{"id":8722,"date":"2024-11-06T22:27:54","date_gmt":"2025-02-04T03:27:09","guid":{"rendered":"https:\/\/dev.nsira-ossnr.gc.ca\/reviews\/our-reviews\/review-of-departmental-implementation-of-the-avoiding-complicity-in-mistreatment-by-foreign-entities-act-for-2022-2\/"},"modified":"2025-02-25T08:51:20","modified_gmt":"2025-02-25T13:51:20","slug":"report","status":"publish","type":"page","link":"https:\/\/nsira-ossnr.gc.ca\/en\/reviews\/find-a-review\/23-04\/report\/","title":{"rendered":"Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022: Report"},"content":{"rendered":"\n
\n
\n
\n
\n
\n \n

\n Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022 <\/h1>\n\n
\n\n \n

\n Report <\/h2>\n \n \n\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n<\/div>\n\n\n
\n
\n
Table of Contents<\/div><\/div><\/div>
  1. Executive Summary<\/a><\/li>
  2. Introduction<\/a>
    1. Authority<\/a><\/li>
    2. Scope of the Review<\/a><\/li>
    3. Methodology<\/a><\/li>
    4. Review Statements<\/a><\/li><\/ol><\/li>
    5. Background<\/a><\/li>
    6. Findings, Analysis, and Recommendations<\/a>
      1. Compliance with the ACA<\/a><\/li>
      2. Implementation of the Directions<\/a><\/li>
      3. Decisions on Substantial Risk of Mistreatment<\/a><\/li>
      4. Discrepant applications of the threshold for SRM<\/a><\/li>
      5. Incorporating mitigations into baseline assessments of risk, while overestimating their effects<\/a><\/li>
      6. Lack of checks and balances in the risk assessment process<\/a><\/li><\/ol><\/li>
      7. Conclusion<\/a><\/li>
      8. Appendices<\/a>
        1. Annex A. Sample of Country Risk Ratings<\/a><\/li>
        2. Annex B. Findings and Recommendations<\/a><\/li><\/ol><\/li><\/ol><\/div><\/div><\/div><\/section>\n\n\n\n
          \n<\/div><\/div>\n\n\n\n
          \n

          Date of Publishing:<\/strong><\/p>\n\n\n

          \n
          <\/i>Download PDF<\/span><\/a><\/span><\/div>\n<\/div><\/div>\n\n\n\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n
          Abbreviations and Their Full Forms<\/caption>\n
          Abbreviation<\/th>\n Full Form<\/th>\n <\/tr>\n <\/thead>\n
          ACA<\/td>\n Avoiding Complicity in Mistreatment by Foreign Entities Act<\/td>\n <\/tr>\n
          CBSA<\/td>\n Canada Border Services Agency<\/td>\n <\/tr>\n
          CRA<\/td>\n Canada Revenue Agency<\/td>\n <\/tr>\n
          CSE<\/td>\n Communications Security Establishment<\/td>\n <\/tr>\n
          CSIS<\/td>\n Canadian Security Intelligence Service<\/td>\n <\/tr>\n
          DFO<\/td>\n Department of Fisheries and Oceans<\/td>\n <\/tr>\n
          DND\/CAF<\/td>\n Department of National Defence\/Canadian Armed Forces<\/td>\n <\/tr>\n
          FINTRAC<\/td>\n Financial Transactions and Reports Analysis Centre of Canada<\/td>\n <\/tr>\n
          GAC<\/td>\n Global Affairs Canada<\/td>\n <\/tr>\n
          GC<\/td>\n Government of Canada<\/td>\n <\/tr>\n
          HRR<\/td>\n Human Rights Report<\/td>\n <\/tr>\n
          IRCC<\/td>\n Immigration, Refugees and Citizenship Canada<\/td>\n <\/tr>\n
          ISCG<\/td>\n Information Sharing Coordination Group<\/td>\n <\/tr>\n
          MD<\/td>\n Ministerial Direction<\/td>\n <\/tr>\n
          NSIRA<\/td>\n National Security and Intelligence Review Agency<\/td>\n <\/tr>\n
          OiC<\/td>\n Order in Council<\/td>\n <\/tr>\n
          PS<\/td>\n Public Safety Canada<\/td>\n <\/tr>\n
          RCMP<\/td>\n Royal Canadian Mounted Police<\/td>\n <\/tr>\n
          SRM<\/td>\n Substantial risk of mistreatment<\/td>\n <\/tr>\n
          TC<\/td>\n Transport Canada<\/td>\n <\/tr>\n <\/tbody>\n <\/table>\n\n\n\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n
          Abr\u00e9viations et leurs formes compl\u00e8tes<\/caption>\n
          Abr\u00e9viation<\/th>\n Forme compl\u00e8te<\/th>\n <\/tr>\n <\/thead>\n
          AMC<\/td>\n Affaires mondiales Canada<\/td>\n <\/tr>\n
          ARC<\/td>\n Agence du revenu du Canada<\/td>\n <\/tr>\n
          ASFC<\/td>\n Agence des services frontaliers du Canada<\/td>\n <\/tr>\n
          CANAFE<\/td>\n Centre d’analyse des op\u00e9rations et d\u00e9clarations financi\u00e8res du Canada<\/td>\n <\/tr>\n
          CST<\/td>\n Centre de la s\u00e9curit\u00e9 des t\u00e9l\u00e9communications<\/td>\n <\/tr>\n
          OC<\/td>\n D\u00e9cret en conseil<\/td>\n <\/tr>\n
          GC<\/td>\n Gouvernement du Canada<\/td>\n <\/tr>\n
          GCER<\/td>\n Groupe de coordination d’\u00e9change de renseignements<\/td>\n <\/tr>\n
          GRC<\/td>\n Gendarmerie royale du Canada<\/td>\n <\/tr>\n
          IM<\/td>\n Instructions du ministre<\/td>\n <\/tr>\n
          IRCC<\/td>\n Immigration, R\u00e9fugi\u00e9s et Citoyennet\u00e9 Canada<\/td>\n <\/tr>\n
          LECCMTIEE<\/td>\n Loi visant \u00e0 \u00e9viter la complicit\u00e9 dans les cas de mauvais traitements inflig\u00e9s par des entit\u00e9s \u00e9trang\u00e8res<\/td>\n <\/tr>\n
          MON\/FAC<\/td>\n Minist\u00e8re de la D\u00e9fense nationale\/Forces arm\u00e9es canadiennes<\/td>\n <\/tr>\n
          MPO<\/td>\n Minist\u00e8re des P\u00eaches et des Oc\u00e9ans<\/td>\n <\/tr>\n
          OSSNR<\/td>\n Office de surveillance des activit\u00e9s en mati\u00e8re de s\u00e9curit\u00e9 nationale et de renseignement<\/td>\n <\/tr>\n
          RDP<\/td>\n Rapport sur les droits de la personne<\/td>\n <\/tr>\n
          RSMT<\/td>\n Risque s\u00e9rieux de mauvais traitements<\/td>\n <\/tr>\n
          SCRS<\/td>\n Service canadien du renseignement de s\u00e9curit\u00e9<\/td>\n <\/tr>\n
          SP<\/td>\n S\u00e9curit\u00e9 publique Canada<\/td>\n <\/tr>\n
          TC<\/td>\n Transports Canada<\/td>\n <\/tr>\n <\/tbody>\n <\/table>\n\n\n\n\n \n \n \n \n \n \n \n \n \n \n \n \n
          Key Terms and Definitions<\/caption>\n
          Term<\/th>\n Definition<\/th>\n <\/tr>\n <\/thead>\n
          2017 MDs<\/td>\n Ministerial Directions (MDs) issued to CBSA, CSIS, CSE, DND\/CAF, GAC, and RCMP in 2017 regarding avoiding complicity in mistreatment by foreign entities.<\/td>\n <\/tr>\n
          departments<\/td>\n Refers, in the context of this review, to those departments and agencies whose deputy heads have been issued written directions under the ACA.<\/td>\n <\/tr>\n
          foreign entities<\/td>\n As defined in the 2017 MDs: “may include foreign governments, their departments, agencies and militaries, and may also refer to military coalitions, alliances, and international organizations.”<\/td>\n <\/tr>\n
          mistreatment<\/td>\n As defined in section 2 of the ACA: “torture or other cruel, inhuman or degrading treatment or punishment, within the meaning of the Convention Against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment, signed at New York on December 10, 1984 (mauvais traitements).”<\/td>\n <\/tr>\n
          policy<\/td>\n Frameworks, policies, directives, standards, guidelines, and tools developed to, in the context of this review, govern departments’ implementation of the ACA.<\/td>\n <\/tr>\n
          instruments<\/td>\n Developed to, in the context of this review, govern departments’ implementation of the ACA.<\/td>\n <\/tr>\n
          residual risk<\/td>\n The level of risk that remains in a given context after mitigations are applied.<\/td>\n <\/tr>\n
          substantial risk<\/td>\n As defined in the 2017 MDs: “A personal, present, and foreseeable risk of mistreatment. In order to be ‘substantial’, the risk must be real and must be based on something more than mere theory or speculation. In most cases, the test of a substantial risk of mistreatment will be satisfied when it is more likely than not that there will be mistreatment; however, in some cases, particularly where the risk is of severe harm, the ‘substantial risk’ standard may be satisfied at a lower level of probability.”<\/td>\n <\/tr>\n
          untreated risk<\/td>\n The level of risk in a given context before any mitigations are applied.<\/td>\n <\/tr>\n <\/tbody>\n<\/table>\n\n\n\n\n \n \n \n \n \n \n \n \n \n \n
          Glossaire des termes<\/caption>\n
          Terme<\/th>\n D\u00e9finition<\/th>\n <\/tr>\n <\/thead>\n
          Entit\u00e9s<\/td>\n Terme employ\u00e9 dans les IM de 2017 pour d\u00e9signer \u00ab les gouvernements \u00e9trangers, leurs minist\u00e8res et organismes, et leurs forces militaires. Il peut aussi s’appliquer \u00e0 des coalitions militaires, \u00e0 des alliances et \u00e0 des organisations internationales. \u00bb<\/td>\n <\/tr>\n
          IM de 2017<\/td>\n Instructions du ministre (IM) \u00e9mises en 2017 \u00e0 l’intention de l’ASFC, du SCRS, du CST, du MON\/FAC, d’AMC et de la GRC visant \u00e0 \u00e9viter la complicit\u00e9 dans les cas de mauvais traitements inflig\u00e9s par des entit\u00e9s \u00e9trang\u00e8res.<\/td>\n <\/tr>\n
          Instruments de politique<\/td>\n Cadres de travail, politiques, directives, normes, lignes directrices et outils con\u00e7us pour encadrer la mise en \u0153uvre de la LECCMTIEE par divers minist\u00e8res.<\/td>\n <\/tr>\n
          Mauvais traitements<\/td>\n Terme d\u00e9fini \u00e0 l’article 2 de la LECCMTIEE : \u00ab [t]orture ou autres peines ou traitements cruels, inhumains ou d\u00e9gradants \u00bb, selon la Convention contre la torture (1984).<\/td>\n <\/tr>\n
          Risque non att\u00e9nu\u00e9<\/td>\n Terme d\u00e9signant le niveau de risque qui existe avant l’application de mesures d’att\u00e9nuation.<\/td>\n <\/tr>\n
          Risque r\u00e9siduel<\/td>\n Terme d\u00e9signant le niveau de risque qui persiste apr\u00e8s l’application de mesures d’att\u00e9nuation.<\/td>\n <\/tr>\n
          Risque s\u00e9rieux<\/td>\n Terme employ\u00e9 dans les IM de 2017 pour d\u00e9signer \u00ab un risque personnel, s\u00e9rieux, pr\u00e9sent et pr\u00e9visible de mauvais traitements. Pour \u00eatre “s\u00e9rieux”, le risque doit \u00eatre r\u00e9el et reposer sur plus que des sp\u00e9culations. Dans la plupart des cas, le crit\u00e8re sera satisfait lorsque le risque de mauvais traitements est plus probable qu’improbable. \u00bb<\/td>\n <\/tr>\n <\/tbody>\n <\/table>\n\n\n\n

