Regulatory information
To do business with a bank means having to comply with regulations often stricter than the ones that are governing many other sectors of our economy. In the end, National Bank of Canada’s (the “Bank”) compliance with these regulations is in your clients' best interests, even if this implies certain rigidity in our work processes. Rest assured that we are doing our best to simplify the business relationship that unites all of us: the Bank, you and your clients.
Below is some important information to understand regarding our compliance with regulations. If you have any questions, please do not hesitate to contact us at 1‑800‑901‑0172.
Information on this page is intended for consultants and advisors only and must not be communicated to clients. The information is general in nature and is intended for informational purposes only. It is not meant to provide legal advices. The information provided is accurate to the best of our knowledge as of the date of 2018‑08‑16. The information contained on this page prevails on all existing versions of the Regulatory Guide (electronic or paper).
Banking activities
1. Canada Deposit Insurance Corporation (CDIC)
Canada Deposit Insurance Corporation (CDIC) is a federal Crown corporation created in 1967 to protect certain types of deposits up to $100 000, should a member financial institution go bankrupt.
National Bank of Canada is a member of the CIDC. Covered deposits comprise insurable deposits issued by National Bank. For further information concerning CDIC, please call 1‑800‑461‑CDIC (2342) or visit www.cdic.ca.
2. Canada’s Anti-Spam Legislation (CASL)
Since July 1, 2014, the Anti-Spam Legislation (CASL) regulates the sending of Commercial Electronic Messages (CEMs) including promotional messages and newsletters that solicit engagement in commercial activity. Not respecting the Anti-Spam Law poses serious risks for the Bank: risks of non-compliance, financial risks, and reputational risks. Sanctions are in place for cases of non-compliance that can go up to $1M per violation for individuals, and $10M per violation for the Bank and its subsidiaries.
To be CASL-compliant, electronic messages to a client must contain a compliant signature that clearly identifies the entity who sent the message and an unsubscribe link that allows recipients to withdraw their consent to receive electronic messages from the sender.
Before sending an electronic message to a client, covered by CASL, the bank employees are required to check whether the recipient has consented to receiving such messages at the e-mail address in question.
Since January 15, 2015, CASL also requires that the Bank and its subsidiaries inform users that their websites use cookies and explain how they are used. Moreover, the descriptions of the mobile applications offered by the Bank or its subsidiaries must inform users that by downloading such applications they consent to the installation of the applications and any future updates.
CASL does not apply to electronic communications between business partners, in their professional capacity, and National Bank of Canada.
3. Cost of Borrowing Regulation: Disclosure Options Offered to Clients
Under the Cost of Borrowing Regulations, co-borrowers are entitled to receive all regulatory information, including statements for all credit accounts (not applicable to bank accounts).
Should a co-borrower wish to receive regulatory information, the following would be sent:
- Welcome letter
- Cost of borrowing disclosure statement under Section 450 of the Bank Act
- Credit account statements
- Other regulatory notices such as notices pertaining to a fee increase or a product change.
Two types of disclosures are available for the applicants:
- Separate disclosure: one copy for each of the co-borrowers (the default option)
- Single disclosure: one copy for all co-borrowers
Once the choice is made, it is always possible to request changes by contacting the Client Service Centre.
4. Cost of Borrowing Disclosure Statement under Section 450 of the Bank Act
The Bank is required to provide the applicant with the Cost of Borrowing Disclosure Statement under Section 450 of the Bank Act:
- Mortgage loans: COB must be provided 48 hours prior to signing the credit agreement as described in the paragraph below
- Credit cards: COB must be provided prior to the activation of the card but the information box must be provided with the credit application.
- Other credit: COB must be provided at the latest when the credit agreement is signed (not the credit application)
This statement ensures the applicant is aware of all the costs related to the credit prior to entering into the credit agreement contained in the Credit Application.
To comply with this regulation, an information box (pertaining to the product selected) is included in the statement of disclosure given to clients to ensure that all the information pertaining to the credit are indicated to all borrowers when the cost of borrowing is disclosed.
