized by the Privacy Act.
What does concern us in this respect, however, is the proposal contained in the report to broaden the use of information in FINTRAC for other purposes than money laundering and the funding of terrorist activities.
This raises the fairly worrisome prospect, as proposed in this report, that the simplest transactions made by Canadians who open a bank account, send a bit of money, buy gift cards for someone for coffee in a coffee shop — which is actually being proposed — will become information gathered in accessible databases, information that could be shared with all kinds of government entities for other reasons.
Senator Hervieux-Payette: What would you recommend? We still have that well-known limit of $10,000 for these cards. In Canada, there are not many banks, but some people may have cards that are issued outside of Canada, especially in the United States. People could have ten $9,000 cards. And those people would all slip under the radar.
Does this $10,000 limit, which was previously established and respected, seem too high or not high enough to you? Unless we are all rich Canadians who give all the children in the family $9,000 cards! But as far as I know, we might put a $500 card in a Christmas stocking, but not a $10,000 one.
How can we determine a reasonable amount which would prevent people from cheating the system, with these cards that can be issued indefinitely?
Ms. Stoddart: You have touched upon a central issue. It seems to me that the thresholds are almost arbitrary. We have not seen any research or good evidence as to the relevance of the $10,000 threshold. It is quite difficult to obtain the results of the application of the $10,000 threshold since 2006-07.
We know that some European countries have thresholds that are quite a bit higher. The United States have a $1,000 threshold to report this type of activity, whereas Australia has none. It is the absence of analysis, of any concern to see how this system functions, and from there, to move automatically to registering fairly simple gestures by Canadians without saying: well, yes, we did study that and we know that there is a practice of buying coffee shop cards that are worth this much and bringing them to various countries. You know, there are not any facts we can use to support a recommendation against a threshold. This applies to me even more so than to the authors of this report or the person who performed the assessment for the Department of Finance. I cannot suggest a threshold to you. Lowering it even further would only threaten Canadians' privacy even more.
Senator Hervieux-Payette: The United States has a $1,000 threshold, but we must remember that there are 600 banks in the US. It is quite easy to obtain cards from several different banks. In some cases, there may be six or seven different banks on a single block.
The market for cards is certainly greater, and then you have businesses besides banks. Now we are talking about those who can issue them, but your recommendation would be to justify a threshold through a study to demonstrate that there is a floor or a ceiling that should be the established standard. In other words, this should not be done in an arbitrary way, but rather following some in-depth research.
Ms. Stoddart: Exactly.
Senator Hervieux-Payette: I would like to raise the issue of registries which last a long time and are not destroyed after a certain period. Could you provide us with more details? To my knowledge, if you are arrested for intoxication, 10 years later, the RCMP will still have records with information on this offence.
Several organizations collect data; does everyone keep them for the same amount of time? If no charge is laid, do you think we are in a vacuum?
Ms. Stoddart: I know that the Information Commissioner is concerned by this issue. The 15-year period cited in the FINTRAC legislation and in the Privacy Act, stipulating that all government institutions are subject to retention periods, which are appropriate for their activities, is legal. Given the length of some money-laundering investigations, among others, we have accepted the 15-year time frame. We were able to verify whether these retention limits were abusive during our last audit.
I am going to ask my colleague, who performed the audit, to speak to you about this.
[English]
Mike Fagan, Manager, Audit and Review, Office of the Privacy Commissioner of Canada: By way of background, when the law was first passed, there was a retention period of five years for reports that FINTRAC had not disclosed and seven years for reports that had been disclosed. That was changed to a minimum of 10 years.
When we conducted our first review, there was a short period from November 2001 to February 2002 — so about a three-month period — in which the records fell within the initial retention period, and FINTRAC was able to provide us with documentation to confirm that those records had been destroyed. We also did some audit testing to confirm that.
Senator Oliver: Thank you for your presentation today. It was excellent.
I would like to know whether you have a number of employees in your office who are dedicated to this statute. If so, how many?
Ms. Stoddart: There are two full-time employees.
Senator Oliver: Secondly, it is about privacy since you are the Privacy Commissioner. Have you had privacy complaints filed with you about improper disclosure of personal information in connection with this act? If so, how many?
Ms. Stoddart: Yes, I believe we have had seven complaints filed.
