To do business with a bank means having to comply with regulations often stricter than the ones that are governing many other sectors of our economy. In the end, National Bank of Canada’s (the “Bank”) compliance with these regulations is in your clients' best interests, even if this implies certain rigidity in our work processes. Rest assured that we are doing our best to simplify the business relationship that unites all of us: the Bank, you and your clients.
Below is some important information to understand regarding our compliance with regulations. If you have any questions, please do not hesitate to contact us at 1‑800‑901‑0172.
Information on this page is intended for consultants and advisors only and must not be communicated to clients. The information is general in nature and is intended for informational purposes only. It is not meant to provide legal advices. The information provided is accurate to the best of our knowledge as of the date of 2018‑08‑16. The information contained on this page prevails on all existing versions of the Regulatory Guide (electronic or paper).
1. Canada Deposit Insurance Corporation (CDIC)
Canada Deposit Insurance Corporation (CDIC) is a federal Crown corporation created in 1967 to protect certain types of deposits up to $100 000, should a member financial institution go bankrupt.
National Bank of Canada is a member of the CIDC. Covered deposits comprise insurable deposits issued by National Bank. For further information concerning CDIC, please call 1‑800‑461‑CDIC (2342) or visit www.cdic.ca.
2. Canada’s Anti-Spam Legislation (CASL)
Since July 1, 2014, the Anti-Spam Legislation (CASL) regulates the sending of Commercial Electronic Messages (CEMs) including promotional messages and newsletters that solicit engagement in commercial activity. Not respecting the Anti-Spam Law poses serious risks for the Bank: risks of non-compliance, financial risks, and reputational risks. Sanctions are in place for cases of non-compliance that can go up to $1M per violation for individuals, and $10M per violation for the Bank and its subsidiaries.
To be CASL-compliant, electronic messages to a client must contain a compliant signature that clearly identifies the entity who sent the message and an unsubscribe link that allows recipients to withdraw their consent to receive electronic messages from the sender.
Before sending an electronic message to a client, covered by CASL, the bank employees are required to check whether the recipient has consented to receiving such messages at the e-mail address in question.
CASL does not apply to electronic communications between business partners, in their professional capacity, and National Bank of Canada.
3. Cost of Borrowing Regulation: Disclosure Options Offered to Clients
Under the Cost of Borrowing Regulations, co-borrowers are entitled to receive all regulatory information, including statements for all credit accounts (not applicable to bank accounts).
Should a co-borrower wish to receive regulatory information, the following would be sent:
Two types of disclosures are available for the applicants:
Once the choice is made, it is always possible to request changes by contacting the Client Service Centre.
4. Cost of Borrowing Disclosure Statement under Section 450 of the Bank Act
The Bank is required to provide the applicant with the Cost of Borrowing Disclosure Statement under Section 450 of the Bank Act:
This statement ensures the applicant is aware of all the costs related to the credit prior to entering into the credit agreement contained in the Credit Application.
To comply with this regulation, an information box (pertaining to the product selected) is included in the statement of disclosure given to clients to ensure that all the information pertaining to the credit are indicated to all borrowers when the cost of borrowing is disclosed.
The applicant is not required to sign the Cost of Borrowing Disclosure Statement, nor is the Bank to receive a completed copy for their files. However, the Bank shall keep a copy in its files when sending the document to the client. It is only mandatory for the applicants to retain the statement with their copy of the application and all other related documents.
This regulation applies to all credit products including credit cards.
Delivery of the initial Cost of Borrowing Disclosure Statement for Mortgage Loans (Statement of disclosure 48 Hours for mortgage loans)
Whenever the Bank grants a mortgage loan, it must give the client a copy of the Cost of Borrowing Disclosure Statement at least two clear business days before the client’s meeting with the legal professional (lawyer or notary) to sign the credit agreement. The following do not count as clear business days:
5. Commitment to Provide Information on Mortgage Security
At the request of the Federal Finance Minister, since September 1, 2014, Canadian banks must provide information on the types of mortgage security available in Canada.
Under this commitment, the Bank is required to provide general information on the different types of mortgages on its website, branches/points of service and on request, and specific information at or before entering into the mortgage loan agreement.
Two brochures are available for clients upon request:
6. Mortgage Loan Indemnities
On September4, 2012, Federal Finance Minister Jim Flaherty announced the implementation of a Code of Conduct for federally regulated financial institutions on Mortgage Prepayment Information. Some elements of the Code came into force in September 2012 while others came into force March 4, 2013 as the information provided when the borrower is paying a prepayment charge.