The applicant is not required to sign the Cost of Borrowing Disclosure Statement, nor is the Bank to receive a completed copy for their files. However, the Bank shall keep a copy in its files when sending the document to the client. It is only mandatory for the applicants to retain the statement with their copy of the application and all other related documents.
This regulation applies to all credit products including credit cards.
Delivery of the initial Cost of Borrowing Disclosure Statement for Mortgage Loans (Statement of disclosure 48 Hours for mortgage loans)
Whenever the Bank grants a mortgage loan, it must give the client a copy of the Cost of Borrowing Disclosure Statement at least two clear business days before the client’s meeting with the legal professional (lawyer or notary) to sign the credit agreement. The following do not count as clear business days:
- The day on which the Cost of Borrowing Disclosure Statement is delivered,
- The day on which the credit agreement is signed,
- Saturdays, Sundays and holidays.
5. Commitment to Provide Information on Mortgage Security
At the request of the Federal Finance Minister, since September 1, 2014, Canadian banks must provide information on the types of mortgage security available in Canada.
Under this commitment, the Bank is required to provide general information on the different types of mortgages on its website, branches/points of service and on request, and specific information at or before entering into the mortgage loan agreement.
Two brochures are available for clients upon request:
- Brochure F.29933 Information on the types of mortgages available for purchasing a residential property (general information)
- Brochure F.30025 Information on Your Mortgage (specific information)
6. Mortgage Loan Indemnities
On September4, 2012, Federal Finance Minister Jim Flaherty announced the implementation of a Code of Conduct for federally regulated financial institutions on Mortgage Prepayment Information. Some elements of the Code came into force in September 2012 while others came into force March 4, 2013 as the information provided when the borrower is paying a prepayment charge.
In order to comply with this Code of Conduct, the Bank is implementing measures intended to provide clear information and avoid the misleading of clients regarding the indemnities involved when prepaying a mortgage loan.
The Bank must also provide information on the methods available to clients to accelerate repayment of their mortgage without incurring a penalty. The code of conduct is regulatory measures to ensure that financial institutions clearly inform consumers and make them aware of the charges arising from prepaying their mortgage and to help them better appreciate the consequences.
The purpose of an indemnity is to compensate the Bank for any loss in revenue that may be caused by a pre-matured payout or change in conditions; the client agrees to a certain term, interest rate and loan amount, in any situation where one or all of these conditions are decreased, the Bank incurs a loss. Most financial institutions apply similar methods to calculate the indemnity amounts, these being the 3 months interest or the rate differential, depending on certain conditions.
The following tools are available for the clients:
- Information available on the bank website
- Calculators are available on the bank website
- Payout statement containing information on indemnities
- Annual statements including information on indemnities
- Client care center with toll free number for additional questions on indemnities
7. Guideline B-20 – Residential Mortgage Underwriting Practices and Procedures
As part of the requirements from the Office of the Superintendent of Financial Institutions (OSFI) to ensure borrower capacity to service debt obligations on a timely basis, the Bank has implemented automatic control of the mortgage lending ratios allowed for revolving credit.
Summary of the Guideline B-20:
- The maximum amount of mortgage financing for revolving (non-amortizing) credit (line of credit) is 65% of the value of the property financed.
- Any mortgage financing with a loan-to-value (LTV) ratio between 65.01% and 80% must be an amortized mortgage loan (ML) in order to respect the approved revolving (non-amortizing) credit limit.
- Any mortgage financing with a loan-to-value (LTV) ratio greater than 80% must be insured.
- The Bank’s system will ensure that the principal repaid does not cause the client to exceed the approved revolving (non-amortizing) credit limit.
8. Access to funds
The Bank is required by the Access to Funds Regulations to limit the hold on funds deposited by retail clients and eligible enterprises. This hold period can vary depending on the amount of the instrument and whether the deposit is made in person with an employee at one of the Bank’s branches or points of services or in any other manner.
The Bank must also allow the client to withdraw the first $100 of all funds deposited by cheque or other instrument to a retail deposit account:
- Immediately, if it is deposited in person with an employee at one of the Bank’s branches or points of service;
- On the following business day following the day of the deposit, if it is deposited in any other manner, e.g., banking machine.
