PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

New Beneficial Ownership Discrepancy Reporting

Effective October 1, 2025, Canadian anti-money laundering (AML) reporting entities regulated by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) are required to report to Corporations Canada any material discrepancies identified between the beneficial ownership information that they have obtained and that is listed in Corporations Canada’s database.

Background

This requirement was introduced to enhance the reliability of beneficial ownership information available to authorities and the public, and to reduce the opportunities for misuse of Canadian corporate structures in money laundering, tax evasion, and sanctions avoidance schemes. Since the usefulness of the beneficial ownership information depends on the accuracy of the information, amendments under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) now will require reporting entities to flag material discrepancies between the information provided by a corporation incorporated under the Canada Business Corporations Act (CBCA) and what is recorded in the registry, thereby supporting Corporations Canada in maintaining an accurate database.

A “material discrepancy” exists where beneficial ownership information collected by a reporting entity substantively contradicts what is publicly disclosed. While the regulations give limited guidance, missing beneficial owners are considered material, while minor typographical errors are not. Currently, the definition of “material” remains imprecise, which may create some uncertainty for compliance teams.

Who Must Comply

The requirement applies to reporting entities who have the existing obligation to take reasonable measures to confirm the accuracy of beneficial ownership information when they first obtain it and in the course of conducting ongoing monitoring of their business relationships.

Discrepancy reporting applies only to CBCA corporations that are active on the Corporations Canada registry.

When to Report

Reporting entities are required to report a material discrepancy to Corporations Canada within 30 days after the day on which it is identified when the following criteria are met:

  • A client is an active CBCA corporation; and
  • The reporting entity determines that the corporation is high-risk for money laundering, terrorist financing, or sanctions evasion; and 
  • When there is a material discrepancy in beneficial ownership information that is not resolved within 30 days. Note there is no requirement to address the material discrepancy directly  with the customer. 

In these cases, reporting entities must check the Corporations Canada registry when a high-risk relationship is first identified and continue to check during ongoing monitoring of that high-risk business relationship.

If a previously reported discrepancy is identified again (i.e., during the course of ongoing monitoring) and it has not been resolved, it must be reported again. If there are other issues related to corporate status or registry info (not beneficial ownership information), this information can still be reported to Corporations Canada, but it must be done so separately. Voluntary reporting is permitted if the client is considered low-risk, but discrepancies are still found.

Reporting Steps

Reports are submitted through Corporations Canada’s online portal (accessed through the registry). The process is as follows:

  1. Ensure your reporting entity is registered for FINTRAC Web Reporting (FWR), and that the individual completing the reporting has an active My ISED account with Corporations Canada.
  2. Search the corporation on the Corporations Canada website to confirm it is an active CBCA corporation.
  3. While in Corporations Canada’s online portal, from the page connected to the corporation about which the discrepancy is being reported, select “Report an Issue” (currently a link at the bottom right of the page). This will prompt a My ISED login.
  4. Complete the discrepancy form with:
    • Reporting entity details (legal name, RE number, location, compliance contact/email). This information will auto-populate after the first report. 
    • Corporation details (name and incorporation number for the company you are reporting on).
    • Selecting the reason for reporting a discrepancy (reporting as required under PCMLTFA or voluntary).
    • Discrepancy details (nature of inconsistency, date identified).
  5. Review the information for accuracy and submit the report.
  6. A confirmation screen will appear, including a reference number 
  7. Corporations Canada will validate the report and issue an acknowledgment within 10 business days.
  8. Keep a copy of the acknowledgement as evidence of the completed discrepancy reporting.
  9. If the discrepancy has not been resolved by the next time you complete periodic monitoring for the entity, the process is repeated.

For more detailed steps on reporting, you may refer to the guidance on submitting a beneficial ownership discrepancy report or the following Corporations Canada demo video, which together provide a comprehensive overview.

 

Note that inaccurate or incomplete reporting entity information will result in an invalid Beneficial Ownership discrepancy report. Amendments to submitted reports are currently not possible, and a new report will have to be submitted. 

Reporting entities must retain the report acknowledgment and other supporting documentation as evidence of meeting obligations. 

We’re Here To Help

If you would like assistance in understanding what these changes mean to your business, or if you need help updating your compliance program and processes, please get in touch.

Fraud Alert: Scammers Are Using Our Name in Fake Phishing Emails

Written with Heidi Unrau

 

We want to alert you to a rise in phishing emails impersonating Outlier Compliance Group.

Several of our clients have recently received emails that look like they’re from Outlier Compliance Group, but are definitely not.

What’s a Phishing Email?

Phishing is when someone sends a fake email pretending to be a trusted company, organization, or person in an attempt to trick you into:

  • Opening an infected attachment
  • Clicking on a malicious link
  • Sharing sensitive information like passwords, banking details, or personal data

The goal is to steal your personal, financial, or login information and/or infect your computer. These emails can look very convincing, especially if you’re expecting documents or communication from a real company.

Recent Example

Our client received an email from dave.outliersolutions@proton.me with an official-looking PDF attached. It seemed legitimate. But this is NOT one of our addresses, and the sender has no connection to Outlier Compliance Group.

We want to be clear:
Outlier Compliance Group only sends emails from addresses ending in @outliercanada.com. Anything else is not from us, even if the name and logo look the same.

How to Spot a Phishing Email

Scammers are counting on you to miss the signs. Here’s what to look out for:

  1. The email address is off
    Scam emails often use free accounts like Gmail, Hotmail, and ProtonMail to impersonate businesses.
    ✅ Real: info@outliercanada.com
    ❌ Fake: info.outliersolutions@proton.me
    Our emails always end with @outliercanada.com or may come trusted systems (i.e. @post.xero.com for invoices)
  2. It creates urgency or confusion
    Phishing emails try to scare you into acting fast. “Your account will be closed! Or open this document now!” Outlier will never use scare tactics. Pause and verify before clicking anything.
  3. You weren’t expecting it
    If you suddenly get an email, file, invoice, or link out of the blue, don’t open it. If there’s no context or explanation, that’s also a red flag. Legitimate companies usually let you know in advance if they’re sending something important. When in doubt, confirm.
  4. The formatting feels off
    Watch for poor grammar, strange wording, or weird punctuation. If it sounds “off,” it probably is. Never open or click on anything unless you are 100% sure it’s safe and legitimate.

What To Do If You’re Not Sure

If an email doesn’t feel right, even if it has the Outlier name and logo, don’t open it. Contact us directly using the email you already have in your contacts. Or email us at info@outliercanada.com.

It’s always better to double-check than to fall for a scam. We’re happy to confirm if an email is from us or not.

Stay safe. Stay alert.

What Should You Do After Submitting Suspicious Transaction Reports to FINTRAC?