          Executive Summary<\/h2>\n\n\n\n

          This review assessed departments\u2019 compliance with the Avoiding Complicity in Mistreatment by Foreign Entities Act<\/em> (or Avoiding Complicity Act; ACA) and their implementation of the ACA\u2019s associated directions during the 2022 calendar year. Within this context, the review pursued a thematic focus on departments\u2019 conduct of risk assessments, including the ways in which their methodologies may lead to a systematic under-assessment of the level of risk involved in an information-sharing transaction.<\/p>\n\n\n\n

          NSIRA\u2019s findings and recommendations in this report reflect both developments and stagnations in departments\u2019 implementation of the directions over time. Of note, NSIRA observed efforts in 2022 to collaborate interdepartmentally, and standardize certain practices across the Government of Canada. While these efforts reflect an improvement over past approaches, they fall short of the directions\u2019 envisioned consistent framework for foreign information sharing government-wide. Additionally, NSIRA observed a number of practices that may lead departments to systematically under-assess the risks involved in contemplated information exchanges. Such under-assessments may, in turn, lead to information being exchanged in contravention of the directions\u2019 prohibitions.<\/p>\n\n\n\n

          NSIRA made five recommendations in this review. Collectively, they would ensure that all departments\u2019 ACA frameworks reflect a degree of standardization commensurate with the spirit of the ACA and its associated directions; and that these frameworks are designed to support compliance with the directions.<\/p>\n\n\n\n

          Introduction<\/h2>\n\n\n\n

          Authority<\/h3>\n\n\n\n

          This review was conducted pursuant to paragraph 8(1 )(b), paragraph 8(2.1 )(c), and subsection 8(2.2) of the National Security and Intelligence Review Agency Act <\/em>(NSIRA Act).<\/p>\n\n\n\n

          Scope of the Review<\/h3>\n\n\n\n

          This review assessed departments\u2019 compliance with the Avoiding Complicity in Mistreatment by Foreign Entities Act<\/em> (or Avoiding Complicity Act; ACA) and their implementation of the ACA\u2019s associated directions during the 2022 calendar year. Within this context, the review pursued a thematic focus on departments’ conduct of risk assessments, including the ways in which their methodologies may lead to a systematic under-assessment of the level of risk involved in an information-sharing transaction.<\/p>\n\n\n\n

          The review included all departments that have been issued directions under the ACA: Canada Border Services Agency (CBSA); Canada Revenue Agency (CRA); Communications Security Establishment (CSE); Canadian Security Intelligence Service (CSIS); Department of Fisheries and Oceans (DFO); Department of National Defence and Canadian Armed Forces (DND\/CAF); Financial Transactions and Reports Analysis Centre of Canada (FINTRAC); Global Affairs Canada (GAC); Immigration, Refugees and Citizenship Canada (IRCC); Public Safety Canada (PS); Royal Canadian Mounted Police (RCMP); and Transport Canada (TC).<\/p>\n\n\n\n

