Foreign Banking Services: Privacy impact assessment summary

Introduction

In April 2002, the Receiver General of Canada (RG) reached an agreement with the Bank of America National Association, Canada Branch (B of A) to make payments to recipients, on behalf of the Government of Canada, in foreign countries. As part of this agreement, the B of A will produce payment instruments in the currency of the country in which the beneficiary has a postal address.

Business model

Public Works and Government Services Canada, through the RG, has in place a process to make payments to recipients on behalf of the Government of Canada. The only changes to this process are to transfer the payment details (name, address, bank account number, type of payment and amount to be paid) from the department's Standard Payments System to the B of A, who will execute the payment, provide advice to the Receiver General of Canada of a successful payment or return rejected payment transactions intact to the Receiver General of Canada for their further action. No other changes are necessary to the current payment process used by the department. The process will continue to entail receiving data required to issue payments to beneficiaries from departments and agencies of the federal government. The data will then be transferred electronically to the B of A, who will pay beneficiaries in the currency of the country in which they are domiciled.

The Foreign Banking Services encompass that part of the process commencing with the receipt of payment files by the B of A from the department. It includes the validation and processing of the payment instruction by the B of A, and culminates with the delivery of the payment to the beneficiary and confirmation of that delivery to the department.

The personal information that will be received by the B of A from the department comprises name, address and payment details, as noted above, which will only be processed when it is received. After this personal information is processed, the payment information will be stored as historical information that will be held in electronic or paper form in secure storage.

Data analysis

Bank of America payment process

Step 1: The issuing department sends a payment request to Public Works and Government Services Canada

Step 2: Public Works and Government Services Canada formats the request into an appropriate and B of A-recognized transaction and sends the transaction to Bank of America

Step 3: The B of A validates the payment data received, determines the amount to be paid in the settlement currency requested and determines the appropriate routing, either to a correspondent bank or to the customer, in the form of payment requested

Step 4: Rejected payment instructions are returned to Public Works and Government Services Canada and the issuing department is notified. They may be corrected, resubmitted, cancelled or the payment is sent to an address in Canada

Step 5: Cheque payment instructions may be accompanied by payment information details on an associated attachment (stub). The stub "record" contains the specific details of the payment

Step 6: After issuing the payment as instructed, the B of A returns the following information to Public Works and Government Services Canada:

results for payment requests
results for administrative requests
post issuance results of payments
post issuance results of administrative (non-monetary) requests

Output files

The B of A produces four "results" files, which contain the:

results of the payment instructions file
results of the administrative orders file
post issuance results of payments file
post issuance results of administrative (non-monetary) requests file

The purpose of the results of payment instructions and results of administrative orders file is to inform Public Works and Government Services Canada of the acceptance or rejection of instructions received and to provide additional data available for the payment, such as the calculated Canadian or foreign amount and the rate used, the B of A reference number and the totals to be debited or credited. These files are returned to the department following the processing of the payment requests and administrative requests files. The B of A will not retain the stub information, which is electronic, so it is in effect destroyed. This process may occur once or twice a day. The records are retained for six fiscal years and then destroyed.

Table A: Foreign Banking Services data flow
Data cluster	Provided by	Provided to	Used for
Payment instruction data cluster includes: payment date payment amount (in both Canadian dollars and in the specific settlement currency, if required) beneficiary name and address type of payment (wire, cheque or direct deposit) payment information	Receiver General	Bank of America	Making payments to beneficiaries
Beneficiary account information cluster includes: name bank transit number (bank and branch) bank account number account type for United States direct deposit only (savings or chequing) amount of payment SWIFT/BIC (bank identification) code bank name and address	Receiver General	Bank of America	Deposit funds to beneficiaries' bank accounts
Payment results data cluster (this is really a B of A number confirming that the information has been accepted, processed and issued): payment date payment amount (in both Canadian dollars and in the specific settlement currency beneficiary name and address type of payment (wire, cheque or direct deposit) payment information	Bank of America	Receiver General	Provide notification of payments made to beneficiaries for accounting purposes. The purpose of the data is to inform Public Works and Government Services Canada of the acceptance or rejection of the payment orders received and to provide additional data available for the payment, such as calculated Canadian or foreign amount, rate used, Bank of America reference number and totals to be debited or credited

Privacy risk management

Security and audits

System security is an integrated function of the system. Users are identified and authenticated by a single security mechanism, at the system level. All system objects are under security control.

Audit trails provide a record of system and application activity. B of A systems all record sufficient information to trace significant security events to the responsible individual, and create an audit trail of accesses to information and resources.

If a payment is greater than CAN$10,000.00, the B of A is required under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act to report cross border electronic fund transfers to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).

Records are stored in accordance with the Bank Act and Proceeds of Crime (Money Laundering) and Terrorist Financing Act regulations that are generally from 5 to 10 years from the date of the transaction. Storage and disposal take place at a secure site in accordance with the above regulations. Sensitive data that is to be destroyed immediately is stored in locked recycling bins and destroyed by a contracted vendor at a secured site.

The B of A is not responsible for ensuring the accuracy of payment details supplied by Public Works and Government Services Canada but is responsible for ensuring that the file received from the department is formatted correctly and appropriately authorized. If the file received from the department fails these edits, then the B of A will return the file to the department for correction.

Conclusion

In sum, Public Works and Government Services Canada has reviewed the changes to the Foreign Banking Service and can confirm that all potential privacy issues arising from the change to the process have been addressed. Therefore, no additional action is necessary to meet the requirements of the Privacy Act and the Personal Information Protection and Electronic Documents Act.

Report a problem or mistake on this page

Date modified:: 2017-07-25

Language selection

Search and menus

Search