Avoiding complicity in mistreatment by foreign entities: Annual report 2023

Introduction
Background
Information sharing practices and written arrangements and agreements
Implementation of the directions
Activity report: January 1, 2023 to December 31, 2023

Introduction

The Canada Border Services Agency (CBSA) was established by the Canada Border Services Agency Act and is an integral part of the Public Safety Portfolio.

The Agency is responsible for providing integrated border services that support national security and public safety and facilitate the free flow of persons and goods. Information sharing with domestic and international partners is essential for the successful execution of its mandate and mission.

This report is presented to the Minister of Public Safety and Emergency Preparedness (the Minister) in accordance with subsection 7(1) of the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA, or ‘the Act'). It provides an overview of the agency's information sharing practices; implementation of an updated policy in support of the Order in Council (the OiC) – Directions for Avoiding Complicity in Mistreatment by Foreign Entities, and the number of substantial risk cases and restrictions to any written arrangement or agreement due to concerns of mistreatment for the period of January 1 to December 31, 2022.

Background

The Act came into force on July 13, 2019 and requires the Governor in Council to issue written directions to deputy heads regarding:

the disclosure of information to any foreign entity that would result in a substantial risk of mistreatment of an individual;
the making of requests for information to any foreign entity that would result in a substantial risk of mistreatment^{Footnote 1} of an individual, and
the use of information that is likely to have been obtained through the mistreatment^{Footnote 2} of an individual by a foreign entity.

On September 4, 2019, the Governor in Council, on the recommendation of the Minister, pursuant to paragraph 3(2)(f) of the Act, issued the OiC Directions for Avoiding Complicity in Mistreatment by Foreign Entities to the President of the CBSA.

Every deputy head to whom directions have been issued must, before March 1 of each year, submit to the appropriate Minister a report in respect of the implementation of those directions during the previous calendar year.

Information sharing practices and written arrangements and agreements

The CBSA relies on information to execute its border management responsibilities safely and efficiently. The Agency collects, retains, and shares information strictly within the parameters of its border management mandate, as set out by CBSA program legislation.

The CBSA's information sharing activities can be characterized as follows:

The CBSA is a net consumer of information. The majority of information held by the CBSA is derived from private sector stakeholders (such as air carriers or commercial transport companies) or collected during the customs and immigration processes. This information is provided to the CBSA under regulatory requirements and allows the Agency to make timely, risk-based decisions on the admissibility of people and goods attempting to enter Canada. Individuals and private sector stakeholders also provide information to the CBSA when engaging in one of its ‘trusted' programs (e.g., Trusted Traveller or Trusted Trader).
In order to effectively identify and manage higher-risk cases, the CBSA augments regulatory information with information received from partner agencies, namely Public Safety Canada (PS); the Royal Canadian Mounted Police (RCMP); the Canadian Security Intelligence Service (CSIS); Immigration, Refugees and Citizenship Canada (IRCC); the Canada Revenue Agency (CRA); the Department of National Defence (DND); Financial Transactions and Reports Analysis Centre of Canada (FINTRAC); Global Affairs Canada (GAC), and Transport Canada (TC).
As outlined in the Agency's legislative authorities, and mirrored in the CBSA's policies and operational guidance, the CBSA primarily exchanges information with domestic and international partners in cases where the activity is permissible under the Customs Act or the Privacy Act. These exchanges are typically well codified in various written arrangements and agreements.
Liaison Officers (LOs) located abroad work directly with foreign partners and represent the CBSA in an international context. For the International Network of officers, the International Operations Division (IOD), located in headquarters, is the main point of contact for guidance and support for all program-related enquiries, including information sharing requests. LOs routinely lawfully exchange information with various foreign entities, as per various policies, legislation, and written arrangements and agreements.

Although the CBSA has numerous partnerships and manages a substantial amount of information, given the context described above, its administrative information sharing activities are generally low-risk in terms of possible association with mistreatment.

The CBSA recognizes that one of its key responsibilities is to be a steward of the information in its control. In line with the OiC, the CBSA continues to implement measures to enhance its management of information sharing activities.

