- Canada Life updated compliance program templates for privacy and AML, with CE credits available.
- BridgeForce privacy statement & customer consent updated to cover third party service providers.
The material walks you through customizing the updated compliance program templates for your practice. Below are some points to consider as you work through the templates:
Privacy compliance program template
You’ll find this version more helpful than the previous template, as they’ve now provided a sample policy and procedure for each requirement or obligation. These should be customized to reflect your practice and what you actually do to comply with privacy legislation. Also included is a video tutorial to walk you through the template, and CE credits are available as well.
Section 2.0 – Consider the expectations of your MGA here as well and the Code of Conduct, as they relate to notifications in the event of a privacy concern or breach.
Section 3.0 – Your privacy consent must also contain language to cover information shared MGAs and their third-party service providers. Consent language in carrier applications does not extend to MGAs. In the template under ‘Procedure’ you’ll see reference to a Canada Life document; note that BridgeForce has our own form “Advisor Privacy Statement and Customer Consent” (French version) which includes consent for CASL. If you use a different privacy statement, please ensure wording similar to the BridgeForce template is included, to cover the consent requirement for the MGA and their service providers. Refer to page 4 of the BridgeForce Code of Conduct to understand our expectations and privacy obligations.
AML compliance program template
These sample policies and procedures should reflect your practice and what you actually do to comply with the legislation, so make any adjustments necessary. Although not mentioned, there is a new requirement to take reasonable measures to meet your AML obligations, as well as to make specific unsuccessful reasonable measures records. Also included is a video tutorial to walk you through the template, and CE credits are available as well.
Section 2.2 – Under ‘Procedures’ it notes ‘complying with record keeping obligations can be met by completing insurer applications which capture all required information’. We know this is not consistent across all insurer applications, resulting in gaps in your records as well as the MGAs.
You’ll need to:
- Develop a process to ensure you’re meeting the requirements for record keeping and risk assessment even when insurer applications do not request the information. BridgeForce’s AML checklist may be helpful here.
- Record the information for your record keeping obligations in a CRM or similar system unless your policy is to keep copies of the applications in your client files as your record.
Section 2.3 – This chart summarizes the information required for record keeping and risk assessment. Important to note:
- UL and WL policies are at risk for ML and TF. In particular, WL with early cash value growth, for example limited pay Par products and those marketed for their cash value growth or accumulation.
- Annuity refers to immediate or deferred, therefore includes seg funds.
- Only non-registered products pose any significant risk for AML or ATF.
- In 2.3d), note that since most often you don’t know at the outset of a relationship with the client whether there will be two or more transactions requiring you to ascertain ID within 5 years, most carriers ask questions necessary to create the business relationship record on every application. As a sound practice, consider that you have a business relationship with every client, and therefore need to keep a record for every client.
Part D – On-going training can include BridgeForce presentations, Compliance News and attending Compliance Days.
Part F – Program review, in particular #2, effectiveness of policies and procedures. This should include a section where testing of processes occurs, to ensure procedures are being followed. This is particularly important for record keeping obligation and on-going monitoring of high risk cases.