| Project title | Transparency of Beneficial Ownership of Federally Incorporated Companies
Short title: Beneficial Ownership Transparency |
|---|---|
| Target implementation date | January 2024 |
| Sector, directorate | Small Business, Tourism and Marketplace Services (SBTMS) Corporations Canada |
| Lead government institution | The legislative authority that permits the implementation of this initiative is the Canada Business Corporations Act (CBCA). |
| Other government institution | Other government institutions involved include the Canada Revenue Agency (CRA), the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the Royal Canadian Mounted Police (RCMP), and other investigative bodies.
These agencies are involved only insofar as being a receiver of information from ISED, as prescribed by legislation, and are therefore not parties to this PIA, which is not multi-institutional. |
| Name and contact information of senior responsible official sponsoring this PIA | Etienne-René Massie, Associate Assistant Deputy Minister, Small Business and Marketplace Services (Small Business Branch) 613-608-5086 |
| Legal authority for the program | The legislative authorities that permit reviews of potential foreign investment in Canada are:
|
| Personal Information Bank (PIB) relating to this program | A new PIB is being proposed in respect of this activity, as follows:
The newly proposed PIB is detailed at Section VII (Supplementary Documents and Information) of this PIA. |
| Name and contact information of project officers and relevant contacts |
For Corporations Canada: For the ATIP Services Branch: |
| ATIP Services File Number | PIA-2022-00010 |
| ISED Delegate for Section 10 of the Privacy Act |
Chris Parsons, Director, ATIP Services chris.parsons@ised-isde.gc.ca 343-291-2997 |
Project description
In Budget 2022, the Government committed to implement, by the end of 2023, a public and searchable registry of beneficial owners of federal corporations. Beneficial owners are the natural persons who, through direct or indirect means, have ultimate ownership or exercise control over a corporation. These are distinct from legal owners, who can be either a natural person or another legal person (such as another corporation or trust). The federal government's decision to build a beneficial ownership registry arises from heightened international pressure to combat tax evasion, money laundering and terrorist financing in Canada as well as the federal, provincial and territorial governments' commitments to take measures to reduce the use of Canadian corporations as vehicles for illegal activity. Illicit actors use a variety of means to attempt to obscure their beneficial ownership information, including through the use of shell companies, complex ownership structures, and other legal arrangements.
ISED is tasked with implementing this initiative. The goal is to provide greater access to information about who owns and controls Canadian businesses. Information on the true owners of companies is an essential part of a well-functioning economy and society. This information, known as beneficial ownership transparency, helps to deter the misuse of business corporations, helps domestic and foreign law enforcement agencies investigate fraudulent activities like money laundering and tax evasion, protects consumers, reduces investment risk and improves national and global governance.
A first set of amendments to the CBCA (via Budget Implementation Act, 2022, No. 1 – Division 30, sections 430-435) received Royal Assent on 23 June 2022. These amendments require federally incorporated companies to send information about their beneficial owners (defined in the CBCA as 'individuals with significant control' or 'ISCs') to Corporations Canada. These amendments also enable Corporations Canada to provide all or part of the information it receives about ISCs to an investigative body, FINTRAC or other prescribed entities.
A second set of amendments to the CBCA (via Bill C-42) set out additional requirements, including the information about ISCs that will be made available to the public and enabling Corporations Canada to provide all or part of the information it receives about ISCs to a provincial corporate registry or a provincial government department or agency that is responsible for corporate law in the relevant jurisdiction.
Both sets of amendments to the CBCA are expected to come into force on order in council in January 2024.
Section II – Risk area identification and categorization
The TBS requires that core PIAs include a completed risk identification and categorization section as outlined below. To have consistent risk categories and risk measurement across government institutions, standardized risk areas (itemized below) and a common risk scale are used as the basis for risk analysis.
The numbered risk scale is presented in an ascending order: the first level (1) represents the lowest level of potential risk for the given risk area; the fourth level (4) represents the highest level of potential risk for the given risk area.