In addition to complying with the above requirements, the Bank must, via its employees:
- give the client a copy of its “Access to Funds Policy” when opening an account;
- display and make available to its clients and the public its “Access to Funds Policy”, via a written notice in all of its branches, points of service and website;
- In the event that the «Access to Funds Policy» cannot be applied, give the individual (retail client or enterprise):
- A notice of refusal which includes a statement indicating that the individual may contact the Financial Consumer Agency of Canada if he has a complaint, including contact information for the Agency.
9. Dormant Account
An account becomes dormant if no transactions have been carried out for a year. This account may no longer be used by the client and it must be reactivated by contacting the Client Service Centre.
- The Bank sends a dormant account notice (in January of the 1st, 2nd, 5th and 9th year) to the client to find out what the customer intends to do. If the client replies within 60 days, no fees will be charged.
- If the fees exceed the account balance, the account is automatically closed.
- If the balance is still unclaimed after 9 years, it is transferred to the Bank’s Accounting Department which, in turn, transfers the balance to the Bank of Canada if it has not been claimed at the end of the tenth year. To claim an amount transferred to the Bank of Canada, please refer the client to Client Service Centre. Do not refer the client directly to the Bank of Canada.
10. Refusal to open an account
Under the Access to Basic Banking Services Regulations, the Bank must open a deposit account for any individual who requests it, upon presentation of pieces of identification.
In some cases, the Regulations make provisions for exceptions that would allow the Bank to refuse to open a deposit account for a client.
The main obligations that the Bank must display and make available to its clients in every branch as well as on its website, the “Access to Basic Banking Services” leaflet stipulating:
- The conditions that must be met to open a deposit account;
- In the event that the Bank refuses to open an account, the individual must be given a notice indicating that the Bank refuses to open the account, including a statement indicating that the individual may contact the Financial Consumer Agency of Canada if he has a complaint, including contact information for the Agency.
11.Complaint Settlement Process for the clients
The Bank is committed to offering outstanding service to its business partners and its clients. The client’s needs and our relationship with them are very important to us. Our clients’ satisfaction is our goal.
We provide a simple and efficient complaint settlement process. The guide “For Better Banking Relations with You” is available to the clients and describes the complaint settlement process. The process is also given to the client when granting a product or service.
The simple complaint settlement process and the presence of the National Bank Ombudsman for clients are concrete proof of our commitment to client satisfaction.
12. Insurance Business
The Insurance Business Regulations prevent banks from promoting and selling non-authorized insurance products on their websites and in branches. According to the Regulations, none of the web pages on the www.nbc.ca website may, directly or via another web page:
- Feature banners promoting non-authorized insurance products;
- Promote non-authorized insurance products; or
- Contain links that provide direct or indirect access to a page on another website, such as that of an insurer or insurance company, which promotes non-authorized insurance products for banks.
13. Consumer Loan Insurance–Distribution Guide (Quebec only) and Summaries (Outside Quebec and Quebec)
For Quebec
A copy of the Distribution Guide must be given to all new clients who purchase loan insurance.
It explains our loan insurance products, definitions, clauses and exclusions in clear and straightforward language.
For all provinces
According to the Negative Option Billing Regulations, a Summary of the specific financing product chosen must be provided to the client by the advisor along with the loan insurance certificate.
14. Commercial Banking: Identification of Clients when Opening a Product (ICOP)
ICOP Background
ICOP has been established in 2009 by the sector of the corporate Compliance to conform to the regulations of Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) for the Commercial Banking. ICOP contains the following information:
- The Legal entity
- The related persons
- The accounts of the legal entity
ICOP also integrates the necessary elements needed to meet tax regulations like FATCA and CRS (please see section 22).
Today, the application is used by all business unit of the Bank, including Partnership, and answers needs beyond the respect for the various regulations. The quality of information entered in the application allows ICOP:
- To identify adequately our clients and their authorized representatives;
- To reduce delays caused by non-compliant inputs;
- To accelerate the processing of the requests of new products with up to date information in the application;
- To serve our customers more effective way.