Implementation of the directions

Updated policies, guidance, and procedures

The CBSA published its Policy on the Order in Council to the CBSA: Avoiding Complicity in Mistreatment by Foreign Entities (the policy) on September 1, 2022. The updated policy replaced the previous Policy and Operational Guidelines pertaining to the 2017 Ministerial Directive (MD) to the CBSA.

Under the policy, CBSA officials are directed to consult the Information Sharing & Collaborative Arrangements Policy (ISCAP) Unit for general information sharing questions and the Intelligence and Targeting Operational Support (ITOS) Unit for questions pertaining to the risks associated with disclosing, requesting, or using information from a specific international entity.

The policy is located within the CBSA's Information Sharing Toolkit and is accessible to employees across the Agency via the CBSA intranet. Pursuant to recommendations made in the National Security and Intelligence Review Agency's (NSIRA) 2022 Review of Departmental Implementation of the ACA, the CBSA updated the policy to include the unabridged definition of “substantial risk” that was provided in the 2017 MD.

As per best practices, an agency-wide awareness campaign including formal communications regarding the release of the policy, was conducted. ISCAP is preparing additional awareness and outreach activities that will take place across the Agency over the next calendar year.

The Network Operational Reporting and Information Sharing Unit (NORIS), under IOD, provided guidance to CBSA officials regarding best practices and conducted quality assurance for LOs' information disclosure records to enhance quality documentation, as per the 2022 Review of Departmental Implementation of the ACA. NORIS also coordinated with subject matter experts and LOs to address queries related to ACA information sharing requests concerning various foreign entities. Activities in this area included consultations with ISCAP and the ITOS units.

Various other working tools and processes to support implementation are ongoing.

Interdepartmental coordination

While developing and maintaining the policy in support of the OiC, the CBSA has ensured that it is applying a compatible and complementary approach to that of other federal partners in terms of how it assesses risk associated with its information sharing activities with foreign entities.

In line with this approach, the CBSA continues to be an active participant in the Public Safety-led Information Sharing Coordination Group (ISCG). The ISCG is the primary interdepartmental forum for supporting interdepartmental collaboration and information sharing between members as they implement the Act and the corresponding Directions.

The three primary objectives of ISCG are to:

Establish best practices
Share information
Coordinate the development of policy documents and responses for inter-departmental issues

Over the course of the 2023 calendar year, the CBSA also established operational working groups with IRCC to ensure a collaborative operational approach to risk assessment capacity building.

Country profiles

The CBSA's Intelligence Collection, Analysis and Production (ICAP) Division develops and maintains Serious Inadmissibility & Mistreatment Country Assessments (SIMCAs). SIMCAs capture and reflect the security, organized crime and human rights environment in identified countries of concern.

SIMCAs provide the basis for the CBSA's Country and Foreign Entity Mistreatment Risk Assessment process as part of its responsibilities under the ACA and related OiC.

The mistreatment risk assessment (MRA) process assesses the country or entity risk rating in relation to the ACA. SIMCAs are considered for each MRA.

CBSA officials are instructed to contact the ITOS Unit if they have questions pertaining to the risk levels of certain countries.

Risk mitigation and mistreatment risk assessment

The CBSA establishes the level of the risk associated with a given information sharing activity by simultaneously considering the level of mistreatment risk associated with the intended recipient of the information, as well as the sensitivity of the information to be disclosed. Information sharing activities may only proceed in cases where there is no substantial risk of mistreatment, and/or risks that might be present can be adequately mitigated.

During the 2023 calendar year, the ITOS Unit focused on further strengthening the CBSA's existing mistreatment risk assessment methodology. The improved process involves extensive utilization of transparent risk assessment benchmarks, as well as interviews and consultation within the LO network for direct input.

Senior Management Risk Assessment Committee

In instances where there is substantial risk that cannot be mitigated at the working level, but there is a desire for an information sharing activity to proceed, the ITOS Unit will convene a Director General-level Senior Management Risk Assessment Committee (SMRAC) meeting and accordingly prepare a risk assessment package for consideration.

The risk assessment package includes the ACA Consultation Request Form, SIMCA, the Mistreatment Risk Assessment (MRA), the ITOS Unit operational determination, and any additional related documentation or research. Consultations with Departmental Legal Services, ISCAP, and ICAP are to be conducted in order to ensure all relevant input is incorporated into the risk assessment package.