What Happens After You Submit a Suspicious Transaction Report?

When it comes to AML compliance, submitting a Suspicious Transaction Report (STR) to FINTRAC is just the beginning, not the end.

In this short video presentation, Divya Bhaktha from Outlier Compliance Group breaks down exactly what you need to do after an STR is filed, and the consequences if you don’t follow-up correctly.

Reference Links

Public notice of administrative monetary penalties

Reporting suspicious transactions to FINTRAC

Guide on harm done assessment for suspicious transaction reports violations (section 2.3.4)

 

Need help navigating STR obligations? Email us at info@outliercanada.com or get in touch here.

What to Expect When FINTRAC Comes Knocking

Written with Heidi Unrau

FINTRAC’s New Assessment Approach – It’s Not Just Exams Anymore

Every request, meeting, form, or call with the Financial Transaction and Reports Analysis Centre of Canada (FINTRAC), Canada’s anti-money laundering (AML) regulator and financial intelligence unit (FIU), is a potential assessment activity. If your business is subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), the regulator could contact you at any time. In 2025, FINTRAC significantly expanded and diversified its compliance assessment toolkit.

FINTRAC’s assessment activities are not limited to full-blown compliance examinations, and the regulator is increasingly using other assessment tools. These include a wider range of formal and informal touchpoints, each of which can carry consequences and should be taken seriously. Here’s what you need to know to prepare, respond, and stay one step ahead when FINTRAC contacts you.

Yes, These Are All Assessment Activities

Many organizations are surprised to learn that not every FINTRAC interaction is labelled as an “examination,” although a range of activities are used to assess FINTRAC reporting entities. While some of these activities may be more informal than examinations, they are not unimportant.

In 2025, common FINTRAC assessment activities include, but are not limited to:

A woman peeking out from behind a stack of folders on a desk.

Data Hide and Seek

  • Information Requests
  • Supervisory Risk Assessment Questionnaires (SRAQs)
  • Compliance Self-Attestations
  • Monitoring Meetings
  • Action Plans
  • Examinations

Each of these activities serves as an opportunity for FINTRAC to understand and evaluate how well your organization is meeting its AML compliance obligations. Responding late, incorrectly, or incompletely can impact your risk score, trigger follow-up activities including examinations, or even result in penalties.

Information Requests

FINTRAC can request a wide range of information from reporting entities related to AML compliance. Where no personal information (PI) is being requested, these requests may be delivered by email rather than by more secure channels such as Canada Post’s secure messaging system.

However, reporting entities that prefer to respond via a secure channel can request this, and FINTRAC will generally accommodate their request. If an information request is unclear or if the timeframes are not feasible for your business, it is important to contact FINTRAC as soon as possible to resolve the issue.

Supervisory Risk Assessment Questionnaires (SRAQs)

SRAQs are Excel forms sent through Canada Post’s secure platform, often after a call or meeting with FINTRAC to explain the process. They include detailed questions about your business structure, risk levels, and electronic funds transfers.

Some fields may be pre-filled by FINTRAC, but must be reviewed. The SRAQ will generally have questions about your risk assessment, and you may be asked whether your risk assessment aligns with Canada’s National Risk Assessment (NRA).

Compliance Self-Attestations

These detailed PDF forms are also delivered securely, either with a SRAQ or on their own, and may follow a call or meeting with FINTRAC to explain the process. The self-attestation form asks about your Compliance Officer, AML policies and procedures, risk assessment, training, and compliance effectiveness reviews (audits). The responses must be specific (tailored to your business, documentation, and processes), and questions often overlap with the SRAQ.

The self-attestation questionnaire commonly asks who approved your policies, and whether compliance effectiveness reviews (audits) led to action plans. The final section of the attestation form requires sign-off from the person completing it, attesting to the accuracy and completeness of the information provided.

Monitoring Meetings

Monitoring meetings are common for larger or higher-risk businesses and are used to follow up on issues like reporting errors, self-declared non-compliance, or action plan progress. Be ready to explain past issues and decisions, particularly where FINTRAC is actively monitoring the remediation of an issue, including deficiencies observed by FINTRAC through examinations or other assessment activities. Detailed records help keep these meetings focused and efficient.

Action Plans

FINTRAC may request an action plan to correct deficiencies observed in the course of its assessment activities, or subsequent to a voluntary self-declaration of non-compliance. An action plan describes the deficiencies, the steps that are being taken to address and correct the issues, and the expected timelines. In some cases, FINTRAC may request updates to action plans in conjunction with monitoring meetings.

Examinations

FINTRAC selects businesses for examinations based on factors like risk score, past findings, or industry trends. Examinations may be in-person or remote, and full-scope (covering a broad range of AML compliance requirements) or targeted (covering only a narrow scope, such as high-risk customers and enhanced due diligence activities).

The examination process generally begins with a notification call, followed by a formal letter, document review, interviews, and concludes with a findings report. As PI and other sensitive information is exchanged with FINTRAC in this process, written communication is usually through Canada Post’s secure online portal. If serious deficiencies are discovered, FINTRAC may issue a Notice of Violation, which accompanies an administrative monetary penalty (AMP).

Take Every Request Seriously, The Consequences Are Real

A single poorly handled request can escalate to a formal examination or enforcement action, up to and including an AMP. For example:

  • Information Requests might ask for detailed operational data, like wallet addresses, transaction volumes, geographic reach, etc., that must be provided within specific timeframes.
  • SRAQs and Self-Attestations often probe the strength and scope of your compliance program, training, policies, and controls.
  • Monitoring Meetings may seem routine, but they serve as real-time evaluations of progress or issues.

Even if you think your compliance program is strong, you can’t rest on your laurels. Giving too much, too little, or the wrong kind of information can still cause problems.

Timing & Scope Matter, So Speak Up Early

One of the most preventable mistakes? Not raising concerns early. If you receive a request that:

  • Requires more time than you realistically have
  • Involves an impractical volume of data
  • Touches on sensitive or operationally risky areas (like sending wallet addresses via unencrypted email, for example)
  • Is unclear or difficult to fulfill, or
  • Seems misaligned with your actual business structure…

Reach out to FINTRAC right away! They may allow accommodations like a secure file upload option or deadline extensions. FINTRAC  will also be able to clarify or refine the scope of their request, but you have to ask early. Proactive communication helps avoid mistakes and shows a good-faith effort to comply.

Documentation is Protection

Formal or informal? It doesn’t matter. If you interact with FINTRAC, document everything:

  • The requests received and your interpretations,
  • Deadlines and communication
  • What data you provided and how
  • Who internally approved or reviewed the responses

Keep a central record, like a shared folder or internal compliance log, to track all relevant information. Where there is something unusual about your business or processes, consider whether or not it makes sense to include explanations either in writing or during a meeting with FINTRAC.