In order to comply with this Code of Conduct, the Bank is implementing measures intended to provide clear information and avoid the misleading of clients regarding the indemnities involved when prepaying a mortgage loan.
The Bank must also provide information on the methods available to clients to accelerate repayment of their mortgage without incurring a penalty. The code of conduct is regulatory measures to ensure that financial institutions clearly inform consumers and make them aware of the charges arising from prepaying their mortgage and to help them better appreciate the consequences.
The purpose of an indemnity is to compensate the Bank for any loss in revenue that may be caused by a pre-matured payout or change in conditions; the client agrees to a certain term, interest rate and loan amount, in any situation where one or all of these conditions are decreased, the Bank incurs a loss. Most financial institutions apply similar methods to calculate the indemnity amounts, these being the 3 months interest or the rate differential, depending on certain conditions.
The following tools are available for the clients:
7. Guideline B-20 – Residential Mortgage Underwriting Practices and Procedures
As part of the requirements from the Office of the Superintendent of Financial Institutions (OSFI) to ensure borrower capacity to service debt obligations on a timely basis, the Bank has implemented automatic control of the mortgage lending ratios allowed for revolving credit.
Summary of the Guideline B-20:
8. Access to funds
The Bank is required by the Access to Funds Regulations to limit the hold on funds deposited by retail clients and eligible enterprises. This hold period can vary depending on the amount of the instrument and whether the deposit is made in person with an employee at one of the Bank’s branches or points of services or in any other manner.
The Bank must also allow the client to withdraw the first $100 of all funds deposited by cheque or other instrument to a retail deposit account:
In addition to complying with the above requirements, the Bank must, via its employees:
9. Dormant Account
An account becomes dormant if no transactions have been carried out for a year. This account may no longer be used by the client and it must be reactivated by contacting the Client Service Centre.
10. Refusal to open an account
Under the Access to Basic Banking Services Regulations, the Bank must open a deposit account for any individual who requests it, upon presentation of pieces of identification.
In some cases, the Regulations make provisions for exceptions that would allow the Bank to refuse to open a deposit account for a client.
The main obligations that the Bank must display and make available to its clients in every branch as well as on its website, the “Access to Basic Banking Services” leaflet stipulating:
11.Complaint Settlement Process for the clients
The Bank is committed to offering outstanding service to its business partners and its clients. The client’s needs and our relationship with them are very important to us. Our clients’ satisfaction is our goal.
We provide a simple and efficient complaint settlement process. The guide “For Better Banking Relations with You” is available to the clients and describes the complaint settlement process. The process is also given to the client when granting a product or service.
The simple complaint settlement process and the presence of the National Bank Ombudsman for clients are concrete proof of our commitment to client satisfaction.
12. Insurance Business
The Insurance Business Regulations prevent banks from promoting and selling non-authorized insurance products on their websites and in branches. According to the Regulations, none of the web pages on the www.nbc.ca website may, directly or via another web page:
13. Consumer Loan Insurance–Distribution Guide (Quebec only) and Summaries (Outside Quebec and Quebec)
A copy of the Distribution Guide must be given to all new clients who purchase loan insurance.
It explains our loan insurance products, definitions, clauses and exclusions in clear and straightforward language.
For all provinces
According to the Negative Option Billing Regulations, a Summary of the specific financing product chosen must be provided to the client by the advisor along with the loan insurance certificate.
14. Commercial Banking: Identification of Clients when Opening a Product (ICOP)
ICOP has been established in 2009 by the sector of the corporate Compliance to conform to the regulations of Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) for the Commercial Banking. ICOP contains the following information:
ICOP also integrates the necessary elements needed to meet tax regulations like FATCA and CRS (please see section 22).
Today, the application is used by all business unit of the Bank, including Partnership, and answers needs beyond the respect for the various regulations. The quality of information entered in the application allows ICOP:
Protection of personal information and information regarding entities
15. Protection of Personal Information and Information regarding Entities
Corporate Policy – Protection of Personal Information and Information Regarding Entities
The information covered by this policy is of two types:
Collection, Use and Disclosure of Personal and Entity Information and the Client's Consent
Any individual (namely client or employee) and any entity whose information is collected by the Bank must agree to the collection of this information and its resulting use and disclosure. In practice, the Bank obtains two types of consent:
Social Insurance Number (“SIN”)
The Bank is required to obtain the SIN of any individual opening, for personal purposes, an account that will generate income or will be used for an employment relationship. In this case, the SIN is required to issue information slips for tax purposes. Unless the account is a brokerage account or a registered account, the Bank cannot not refuse the opening of non-income generating accounts if an individual chooses not to disclose his/her SIN.