          The review also considered DND\/CAF’s implementation of Ministerial Direction (MD) it received in 2022 regarding avoiding complicity in mistreatment by foreign entities.<\/p>\n\n\n\n

          Methodology<\/h3>\n\n\n\n

          NSIRA conducted a document review of departments\u2019 ACA policy instruments, and departments\u2019 associated written explanations, provided in response to requests for information. NSIRA also conducted a comparative analysis of a targeted sample of departmental risk assessments pertaining to 19 countries, and to the foreign entities within those countries for which such assessments existed. NSIRA assessed compliance with reporting requirements based on primary records made public or submitted to NSIRA in accordance with the ACA and its directions.<\/p>\n\n\n\n

          Review Statements<\/h3>\n\n\n\n

          CBSA, CRA, DFO, DND\/CAF, FINTRAC, IRCC, PS, RCMP, and TC met NSIRA\u2019s expectations for responsiveness during this review. CSE, CSIS, and GAC only partially met NSIRA\u2019s expectations, as CSE did not consistently respond to NSIRA\u2019s requests for information in a format that met the review\u2019s requirements; and CSIS and GAC did not consistently respond to NSIRA\u2019s requests in a timely manner<\/p>\n\n\n\n

          NSIRA was able to verify information for this review in a manner that met expectations.<\/p>\n\n\n\n

          NSIRA wishes to thank PS for its assistance in coordinating the factual accuracy consultations for this review.<\/p>\n\n\n\n

          Background<\/h2>\n\n\n\n

          The ACA and the directions issued pursuant to it seek to prevent the Government of Canada (GC) from disclosing information to\u2014or requesting information from\u2014a foreign entity that would result in substantial risk of mistreatment (SRM) of an individual, and to set limitations on the use of information that is likely to have been obtained through mistreatment. The objective of the directions is to demonstrate the Government\u2019s commitment to make Canada\u2019s information sharing regime more transparent, consistent, and accountable; and to enhance oversight on a government-wide basis.<\/p>\n\n\n\n

          In 2019, directions were issued pursuant to the ACA, by Order in Council (OiC), to the deputy heads of twelve departments and agencies. For CBSA, CSE, CSIS, DND\/CAF, GAC, and RCMP, the OiC directions replaced MDs that had been issued in 2017. In adding CRA, DFO, FINTRAC, IRCC, PS, and TC as recipients, the OiC directions broadened the application of measures to prevent mistreatment.<\/p>\n\n\n\n

          NSIRA has previously reviewed departments\u2019 implementation of the 2017 MDs and, as required under the NSIRA Act, implementation of the OiC directions in every year since the ACA\u2019s coming into force. This is NSIRA\u2019s fourth such annual review.<\/p>\n\n\n\n

          Findings, Analysis, and Recommendations<\/h2>\n\n\n\n

          Compliance with the ACA<\/h3>\n\n\n\n
          \n\n\n\n

          Finding 1. <\/strong>NSIRA found that all departments, with the exception of DFO in respect of subsection 7(1), complied with the reporting requirements set out in the ACA.<\/p>\n\n\n\n

          \n\n\n\n

          Subsection 7(1) of the ACA requires deputy heads to submit, before March 1 of each year, a report to their Minister in respect of the directions\u2019 implementation during the previous calendar year. DFO submitted its report to the Minister of Fisheries, Oceans, and the Canadian Coast Guard on April 12, 2023, which was 42 days following the legislated deadline.<\/p>\n\n\n\n

          Sections 5 through 8 of the ACA set out additional reporting requirements with which all deputy heads and Ministers complied.<\/p>\n\n\n\n

          Implementation of the Directions<\/h3>\n\n\n\n
          \n\n\n\n

          Finding 2. <\/strong>NSIRA found that all departments had frameworks to govern their implementation of the ACA and its associated directions by the end of 2022.<\/p>\n\n\n\n

          \n\n\n\n

          NSIRA’s ACA review for 2021 found that all departments, with the exception of CBSA and PS, had fully implemented ACA governance frameworks. Both CBSA and PS implemented such frameworks in the course of this year\u2019s review. Their policies came into effect on September 1, 2022 and January 1, 2022, respectively.<\/p>\n\n\n\n

          \n\n\n\n

          Finding 3. <\/strong>NSIRA found that most departments demonstrated continual refinements of their ACA frameworks based on self-identified gaps, NSIRA recommendations, and community-wide coordination efforts.<\/p>\n\n\n\n

          \n\n\n\n

          In 2022, most departments focused their refinement efforts on codifying existing practices in formal policy instruments, and developing more fine-grained procedures and guidance to support their implementation. Degrees of refinement varied across departments, generally in line with the maturity of their respective frameworks. Of note amongst these efforts:<\/p>\n\n\n\n

            \n
          • DND\/CAF finalized an updated policy framework, which now includes, among other elements, a new MD to supplement the OiC directions and facilitate their implementation;<\/li>\n\n\n\n
          • ROMP restructured and internally reallocated resources to support the conduct of ACA risk assessments and related approvals;<\/li>\n\n\n\n
          • CRA, DFO, DND\/CAF, and RCMP were taking steps to broaden their frameworks’ application across departmental business lines;<\/li>\n\n\n\n
          • CBSA, CRA, DND\/CAF, IRCC, PS, and RCMP were elaborating or enhancing risk assessment tools to support decision-makers\u2019 identification of cases involving SRM; and<\/li>\n\n\n\n
          • CBSA, CRA, CSIS, DND\/CAF and RCMP were developing ACA-related internal training modules.<\/li>\n<\/ul>\n\n\n\n

            In 2022, CSE, DND\/CAF, and GAC each undertook internal reviews of aspects of their ACA implementation frameworks. Where formal reviews were not undertaken, observed refinements reflected topics raised in prior NSIRA reviews and informal interdepartmental benchmarking conducted in forums like the PS-chaired Information Sharing Coordination Group (ISCG), which includes all departments subject to the directions as members.<\/p>\n\n\n\n

            \n\n\n\n

            Finding 4. <\/strong>NSIRA found that TC\u2019s ACA governance framework did not include policies and procedures for:<\/p>\n\n\n\n

              \n
            1. escalating cases to the deputy head; or<\/li>\n\n\n\n
            2. assessing the risks of information sharing with foreign entities.<\/li>\n<\/ol>\n\n\n\n
              \n\n\n\n

              The directions require that cases be referred to deputy heads under specified conditions (elaborated in paragraph 34, below). Departments may determine the mechanism and thresholds for such referrals according to their operational requirements. In practice, the governance frameworks of all departments but TC use pre-determined escalation ladders\u2014beginning with operational staff and concluding with referral to the deputy head\u2014to triage ACA cases.<\/p>\n\n\n\n

              Although TC\u2019s responses to information requests from NSIRA described an escalation ladder culminating with the Deputy Minister of Transport, its policy instruments do not include any policies or procedures for escalating ACA cases beyond operational staff.<\/p>\n\n\n\n

              TC\u2019s corporate policy for ACA implementation states that TC must \u201cdevelop and maintain policies and procedures for assessing the risks posed by foreign entities.\u201d NSIRA\u2019s ACA review for 2019 critiqued the lack of detail in TC\u2019s policy, citing concerns with the department\u2019s framework for deciding whether a disclosure would result in SRM and its lack of a framework for determining whether an identified SRM could be mitigated. TC has stated that these gaps have not yet been addressed, given interdepartmental efforts to implement program enhancements to reduce the risk of mistreatment related to the exchange of information.<\/p>\n\n\n\n