Common Errors to Avoid

These are the biggest issues that trip up even experienced teams:

  • Not answering the question asked: Too much or too little detail can both be problematic, and providing information that doesn’t address the question makes you seem disorganized at best.
  • Assuming foreign compliance standards apply: FINTRAC’s mandate is to ensure compliance with Canadian requirements, and straying from this focus can imply that you’re not well-versed when it comes to the Canadian AML framework.
  • Underestimating the data lift: Raw data is often messier and harder to extract than expected. Plan accordingly and start pulling data and organizing your response early.
  • Auditor independence: If your auditor is also your AML program creator, expect scrutiny for lack of independence.

Make an Action Plan, Even if You’re Not Asked

There is some variance in terms of whether or not action plans are requested after FINTRAC examinations. Today, they’re becoming an unspoken expectation, though you may not be asked for your action plan until the next time that you’re faced with an assessment activity. Best practice? Develop an internal action plan, even if  FINTRAC doesn’t ask for one. Examiners, auditors, and your leadership team will expect to see how you’ve addressed gaps. Your action plan should:

  • Outline findings and fixes
  • Assign owners and timelines
  • Track milestones and updates

If you’ve already had an examination or audit and didn’t document an action plan, it’s not too late. Your plan can include work already completed to address any deficiencies.

Is This Really From FINTRAC? How to Tell

Some recent FINTRAC requests look different from what businesses are used to, which has caused confusion. And to make matters worse, there have been documented cases of scammers impersonating FINTRAC and other regulators. Here’s how to tell if the request is legitimate:

  • Check the Sender: Legit emails come from @fintrac-canafe.gc.ca or @fintrac-canafe.canada.ca.
  • Look for legal references: Real requests often cite the PCMLTFA (for example, section 63.1(2) of the PCMLTFA).
  • Expect formal language: Clear instructions, deadlines, and specific data requests are standard.
  • Templates included: FINTRAC may attach Excel or PDF forms to complete. These will not be in a “zipped” format or other format that cannot be scanned for malicious elements.
  • No contact name? Still valid: Some are signed by the team or department without a specific person named.
  • Delivery method: Sensitive items may come through Canada Post’s secure epost system, but where this is the case, reporting entities will generally receive a phone call first.

If you’re unsure, don’t ignore it. Verify through FINTRAC’s official contact channels, not by replying to a suspicious email.

Final Reminder: Treat Every Touchpoint as an Evaluation

A call. An email. A simple questionnaire or data request. It’s all part of a broader assessment process. These activities carry weight, can impact your risk profile, and may lead to further scrutiny if not handled correctly.

Treat every request seriously and respond with care. If something is unclear, the scope seems off, or if you need more time, speak up early! Proactive communication prevents misunderstandings and protects your organization from costly consequences.

Need a Hand?

If you’re unsure how to interpret a request, need help crafting a response, or want to strengthen your overall compliance approach, Outlier Compliance Group is here to help. Please get in touch.

We’re Hiring an Operational Risk Ninja!

We’re looking for a senior operational risk person to join our team. Initially, this is going to be a part-time role but we’d love for it to become a full-time role, depending on the need and fit. We take bringing on new team members very seriously. We’re a small and close-knit team, and fit is just as important as experience. We’d be lying if we said that “can we just handle the work ourselves” isn’t something that was brought up (multiple times). You’re reading this posting because we need a very capable human, and maybe that’s you. 

While we know many great folks, we’ve chosen to post this role publicly in the interest of widening the possible field to include candidates that we might not know personally. We have done it before and we lucked out! 

What does the job actually entail?

We’re compliance and risk consultants. Our core areas of practice include:

  • Anti-Money Laundering (AML), Anti-Terrorist Financing (ATF)
  • Canadian Sanctions
  • Privacy
  • Regulatory Compliance
  • Operational Risk Management (including Retail Payment Compliance)
  • Pan-Canadian Trust Framework (PCTF)

Most of the companies that we work with are AML reporting entities (banks, credit unions, money services businesses, securities dealers, dealers in precious metals and precious stones, real estate brokerages, etc.). Our work is generally project-based, and those projects include:

  • Developing and updating compliance and risk policies and procedures;
  • Developing risk assessments;
  • Designing and delivering training;
  • Conducting effectiveness reviews/audits;
  • Helping clients to prepare for reviews and regulatory examinations; 
  • Helping clients to remediate review and regulatory examination findings; and
  • Helping clients with compliance-related questions.

The person we are looking for would be responsible for the following:

  • Design, document, and improve policies, procedures, and internal control frameworks to meet regulatory expectations and industry best practices.
  • Advise clients on compliance with operational risk management requirements (RPAA and OSFI E-21). This includes third-party risk, incident response, fraud business continuity and safeguarding  requirements.
  • Support the development and implementation of operational risk management frameworks, governance structures, and reporting mechanisms.
  • Guide clients through compliance with the RPAA, including registration, risk management frameworks, incident reporting, and safeguarding of end-user funds.
  • Lead operational risk assessments, control reviews, and gap analyses across client operations, with a focus on payment service providers and fintechs.
  • Provide guidance on privacy and data governance issues, including compliance with PIPEDA and other applicable provincial privacy legislation.
  • Monitor emerging regulatory changes and industry developments to inform clients and update risk frameworks accordingly.
  • Liaise with client legal, compliance and risk teams as needed on matters related to risk, compliance, and governance.

To do this effectively, we believe that you need to have deep, hands-on experience in these areas. This is why all of our team members have over 10,000 hours of in-house compliance experience. This is non-negotiable. Additionally, we are looking for the following qualifications:

  • Deep knowledge of operational risk frameworks, including proven experience implementing or assessing operational risk programs in line with it.
  • Strong working knowledge of Canadian privacy laws and their application to operational and data risk.
  • Experience developing and implementing risk and compliance frameworks, including for third-party/vendor risk, incident response, and operational resilience.
  • Excellent communication skills, with the ability to explain complex regulatory concepts to stakeholders at all levels.
  • Strong writing skills for client deliverables, policies, and presentations.
  • Proficient knowledge of Microsoft Office (Word, Excel, Powerpoint, etc). 

Additionally, if you have any of the below it is a definite asset:

  • Experience advising or working with PSPs, MSBs and/or fintechs.
  • Experience with developing and or updating AML policies and procedures.
  • Experience with conducting AML effectiveness reviews.
  • Designing and delivering training.
  • Experience and/or knowledge of the Pan-Canadian Trust Framework (PCTF). 
  • Prior experience engaging directly with Canadian regulators.
  • Relevant certifications (i.e. RIMS CRM CIPP/C, CRISC, FRM, CIA). and
  • Bilingualism (English/French) is a plus but not required.