Senator Oliver: What has been done about them?
Ms. Stoddart: They have all been closed. We did not take them further. We looked at the allegations and could not sustain them.
Senator Oliver: I have one final, very brief question that follows from the question of my colleague, Senator Hervieux-Payette, about the $10,000 threshold. You gave an excellent discussion about problems with it, and you referred to remittances and the 20,000 Canadian students overseas and the amounts given to them.
What I did not understand is this: What is your final position about the $10,000 threshold coming from the Department of Finance consultation paper? What would you like to see?
Ms. Stoddart: I would like to see a serious attempt to do some research on this matter. I had the opportunity to read some of the testimony of people who came before you. I am very concerned about the omission of indicators of how well the present regime is working in this whole operation of trying to prevent money laundering and terrorist financing, both of which every citizen is concerned about.
It seems to go on the premise, "Well, we presume it is working, and we presume it is a deterrent. " That is what the initial evaluation said.
In this day and age when we have very sophisticated data analytics, some of which are used by FINTRAC, to make the necessary conclusions, I find it amazing that we cannot set up a sophisticated self-measurement regime to see how this is working, how well it is working, and how it could be better tweaked.
We could not even find out how many convictions there were for terrorist financing until my own staff just recently found — and this was just as we were preparing this — that there was one conviction, with a sentence of six months.
I believe that information to be correct, honourable senators. We did not see that the Department of Justice could give you how many convictions there have been for terrorist financing.
If all we can find is one terrorist conviction for terrorist financing, getting six months, that is not a heavy sentence, as our sentences go. You have a billion-dollar operation, which the consultation paper is proposing to enlarge. I think we should pause and look at the question of proportionality. That is my position.
Senator Harb: Thank you very much, commissioner, and your team.
To paraphrase what you have said, the organization is not transparent. It is not understood. They have spent over half a billion dollars so far. They retain information beyond their legislative authorities. They use fines as a way to intimidate the parties to collect information. The threshold will create problems for innocent people, immigrants, students who are studying abroad, small businesses and so on. Then, you had 11 recommendations that you made back in 2009.
The question I want to ask you —
Ms. Stoddart: In our audit? You are referring to our audit?
Senator Harb: In your audit, yes.
Do we have a situation here where we need to look at value for money and call on the Auditor General to come in and have a proper assessment before our committee proceeds and gives an expanded mandate to this organization? Your report is very damning. You are saying that there is a problem here. I am not totally convinced that they fear you or will do anything about it. Perhaps it is because you have the moral persuasion but not the legislative authority to rein them in. Perhaps we should give you the tools to do enforcement. Which out of the two should we do, or should we do both?
Ms. Stoddart: Possible reform to the Privacy Act is a discussion we have undertaken, and my recommendations are still there.
To try to answer your two points, senator, yes I think it is a fairly accurate summary of my position, except for one point, and I will come back to that in answering your second point.
Should there be a value-for-money audit by the Auditor General? I would not venture to say what the Auditor General — my fellow agent of Parliament — should or should not do, and I am not an expert on value-for-money audits.
However, I do raise in my presentation — several times — the issue of proportionality. Traditionally, privacy has rested on an understanding of proportionality. Do not gather more information than you need for whatever the problem is. Do not ask every Canadian to report and be in a database because they opened a bank account or sent some money to their kids studying abroad or to their family in another country because we may get one terrorist financing conviction of six months in the history of this operation. That is an issue of proportionality, so I will leave it to this committee to decide how to take it forward.
Secondly, our 2009 report made several recommendations. One was quite critical about the over-reporting and the structural effects of the act, which fine you if you do not report so that organizations are encouraged to do so just in case. They know they do not have any facts, but they will over-report.
However, the good news is that, as I recall — and perhaps Mr. Fagan can speak to this better than I — FINTRAC, at the time of our release of our audit, agreed to follow all of our recommendations except for one that had to do with exchanges with foreign entities. However, we are going back to that in the audit that we are doing now.
Mr. Fagan: That is correct. As part of the current review, the audit team will look at the actions taken by FINTRAC to address the 10 recommendations.
Senator Harb: We raised the question of the threshold with a number of people. Everyone brushed it aside saying that it does not matter because they are just reporting the data; it is not a problem.