              All ACA frameworks require a mechanism for case escalation to the deputy head, and a sufficiently-robust risk assessment process to identify when an information exchange may involve SRM, even when such exchanges are infrequent.<\/p>\n\n\n\n

              \n\n\n\n

              Recommendation 1. <\/strong>NSIRA recommends that TC update its ACA governance framework to include policies and procedures for:<\/p>\n\n\n\n

                \n
              1. escalating cases to the deputy head; and<\/li>\n\n\n\n
              2. assessing the risks of information sharing with foreign entities<\/li>\n<\/ol>\n\n\n\n
                \n\n\n\n

                Finding 5. <\/strong>NSIRA found that all departments, with the exception of DFO, GAC, PS, and TC, used country and\/or entity risk assessments to inform their assessments of substantial risk of mistreatment and corresponding case escalation.<\/p>\n\n\n\n

                \n\n\n\n

                In order to implement the directions, departments must understand the risks of sharing information with particular foreign entities, including country-level human rights conditions. To this end, most departments use formalized country and\/or entity risk assessments as a baseline for assessing case-specific risks and for considering case-specific mitigations.<\/p>\n\n\n\n

                In some departments, levels of baseline country or entity risk correlate directly with particular levels of approval within their ACA escalation ladders, such that increasingly-senior levels of officials are expected to oversee any mitigations considered or applied in risky contexts. In other departments, escalation is tied to case-specific mistreatment risk assessments that incorporate mitigations, such that escalation is based on residual risks. In these departments, cases of satisfactorily- mitigated substantial risk do not always trigger departmental thresholds for more senior oversight. CSIS’s escalation framework is unique in that the required level of approval depends on both the risk of the transaction itself and the status of the Service’s information-sharing arrangement with the foreign entity.<\/p>\n\n\n\n

                DFO, GAC, PS, and TC\u2019s risk assessment processes do not involve a baseline assessment of untreated country or entity risk. At DFO, PS, and TC, this is because relevant information exchanges are seen to be so infrequent that case-specific assessments may be conducted when required. GAC, conversely, compiles relevant baseline information in a set of descriptive Human Rights Reports (HRRs), which convey relevant country context\u2014including specifics related to torture and mistreatment\u2014but do not assign a corresponding risk rating or assessment; GAC assesses risk in relation to particular information exchanges, as they arise.<\/p>\n\n\n\n

                In 2022, CBSA, CSE, CSIS, DND\/CAF, FINTRAC, and RCMP each used country and\/or entity assessments that they had developed internally to inform their assessments of mistreatment risk. They relied on similar sources of information to conduct these assessments, including GAC’s HRRs (although these did not exist for every country with which departments exchanged information).<\/p>\n\n\n\n

                In 2022, CRA and IRCC used the country risk ratings assigned by CSIS and RCMP, respectively, as their baseline indicator of a transaction\u2019s potential risk. In both cases, CRA and IRCC received only the overall level of risk assigned to each country, and not any supporting assessment details. Both CRA and IRCC have identified their lack of in-house baseline assessments as gaps in their ACA risk assessment frameworks and are taking steps to develop the required methodologies.<\/p>\n\n\n\n

                While residual risks in case-specific risk assessments are expected to reflect the particularities of individual information exchanges, these must be considered in relation to the broader human rights environment in which the exchange will be made. Some departments\u2019 case-specific risk assessment methodologies explicitly integrate the corresponding baseline country or entity risk rating. At CBSA, CSE, and DND\/CAF, these ratings are matrixed with particularities of the information being considered for exchange. At GAC and RCMP, the ratings are matrixed with personal characteristics of the individual(s) who may be subject to mistreatment.<\/p>\n\n\n\n

                \n\n\n\n

                Finding 6. <\/strong>NSIRA found that departments\u2019 country risk assessments were inconsistent with one another.<\/p>\n\n\n\n

                \n\n\n\n

                In its 2017 MD review, NSIRA recommended that departments develop a unified framework for assessing mistreatment risks at the country level. In each ACA review since, NSIRA has maintained its position that human rights risks within a given country should be assessed consistently across the GC.<\/p>\n\n\n\n

                In 2022, NSIRA observed widespread discrepancies across departments\u2019 baseline country risk assessments, despite their reliance on similar sources of information. Within the sample of risk assessments reviewed, there were only two countries for which all departments assigned the same risk rating. For some countries, discrepancies were so drastic that different GC departments simultaneously assessed the human rights risk as low, medium, and high. Annex A presents a comparison of risk ratings assigned by each assessing department for each country within the sample.<\/p>\n\n\n\n

                Three main factors contributed to these discrepancies. First, risk ratings were often tied to dated assessments that failed to account for more recent developments within a country. Second, departments used different indicators of mistreatment in their methodologies. Third, departments weighted the impact of these indicators differently. For example, whereas CSIS weighted each indicator equally, in service of an overall human rights picture, CSE attributed a higher weight for indicators more likely to impact the mistreatment of an individual. DND\/CAF was the only department to include an automatic trigger for a high risk rating, irrespective of other moderating considerations, when systemic mistreatment was observed within a country.<\/p>\n\n\n\n

                To identify differences in risk ratings and to understand the reasons for them, DND\/CAF convened a working-level \u201chuman rights summit\u201d in late 2022, with participation by CSE, CSIS, and GAC. While the summit was considered a success by all participants, identifying and understanding discrepancies falls short of NSIRA\u2019s recommended unified set of assessments. Although participants regularly signalled that they would consider new information within their own internal assessment frameworks, they rarely committed to changes that would align their risk ratings.<\/p>\n\n\n\n

                In response to recommendations made in NSIRA\u2019s ACA review for 2019, GC institutions stated their position that a standardized approach was unfeasible, given the “diverse operational activities and mandates\u201d of the twelve implicated departments. NSIRA does not agree that the activities or mandates of the assessing GC departments are relevant considerations in the determination of baseline country or entity risks.<\/p>\n\n\n\n

                \n\n\n\n

                Finding 7. <\/strong>NSIRA found that the simultaneous conduct of independent human rights risk assessments in different departments reflected a substantial duplication of effort across the GC, and created the opportunity for discrepant outcomes.<\/p>\n\n\n\n

                \n\n\n\n

                Departments\u2019 conduct of independent human rights risk assessments leads to an unnecessary drain on resources. This duplication of efforts also creates the opportunity for discrepant assessments, which are replicated across the GC when siloed risk ratings are borrowed by departments that do not internally assess risk. Where discrepancies reflect an under-assessment of baseline risk, departments may undertake information exchanges that contravene the directions\u2019 prohibitions.<\/p>\n\n\n\n

                Within the sample of countries for which NSIRA requested departments\u2019 risk assessments, departments did not frequently engage with the same foreign entities. While the present report does not, therefore, comment on the alignment of entity assessments across departments in 2022, NSIRA emphasizes the importance of aligning assessments in cases where multiple departments do deal with the same foreign entity. Departments may apply mitigations that are unique to their bilateral partnerships with the entity in question, but\u2014for the same reasons elaborated above vis-a-vis country risk\u2014this should always be done in relation to a baseline risk that is assessed consistently across the GC.<\/p>\n\n\n\n

                \n\n\n\n

                Recommendation 2. <\/strong>NSIRA recommends that the Government of Canada designate a body responsible for developing:<\/p>\n\n\n\n

