OTTAWA – Canada’s anti-money laundering agency continues to keep too much personal information about people, the federal privacy watchdog says.
In a newly released audit report, privacy commissioner Jennifer Stoddart says the Financial Transactions and Reports Analysis Centre has made limited progress in addressing the problem since she flagged it four years ago.
The centre, known as FinTRAC, zeros in on cash linked to money laundering, terrorism and other crimes by sifting through data from police, intelligence officers, banks, insurance companies, securities dealers, money service businesses, real estate brokers, casinos and others.
Institutions must report large cash transactions or electronic fund transfers of $10,000 or more, as well as any transactions where there are reasonable grounds to suspect money laundering or terrorist financing.
Stoddart found in 2009 that although reports about allegedly dubious transactions were reviewed and prioritized, they were not assessed for reasonable suspicion of illicit money movement.
The privacy commissioner says she is also disappointed in the latest results.
As of March 2012, FinTRAC’s databases held approximately 165 million reports containing personal information related to transactions such as house down payments, car purchases and wire transfers sent by parents to children studying abroad, the audit says.
Stoddart uncovered a number of reports that did not meet the $10,000 reporting threshold, along with examples that didn’t clearly spell out reasonable grounds for suspicion.
In one case, a financial institution filed a report when a storekeeper deposited $570 in $100, $50 $20 and $5 bills, but it did not indicate why the transaction was considered suspicious.
“Given the examples we found, I have serious concerns about the extent to which FinTRAC’s information holdings are populated with personal information that should never have even been submitted,” Stoddart said in a news release.
Among other things, the audit recommends the anti-money laundering agency analyze and assess incoming reports and identify and toss out information it should not have received.
The agency accepted all recommendations and provided responses as to how it intends to address them, Stoddart said in the release.
“FinTRAC has proposed some measures to address the deficiencies we identified,” she said. “However, there is more work to do. It still needs effective screening processes to ensure it no longer receives and retains sensitive personal information that it doesn’t need.”
Stoddart says she plans to follow up with the agency in two years to gauge progress.