Protection of personal information and information regarding entities
15. Protection of Personal Information and Information regarding Entities
Corporate Policy – Protection of Personal Information and Information Regarding Entities
The information covered by this policy is of two types:
- The first category is personal information. "Personal information" means any information about an individual, which, alone or in conjunction with other information, allows the individual to be identified. An individual is defined as "any natural person, whether a client, an employee or a third party, for example, an agent, the authorized representative of an entity or a prospective client.
- The second type of information is information regarding entities. "Information regarding entities" means any information regarding an entity that is usually non-public. An entity is defined as "anything that is not a natural person, including bodies corporate (e.g., companies or corporations), trusts, partnerships, funds, unincorporated organizations or associations or government organizations."
Collection, Use and Disclosure of Personal and Entity Information and the Client's Consent
Any individual (namely client or employee) and any entity whose information is collected by the Bank must agree to the collection of this information and its resulting use and disclosure. In practice, the Bank obtains two types of consent:
- To provide the service; and
- To carry out solicitation based on the personal information collected (N.B.: Make a link with the Solicitation section in this document).
Solicitation
- An individual or entity consents to having personal or entity information used for solicitation when opening an account. At any time during the business relationship, an individual (but not an entity) may withdraw consent for solicitation, and this refusal must be recorded in the individual's file.
Social Insurance Number (“SIN”)
The Bank is required to obtain the SIN of any individual opening, for personal purposes, an account that will generate income or will be used for an employment relationship. In this case, the SIN is required to issue information slips for tax purposes. Unless the account is a brokerage account or a registered account, the Bank cannot not refuse the opening of non-income generating accounts if an individual chooses not to disclose his/her SIN.
The Bank may use the SIN for matching purposes as long as the person concerned has not withdrawn his consent to this use.
In the event that consent is withdrawn, the Bank must cease using the SIN of its clients and employees to quickly access their files.
If the SIN is not required for tax purposes, withdrawal of consent will imply that the SIN may no longer be used for any purposes.
Disclosure of Information to Third Parties for Processing
As part of its activities, the Bank discloses confidential information to third parties for processing purposes. The Bank remains liable at all times for maintaining the confidentiality of such information, whether it is retained or processed inside or outside the country.
Request by a Person or Entity to Obtain Access
All individuals (clients or employees) or entities are entitled to access the personal or entity information that the Bank has concerning them. The request to obtain access must be made in writing. The Bank must meet this request in 30 calendar days, failing to respect that delay, the Bank will be deemed to have refused the request to access the personal or entity information has concerning them.
Information Security
The Bank’s business is based on trust and is heavily reliant on the information that it has, whether that information is produced by the bank or entrusted to the Bank by its clients or business partners. Information is an essential commodity. The purpose of information security is to protect this information from a wide range of evolving threats, including theft, fraud, unauthorized use, consultation and modification, accidents and negligence. Information security is achieved through the application of a set of controls such as policies, standards, processes, procedures and technical measures.
Moreover, in today's environment of heightened risks and corporate scrutiny, staying competitive requires effective, enterprise‑wide information security governance that addresses all requirements necessary to keep information assets secure and ensure that clients feel protected at all times.
Breach of confidentiality
A breach of confidentiality occurs when confidential information (e.g., regarding a client, partner, employee or the Bank itself) is disclosed without authorization, lost or accessed without authorization further to compromised security measures, the fact that such measures were not implemented or failure to comply with procedures. It is important to report to an event to our offices as quickly as possible.
To address these situations, the Bank has implemented a process for managing breaches of confidentiality. This process is intended to ensure that:
- The event resulting in the breach of confidentiality ceases as soon as possible;
- The impact on the individuals and entities concerned and the Bank's reputation are minimized;
- The risk of a similar event occurring in future is eliminated or minimized;
- The Privacy Commissioner of Canada or other authority is informed, as applicable.
When carrying out any solicitation based on the personal information collected, the Bank makes sure that clients' refusal to give their consent is respected by excluding individuals not wishing to be solicited from solicitation lists.
