Information Sharing Agreements for accessing RTR

[steveburtch]

Information sharing agreements need to be in place to give access under the following provisions:

1) P2P Beneficial Ownership Registry. If BC wishes to participate in the pan canadian beneficial ownership registry we must ensure that legislation supports data sharing, and an ISA is in place.

From Bill 20:

6) If an applicable information-sharing agreement is in place, a person or entity referred to in section 5 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada) may search and inspect prescribed information in the registrar’s transparency register for prescribed purposes.

7) If an applicable information-sharing agreement is in place, a prescribed person or a person in a prescribed class of persons may search and inspect prescribed information in the registrar’s transparency register for prescribed purposes.

8) If an applicable information-sharing agreement is in place, a corporate registrar (in or out of Canada) may search and inspect the registrar’s transparency register in accordance with that agreement.

• [ ] Check with Policy/legal for updates/regulations relating to this
• [ ] Check with Digital Delivery re: ISA template used for partners
• [ ] Establish approval flow
• [ ] Draft and revise

Related to: https://app.zenhub.com/workspaces/raid--work-space-617c3d4cef313f001d715a7c/issues/gh/bcgov-registries/raid/369 (pan canadian participation, pending digital delivery)

[mstanton1]

Moving back to new as this is not ready to be picked up yet. Finance has extended a question on our ability to share with the federal government for the purpose of them sharing with competent authorities (8). We will need to connect with Finance on other agreements required for (6) and (7).

[mstanton1]

Updates for #1 and #8

• A call took place with Nicholas Eisner (Systemscope) to discuss what information may be shared if BC committed to the P2P Beneficial Ownership registry at a later time. Dani and Dwayne were unable to attend but are being included in communications.
• Policy (Samar) notes she has sent questions to legal counsel for clarification at which time she will set up a meeting to discuss our ability to share data. Note, to share public beneficial ownership data for public consumption or competent authority beneficial ownership data for competent authority consumption may require legislative changes.
• It is possible we may be able to use an ISA as a vessel to allow sharing
• I've brought to policies attention that Digital Delivery handles ISA's for BC. With an existing ISA for MRAS we could likely lean on that with minor changes. Note, Systemscope's design adds additional details into the MRAS messaging

Next Steps

• Samar has set up an Information Sharing meeting for May 15, 2024 which includes digital delivery, policy, Sinead and Sal.

Proposed Data Sharing List

Public Search Significant Individual Information • Full legal name • Birth year • Citizenship or Permanent Residency Related Business Information • Company name • Incorporation number / registration number • Business number • Business status • Registered office location (only city and province) • Date of company creation (e.g incorporation, continuation into BC)

Competent Authority Search Significant Individual Information • Full legal name • Birth date (year, month, date) • Last known address • Control of Votes and Shares (percentage range) • Type(s) of control of shares and or votes – Registered Owner / Beneficial Owner / Indirect Control • Type of control of the right to elect, appoint or remove a majority of the company’s directors – Direct Control, Indirect Control, Significant Influence Control • Determination of Incapacity • Citizenship or permanent residency • Tax residency • Date when control started and ended

Related Business Information • Company name • Incorporation number / registration number • Business number • Business status • Registered office location (only city and province) • Date of company creation (e.g incorporation, continuation into BC)

[mstanton1]

@Apt766525 I've reviewed the ticket previously created by Steve and added information on the progress on review of legislation / ISA needs to support sharing with the Federal Government in their P2P Beneficial Ownership Registry. Can you proceed to look into #6 and #7 from bill 20 above. Steve's comments suggest that ISA's would be needed to share with groups who I believe would be deemed as competent authorities. Do groups mentioned in #6 and #7 fit the description of competent authorities? With the form for director search access is based upon a section of FOIPPA and an applicant explicitly states where their access authority comes from. I notice you've included sections of the Act in Section D of the competent authority form. Can you verify with policy if anything further would be required (i.e. ISA as suggested above). Can you also review Steve's description. Perhaps he isn't referencing competent authorities and there are other ISA's needed?

[Apt766525]

@mstanton1 Will circle back on the above.

[Apt766525]

@mstanton1

• Technically the groups related to the above Act are not competent authorities as legislate, but they do have similar authority.
• The purposes for their search of the RTR and the information provided to them is less than what a competent authority would get, but more than what the public sees.
• These groups would require regulations to inform what information they can receive and why, and they would be subject to an ISA to receive that information.

On the form, there is a “Other” option to gain access to the RTR. These groups would be required to provide either their authority under section 399.5 or 399.51. They would also have to have regulations made for them (399.5) and an ISA before they can access the RTR (399.5 and 399.51).