The Bank may use the SIN for matching purposes as long as the person concerned has not withdrawn his consent to this use.
In the event that consent is withdrawn, the Bank must cease using the SIN of its clients and employees to quickly access their files.
If the SIN is not required for tax purposes, withdrawal of consent will imply that the SIN may no longer be used for any purposes.
Disclosure of Information to Third Parties for Processing
As part of its activities, the Bank discloses confidential information to third parties for processing purposes. The Bank remains liable at all times for maintaining the confidentiality of such information, whether it is retained or processed inside or outside the country.
Request by a Person or Entity to Obtain Access
All individuals (clients or employees) or entities are entitled to access the personal or entity information that the Bank has concerning them. The request to obtain access must be made in writing. The Bank must meet this request in 30 calendar days, failing to respect that delay, the Bank will be deemed to have refused the request to access the personal or entity information has concerning them.
The Bank’s business is based on trust and is heavily reliant on the information that it has, whether that information is produced by the bank or entrusted to the Bank by its clients or business partners. Information is an essential commodity. The purpose of information security is to protect this information from a wide range of evolving threats, including theft, fraud, unauthorized use, consultation and modification, accidents and negligence. Information security is achieved through the application of a set of controls such as policies, standards, processes, procedures and technical measures.
Moreover, in today's environment of heightened risks and corporate scrutiny, staying competitive requires effective, enterprise‑wide information security governance that addresses all requirements necessary to keep information assets secure and ensure that clients feel protected at all times.
Breach of confidentiality
A breach of confidentiality occurs when confidential information (e.g., regarding a client, partner, employee or the Bank itself) is disclosed without authorization, lost or accessed without authorization further to compromised security measures, the fact that such measures were not implemented or failure to comply with procedures. It is important to report to an event to our offices as quickly as possible.
To address these situations, the Bank has implemented a process for managing breaches of confidentiality. This process is intended to ensure that:
When carrying out any solicitation based on the personal information collected, the Bank makes sure that clients' refusal to give their consent is respected by excluding individuals not wishing to be solicited from solicitation lists.
Retention and destruction
Confidential information, in all its forms (paper, electronic, on portable equipment, etc.) must be retained only for the time required to achieve the purposes for which it was collected or created.
The Bank has therefore established guidelines on the retention period for the various types of confidential information that it uses. These retention periods allow the Bank to retain the information for enough time to make a decision and for individuals or entities to have access to their information, if applicable.
After the retention period, the Bank must destroy the confidential information by following the destruction procedures established by the Bank, which specifies strict security measures ensuring a confidential destruction process.
16.Information Security Incident Management
“Information security incident” refers to any operational risk event (stemming from a technological issue or other) that compromises the confidentiality, integrity or availability of an information resource, may result in financial losses, harm the Bank’s reputation or expose it to regulatory or legal non-compliance.
There are several categories of information security incidents, specifically:
All employees and officers are responsible for:
Information security incidents must be reported as soon as possible. Security incidents must be reported to our offices.
17. Policy with Respect to Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)
The methods and techniques used by criminal organizations to launder money and finance terrorist activities have continued to become more sophisticated. Financial institutions, like other members of the financial community, are increasingly being targeted by criminals or terrorists wishing to give an appearance of legitimacy to their activities.
For a number of years now, Canada has joined other industrialized nations in the worldwide fight against this scourge by passing anti-money laundering and terrorist financing (AMLTF) laws and regulations.
The federal government, provincial governments, regulatory authorities and international bodies are increasing and strengthening the anti-money laundering and anti-terrorist laws, regulations and guidelines that they are adopting. The Bank, wishing not only to comply with legal and regulatory requirements but also to play an active role in this fight, continues to implement measures to discourage money laundering and terrorist financing.
The Bank cannot act effectively in this area without the direct involvement of its employees and representatives, because you are the ones best placed to identify situations at risk for MLTF, including transactions or attempts at transactions.
By systematically applying the internal standards and procedures designed for this purpose when doing business with the Bank, you help uphold the integrity and reputation of the Bank. You also collectively help to ensure market stability and maintain our quality of life by limiting the hold that criminals have on our society.
You are responsible to follow the training program or policy proposed by your distributor. The Distributor undertakes or represents one of the following:
Due diligence consists of collecting and documenting information on the client and the financial product or service, as well as checking and analyzing this information. The care taken documenting a client file and the care and vigilance exercised by the employee when analyzing the information are crucial to acquiring enough knowledge of the client.