SMRAC processes the available information in order to determine if a given information sharing activity may result in mistreatment, or if information may have been derived through some form of mistreatment. In exceptional circumstances, SMRAC may refer the decision to the President for action. It should be noted that no cases were referred to the President during the 2023 calendar year.

After considering the information contained within the package, there are four potential outcomes:

If SMRAC determines that the information sharing with a foreign entity is not likely to lead to the mistreatment of an individual, or if the information received from an entity was likely not obtained as a result of mistreatment, SMRAC will provide a positive information sharing opinion, indicating that the information may be shared or used.
If SMRAC determines that information sharing with a foreign entity may result in a substantial risk of mistreatment, or if there is a risk that the foreign entity obtained the information as a result of mistreatment, but these risks have been sufficiently mitigated, SMRAC will provide a positive information sharing opinion, indicating that the information may be shared or used.
If SMRAC determines that information sharing with a foreign entity will likely lead to the mistreatment of an individual, or it is likely that the information received from a foreign entity was obtained as a result of mistreatment, SMRAC will provide a negative information sharing opinion, indicating that the information cannot be shared or used.
In the event that SMRAC is unable to reach a decision as to whether or not the information sharing activity could result in a substantial risk of mistreatment, or if they are unable to determine if the foreign entity had obtained the information as a result of mistreatment, SMRAC will refer the case to the President of the CBSA for consideration.

Notwithstanding the outcome of SMRAC deliberations, the ITOS Unit will prepare a record of decision and provide it to the CBSA official who had initially requested their assistance.

If it is determined that the CBSA will not release the information, a draft response explaining the decision is provided by the ITOS Unit to the originating CBSA official for furtherance to the requestor. In cases where the disclosure is approved, the originating CBSA official will proceed with the information release or exchange.

SMRAC process complements existing CBSA information sharing policies and procedures in order to maximize operational efficiency while ensuring that the CBSA adheres to the requirements of the OiC.

Training

The CBSA provides general information sharing training online and in-person to employees.

CBSA officials regularly involved in information sharing activities, or those whose responsibilities may bring them into information sharing scenarios, have access to additional information sharing training tailored to their particular roles and responsibilities. This approach ensures that training received is commensurate with the level of potential risk associated with a given role.

During 2023, IOD's Functional Development team administered the LO Induction Training Program, which includes a section dedicated to the ACA. This training was delivered by subject matter experts within NORIS and ISCAP.

ISCAP is currently updating the online “Introduction to CBSA Information Sharing Training” to include expanded content related to the ACA. The updated training, which is included in the CBSA's national training standard, will emphasize the fact that the ACA must be considered in any information sharing activity with any foreign entity, and will direct users to relevant guidance and applicable working tools.

Activity Report

This report describes OiC related activities undertaken by the CBSA between January 1 and December 31, 2023.

Engagements of the OiC

Per the table below, within the aforementioned reporting period, the CBSA had no cases of disclosure, request, or use of information requiring additional risk assessment or referral for Presidential Determination.

Cases of Substantial Risk for the Period January 1, 2023 to December 31, 2023
Type of case:	Disclosure of information	Request for information	Use of information
Number of cases requiring Deputy Minister Determination:	0	0	0

Restriction of arrangements

The CBSA did not have any cases of restrictions being applied to any written arrangement or agreement due to concerns related to mistreatment within the aforementioned reporting period.

Footnotes

Footnote 1

“Substantial risk” as defined in the 2017 Ministerial Direction which has been superseded by the OiC, is a personal, present and foreseeable risk of mistreatment. In order to be “substantial”, the risk must be real and must be based on something more than mere theory or speculation. In most cases, the test of a substantial risk of mistreatment will be satisfied when it is more likely than not that there will be mistreatment; however, in some cases, particularly where the risk is of severe harm, the “substantial risk” standard may be satisfied at a lower level of probability.

Return to footnote 1 referrer

Footnote 2

“Mistreatment”, as defined in the Act, means torture or other cruel, inhuman, or degrading treatment or punishment, within the meaning of the Convention Against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment, signed at New York on December 10, 1984.

Return to footnote 2 referrer

Date modified:: 2024-04-03

Language selection

Search