Retention and destruction
Confidential information, in all its forms (paper, electronic, on portable equipment, etc.) must be retained only for the time required to achieve the purposes for which it was collected or created.
The Bank has therefore established guidelines on the retention period for the various types of confidential information that it uses. These retention periods allow the Bank to retain the information for enough time to make a decision and for individuals or entities to have access to their information, if applicable.
After the retention period, the Bank must destroy the confidential information by following the destruction procedures established by the Bank, which specifies strict security measures ensuring a confidential destruction process.
Information Security
16.Information Security Incident Management
“Information security incident” refers to any operational risk event (stemming from a technological issue or other) that compromises the confidentiality, integrity or availability of an information resource, may result in financial losses, harm the Bank’s reputation or expose it to regulatory or legal non-compliance.
There are several categories of information security incidents, specifically:
- Virus, worm, Trojan horse
- Vulnerability identified (not yet exploited)
- Fraud
- Breach of confidentiality
- Compromised data integrity
- Phishing
- Loss or theft of equipment containing information (laptop, Smartphone, USB key)
- Cyber attack (denial of service)
- Non-compliance
All employees and officers are responsible for:
- Adequately safeguarding confidential information;
- security incident without taking any initiative regarding the investigation.
Information security incidents must be reported as soon as possible. Security incidents must be reported to our offices.
Anti-money Laundering
17. Policy with Respect to Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)
The methods and techniques used by criminal organizations to launder money and finance terrorist activities have continued to become more sophisticated. Financial institutions, like other members of the financial community, are increasingly being targeted by criminals or terrorists wishing to give an appearance of legitimacy to their activities.
For a number of years now, Canada has joined other industrialized nations in the worldwide fight against this scourge by passing anti-money laundering and terrorist financing (AMLTF) laws and regulations.
The federal government, provincial governments, regulatory authorities and international bodies are increasing and strengthening the anti-money laundering and anti-terrorist laws, regulations and guidelines that they are adopting. The Bank, wishing not only to comply with legal and regulatory requirements but also to play an active role in this fight, continues to implement measures to discourage money laundering and terrorist financing.
The Bank cannot act effectively in this area without the direct involvement of its employees and representatives, because you are the ones best placed to identify situations at risk for MLTF, including transactions or attempts at transactions.
By systematically applying the internal standards and procedures designed for this purpose when doing business with the Bank, you help uphold the integrity and reputation of the Bank. You also collectively help to ensure market stability and maintain our quality of life by limiting the hold that criminals have on our society.
You are responsible to follow the training program or policy proposed by your distributor. The Distributor undertakes or represents one of the following:
- It shall train, or has trained, its Representatives in accordance with its own training program or policy in respect of anti-money laundering and client identification requirements as required under the Act.
OR
- It shall train its representatives, in accordance with national Bank’s training program in respect of anti-money laundering and client identification requirement as required under the Act.
Due Diligence:
Due diligence consists of collecting and documenting information on the client and the financial product or service, as well as checking and analyzing this information. The care taken documenting a client file and the care and vigilance exercised by the employee when analyzing the information are crucial to acquiring enough knowledge of the client.
Enhanced Due Diligence:
Enhanced due diligence consists of collecting and documenting additional information on the client in order to clear up any inconsistencies or doubts detected during the due diligence. It is also used to respond to an MLTF risk factor and clarify and develop certain aspects of the client profile.
18. "Know Your Client"
"Know Your Client" is a rule that serves as the foundation of the business relationship with a client and as an anti PCMLTF engine.
The “Know your client” rule involves making certain checks about clients and collecting and documenting information on them in order to clearly understand their personal and financial situation and meet their needs. For PCMLTF purposes, it includes all the actions needed to be taken to assess the potential risk that a client doing business with National Bank is engaging in activities associated with PCMLTF.
19. Identification of Each Individual and Entities
The “Proceeds of Crime (Money Laundering) and Terrorist Financing Act” (the Act) requires financial institutions to identify all individuals and entities who is doing business with the Bank (e.g., applicants, co-applicants or any Other person authorized to act, such as an attorney, executor of an estate, trustee, guardian, curator, etc.), if that individual or entity has not previously been identified in accordance with the applicable standards.