Enhanced Due Diligence:
Enhanced due diligence consists of collecting and documenting additional information on the client in order to clear up any inconsistencies or doubts detected during the due diligence. It is also used to respond to an MLTF risk factor and clarify and develop certain aspects of the client profile.
18. "Know Your Client"
"Know Your Client" is a rule that serves as the foundation of the business relationship with a client and as an anti PCMLTF engine.
The “Know your client” rule involves making certain checks about clients and collecting and documenting information on them in order to clearly understand their personal and financial situation and meet their needs. For PCMLTF purposes, it includes all the actions needed to be taken to assess the potential risk that a client doing business with National Bank is engaging in activities associated with PCMLTF.
19. Identification of Each Individual and Entities
The “Proceeds of Crime (Money Laundering) and Terrorist Financing Act” (the Act) requires financial institutions to identify all individuals and entities who is doing business with the Bank (e.g., applicants, co-applicants or any Other person authorized to act, such as an attorney, executor of an estate, trustee, guardian, curator, etc.), if that individual or entity has not previously been identified in accordance with the applicable standards.
In the presence of the individual to be identified
In order to establish the identity of an applicant, the Advisor must obtain the originals of one piece of photo identification from the person to be identified when dealing with a particular client. In the case of an authorized representative of an entity, only one document must also be documented. Identity documents must be described in the appropriate section of the credit application.
The identity documents used to identify the applicants must be originals, with photographs, and the issuer is a government and must be valid, in force, in good condition, legible and in a language that you understand. A photocopy or carbon are not accepted.
Eligible identity documents
To be eligible, the identity document must be:
The document must also include the following information:
|Examples of eligible identity documents with photo
For individuals who live outside Canada, an identity document with a photo from foreign country may be accepted, If this document is equivalent to the Canadian identity documents listed previously.
Eligible indentity documents (dual Method)
If the client does not have an identity document with photo, the double process qualifies as an eligible identification method with two documents from two different, independent and reliable sources. The documents must allow you to validate two of the three combinations:
|Examples of documents eligible for the double process (Personal banking only)|
|Document with name and address||Document with name and date of birth||Document for a financial account|
20. Third-Party Determination
It is required to determine if the requested product is to be on behalf of a person other than the applicants. When it is the case, it must be indicated in the proper section of the credit application and "Third party information appendix" must be completed and signed. This information is meant to allow the Bank, in accordance with the law, to determine if the Applicants open the account for their own financial activities or the financial activities of instructions from another person or entity.
21. Reporting Unusual or attempted Unusual Transactions
The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the Act) requires reporting of suspicious transactions by the individuals and entities. A suspicious transaction is one for which there are reasonable grounds to suspect that the transaction is related to a money laundering offence or a terrorist activity financing offence. A suspicious transaction can include one that was attempted and a suspicious transaction report must be sent to FINTRAC within 30 days.
22. The Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standard (CRS)
Canadian financial institutions are required to report information concerning this tax regulations directly to the Canada Revenue Agency (CRA), which ensures that the collection and use of the information is consistent with Canadian Privacy Act. In addition, information exchanged between the CRA and IRS is protected by the provisions of the Canada-U.S. Tax Convention or other tax agreements with other countries.
The Foreign Account Tax Compliance Act (FATCA) is originally a U.S. tax legislation intended to counter tax evasion by U.S. Persons who hold accounts outside the United States.
On February 5, 2014, Canada and the United States signed an intergovernmental agreement (IGA) under the Convention between the United States and Canada aimed at improving tax information exchange and integrating the provisions of FATCA to the Canadian legislative framework.
Under the provisions of the Canadian Income Tax Act, effective since July 1st, 2014, Canadian financial institutions are required to identify Financial Accounts held by U.S. Persons and annually report information on those accounts to the CRA. Since July 1st, 2017, some similar requirements are in place under CRS regulation.
23. Financial Abuse of seniors
Financial abuse is perpetrated by someone close to the client, whereby the abuser misuses the client's assets (withdrawal, transfer, appointing himself power of attorney, adding himself as a joint accountholder, granting financing, collateral or investment). Such transactions usually appear legitimate but are initiated by a client being pressured by an abuser who is trying to take financial advantage of him.
If a client is the victim of financial abuse:
24. Increase in down payments on homes of $500,000 and more
Since February 15, 2016, the minimum down payment for new financing applications had increased from 5% to 10% for the portion of the purchase price over $500,000. The 5% minimum down payment stayed unchanged for properties with a purchase price of $500,000 or less.