                  \n
                1. a unified set of assessments of the human rights situations in foreign countries including a standard \u201crisk of mistreatment\u201d classification level for each country; and<\/li>\n\n\n\n
                2. to the extent that multiple departments deal with the same foreign entities in a given country, standardized assessments of the risk of mistreatment of sharing information with foreign entities.<\/li>\n<\/ol>\n\n\n\n
                  \n\n\n\n

                  Decisions on Substantial Risk of Mistreatment<\/h3>\n\n\n\n
                  \n\n\n\n

                  Finding 8.<\/strong> NSIRA found, for the fourth consecutive year, that no departments escalated cases to their deputy heads for determination or decision.<\/p>\n\n\n\n

                  \n\n\n\n

                  Subsections 1(2) and 2(2) of the directions require, respectively, that information disclosures and requests be referred to deputy heads for determination in cases where departmental officials are unable to determine whether an associated SRM can be mitigated. Paragraph 3(1 )(c) requires deputy\u2014or, exceptionally, senior official\u2014authorization to use information that is likely to have been obtained through mistreatment in any way that would deprive someone of their rights or freedoms.<\/p>\n\n\n\n

                  When cases are escalated under these provisions, subsection 4(1) of the directions imposes reporting requirements for deputy heads. Since no cases were escalated in 2022, departments did not engage these requirements.<\/p>\n\n\n\n

                  The lack of referrals under subsections 1(2) and 2(2) is conspicuous, given that cases had been escalated to deputy heads under the 2017 MDs. The lack of authorizations under paragraph 3(1)(c) is inconspicuous, given the rarity of factual circumstances that would warrant such authorization.<\/p>\n\n\n\n

                  \n\n\n\n

                  Finding 9. <\/strong>NSIRA found that some high-risk sharing activities were stopped prior to escalation for consideration of possible mitigations.<\/p>\n\n\n\n

                  \n\n\n\n

                  The lack of referrals to deputies under subsections 1(2) and 2(2) should not be construed as implying that departments failed to identify any cases meeting the threshold of \u201csubstantial,” or that all cases of mitigated SRM were approved before they could be escalated for deputy-level consideration.<\/p>\n\n\n\n

                  CRA, CSIS, DND\/CAF, GAC, IRGC, and RCMP each reported to NSIRA that they had contemplated transactions involving SRM in 2022\u2014but not all of these contemplated transactions resulted in an information exchange. In some cases, the transaction was stopped before it could be escalated for more senior consideration of potential mitigations. Table 1 summarizes the outcomes of decisions taken in relation to each contemplated transaction involving SRM in 2022.<\/p>\n\n\n\n\n\t\n\t\t\n\t\t\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t
                  Table 1: Number of transactions involving SRM contemplated in 2022, by decision outcome<\/caption>\n\t
                  Department<\/th>\n\t\t\tTotal # Considered<\/th>\n\t\t\t# approved<\/th>\n\t\t\t# denied \/ not approved<\/th>\n\t\t\t# ongoing as of 2022-12-31<\/th>\n\t\t<\/tr>\n\t<\/thead>\n\t
                  CRA<\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                  CSIS<\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                  DND\/CAF<\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                  GAC<\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                  IRCC<\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                  RCMP<\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                  All departments:<\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t\t[**redacted**]<\/strong><\/td>\n\t\t<\/tr>\n\t<\/tbody>\n<\/table>\n\n\n\n

                  While the vast majority of substantial risk transactions contemplated in 2022 were approved, [**redacted**]<\/strong> were denied or otherwise not completed. For GAC and IRCC, the transactions that did not move forward reflect a substantial proportion of all substantial risk cases subject to formal consideration (64% and 33%, respectively).<\/p>\n\n\n\n

                  Departmental frameworks often include features that reflect a fundamental risk aversion that would result in fewer cases being escalated to deputies. CSE, for instance, allows a transaction to be denied at the initial stages of consideration when it is abundantly clear that there is SRM that cannot be mitigated below the level of substantial. Other departments, like DND\/CAF, PS, and RCMP, explicitly incorporate strategic considerations, such as the operational rationale for pursuing the exchange or the importance of the bilateral relationship, when deciding whether to escalate or deny a case. If the operational rationale is lacking, the corresponding cases will fall out of (or never enter into) the ACA escalation ladder, in a manner consistent with the directions\u2019 spirit.<\/p>\n\n\n\n

                  \n\n\n\n

                  Finding 10. <\/strong>NSIRA found that certain departments\u2019 ACA governance frameworks and risk assessment methodologies included features that may systematically under-assess the level of risk involved in a transaction. These features include:<\/p>\n\n\n\n

                    \n
                  • discrepant applications of the threshold for substantial risk of mistreatment;<\/li>\n\n\n\n
                  • incorporating mitigations into baseline assessments of risk, while overestimating their effects; and<\/li>\n\n\n\n
                  • a lack of checks and balances in the risk assessment process.<\/li>\n<\/ul>\n\n\n\n
                    \n\n\n\n

                    When the level of risk is under-assessed, cases involving substantial risk may be approved at lower levels in departments\u2019 escalation ladders without the intended levels of corresponding oversight, or may never be escalated in the first place. In these contexts, there is an increased likelihood that information may be disclosed or requested in contravention of the directions\u2019 prohibitions.<\/p>\n\n\n\n

                    Discrepant applications of the threshold for SRM<\/h3>\n\n\n\n

                    Mid-2021, all ISCG members agreed to adopt the definition for \u201csubstantial risk\u2019\u2019 that was provided in the 2017 MDs:<\/p>\n\n\n\n

                    \n

                    \u201ca personal, present and foreseeable risk of mistreatment In order to be \u201csubstantial\u201d, the risk must be real and must be based on something more than mere theory or speculation. In most cases, the test of a substantial risk of mistreatment will be satisfied when it is more likely than not that there will be mistreatment; however, in some cases, particularly where the risk is of severe harm, the \u201csubstantial risk\u201d standard may be satisfied at a lower level of probability.\u201d<\/p>\n<\/blockquote>\n\n\n\n

                    The same definition was also codified in DND\/CAF\u2019s 2022 MD.<\/p>\n\n\n\n

                    The agreed-upon definition is reflected in the policy documents of CSE, DFO, FINTRAC, GAG, PS, and ROMP, as well as (with some added precisions) CSIS and DND\/CAF. Despite their agreement to adopt the same definition, however, CBSA, ORA, IRGC, and TO have not consistently updated their internal policy instruments to reflect the definition in its entirety.<\/p>\n\n\n\n

                    Even where the definition has been formally integrated within broader policies, the threshold of probability for \u201csubstantial\u201d has not been consistently applied. Risk assessment tools often failed to incorporate the language of \u201cmore likely than not\u201d (and the greater-than-50% threshold it entails), or to clarify how to apply a lower level of probability when there is risk of severe harm. [**redacted**]<\/strong> <\/p>\n\n\n\n

                    Lack of clear direction within policy suites increases the likelihood that departments may apply a threshold for SRM that is incommensurate with the circumstances.<\/p>\n\n\n\n

                    Applying the SRM threshold requires clarity, as well, on what constitutes \u201cmistreatment.\u201d Although a definition for \u201cmistreatment\u201d is provided in the ACA, departments did not always agree on appropriate indicators thereof. At the 2022 \u201chuman rights summit,\u201d for instance, it was noted that [**redacted**]<\/strong> whereas DND\/CAF included it as an indicator of \u201cdue process.” When the definition of mistreatment is too narrowly scoped, SRM may be under-assessed.<\/p>\n\n\n\n