[mstanton1]

@Apt766525 thank you for the information above. I would like to raise this to policy, and might tackle it outside of the UX/UI meeting. Since we have already engaged them on the ISA for Systemscope (and potential legislative changes) this may fit with that work. You'd noted the information available would be more than public but less than competent authorities. My hope is we could avoid creating a third search option and leverage what is available for competent authorities. Can you provide background on why you'd noted the information they are provided is less than what a competent authority would see?

[Apt766525]

@mstanton1 Referring to the above comment, the policy reason for writing the legislation this way was to “future” proof the RTR for any possible requests for information from any person or entity. The persons or entities referred to in the above noted sections are not necessarily law enforcement, taxing authorities or regulators, so they do not meet the requirements to be competent authorities.

These persons or entities will not necessarily need all the information in the registry either and the policy rational for that is to ensure that information is kept confidential when necessary. For example, not all persons or entities referred to in those sections will require a SIN and as you know this is a highly sensitive piece of information. It is important that we not share information that is not directly relevant to the work of those requesting it.

Not all these persons or entities will receive the SIN, and not all will not receive it. The information they can access from the RTR, and why they can access it, will be spelled out in regulation. So, one entity could get the SIN, full name, and full DOB, but another entity might only get the full name, citizenship, and tax residency, but not the SIN at all.

It will not be known what person or entity will get what information until they provide us with their requested information, and we complete an analysis for the business case of why they should be provided that information and for what purposes.

[Apt766525]

Discussion from the meeting with Policy:

1. Under 399.5 there has to be an information sharing agreement in place and this would allow a subset of information for this group, or could determine they need all of the information. Policy is looking into what these groups might need to determine what we need to have built.
2. Registries flagging concern for cost and timelines with additional requests. If prescribed classes require search use of competent authority search would be significantly easier with preventing another build.
3. Not seen as crucial by policy but updates will be provided.

[mstanton1]

ISA meeting has been rescheduled for June 19th.

[mstanton1]

@Apt766525 in the last ISA meeting information sharing with the Federal Government was discussed and Dwayne Gordon was going to look into our existing MRAS agreement.

Can you follow up on the requirement for an Information Sharing Agreement (ISA) for the groups mentioned in 6 and 7 in the body of this ticket to confirm if an information sharing agreement is needed in addition to the competent authority form for all competent authority types, or, whether the ISA is only needed for for the two sections listed below. If an ISA is needed that should be identified on the form in the spots where it is applicable. It would also be valuable understanding the flow to add to regulations to grant access to groups which is noted in one of your earlier comments. What if we don't know about groups who need access until go-live? How would we get regulations changed at that time and what is the expected timeline?

If an applicable information-sharing agreement is in place, a person or entity referred to in section 5 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada) may search and inspect prescribed information in the registrar’s transparency register for prescribed purposes.

If an applicable information-sharing agreement is in place, a prescribed person or a person in a prescribed class of persons may search and inspect prescribed information in the registrar’s transparency register for prescribed purposes.

[Apt766525]

Have circled back to policy. Waiting for a response.

[Apt766525]

@mstanton1 Circled back with Policy on the above clarifications: Requirement of ISA: ISAs are only required for the two provisions listed above and under section 399.51 which contemplates sharing information with other corporate registrars. Competent authorities are not required to enter into ISAs.

Form Identification: The specific spots or sections where the ISA needs to be indicated is a business decision on the part of the Registries, but it can be noted perhaps in brackets. On the form there is reference to the competent authority sections, and then the option for “Other”. It can be noted here. Suggestion from Policy: For example the form can state “Other (Please note an Information Sharing Agreement may be required) – Applicable Section:…)” Or the Registries may wish to place this in another spot.

Access to unknown groups and timeline: The groups that require ISAs, and to be added by way of regulation, will not be known until they reach out to request access. Once they reach out, Policy would determine whether they qualify for access and what kind of information can/should access. Once policy team has completed the analysis they would move to the regulation drafting process. Regulations can take as little as 3 months to develop, but usually take about 4 – 6 months to complete. It is important to note that regulations can be made to take effect either on deposit or they can be made to go in effect at any time AFTER they are deposited. So, if we were to have a regulation approved by Cabinet today, and deposited tomorrow, it is possible to not have that regulation come into force until 2 weeks, 3 months or 1 year after the date of deposit. Regulations such as this would be worked on collaboratively with CITZ to ensure that they are put into force at a time when Registries can provide the service.

[mstanton1]

@Apt766525 thanks for seeking clarity on this. Can you make the suggested update to the form "Other" section? Do you see any other information gathering needs here? If not, this can be closed for now:)