What it’s like working at Outlier

We think our team is pretty great: professional, friendly, and incredibly nerdy. At first, we might seem intimidating, or even a little cliquey, but we’ll do everything we can to bring you into the fold. That said, you’ll need to identify and ask for what you need. Autonomy is a big part of how we work.

No two days are the same. We work on different projects that move at different paces, and sometimes things get hectic — it can be stressful. You’ll need to be comfortable providing your own structure and managing your schedule, while keeping in mind the needs of the business and our clients. As long as the desired outcomes are delivered on time, you can work at your own pace and from your own location. Most of our work is done remotely, though occasionally we may need to be on site with clients. We also have an office in downtown Toronto for when the need arises (and you’re welcome to work from that location whenever you like). 

Our clients are professionals, entrepreneurs, and thought leaders. They’re smart, driven, and often push boundaries and ways of thinking, which means we’re constantly learning from them as well as answering their questions. They won’t always be compliance-minded, but the conversations are rarely boring. It’s often an absolutely incredible journey.

Our compensation model is radically transparent and tied to individual performance. Consultants earn a share of the revenue from each project they’re part of. These are democratic decisions, visible to the entire team, which helps ensure fairness. We know that openly discussing compensation can feel awkward at first — we try to approach it with empathy and openness.

Some things that we think are probably true about the right candidate

  • You’re really good at what you do, but you are never satisfied. 
  • Every time you’ve left a job, they’ve had to hire several people to replace you. You try not to gloat about this too much, but sometimes you can’t help it.
  • When put in charge of a well-functioning system, you’re likely to test “process improvements” until something breaks.
  • You’re at your very best when you’re fixing something broken or building something new – those challenges invigorate you.
  • When a business person tells you what they want to build, you immediately start thinking about how to execute their ideas within the parameters of existing law and regulation.
  • The phrase “that’s the way we’ve always done it” makes you either shudder or clench your jaw (maybe both).
  • In your spare time, you probably deconstruct, make or build things. 

Want to apply?

Send an email with your resume attached in PDF format to: ninjas@outliercanada.com by July 14, 2025. 

The subject line should read: Risk Ninja, 2025

In the body of the email, please indicate why you believe that you would be a good fit, referencing this posting, as well as where you clocked your 10,000 hours of in-house compliance practice. Please feel free to include any questions that you have for us at the outset as well.

Please note that messages submitted in any other format via any other channels will not be considered. Only applicants selected for an interview will be contacted. A reminder, only Canadian citizens need apply.

Integrity Over Profit

Earlier this week I was approached by a client with whom we had completed a full overhaul of their Risk Assessment documentation, which occurred about 3-4 months ago. The project was completed with excellent results, and from all accounts, an ideal outcome. Mainly, the client was satisfied with the deliverable, felt more confident in the status of their overall compliance program, and was a delight to work with.

When they reached out this week, they were inquiring about Outlier completing their upcoming 2 year Compliance Effectiveness Review (CER). This was a clear indication of their satisfaction, which was a good feeling. However, we had to keep in mind that we (Outlier) revised their Risk Assessment documentation not too long ago. After some internal discussion, we felt it was not the right move for us to take on their CER, as we would be reviewing a portion of our own work. Not only would this be less value to the client, but should their financial service provider or FINTRAC determine that their reviewer was also the drafter of a portion of the compliance documentation, that would be a bad look. FINTRAC guidance states “Also, as a best practice, to ensure that your review is impartial, it should not be conducted by someone who is directly involved in your compliance program activities.”

Informing the client about our perceived conflict, and that it would not be the right move given the situation, felt less than optimal. No one wants to turn business away. However, the response was received with grace and understanding. This isn’t a shock as this individual is, in my opinion, an underrated pillar of the AML community, and generally, a person with a high degree of integrity.

Ok, So What?

This post is not intended to be a self-congratulatory post, but rather a message to highlight an important point for reporting entities. We have sat through examinations with clients where FINTRAC has identified the lack of separation between the drafter of the documentation and reviewer of the documentation. This situation left the reporting entity in a position they could not defend, resulting in, what I deem, an entirely unnecessary position. Had the reviewer acted with integrity, by informing the reporting entity about the potential risk and downfalls, the FINTRAC examination would have resulted in a more favorable outcome, including one less deficiency.

From my experience, the separation between the drafter and reviewer should go beyond merely assigning different people, or different departments, within the same organization because the baseline knowledge is consistent across the business. You want completely fresh eyes on your compliance program and its effectiveness.

The intent of this post is to serve as an FYI to reporting entities that relying on one firm to handle all aspects of compliance support is not an ideal scenario and can lead to problems down the line. There is no shortage of fantastic compliance consulting firms in Canada, each with deep expertise when it comes to Canadian regulatory requirements and FINTRAC expectations. If you would like some suggestions on additional firms that can offer compliance support, please feel free to reach out to us, and we can make warm introductions to other trusted firms.

Finally, this also raises concerns regarding independence of the CER process when the same company is engaged for multiple reviews in succession. We have strongly suggested to a few longstanding clients that they source a different reviewer for a “fresh set of eyes,” after completing multiple CERs for them previously. We have also received feedback from clients that during FINTRAC exams, FINTRAC examiners are suggesting the same thing. While its nice to have a good relationship with your compliance support providers, there comes a point where a changeup is not only suggested, it is necessary. It’s better to make the choice yourself, rather than have FINTRAC make it for you.

Independent Support

If you are in need of a completely independent reviewer, a suggestion for a couple of different options, or just have general questions, please feel free to contact us. We are here to help, and truly believe that rising tides lift all boats.

2025 AML Changes: New Import/Export Declarations, Information Sharing, Beneficial Ownership Transparency and New Reporting Entities

Background

On March 26, 2025 final amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations and creation of a new regulation were officially published in the Canada Gazette (SOR/2025-67 and SOR/2025-68). This round of anticipated changes introduces three company types that will become reporting entities. Additionally, the amendments bring in changes related to reporting of goods, information sharing, and beneficial ownership discrepancy reporting.

In traditional fashion, to make reading these changes a little easier, we (thanks Rodney) have created a redlined version of the regulations, with new content showing as tracked changes, which can be found in a combined document here.

While there are no substantial changes to the requirements from the draft amendments published on November 30, 2025 in the Canada Gazette, one noteworthy change is that the in-force date of most requirements was moved from October 1, 2025, to April 1, 2025, which will likely leave companies scrambling.

The incoming requirements are meant to improve Canada’s anti-money laundering (AML), anti-Terrorist Financing (ATF) and sanctions regime, and implement measures announced in Budget 2022, Budget 2023, Budget 2024, the 2023 Fall Economic Statement, and Canada’s last Parliamentary Review. On February 4, 2025, the Prime Minister issued the Directive on Transnational Crime and Border Security, which stated the urgent need to disrupt profits laundered by organized crime in connection with illegal trade in drugs such as fentanyl. The amendments provided in the finalized regulations were identified as key measures to support this Directive.