I am aware that Australia has removed the threshold, and I believe the U.S. has put a $1,000 threshold. Are you aware of other regimes that have removed the threshold on international financial transactions? As well, your point is good about putting a mechanism in place so that the system can take care of transfers by parents to their kids or transfers by a small business so that those kinds of transactions do not pop up as suspicious transactions.
Ms. Stoddart: Yes. I am not aware of other jurisdictions, in the research my staff could do in preparation for this review, but I would think that a specialized organization like FINTRAC would have a good idea of all regimes around the world and whether there are others than Australia that have no bottom limit to reporting.
As for how FINTRAC tracks suspicious and non-suspicious transactions, I would not make any recommendations. This is a very specialized area, except to say that going forward there has to be some kind of auto-analysis mechanism. We are doing all this, but I understand that basically we do not know if it is working. This is a huge consumer of public expenses, and it is hugely privacy-intrusive. The proposal is to make the simplest transactions, such as buying a gift card for a Christmas stocking, part of this; yet, we have not analyzed whether this is effective.
Senator Stewart Olsen: Thank you for your presentation. It was very interesting. This committee will juggle the two between the Privacy Commissioner and the Information Commissioner, which we have to look at seriously.
You had some interesting points; the idea that there is no way to assess the actual results is troubling. However, you went on to say that you did get information on the results, so I am not sure what exactly you were saying.
This legislation has been around for a long time, and we are now reviewing it. Over that period of time, there have been seven complaints about privacy, none of which have been followed up. While I hear what you are saying and about your caution, I am not sure as to the validity of where you are going. I would like your comments on that.
Ms. Stoddart: I am saying that yes, there are some statistics that we saw in the course of reading the testimony of other witnesses and from what we can glean from reading material of FINTRAC. There are so many resources and so many civil servants doing the analyses of so many reports, which all are huge numbers, in an attempt, putting it in simple terms, to catch the bad people. We cannot make the link except in one case, which my staff found very recently, that all this is helping us to catch the bad people. It may be helping but nobody can say. It is more interesting that no one seems very concerned that those links be made.
As Privacy Commissioner, I am hugely concerned that those links be made, especially when there is a proposal to lower the threshold that would link the ordinary actions of almost every Canadian citizen who opens a bank account or other everyday things to this mammoth information-gathering machine. It is the lack of links between what this whole operation is doing and its effect that causes concern. Doubly concerning is the fact that it seems no one is concerned about looking at this, from what I read and from the witness statements, and that no one knew about the convictions until my staff came across this one conviction of six months — not a major sentence.
Senator Stewart Olsen: I wanted to raise that. As well, we have to balance everything. Have you looked at other countries that have similar legislation and how they compare? Are they catching a lot of crooks? How do we compare to others? I share your concerns with the actual results and closing the loop on what is happening, the actions being taken and the results. We in this committee have asked for follow-up on exactly those points. Have you looked at the legislation of other countries and where they come down on privacy issues and your concerns?
Ms. Stoddart: I will say two things: The reports talk about a deterrent effect, but it is supposed. I believe that criminologists have more sophisticated ways of looking at deterrent effects, perhaps in a comparative study, as you mentioned. The short answer to your question is no, we have not studied other anti-terrorist-financing, anti-money- laundering regimes and their impact. It is maybe a bit beyond our remit as Privacy Commissioner. Such a study could be done to see if this is just a phenomenon that is impossible to document or if someone has come up with a valid way of measuring it.
I remember reading that in 2003 the Auditor General's office said this is all very hazy. Those were not her words at the time but it is a phenomenon that did not seem to have a clear factual basis for the Auditor General in 2003. Perhaps almost 10 years on now we can better document this worldwide phenomenon. Perhaps this committee could suggest that someone else undertake such a study.
Senator Ringuette: I was very impressed with your presentation, Ms. Stoddart, and your knowledge.
Ms. Stoddart: My staff, senator.
Senator Ringuette: You and your staff are the only people who have come before this committee, including Justice Canada, FINTRAC, the RCMP, Canada Border Services Agency and Foreign Affairs Canada, and told us that they had no statistics, did not know how many convictions there were, et cetera. You are the only one who has told us that there has been one conviction in 10 years of operation, which resulted in six months of jail. I had serious doubts, but now I can say that my doubts have been confirmed with regard to the effectiveness of this regime. As I listened to you, I was thinking of the famous American movie Wag the Dog and saying to myself: Is this a wag-the-dog big brother operation disguised behind a terrorist curtain?