                    \n\n\n\n

                    Recommendation 3. <\/strong>NSIRA recommends that departments apply the \u201csubstantial risk\u201d threshold in a manner consistent with the definition adopted government-wide; and that departments whose broader policy frameworks do not yet reflect this definition (CBSA, CRA, IRCC, and TC) make the attendant updates.<\/p>\n\n\n\n

                    \n\n\n\n

                    Incorporating mitigations into baseline assessments of risk, while overestimating their effects<\/h3>\n\n\n\n

                    The directions allow departments to apply mitigations, such as caveats or assurances, to lower the level of a transaction\u2019s risk below \u201csubstantial.\u201d Departments that use entity assessments as their starting point for assessing SRM often incorporate such mitigations into their baseline assessment of risk, such that risk ratings reflect a lowered, residual risk of mistreatment instead of an untreated SRM for which subsequent mitigations may be considered.<\/p>\n\n\n\n

                    Within the sample of risk assessments reviewed, CSIS and DND\/CAF tended to assess entity risk as lower than the corresponding country risk. NSIRA did not find that their entity risk assessments sufficiently accounted for systemic risks of mistreatment observed in the entity\u2019s country-level operating environment. For CSIS, this dynamic was particularly evident in [**redacted**]<\/strong>.<\/p>\n\n\n\n

                    The impact of incorporating mitigations into baseline assessments of risk is accentuated when departments overestimate the effect of mitigations, or base their entity assessments on inappropriate considerations.<\/p>\n\n\n\n

                    The weight attributed to caveats and assurances, as baseline mitigations, was often artificially high. Prior NSIRA reviews have observed gaps in departments\u2019 ability to verify whether a country or entity has actually complied with caveats or assurances. NSIRA did not observe evidence, in 2022, that departments had taken steps to improve their confidence in entities\u2019 compliance with caveats or assurances, nor that they had moderated the expected effect of such mitigations when assigning entity risk levels.<\/p>\n\n\n\n

                    Additionally, NSIRA observed assessments where entity risk may have been influenced by inappropriate considerations, such as the strength of a department\u2019s bilateral relationship with the entity in question, or an absence of derogatory information particular to that entity. For example, FINTRAC\u2019s SRM assessment form specifically prompts users to evaluate the strength of FINTRAC\u2019s bilateral relations with its foreign counterpart. In addition, some departments\u2019 assessments appeared to discount risks reported in open sources in situations where confirmatory intelligence was unavailable.<\/p>\n\n\n\n

                    NSIRA maintains the position elaborated in its ACA review for 2020 that all bilateral exchanges should be assessed through the lens of country risk, given that even so- called \u201ctrusted partners\u201d are embedded in the information-sharing hierarchies and human rights contexts of their respective countries. Understanding the human rights risks within a country is a precursor for developing sound entity or case \u00adspecific risk assessments.<\/p>\n\n\n\n

                    \n\n\n\n

                    Recommendation 4. <\/strong>NSIRA recommends that departmental assessments of substantial risk of mistreatment be grounded in countries\u2019 human rights records; and that subsequent entity-level considerations be based on validated, current, and consistent respect for caveats and assurances, rather than the absence of derogatory information particular to that entity or other bilateral considerations.<\/p>\n\n\n\n

                    \n\n\n\n

                    Lack of checks and balances in the risk assessment process<\/h3>\n\n\n\n

                    Including checks and balances in the risk assessment process minimizes the likelihood of generating an under-assessment of risk. Checks and balances are present where decisions on case escalation are separated from decisions on whether a case meets the threshold for SRM.<\/p>\n\n\n\n

                    In 2022, many departments achieved this separation by building robust case triage practices into their case escalation frameworks. For instance, CRA, IRCC and RCMP initially escalate cases based on an externally-assigned or pre-determined country or entity risk rating, irrespective of the level of risk attributed to the specific transaction.<\/p>\n\n\n\n

                    Similarly, CBSA and DND\/CAF initially escalate cases based on case-specific assessments that matrix a baseline, externally-assigned, risk rating with features of the information being considered for exchange.<\/p>\n\n\n\n

                    DFO\u2019s framework achieves the same effect, despite not relying on a baseline risk rating, by escalating individual cases based on the presence of any potential risk of mistreatment. This threshold is feasible at DFO, given its low frequency of foreign information exchange; departments with higher volumes of information exchange may feasibly achieve a similar effect by escalating cases, at the outset, based on a threshold lower than \u201csubstantial.\u201d<\/p>\n\n\n\n

                    Other frameworks achieve a similar separation by ensuring that decisions on substantial risk are decided by officials outside the chain of command of operational personnel involved in the exchange. The ROMP, for instance, prohibits a member of its ACA senior management advisory committee from chairing the discussion of a case recommended from their own business line. To enhance this separation of powers, NSIRA recommended in its ACA review for 2021 that recommendations flowing from this committee be referred to an Assistant Commissioner who is not accountable for the branch from which the case originates. Such practices are consistent with NSIRA\u2019s 2017 MD review recommendation that, in cases where the risk of mistreatment approaches the threshold of \u201csubstantial,\u201d decisions should be made independently of operational personnel directly invested in the outcome.<\/p>\n\n\n\n

                    CSE\u2019s ACA policy instruments convey a layering of checks and balances: every instance of foreign information exchange that could lead to the identification of an individual is subject to a mistreatment risk assessment; these assessments are conducted by dedicated information-sharing teams, independently from operational personnel; determinations on the nature of mistreatment risk assessment required (annual, in low risk contexts; case-by-case, in all others) are made on the basis of pre-determined country risk ratings; subsequent case escalation reflects an upward triage based on gradations of mistreatment risk; and this escalation occurs exclusively within CSE\u2019s Authorities, Compliance, and Transparency sector, as opposed to an operational branch.<\/p>\n\n\n\n

                    CSIS\u2019s policy instruments do not convey the same degree of checks and balances [**redacted**]<\/strong>.<\/p>\n\n\n\n

                    \n\n\n\n

                    Recommendation 5. <\/strong>NSIRA recommends that all ACA governance frameworks incorporate layered checks and balances in the risk assessment and escalation of cases that may involve substantial risk of mistreatment.<\/p>\n\n\n\n

                    \n\n\n\n

                    Conclusion<\/h2>\n\n\n\n

                    In this fourth annual review of the ACA directions\u2019 implementation, NSIRA made findings related to compliance with the ACA\u2019s reporting requirements; the alignment of departments’ governance frameworks with the direction\u2019s provisions for information sharing; and departmental practices for identifying cases that may involve SRM.<\/p>\n\n\n\n

                    NSIRA\u2019s findings and recommendations in this report reflect both developments and stagnations in departments\u2019 implementation of the directions over time. Of note, NSIRA observed efforts in 2022 to collaborate interdepartmentally, and standardize certain practices across the GC. While these efforts reflect an improvement over past approaches, they fall short of the directions\u2019 envisioned consistent framework for foreign information sharing government-wide. Additionally, NSIRA observed a number of practices that may lead departments to systematically under-assess the risks involved in contemplated information exchanges. Such under-assessments may, in turn, lead to information being exchanged in contravention of the directions’ prohibitions.<\/p>\n\n\n\n

                    NSIRA made five recommendations in this review. Collectively, they would ensure that all departments\u2019 ACA frameworks reflect a degree of standardization commensurate with the spirit of the ACA and its associated directions; and that these frameworks are designed to support compliance with the directions.<\/p>\n\n\n\n