The regulatory impact analysis statement (RIAS) accompanying the finalized regulations indicates that these amendments are also needed for Canada to align to Financial Action Task Force (FATF) standards ahead of Canada’s next mutual examination by the FATF later in 2025. The RIAS states that FINTRAC is committed to working with reporting entities to ease the implementation process along this accelerated and exceptional timeline, and will put emphasis on engagement, outreach and guidance activities related to new regulatory obligations.

What’s Changed?

Trade Based Money Laundering (TBML)

The regulatory amendments introduce a new Proceeds of Crime (Money Laundering) and Terrorist Financing Reporting of Goods Regulation.   

Under the new regulation, anyone who is importing or exporting goods into or out of Canada needs to file a declaration with the Canada Border Services Agency (CBSA) as follows:

  • whether the goods are proceeds of crime as defined by subsection 462.3(1) of the Criminal Code or are goods related to money laundering, to the financing of terrorist activities or to sanctions evasion; and
  • that the goods are actually being imported or exported, as the case may be.

The amendments will also include seizure and forfeiture rules. Under the framework, the CBSA will have powers to seize and forfeit goods when they have reasonable grounds to believe that the goods are proceeds of crime or related to money laundering, terrorist financing, or sanctions evasion.

As part of the new requirements, there are substantial record-keeping obligations, including details such as the origin, making, purchase, importation, costs, and value of the goods, as well as records related to payments for the goods.

This change comes into force April 1, 2025.

Information Sharing

The regulatory amendments introduce measures to allow for reporting entities to share information with each other to detect and deter money laundering, terrorist financing, and sanctions evasion, while maintaining privacy protections for personal information.

Reporting entities that wish to share information (it’s voluntary) would be required to establish and implement a code of practice for disclosing, collecting and using personal information without consent. The code must:

  • describe the personal information of an individual that may be disclosed, collected or used without their knowledge or consent;
  • describe the purposes for which an individual’s personal information may be disclosed, collected or used without their knowledge or consent;
  • describe the manner in which an individual’s personal information may be disclosed, collected or used without their knowledge or consent;
  • describe the measures to be taken to ensure the protection of personal information, including measures concerning the retention of such information and the keeping of records; and
  • include information demonstrating that the code complies with the requirements of the Act.

The Code must be provided to the Office of the Privacy Commissioner of Canada (OPC) for approval, as well as to FINTRAC for comment in advance of use. The OPC must approve the code within 120 calendar days (an increase from the proposed 90 days in the draft amendments). The OPC will continue to have the ability to extend the deadline by an additional 15 days, provided it notifies the reporting entity. Reporting entities would be required to resubmit their Codes to the OPC and FINTRAC every five years regardless of changes or not. The OPC has published guidance on how to submit Codes for review and approval.

This change comes into force immediately.

Discrepancy Reporting

The amendments introduce a requirement for reporting entities dealing with a Canada Business Corporations Act (CBCA) corporation to report any material discrepancies found while obtaining and verifying the accuracy of beneficial ownership information under current AML requirements. The reporting requirement will not apply if the material discrepancy is resolved within 30 days (originally 15 days in the draft amendments) from the date it is identified. Currently, what is deemed to be material is not well defined (outside of missing beneficial owners). There are examples of what is considered not material.

The information with respect to the discrepancy includes:

  • Name of reported company and identifying number on its certificate of incorporation, amalgamation or continuance;
  • Date on which discrepancy was identified; and
  • Description of discrepancy.

This comes into force October 1, 2025.

New Reporting Entities

The regulatory amendments outline the inclusion of three new regulated entities, as announced in Budget 2024, which were highlighted as concerns during Canada’s last FATF mutual evaluation: factoring companies (referred to as “factors”), cheque cashing companies, and financing and leasing companies. These entities will be subject to the PCMLTFA as of April 1, 2025, and must implement compliance programs.

We have created a separate blog post for each of the newly regulated company types (factoring companies, cheque cashing companies, and financing and leasing companies) to make it easier to digest the requirements that apply to each of the new reporting entities.

What Next?

FINTRAC will be issuing and updating guidance related to the changes. While we await guidance, entities should start updating their compliance program and processes to reflect the new requirements as they apply to their business. New reporting entities should start working on developing their compliance program immediately if they have not already done so.

We’re Here To Help

If you would like assistance in understanding what these changes mean to your business, or if you need help in creating or updating your compliance program and processes, please get in touch.

New Year – New Regs. Final Amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and Regulations – January 2025

Background

On January 1, 2025 final amendments to regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act were published in the Canada Gazette (SOR 2024-266 and SOR 2024-267). The most noteworthy changes fall under the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations. The final amendments include changes or new requirements related to:

  • MSB registration framework;
  • Sanctioned property reporting;
  • White-label ATMs;
  • Real estate (title insurance and unrepresented third-parties); and
  • Casino disbursements.

The regulatory impact statement states that these amendments implement measures announced in previous budgets, the 2023 Fall Economic Statement, our Parliamentary Review and Cullen Commission report ahead of Canada’s upcoming mutual evaluation by the Financial Action Task Force (FATF).

To make reading these changes a little easier, as we always do, (thanks Rodney) a redlined version of the regulations, with new content showing as tracked changes, is attached here.

What’s Changing?

From the draft regulations published back in July 2024, there have not been significant changes to the final publication. Some changes were made to address potential gaps, inconsistencies, and business realities in the context of application, and to provide greater flexibility in the coming-into-force dates. The most notable change from the draft relates to obligations for title insurers.

Below is a summary of what we feel are the most noteworthy changes and incoming requirements:

MSB Registration Framework

Money Services Businesses (MSBs) must register with FINTRAC. As part of registration, it will now be required to submit the following documentation as part of the application.

If the applicant is a corporation:

  • a certificate of incorporation or the most recent version of any other record that confirms its existence as a corporation and contains its name and address and the names of its directors; and
  • a document that sets out the ownership, control and structure of the corporation.

If the applicant is an entity other than a corporation:

  • the partnership agreement, articles of association or the most recent version of any other record that confirms its existence and contains its name and address; and
  • a document that sets out the ownership, control and structure of the entity.

Additionally, domestic MSBs will have to submit criminal record checks covering the CEO, President and directors, as well as every person who owns or controls 20% or more of the MSB. These criminal record checks must also be updated every two years as part of the renewal process. Where an MSB uses an agent or mandatary, criminal record checks are also required on those individuals. It should be noted that the 20% threshold does not align with reporting entity requirements for beneficial owners, which is at 25%. While industry asked for these numbers to align, Finance did not accept the change.