In the presence of the individual to be identified
In order to establish the identity of an applicant, the Advisor must obtain the originals of one piece of photo identification from the person to be identified when dealing with a particular client. In the case of an authorized representative of an entity, only one document must also be documented. Identity documents must be described in the appropriate section of the credit application.
The identity documents used to identify the applicants must be originals, with photographs, and the issuer is a government and must be valid, in force, in good condition, legible and in a language that you understand. A photocopy or carbon are not accepted.
Eligible identity documents
To be eligible, the identity document must be:
- Original
- Valid
- Not expired
- Issued by a federal, provincial or territorial government
The document must also include the following information:
- Client full name
- Client Photo
- Unique identification number
- Expiry date
Examples of eligible identity documents with photo |
||
|
|
|
For individuals who live outside Canada, an identity document with a photo from foreign country may be accepted, If this document is equivalent to the Canadian identity documents listed previously.
Eligible indentity documents (dual Method)
If the client does not have an identity document with photo, the double process qualifies as an eligible identification method with two documents from two different, independent and reliable sources. The documents must allow you to validate two of the three combinations:
- The client’s name and date of birth
- The client’s name and address
- The client’s name and confirmation of a bank account
Examples of documents eligible for the double process (Personal banking only) | ||
Document with name and address | Document with name and date of birth | Document for a financial account |
|
|
|
20. Third-Party Determination
It is required to determine if the requested product is to be on behalf of a person other than the applicants. When it is the case, it must be indicated in the proper section of the credit application and "Third party information appendix" must be completed and signed. This information is meant to allow the Bank, in accordance with the law, to determine if the Applicants open the account for their own financial activities or the financial activities of instructions from another person or entity.
21. Reporting Unusual or attempted Unusual Transactions
The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the Act) requires reporting of suspicious transactions by the individuals and entities. A suspicious transaction is one for which there are reasonable grounds to suspect that the transaction is related to a money laundering offence or a terrorist activity financing offence. A suspicious transaction can include one that was attempted and a suspicious transaction report must be sent to FINTRAC within 30 days.
22. The Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standard (CRS)
Canadian financial institutions are required to report information concerning this tax regulations directly to the Canada Revenue Agency (CRA), which ensures that the collection and use of the information is consistent with Canadian Privacy Act. In addition, information exchanged between the CRA and IRS is protected by the provisions of the Canada-U.S. Tax Convention or other tax agreements with other countries.
The Foreign Account Tax Compliance Act (FATCA) is originally a U.S. tax legislation intended to counter tax evasion by U.S. Persons who hold accounts outside the United States.
On February 5, 2014, Canada and the United States signed an intergovernmental agreement (IGA) under the Convention between the United States and Canada aimed at improving tax information exchange and integrating the provisions of FATCA to the Canadian legislative framework.
Under the provisions of the Canadian Income Tax Act, effective since July 1st, 2014, Canadian financial institutions are required to identify Financial Accounts held by U.S. Persons and annually report information on those accounts to the CRA. Since July 1st, 2017, some similar requirements are in place under CRS regulation.
23. Financial Abuse of seniors
Financial abuse is perpetrated by someone close to the client, whereby the abuser misuses the client's assets (withdrawal, transfer, appointing himself power of attorney, adding himself as a joint accountholder, granting financing, collateral or investment). Such transactions usually appear legitimate but are initiated by a client being pressured by an abuser who is trying to take financial advantage of him.
If a client is the victim of financial abuse:
- Determine whether the transaction is in the interest of the client
- Take the appropriate measures when the transaction does not appear to be in the interest of the client
- Report to our offices case of financial abuse
24. Increase in down payments on homes of $500,000 and more
Since February 15, 2016, the minimum down payment for new financing applications had increased from 5% to 10% for the portion of the purchase price over $500,000. The 5% minimum down payment stayed unchanged for properties with a purchase price of $500,000 or less.
Need help?
We constantly strive to provide you with personalized advice so that you can meet the needs of your clients.
1-800-901-0172
Monday to Friday
8 a.m. to 8 p.m. ET