                    Appendices<\/h2>\n\n\n\n

                    Annex A. Sample of Country Risk Ratings<\/h3>\n\n\n\n

                    Table 2 presents the risk ratings for each country within the sample (n=19), as assigned by each department that relied on its own internally-developed country risk assessments in 2022.<\/p>\n\n\n\n\n\t\n\t\t\n\t\t\t\n\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t
                    Table 2: Sample of country risk ratings, per assessing department (as of November 2022)<\/caption>\n\t
                     <\/th>\n\t\t\tCBSA<\/th>\n\t\t\tCSE<\/th>\n\t\t\tCSIS<\/th>\n\t\t\tDND\/CAF<\/th>\n\t\t\tFINTRAC<\/th>\n\t\t\tRCMP<\/th>\n\t\t<\/tr>\n\t<\/thead>\n\t
                    Country 1<\/td>\n\t\t\tNo Assessment<\/strong><\/td>\n\t\t\tMixed
                    \n\t\t\t(Medium risk)<\/b><\/td>\n\t\t\t                    		Low
                    \n\t\t\t(Low risk)<\/b><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Moderate
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		No Assessment<\/b><\/td>\n\t\t<\/tr>\n\t\t
                    Country 2<\/td>\n\t\t\tNo Assessment<\/b><\/td>\n\t\t\tPoor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		Low
                    \n\t\t\t(Low risk)<\/strong><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		No Assessment<\/b><\/td>\n\t\t\tMedium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                    Country 3<\/td>\n\t\t\tHigh
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Poor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t<\/tr>\n\t\t
                    Country 4<\/td>\n\t\t\tNo Assessment<\/b><\/td>\n\t\t\tPoor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		Low
                    \n\t\t\t(Low risk)<\/strong><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		No Assessment<\/b><\/td>\n\t\t\tNo Assessment<\/b><\/td>\n\t\t<\/tr>\n\t\t
                    Country 5<\/td>\n\t\t\tNo Assessment<\/b><\/td>\n\t\t\tPoor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Moderate
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                    Country 6<\/td>\n\t\t\tNo Assessment<\/b><\/td>\n\t\t\tPoor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		No Assessment<\/b><\/td>\n\t\t\tHigh
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t<\/tr>\n\t\t
                    Country 7<\/td>\n\t\t\tNo Assessment<\/b><\/td>\n\t\t\tPoor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Moderate
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                    Country 8<\/td>\n\t\t\tNo Assessment<\/b><\/td>\n\t\t\tPoor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		No Assessment<\/b><\/td>\n\t\t\tMedium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                    Country 9 *No GAC HRR available<\/td>\n\t\t\tLow
                    \n\t\t\t(Low risk)<\/strong><\/td>\n\t\t\t                    		Mixed
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		Low
                    \n\t\t\t(Low risk)<\/strong><\/td>\n\t\t\t                    		Low
                    \n\t\t\t(Low risk)<\/strong><\/td>\n\t\t\t                    		Low
                    \n\t\t\t(Low risk)<\/strong><\/td>\n\t\t\t                    		Low
                    \n\t\t\t(Low risk)<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                    Country 10<\/td>\n\t\t\tHigh
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Poor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		Moderate
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                    Country 11<\/td>\n\t\t\tNo Assessment<\/b><\/td>\n\t\t\tPoor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		No Assessment<\/b><\/td>\n\t\t\tMedium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                    Country 12<\/td>\n\t\t\tHigh
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Mixed
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                    Country 13<\/td>\n\t\t\tNo Assessment<\/b><\/td>\n\t\t\tPoor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Moderate
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t<\/tr>\n\t\t
                    Country 14<\/td>\n\t\t\tNo Assessment<\/b><\/td>\n\t\t\tPoor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                    Country 15<\/td>\n\t\t\tMedium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		Mixed\/Poor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		Low
                    \n\t\t\t(Low risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Moderate
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		No Assessment<\/b><\/td>\n\t\t<\/tr>\n\t\t
                    Country 16<\/td>\n\t\t\tNo Assessment<\/b><\/td>\n\t\t\tMixed
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		Low
                    \n\t\t\t(Low risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Moderate
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                    Country 17<\/td>\n\t\t\tNo Assessment<\/b><\/td>\n\t\t\tMixed
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		Low
                    \n\t\t\t(Low risk)<\/strong><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		Moderate
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t<\/tr>\n\t\t
                    Country 18<\/td>\n\t\t\tNo Assessment<\/b><\/td>\n\t\t\tPoor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Moderate
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t<\/tr>\n\t\t
                    Country 19<\/td>\n\t\t\tHigh
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Poor
                    \n\t\t\t(High risk)<\/strong><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		High
                    \n\t\t\t(High risk)<\/b><\/td>\n\t\t\t                    		Moderate
                    \n\t\t\t(Medium risk)<\/strong><\/td>\n\t\t\t                    		Medium
                    \n\t\t\t(Medium risk) – Under Review<\/strong><\/td>\n\t\t<\/tr>\n\t<\/tbody>\n<\/table>\n\n\n\n

                    Annex B. Findings and Recommendations<\/h3>\n\n\n\n

                    NSIRA made the following findings and recommendations in this review:<\/p>\n\n\n\n

                    Compliance with the ACA<\/h4>\n\n\n\n

                    Finding 1. <\/strong>NSIRA found that all departments, with the exception of DFO in respect of subsection 7(1), complied with the reporting requirements set out in the ACA.<\/p>\n\n\n\n

                    Implementation of the Directions<\/h4>\n\n\n\n

                    Finding 2. <\/strong>NSIRA found that all departments had frameworks to govern their implementation of the ACA and its associated directions by the end of 2022.<\/p>\n\n\n\n

                    Finding 3. <\/strong>NSIRA found that most departments demonstrated continual refinements of their ACA frameworks based on self-identified gaps, NSIRA recommendations, and community-wide coordination efforts.<\/p>\n\n\n\n

                    Finding 4. <\/strong>NSIRA found that TC\u2019s ACA governance framework did not include policies and procedures for:<\/p>\n\n\n\n

                      \n
                    1. escalating cases to the deputy head; or<\/li>\n\n\n\n
                    2. assessing the risks of information sharing with foreign entities.<\/li>\n<\/ol>\n\n\n\n

                      Recommendation 1. <\/strong>NSIRA recommends that TC update its ACA governance framework to include policies and procedures for:<\/p>\n\n\n\n

                        \n
                      1. escalating cases to the deputy head; and<\/li>\n\n\n\n
                      2. assessing the risks of information sharing with foreign entities.<\/li>\n<\/ol>\n\n\n\n

                        Finding 5. <\/strong>NSIRA found that all departments, with the exception of DFO, GAC, PS, and TC, used country and\/or entity risk assessments to inform their assessments of substantial risk of mistreatment and corresponding case escalation.<\/p>\n\n\n\n

                        Finding 6. <\/strong>NSIRA found that departments’ country risk assessments were inconsistent with one another.<\/p>\n\n\n\n

                        Finding 7. <\/strong>NSIRA found that the simultaneous conduct of independent human rights risk assessments in different departments reflected a substantial duplication of effort across the GC, and created the opportunity for discrepant outcomes.<\/p>\n\n\n\n

                        Recommendation 2. <\/strong>NSIRA recommends that the Government of Canada designate a body responsible for developing:<\/p>\n\n\n\n

                          \n
                        1. a unified set of assessments of the human rights situations in foreign countries including a standard \u201crisk of mistreatment\u201d classification level for each country; and<\/li>\n\n\n\n
                        2. to the extent that multiple departments deal with the same foreign entities in a given country, standardized assessments of the risk of mistreatment of sharing information with foreign entities.<\/li>\n<\/ol>\n\n\n\n