Sanctioned Property Reporting

The final amendments expand the definition of a listed person or entity to capture individuals and entities listed under all Canadian sanctions legislation including Special Economic Measures Act, the United Nations Act and the Justice for Victims of Corrupt Foreign Officials Act.

These changes also result in a new sanctioned property report. The report includes information fields such as:

  • how the reporting entity came to know that property in question is owned, held or controlled by or on behalf of listed person or entity;
  • the name of any person or entity that owns, holds or controls property on behalf of listed person or entity;
  • the name of any person or entity that has an interest or right in or is authorized to deal with property; and
  • a description of transactions involving property within previous six months.

White-Label ATMs

Final amendments will require those that provide acquiring services to white-label ATMs (WLATMs) to register with FINTRAC as MSBs and implement a full AML compliance regime. Similar to that of other regulated entities, a compliance regime will have to be in place which includes the following:

  • Appointment of a Compliance Officer;
  • Development of a documented compliance program (policies, procedures, risk assessment, ongoing training);
  • Conducting compliance effectiveness reviews;
  • Reporting certain transactions;
  • Identifying customers;
  • Keeping records;
  • Risk ranking customers and business relationships;
  • Conducting transaction monitoring and watchlist screening;
  • Conducting enhanced due diligence and transaction monitoring for high-risk customers and business relationships; and
  • Follow Ministerial Directives, sanctions, and other relevant transaction restrictions.

In addition to the records that must be retained as an MSB, WLATM operators will need to keep the following records:

  • Information on who owns, leases or operates a private automated banking machine in respect of which they provide acquirer services;
  • Information on the source of the cash that is loaded into a private automated banking machine in respect of which they provide acquirer services;
  • Information on account holder of a settlement account for a private automated banking machine in respect of which they provide acquirer services; and
  • The source and method used to transport cash loaded into a private automated banking machine.

Real Estate – Title Insurance

Final amendments will make title insurers reporting entities under Canada’s AML/ATF Regime. Title insurers are defined as a person or entity that is engaged in the business of providing title insurance, as defined in the schedule to the Insurance Companies Act when they provide a title insurance policy to the purchaser of real property or an immovable.

Specifically, title insurers will be required to develop a compliance program, meet certain identity verification requirements, submit required reporting to FINTRAC, keep certain records, and follow application Ministerial Directives.

It should be noted that changes were made to remove certain record-keeping obligations noted in the draft regulations. Title insurers will only be required to keep records of information that is obtained for the sale of title insurance. The following are the specific records that must be kept for every title insurance policy provided to a purchaser of real property or an immovable:

  • the name and address of the purchaser and, in the case of a person, their date of birth;
  • the legal description and address of the real property or immovable;
  • the closing date of the purchase;
  • the purchase price;
  • the amount of any loan secured by a mortgage on the real property or a hypothec on the immovable and the name of the lender;
  • if known, the name of the vendor; and
  • any title information respecting the real property or immovable that is found in the land registry in which the title to the real property or immovable is recorded.

Given title insurers’ business model, wherein they do not have direct contact with the purchasers of title insurance, final amendments have been updated to remove beneficial ownership requirements as well as exempt third-party determination and PEP requirements for title insurers.

Real Estate – Unrepresented Parties

Final amendments will require real estate brokers and sales representatives to identify the party or parties (including third parties) not represented in real estate transactions. This is a change from the current requirement where real estate brokers and sales representatives are only required to take “reasonable measures” to identify unrepresented parties.

What Next?

The requirements summarized above come into force October 1, 2025. In the meantime, FINTRAC will have to issue guidance which has been promised before the noted in-force date.

While we await guidance, newly regulated entities should start working on developing their compliance program in anticipation of the respective in-force dates noted above. Other Reporting Entity types should take note of MSB framework changes and changes related to sanction property as it relates to their business model.

We’re Here To Help

If you would like assistance in understanding what these changes mean to your business, or if you need help in creating or updating your compliance program and processes, please get in touch.

Proposed 2025 AML Changes: New Import/Export Declarations, Information Sharing, Beneficial Ownership Transparency and New Reporting Entities

Background

On November 30, 2025 draft amendments to the regulations under the Proceeds of Crime Money Laundering and Terrorist Financing Act (PCMLTFA) were published in the Canada Gazette.

In the interest of time, we have published this blog summarizing what we feel to be the most noteworthy amendments but will follow up with a redlined version of the regulations, with new content showing as tracked changes, at a later date.

The noted changes are meant to improve Canada’s anti-money laundering (AML) and anti-Terrorist Financing (ATF) regime and implement measures announced in Budget 2022, Budget 2023, Budget 2024, the 2023 Fall Economic Statement and Canada’s last Parliamentary Review. This is addressed through six separate measures including the introduction of new regulated entities.

Measure 1: Trade Based Money Laundering (TBML)

The draft amendments include a new Proceeds of Crime (Money Laundering) and Terrorist Financing Reporting of Goods Regulation.

Currently, the Canada Border Services Agency (CBSA) can require receipts and invoices for the purposes of determining compliance with import laws, but they cannot request these documents for the purposes of detecting money laundering or terrorist financing.

 Under the proposed regulations, anyone who is importing or exporting goods into or out of Canada needs to file a declaration with the CBSA as follows:

  • whether the goods are proceeds of crime as defined by subsection 462.3(1) of the Criminal Code or are goods related to money laundering, to the financing of terrorist activities or to sanctions evasion; and
  • that the goods are actually being imported or exported, as the case may be.

The latter is meant to address “phantom shipments” that are used in trade-based money laundering (TBML) which was identified as a primary money laundering concern in Canada’s last Financial Action Task Force (FATF) evaluation.

The new regulations also bring about substantial record keeping requirements which include information such as the origin, marking, purchase, importation, costs and value of the goods, and records relating to payment for the goods. It’s noteworthy that FINTRAC’s 2023-24 Annual Report lists customs and excise related offences as being in the top five predicate offences related to case disclosures during the period.

Measure 2: Information Sharing

Information sharing between private entities has been recognized by the FATF as an important tool for disrupting money laundering and terrorist financing. Budget 2024 introduced legislative amendments to the Criminal Code and the PCMLTFA to enhance the ability of reporting entities to share information with each other as it relates to the detection of money laundering and terrorist financing.

The draft amendments introduce measures to allow for reporting entities to share information with each other to detect and deter money laundering, terrorist financing, and sanctions evasion, while maintaining privacy protections for personal information.