| Risk scale | |
|---|---|
| Program or activity that does not involve a decision about an identifiable individual | 1 |
| Administration of program or activity and services | 2 |
| Compliance or regulatory investigations and enforcement | 3 |
| Criminal investigation and enforcement or national security | 4 |
|
Considerations: Private federally incorporated companies created under the CBCA already keep a register of individuals with significant control as part of their internal, corporate records. An individual with significant control (ISC) is someone who owns or controls a corporation; for example, an individual who owns 25% or more of the voting shares. The CBCA uses the legal term 'individual with significant control' and does not use the more generic term 'beneficial owner'. This PIA will therefore use 'individual with significant control' (ISC) hereafter. Pursuant to amendments to the CBCA that provide the legal authority for this initiative, Corporations Canada will implement the following new collection and disclosure requirements:
These new collection and disclosure requirements will provide greater access to information about who owns and controls Canadian businesses and help the Government meet its commitment in Budget 2022 to implement, by the end of 2023, a public and searchable registry of ISCs of federally incorporated companies. |
|
| Risk scale | |
|---|---|
| Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program. | 1 |
| Personal information, with no contextual sensitivities after the time of collection, provided by the individual with consent to also use personal information held by another source. | 2 |
| Social Insurance Number, medical, financial or other sensitive personal information or the context surrounding the personal information is sensitive; personal information of minors or of legally incompetent individuals or involving a representative acting on behalf of the individual. | 3 |
| Sensitive personal information, including detailed profiles, allegations or suspicions and bodily samples, or the context surrounding the personal information is particularly sensitive. | 4 |
|
Considerations: Private federally incorporated companies must send the following information about each ISC (ISC Information) to Corporations Canada (which may be provided by an authorized third-party):
Each ISC Information element is required to help correctly identify who owns and controls Canadian businesses. However, to safeguard privacy interests, only the ISC Information necessary to achieve the objective of beneficial ownership transparency is available to the public. Therefore, the following ISC Information will not be made available to the public: In respect of all ISCs:
In respect of vulnerable ISCs:
|
|
| Risk scale | |
|---|---|
| Within the institution (among one or more programs within the same institution) | 1 |
| With other government institutions | 2 |
| With other institutions or a combination of federal, provincial or territorial, and municipal governments | 3 |
| Private sector organizations, international organizations or foreign governments | 4 |
|
Considerations: Disclosure to law enforcement agencies: Corporations Canada possesses the authority to provide all or part of the ISC Information it receives to an investigative body, FINTRAC or other prescribed entities. This will help disrupt the opacity on which criminal actors rely for perpetrating financial crime. It will also enable law enforcement to fight and prevent financial crimes using best practices identified by the Financial Action Task Force (FATF), the European Commission, and other international bodies that advocate for ISC transparency. Disclosure to provinces: Corporations Canada possesses the authority to provide all or part of the ISC Information it receives to a provincial corporate registry or a provincial government department or agency that is responsible for corporate law in that jurisdiction. This will enable the Government to fulfill its commitment to make the ISC registry scalable to allow access to ISC data held by provinces and territories that agree to participate in the national registry. It will also assist in verifying and validating ISC Information across jurisdictions. Public disclosure: Public access to ISC Information helps to drive up data quality about who owns, controls, and benefits from companies and their profits. Journalists can use the information to follow money. Consumers and businesses can have increased trust in the integrity of business transactions by knowing with whom they are conducting business. Civil Society Organizations including think tanks, academic institutions and private sector organizations (domestic and international) will use ISC Information for their research, monitoring and reporting of potential cases of fraud, money laundering, tax evasion and other financial crimes. |
|
| Risk scale | |
|---|---|
| One-time program or activity | 1 |
| Short-term program or activity | 2 |
| Long-term program or activity | 3 |
|
Considerations: This is a continuing, long-term activity. |
|
| Risk scale | |
|---|---|
| The program's use of personal information for internal administrative purposes affects certain employees or individuals. | 1 |
| The program's use of personal information for internal administrative purposes affects all employees or individuals. | 2 |
| The program's use of personal information for external administrative purposes affects certain employees or individuals. | 3 |
| The program's use of personal information for external administrative purposes affects all employees or individuals | 4 |
|
Considerations: The disclosure of ISC information may affect the parties to whom the information relates. At a minimum, some ISC information will be in the public domain. In other instances, some ISC information may be used by other government agencies and investigative bodies, in conjunction with other identifying information, to investigate and/or prosecute the individual(s) to whom it relates, or simply to validate details across jurisdictions. |
|
|
In consideration of the facts detailed in this section, the risk level is equated to risk-level 1 (low). |
Yes / No |
|---|---|
|
No |
|
Considerations: N/A |
|
|
Yes |
|
This initiative requires modifying Corporations Canada's existing IT solution, to enable the new collection and disclosure requirements. More specifically, existing online web intake forms will be modified to enable federally incorporated companies to digitally send ISC information to Corporations Canada. Further:
|
|
|
Yes |
|
While automated tools will be used to conduct personal information analysis, personal information matching, and knowledge discovery techniques (such as Government of Canada-approved identity management validations and Canada Post-provided address validations) all results will be scrutinized and analyzed by program officers. |
|
| Risk scale | |
|---|---|
| The personal information is used within a closed system (i.e., no connections to the Internet, Intranet or any other system and the circulation of hardcopy documents is controlled). | 1 |
| The personal information is used in a system that has connections to at least one other system. | 2 |
| The personal information is transferred to a portable device (i.e., USB key, diskette, laptop computer), transferred to a different medium or is printed. | 3 |
| The personal information is transmitted using wireless technologies. | 4 |
|
Considerations: The Corporations Canada IT solution is hosted within ISED's Amazon Web Services (AWS) Cloud Tenant, and has a public interface on the worldwide web. The IT solution and its public interface meet all Government of Canada IT security requirements. |
|
H – Potential risk that in the event of a privacy breach, there will be an impact on an individual or employee.
Considerations:
In the event of a privacy breach, the impact on ISCs (individuals) is low. Most ISC Information is publicly available. Therefore the risk of serious harm or injury to the individual, including identity theft or other related fraud, caused by a security breach is thought to be negligible.
There are no risks to employees of ISED.