You made an audit in 2009. In that audit, which I have not looked at, you made recommendations. Did you find information on Canadian citizens that had been sent to other countries without cause?
Ms. Stoddart: I will refer this question to one of the people who actually did the audit.
Mr. Fagan: As part of our audit, we looked at the disclosure packages that FINTRAC sent to its foreign financial intelligence units. We did not identify any cases where the disclosures were inappropriate. They were all authorized under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.
Senator Ringuette: Authorized is one thing; appropriate in regard to the objective of the act is another issue. Was it authorized or was it appropriate?
Mr. Fagan: It was authorized under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. We are not experts in the area of money laundering or terrorist financing. It would be very difficult for us to make a determination on a case-by-case basis of whether or not it was appropriate in terms of addressing the issue of money laundering or terrorist financing.
Senator Ringuette: Who could tell this committee if the information collected by FINTRAC about Canadian citizens that is being sent abroad and used by a slate of federal government departments is appropriate in relation to the act, and appropriate in relation to being justified in regard to your own mandate?
Ms. Stoddart: It seems to me that FINTRAC could testify as to how it makes the selection of information to be shared.
Senator Ringuette: You have already told us that FINTRAC, in relation to looking at this five-year review, has not done a very good analysis of it — the data that it has and requests it is making in relation to this review — based on evidence.
Ms. Stoddart: I am not criticizing FINTRAC overall. FINTRAC is an agency staffed with very capable and devoted people. Therefore my criticism goes to the link between what FINTRAC does overall and how that helps achieve the overall end of preventing terrorist financing and money laundering in Canada.
However, I do not think there is any reason why they could not respond accurately about details of their own operations.
Senator Ringuette: I have two more questions. You indicated to us that information collected by FINTRAC was sent to Citizenship and Immigration Canada. This is the first time that this committee has heard that the information collected by FINTRAC was also shared with Citizenship and Immigration. Can you confirm that is the fact? That adds another department that has access to all that information.
Ms. Stoddart: I believe the honourable senator is referring to some of the proposals in the report for much wider sharing of information. This is one of our concerns. If this was put through, it would be such a huge database on all the financial transactions — the most innocuous, everyday, mundane transactions of all Canadians — and then it would be broadly shared for purposes other than money laundering and terrorist financing. At that point we are really going to a kind of state apparatus that surveys every one of our financial moves.
Senator Ringuette: It is a police state.
Ms. Stoddart: That is a concern I raised.
Senator Ringuette: I just clued in when you mentioned it, that all the retail outlets that sell those prepaid cards will be required to report the name of the customer and so forth to FINTRAC, for every $1 gift card that is bought. Can you imagine the cost on the retail sector? As we move on to electronic transactions, you can pay by phone, so you would also have to request that communication service providers supply all the payment transactions of $1 or more.
Ms. Stoddart: That could be a possibility, I suppose.
[Translation]
Senator Massicotte: Thank you, Mr. Chair. Thank you for being here with us today. Let me say that we do somewhat share your opinion that the confirmed information that we receive is not clear enough to allow us to say that the program has produced results. According to the testimony we have heard, we are trying to gather information that will allow us to issue an opinion.
At the same time, despite this difficulty, this frustration, we do find ourselves in a somewhat difficult position. Your argument is that in the absence of evidence to the contrary, we should not allow other analyses of information, because you feel we should identify the advantages and disadvantages and the results that have been obtained before allowing further information to enter into it. At the same time, some will argue that the information is nonetheless typical, internationally speaking, and should still discourage fraudulent transactions. It is a good debate. It is a question of balance, as always.
However I must say that I am somewhat reassured by the fact that every two years, you perform an audit, and that of your 11 recommendations, 10 have been accepted. You are beginning another audit and this provides balance.
You said that during your audit, you discovered abuse of information. That is the word you used. What did you find abusive with respect to the information collected that was not necessary? Is there anything serious in that respect?
Ms. Stoddart: This was a serious concern at the time we were performing the audit, and FINTRAC said it would take measures to curtail the phenomenon. The tendency was to report to FINTRAC, just in case that person or that transaction could raise suspicions, or be shady.