                          Decisions on Substantial Risk of Mistreatment<\/h4>\n\n\n\n

                          Finding 8. <\/strong>NSIRA found, for the fourth consecutive year, that no departments escalated cases to their deputy heads for determination or decision.<\/p>\n\n\n\n

                          Finding 9. <\/strong>NSIRA found that some high-risk sharing activities were stopped prior to escalation for consideration of possible mitigations.<\/p>\n\n\n\n

                          Finding 10. <\/strong>NSIRA found that certain departments\u2019 ACA governance frameworks and risk assessment methodologies included features that may systematically under\u00adassess the level of risk involved in a transaction. These features include:<\/p>\n\n\n\n

                            \n
                          • discrepant applications of the threshold for substantial risk of mistreatment;<\/li>\n\n\n\n
                          • incorporating mitigations into baseline assessments of risk, while overestimating their effects; and<\/li>\n\n\n\n
                          • a lack of checks and balances in the risk assessment process.<\/li>\n<\/ul>\n\n\n\n

                            Recommendation 3. <\/strong>NSIRA recommends that departments apply the \u201csubstantial risk\u201d threshold in a manner consistent with the definition adopted government-wide; and that departments whose broader policy frameworks do not yet reflect this definition (CBSA, CRA, IRGC, and TC) make the attendant updates.<\/p>\n\n\n\n

                            Recommendation 4. <\/strong>NSIRA recommends that departmental assessments of substantial risk of mistreatment be grounded in countries\u2019 human rights records; and that subsequent entity-level considerations be based on validated, current, and consistent respect for caveats and assurances, rather than the absence of derogatory information particular to that entity or other bilateral considerations.<\/p>\n\n\n\n

                            Recommendation 5. <\/strong>NSIRA recommends that all ACA governance frameworks incorporate layered checks and balances in the risk assessment and escalation of cases that may involve substantial risk of mistreatment.<\/p>\n<\/div><\/div>\n<\/div><\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":3255,"parent":8062,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-nsira-subpages.php","meta":{"inline_featured_image":false},"categories":[19,24],"tags":[47,84,83,78,77,90,79,82,80,89,87,74,85,91],"yoast_head":"\nReview of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022: Report - National Security and Intelligence Review Agency<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nsira-ossnr.gc.ca\/en\/reviews\/find-a-review\/23-04\/report\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022: Report - National Security and Intelligence Review Agency\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsira-ossnr.gc.ca\/en\/reviews\/find-a-review\/23-04\/report\/\" \/>\n<meta property=\"og:site_name\" content=\"National Security and Intelligence Review Agency\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-25T13:51:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsira-ossnr.gc.ca\/wp-content\/uploads\/Reviews-Featured-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"350\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"29 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/nsira-ossnr.gc.ca\/reviews\/find-a-review\/23-04\/report\/\",\"url\":\"https:\/\/nsira-ossnr.gc.ca\/reviews\/find-a-review\/23-04\/report\/\",\"name\":\"Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022: Report - National Security and Intelligence Review Agency\",\"isPartOf\":{\"@id\":\"https:\/\/nsira-ossnr.gc.ca\/#website\"},\"datePublished\":\"2025-02-04T03:27:09+00:00\",\"dateModified\":\"2025-02-25T13:51:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/nsira-ossnr.gc.ca\/reviews\/find-a-review\/23-04\/report\/#breadcrumb\"},\"inLanguage\":\"en-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/nsira-ossnr.gc.ca\/reviews\/find-a-review\/23-04\/report\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/nsira-ossnr.gc.ca\/reviews\/find-a-review\/23-04\/report\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Reviews\",\"item\":\"\/reviews\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Find A Review\",\"item\":\"\/reviews\/find-a-review\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022\",\"item\":\"\/reviews\/find-a-review\/23-04\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022: Report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/nsira-ossnr.gc.ca\/#website\",\"url\":\"https:\/\/nsira-ossnr.gc.ca\/\",\"name\":\"National Security and Intelligence Review Agency\",\"description\":\"Official Website\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/nsira-ossnr.gc.ca\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-CA\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022: Report - National Security and Intelligence Review Agency","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nsira-ossnr.gc.ca\/en\/reviews\/find-a-review\/23-04\/report\/","og_locale":"en_US","og_type":"article","og_title":"Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022: Report - National Security and Intelligence Review Agency","og_url":"https:\/\/nsira-ossnr.gc.ca\/en\/reviews\/find-a-review\/23-04\/report\/","og_site_name":"National Security and Intelligence Review Agency","article_modified_time":"2025-02-25T13:51:20+00:00","og_image":[{"width":350,"height":500,"url":"https:\/\/nsira-ossnr.gc.ca\/wp-content\/uploads\/Reviews-Featured-2.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"29 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/nsira-ossnr.gc.ca\/reviews\/find-a-review\/23-04\/report\/","url":"https:\/\/nsira-ossnr.gc.ca\/reviews\/find-a-review\/23-04\/report\/","name":"Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022: Report - National Security and Intelligence Review Agency","isPartOf":{"@id":"https:\/\/nsira-ossnr.gc.ca\/#website"},"datePublished":"2025-02-04T03:27:09+00:00","dateModified":"2025-02-25T13:51:20+00:00","breadcrumb":{"@id":"https:\/\/nsira-ossnr.gc.ca\/reviews\/find-a-review\/23-04\/report\/#breadcrumb"},"inLanguage":"en-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsira-ossnr.gc.ca\/reviews\/find-a-review\/23-04\/report\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nsira-ossnr.gc.ca\/reviews\/find-a-review\/23-04\/report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Reviews","item":"\/reviews\/"},{"@type":"ListItem","position":2,"name":"Find A Review","item":"\/reviews\/find-a-review\/"},{"@type":"ListItem","position":3,"name":"Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022","item":"\/reviews\/find-a-review\/23-04\/"},{"@type":"ListItem","position":4,"name":"Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022: Report"}]},{"@type":"WebSite","@id":"https:\/\/nsira-ossnr.gc.ca\/#website","url":"https:\/\/nsira-ossnr.gc.ca\/","name":"National Security and Intelligence Review Agency","description":"Official Website","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsira-ossnr.gc.ca\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-CA"}]}},"_links":{"self":[{"href":"https:\/\/nsira-ossnr.gc.ca\/en\/wp-json\/wp\/v2\/pages\/8722"}],"collection":[{"href":"https:\/\/nsira-ossnr.gc.ca\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/nsira-ossnr.gc.ca\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/nsira-ossnr.gc.ca\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsira-ossnr.gc.ca\/en\/wp-json\/wp\/v2\/comments?post=8722"}],"version-history":[{"count":3,"href":"https:\/\/nsira-ossnr.gc.ca\/en\/wp-json\/wp\/v2\/pages\/8722\/revisions"}],"predecessor-version":[{"id":8728,"href":"https:\/\/nsira-ossnr.gc.ca\/en\/wp-json\/wp\/v2\/pages\/8722\/revisions\/8728"}],"up":[{"embeddable":true,"href":"https:\/\/nsira-ossnr.gc.ca\/en\/wp-json\/wp\/v2\/pages\/8062"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsira-ossnr.gc.ca\/en\/wp-json\/wp\/v2\/media\/3255"}],"wp:attachment":[{"href":"https:\/\/nsira-ossnr.gc.ca\/en\/wp-json\/wp\/v2\/media?parent=8722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsira-ossnr.gc.ca\/en\/wp-json\/wp\/v2\/categories?post=8722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsira-ossnr.gc.ca\/en\/wp-json\/wp\/v2\/tags?post=8722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}