Reporting entities that wish to share information (it’s voluntary) would be required to establish and implement a code of practice for disclosing, collecting and using personal information without consent. The code must:

  • describe the purposes for which an individual’s personal information may be disclosed, collected or used without their knowledge or consent;
  • describe the manner in which an individual’s personal information may be disclosed, collected or used without their knowledge or consent;
  • describe the measures to be taken to ensure the protection of personal information, including measures concerning the retention of such information and the keeping of records;
  • include information demonstrating that the code complies with the requirements of the Act.

The Code must be provided to the Office of the Privacy Commissioner of Canada (OPC) for approval and to FINTRAC for comment in advance of use. The OPC would have a prescribed period of 90 days to approve a Code. The proposed amendments also include procedures for reporting entities to modify the Code, which would need the OPC’s approval if the changes are material. Reporting entities would be required to resubmit their Codes every five years regardless of changes or not.

Measure 3: Discrepancy Reporting

The draft amendments will require reporting entities who are dealing with a Canada Business Corporations Act (CBCA) corporation to report any material discrepancy it finds as part of obtaining and verify the accuracy of beneficial ownership information under current AML requirements. The reporting requirement will not apply if the material discrepancy is resolved within 15 days after the day on which it is identified. Currently, what is deemed to be material is not well defined (outside of missing beneficial owners).

The Information with respect to the discrepancy includes:

  • Name of reported company and identifying number on its certificate of incorporation, amalgamation or continuance,
  • Date on which discrepancy was identified, and
  • Description of discrepancy.

In case you missed it, the federal government launched a public, searchable beneficial ownership registry of federal corporations in early 2024.

Measure 4, 5 and 6: New Reporting Entities

The draft amendments outline the inclusion of three new regulated entities which were announced in Budget 2024 and where noted as concerns during Canada’s last FATF mutual evaluation: factoring companies (referred to as “factors”), cheque cashing companies, and financing and leasing companies.

Similar to that of other regulated entities, a compliance regime will have to be in place which includes the following:

  • Appointment of a Compliance Officer;
  • Development of a documented compliance program (policies, procedures, risk assessment, ongoing training);
  • Conducting compliance effectiveness reviews;
  • Reporting certain transactions;
  • Identifying customers;
  • Keeping records;
  • Risk ranking customers and business relationships;
  • Conducting transaction monitoring and watchlist screening;
  • Conducting enhanced due diligence and transaction monitoring for high-risk customers and business relationships; and
  • Follow Ministerial Directives, sanctions, and other relevant transaction restrictions.

4. Factoring Companies

Factoring companies supply liquidity to a customer in exchange for the cash value of a certain amount of the customer’s accounts receivable (i.e. invoices) to be collected later by the factoring company. A factor is defined as a person or entity that is engaged in the business of factoring, with or without recourse against the assignor.

The draft amendments require factoring companies to keep certain records which include:

  • an information record in respect of the person or entity with whom it enters into the agreement;
  • if the information record is in respect of an entity, a record of the name, address and date of birth of every person who enters into the agreement on behalf of the entity and the nature of the person’s principal business or their occupation;
  • if the information record is in respect of a corporation, a copy of the part of official corporate records that contains any provision relating to the power to bind the corporation in respect of transactions with the factor;
  • a record of the financial capacity of the person or entity with which it enters into the agreement and the terms of the agreement;
  • for any payment it makes, a record of:
    • the date of the payment,
    • if the payment is in funds, the type and amount of each type of funds involved,
    • if the payment is not in funds, the type of payment and its value,
    • the method by which the payment is made,
    • the name of every person or entity involved in the payment, and
    • every account number or other equivalent reference number connected to the payment; and
  • a receipt of funds record in respect of every amount of $3,000 or more that it receives, unless the amount is received from a financial entity or public body or from a person who is acting on behalf of a client that is a financial entity or public body.

5. Cheque Cashing

Cheque cashing is a financial service that offers clients the ability to cash a cheque immediately and hold free, for a fee.

Cheque cashing where cheques are not payable to a named person or entity is not currently captured under the PCMLTFA, but draft amendments would introduce such as regulated activity.

In addition to current money services business (MSB) requirements, the draft amendments require keeping certain records in respect to where an MSB cashes a cheque for more than CAD 3,000, including:

  • the date when each cheque is cashed,
  • the person’s or entity’s name and address, the nature of their principal business or their occupation and, in the case of a person, their date of birth,
  • the total amount of the cheque or cheques,
  • the name of the issuer of each cheque,
  • the number of every account that is affected by the cashing of the cheque or cheques, the type of account and the name of each account holder,
  • every reference number that is connected to the cashing of the cheque or cheques and that has a function equivalent to that of an account number, and
  • if the cashing of the cheque or cheques involves virtual currency, every transaction identifier, including the sending and receiving addresses.

 6. Finance and Leasing Entities

The draft amendments define a financing or leasing entity as a person or entity that is engaged in the business of financing or leasing of:

  • property, other than real property or immovables, for business purposes;
  • passenger vehicles in Canada; or
  • property, other than real property or immovables, that is valued at $100,000 or more. (entité de financement ou de bail)

The draft amendments require financing or leasing entities to keep certain records in respect of every financing or leasing arrangement which include:

  • an information record in respect of the person or entity with which it enters into the arrangement;
  • if the information record is in respect of an entity, a record of the name, address and date of birth of every person who enters into the arrangement on behalf of the entity and the nature of the person’s principal business or their occupation;
  • if the information record is in respect of a corporation, a copy of the part of official corporate records that contains any provision relating to the power to bind the corporation in respect of transactions with the financial leasing entity;
  • a record of the financial capacity of the person or entity with which it enters into the arrangement and the terms of the arrangement; and
  • in respect of every payment that it receives under the arrangement, other than a payment received from a financial entity or public body or from a person who is acting on behalf of a client that is a financial entity or public body, a record of
    • the date of the payment,
    • the name of the person or entity that makes the payment,
    • the amount of the payment and of any part of it that is made in cash, and
    • the method by which the payment is made.

What Next?

The proposed changes related to measures 1, 3, 4, 5 and 6 would come into force on October 1, 2025, and the proposed amendments related to information sharing would come into force immediately on final publication in the Canada Gazette.

There is a 30 day comment period ending December 30, 2024 for the proposed regulations. It is strongly recommended that industry, and potentially impacted companies, review carefully and provide feedback. Comments can be submitted online via the commenting feature after each section of the proposed changes, or via email directly to Erin Hunt, Director General, Financial Crimes and Security Division, Financial Sector Policy Branch, Department of Finance, 90 Elgin Street, Ottawa, Ontario, K1A 0G5.

We’re Here To Help

If you have questions related to the proposed changes, or need help starting to plan, you can get in touch using the online form on our website, by emailing us directly at info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

Regulated Entities Now Covering the Bill For FINTRAC Compliance Costs

Written with Heidi Unrau

 

We have recently become aware that some reporting entities may not be up to speed on a new piece of regulation that came into force earlier this year. If your business has received an invoice from The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), you will want to read this article.