We did find some somewhat troubling things, and this is in our audit report, such as reports made when someone simply opened an account, or closed an account; and more or less because of who that person was, their ethnic origins, people decided it must be suspicious and reported it to FINTRAC. There were several examples like that where, once again, because of the way the legislation is structured, organizations did not want to risk being fined. So employees, in trying to do their duty, would tell themselves: if I have any doubts, I had better report this.
Senator Massicotte: Give more rather than less.
Ms. Stoddart: That is right. Except that there are people in the FINTRAC databases that do not meet the legislative criteria. There is no justification. This was our report based on the 2008-09 fiscal year. We are hoping that FINTRAC has agreed to our recommendations and that they will resolve the problem.
Senator Massicotte: There are two contradictory testimonies. FINTRAC confirmed that this information could be shared in two instances: money laundering and suspicion of terrorism. We asked this group specifically whether, when they suspected that there was tax evasion, they had the right to share information. They said no, that this was not adequate. However, Revenue Canada confirmed that the legislation was changed in 2010 where tax evasion was part of the money-laundering process and that, in their opinion, they were entitled to all of the information when there was a suspicion of tax evasion. Which answer is correct? In the case of tax evasion, are you bothered a great deal by this willingness to share information?
Ms. Stoddart: This 2010 change bothers me less than what is found in the report you are studying. As a result of the 2010 amendment, I feel that, with multiple financial transactions that take place in a money-laundering operation, it may be difficult to distinguish between tax evasion and money laundering.
That can be part of the same phenomenon. At least it is being linked to the issue of money laundering.
In the report under review, it is being suggested that we quite simply open up the FINTRAC databases for tax evasion itself, for example. Given that, generally speaking, Canadians are unaware that every time they make a small transaction it may wind up in FINTRAC, we are faced with a situation where the state is omnipresent and monitors all of the financial transactions of Canadians. As the Privacy Commissioner, I have concerns about such a situation.
Senator Massicotte: We are trying to get some information about the cost of the program. Our analysts have given us, I believe, a figure of $66 million. And we thought that there were 770 reports made by FINTRAC to the agencies last year.
In your statement, you talked about $500 million — a half billion — and earlier, in answering a question, you referred to a regime cost of $1 billion. How much will it cost to manage the regime? Will it cost $66 million, $500 million or $1 billion?
Ms. Stoddart: I think that I was referring to accumulated amounts.
Senator Massicotte: Over five years?
Ms. Stoddart: Since 2000.
Senator Massicotte: So this is over 10 years. Is this $1 billion divided by 10 or $500 million divided by 10?
Ms. Stoddart: I would have to look into this matter. If I look at the evaluation report, as far as the cost is concerned, I am reading $275 million over five years.
Senator Massicotte: That would be $55 million per year, which is close to $65 million, as we thought.
[English]
Senator Tkachuk: I have a couple of questions on deterrence and cost. You were talking about the cost. Does your mandate include the fact of the cost of the government program? We are talking about privacy issues here. There are other people ferreting out costs, but what about privacy issues?
Ms. Stoddart: Good point, senator. The Auditor General looks at the cost of programs and their efficiency. However, I do venture to mention it because I think it goes to the issue of proportionality. This is how much Canada spends on collecting and analyzing financial information in order to prevent or punish money laundering and terrorist financing. It is only from that angle that we mention it.
Senator Tkachuk: You talked about the question of deterrence and that it was difficult to put your finger on how effective the law has been because of the fact of deterrence, and I think you mentioned that there has only been one conviction.
By closing this door — that is, electronic transfer, which is an easy way to move money, the easiest way to ship money from one place to the other — the law makes it more difficult for people to operate. In other words, if we opened up and got rid of that piece of legislation, then it would be very easy for people who want to do harm to move money back and forth.
Are you advocating that we do not have any limit at all, that we just go back to the way it was before 9/11?
Ms. Stoddart: No, I am not. We understand, from following recent Canadian history, at least, that there is terrorist financing, terrorist activity, international movement of finances, money laundering, and so on. I am speaking to the implications of broadening the regime today.
I would also like to come back to the point that if the government decides to go ahead with broadening the regime, I would suggest that more oversight be added. I am echoing one of the conclusions of the O'Connor report, following the Air India Inquiry. Mr. Justice O'Connor made a series of reports. There is no reason why FINTRAC, if its mandate were broadened, could not benefit from the same kind of permanent oversight that the Canadian security establishment does, because of its implications for the privacy of Canadians.
I am not saying do away with the present regime, and I am not saying the problem does not exist; I am saying we could do more to document it, and we should not strengthen this regime, because of its impact on Canadians, until we have done more research as to its effects.
Senator Tkachuk: When the law was first introduced a decade ago, this was a concern of our committee. We had quite a bit of discussion about its effect on the civil liberties of Canadians. We thought it was a little too intrusive and that banks would take the easy way out. As you mentioned earlier, financial institutions do not want to be convicted, so they just report everything. All of a sudden you have this big volume of information rolling into FINTRAC, most of which seems irrelevant.
How do we fix that problem? How do we deal with that issue? I kind of do not blame the financial institution. If you want to make them part of the enforcement process, then they will act that way.
Ms. Stoddart: Yes, I have a lot of empathy with the financial institutions, which have an increasing reporting burden, for all kinds of reasons, as well as challenges in terms of training their staff to make the right judgment calls, and often it is very difficult. I believe there is some discussion about ongoing efforts to help financial institutions, money transfer businesses, and so on, to comply accurately with the law. Mr. Fagan knows more than I do about that.
Mr. Fagan: FINTRAC would certainly be in a better position to address the issue specifically. They have a compliance role to ensure that reporting entities comply with the requirements under the law. Certainly, training and awareness are key, from the reporting entity side.
One of the recommendations we made in the 2009 report is that FINTRAC enhance its front-end screening processes to ensure that the reports that it does retain are both relevant and not excessive in nature.
Senator Tkachuk: How long should the period be for keeping the information? Right now it is 15 years, I think. How long do you think they should keep the information once they receive it?
Ms. Stoddart: It can be up to 15 years, but it is 10 years; and if they use it in research or calculations, then more time kicks in and it can be a very long time, if not indefinite.
It would be nice if that did not have to be, I would say. It would be nice if the information were quickly destroyed. However, personally, I understand the reasons that FINTRAC has in these kinds of operations. I gather that phenomena have to be analyzed over years and over decades, maybe now over generations.
I am concerned about the conditions under which they keep this information. If they keep this information safe, if it is not distributed to the wrong entities or the wrong people, if it is not open to hackers or whatever, if it is not misused — and these are the things we look at in our audit — then it does not pose a great threat to anyone. However, we have no indication that it is kept other than in optimal conditions by FINTRAC. I believe that is what our audit found.
[Translation]
Senator Maltais: You obtained one conviction for the fiscal year. One conviction for more than 35 million Canadians, does that mean that Canadians are behaving properly?
Ms. Stoddart: Senator, you should put that question to someone other than me. All that I found is that one individual from British Columbia received a six-month sentence for having participated in the funding of the Tamil Tigers.
Senator Massicotte: And what about fraud and money laundering?
Ms. Stoddart: We were unable to do this research, but there are people who are better equipped than we are.
[English]
The Chair: Ms. Stoddart, your office has been involved with this file for some time, from its genesis to the recent departmental consultations.
You have made a number of recommendations to us today. You talked about more research, sophisticated self- measurement, and other things being required.
The issue I think you have raised, if I understood you correctly, is not so much the way it exists but the broadening of the mandate. You challenged us, as I understand it, with a question, which was how well the present regime is working.
We will think about that, but I would like to ask you one question. How would you grade the present regime as it exists today?
Ms. Stoddart: Honourable senator, I am only the Privacy Commissioner. I can rate it only from the point of view of privacy, but I think there are many people you could interview who are knowledgeable on the subject area and who could give you an accurate rating.
The Chair: How would you rate it from your perspective, on the subject that you are focused on?
Ms. Stoddart: The current regime?
The Chair: Yes.
Ms. Stoddart: The current regime, as of our last audit, was doing pretty well. There were some areas of improvement, but our job is to point out areas of improvement. Overall, it was doing a good job.
The Chair: Ms. Stoddart, I know I speak on behalf of all of the members of the committee: To you and your associates, thank you for a most informative presentation.
(The committee adjourned.)