As of April 1, 2024, FINTRAC officially transferred the cost of its compliance activity from taxpayers to the businesses it regulates, referred to as reporting entities (RE). The move comes four years after the government announced its intention to cut the purse strings in its 2020 Fall Economic Statement. This change allows FINTRAC to start recovering costs from the 2024-2025 fiscal year.

Why the Change?

FINTRAC, Canada’s financial intelligence agency, was previously bankrolled by the taxpayer through the federal budget. The purpose of the new funding model is to align the costs of compliance with those responsible for adhering to anti-money laundering regulations. Simply put, the businesses that are legally required to comply should be the ones funding the oversight needed to ensure compliance. The move aligns with other regulatory agencies that have already established funding models allowing them to recover the costs of their supervisory functions.

Each year, FINTRAC will forecast the total cost of the program for the next three fiscal years. This will determine the amount charged to reporting entities for the upcoming year. They must aso communicate how funds were spent against plans and priorities during the previous fiscal year. This information is included in FINTRAC’s Departmental Results Report.

How the Funding Model Works

Federally regulated financial institutions such as banks, trust and loan companies, and insurance companies are always required to contribute a minimum base amount. All other entities only pay if they submit 500 or more threshold transaction reports to FINTRAC in a fiscal year (i.e. large cash transaction reports [LCTRs], large virtual currency transaction reports [LVCTRs], electronic funds transfer reports [EFTRs], and casino disbursement reports [CDRs]). These ‘other entities’ include but are not limited to:

  • Money Services Businesses
  • Dealers in Precious Metals and Stones
  • Real Estate Brokerages
  • Securities Dealers
  • Casinos
  • Etc.

The Cost Formula

FINTRAC calculates how much reporting entities need to pay based on four key factors:

  1. Type of Entity: Federally regulated entities are charged differently from non-federally regulated entities. These include banks, trust and loan companies, and insurance companies. Federally regulated entities are subject to a base amount, whereas non-federally regulated entities are not subject to this particular fee.
  2. Base Amount: This is the minimum starting fee based on the total value of assets controlled by a federally regulated entity, excluding the assets of their subsidiaries. Base amounts are tiered based on asset value in Canadian dollars. There are nine asset value ranges, from $1 to $1 trillion, with corresponding base amounts ranging from $5,000 to $250,000.
    Range of asset values Corresponding base amount
    $1,000,000,000,000 or more $250,000
    Between $500,000,000,000 and $999,999,999,999 $200,000
    Between $100,000,000,000 and $499,999,999,999 $150,000
    Between $10,000,000,000 and $99,999,999,999 $100,000
    Between $1,000,000,000 and $9,999,999,999 $75,000
    Between $500,000,000 and $999,999,999 $50,000
    Between $100,000,000 and $499,999,999 $25,000
    Between $10,000,000 and $99,999,999 $10,000
    Between $1 and $9,999,999 $5,000

    Source: FINTRAC

  3. Remaining Compliance Cost: This is the leftover cost after collecting the base amounts, divided among all types of reporting entities.
  4. Transaction Volume: Businesses that report over 500 large transactions to FINTRAC pay an additional fee on top of the base amount. Federally regulated banks are not subject to this reporting threshold.

Therefore, the more assets you have and transactions reported to FINTRAC, the higher your final bill will be. Each type of business has its own formula for calculating their share of the cost:

Type of Entity (Business) How Charges Are Calculated
Federally Regulated Banks Base Fee + extra charges based on the value of Canadian Assets.
Trust & Loan Companies, Life Insurance Companies Fewer than 500 reports: Base Fee only.

500 or more reports: Base Fee + extra charges based on value of Canadian assets and volume of large transactions reported.
All Other Entities Over 500 reports: Charges based on volume of large transactions reported compared to others in the same category.

Case Study: How Much Will They Pay?

A small, family-owned currency exchange kiosk in Winnipeg, Manitoba, operates from a single location and is not part of a chain. FINTRAC regulates this type of business as a Money Services Business (MSB). The store typically submits roughly 700 large cash transaction reports each year. Since they exceed the 500 reports threshold, FINTRAC calculates their charges like this (based on industry averages):

Calculation

  1. Base Amount: Not applicable because it is not a federally regulated financial institution (FI).
  2. Remaining Compliance Cost: Total compliance cost to be divided is $33,110,000. This is the sum of all base amounts subtracted from the annual cost of FINTRAC’s compliance program.
  3. Total Reports Submitted by All Entities: 35,000,000 transaction reports were submitted to FINTRAC for the year by all reporting entities, including banks.
  4. Total Reports Submitted by Only Non-Bank Entities: 3,500,000 transactions were submitted to FINTRAC by non-bank entities only, regardless of the transaction reporting threshold amount.
  5. Total Reports Submitted Over the Threshold by Non-Bank Entities: 3,425,000 transactions were submitted to FINTRAC by non-bank entities exceeding the 500-transaction reporting threshold.
  6. Number of Reports Submitted by The Currency Exchange Kiosk: This is the total number of transactions reported to FINTRAC by the currency exchange kiosk in Winnipeg, MB.

Final Charge

Using FINTRAC’s formula: $33,110,000 x (3,500,000 ÷ 35,000,000) x (700 ÷ 3,425,000) = $676.70

Result

The currency exchange kiosk’s total charge for the year would be approximately $676.70. Based on their reporting activity, the bill reflects their share of FINTRAC’s overall compliance costs. Because the kiosk is not a federally regulated bank, trust, loan, or insurance company, the base amount does not apply.

FINTRAC will notify the business via email with an invoice for the cost assessment. The total amount owed is final, conclusive, binding, and due in full upon receipt of the invoice.

Impact on Your Business

The additional financial burden is not ideal, especially for small businesses, but there are ways you can prepare for it. First, you’ll need to budget effectively to avoid surprise charges. Visit the FINTRAC website for a detailed breakdown of the formula used for your type of business, known as ‘Type of Entity’.

Exact charges will vary from year to year depending on the value of your Canadian assets (if applicable), the number of large transactions reported (more or less than 500), and FINTRAC’s compliance cost analysis.

Next, and most importantly, you need an effective and efficient anti-money laundering program to avoid the cost of non-compliance. Violations can result in reputational damage that negatively impacts your business as well as potentially expensive fines, known as administrative monetary penalties (AMPs). FINTRAC has recently levied record-breaking fines for serious violations by repeat offenders. These penalties are preventable and well within your control.

Need a Hand?

If you have any questions or concerns about the new funding model, reach out to us today. We’re here to help you every step of the way, from understanding your new financial obligation, to building, reviewing, or fine-tuning your AML program.

Return to Blog Listing