PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

New Year – New Regs. Final Amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and Regulations – January 2025

Background

On January 1, 2025 final amendments to regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act were published in the Canada Gazette (SOR 2024-266 and SOR 2024-267). The most noteworthy changes fall under the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations. The final amendments include changes or new requirements related to:

  • MSB registration framework;
  • Sanctioned property reporting;
  • White-label ATMs;
  • Real estate (title insurance and unrepresented third-parties); and
  • Casino disbursements.

The regulatory impact statement states that these amendments implement measures announced in previous budgets, the 2023 Fall Economic Statement, our Parliamentary Review and Cullen Commission report ahead of Canada’s upcoming mutual evaluation by the Financial Action Task Force (FATF).

To make reading these changes a little easier, as we always do, (thanks Rodney) a redlined version of the regulations, with new content showing as tracked changes, is attached here.

What’s Changing?

From the draft regulations published back in July 2024, there have not been significant changes to the final publication. Some changes were made to address potential gaps, inconsistencies, and business realities in the context of application, and to provide greater flexibility in the coming-into-force dates. The most notable change from the draft relates to obligations for title insurers.

Below is a summary of what we feel are the most noteworthy changes and incoming requirements:

MSB Registration Framework

Money Services Businesses (MSBs) must register with FINTRAC. As part of registration, it will now be required to submit the following documentation as part of the application.

If the applicant is a corporation:

  • a certificate of incorporation or the most recent version of any other record that confirms its existence as a corporation and contains its name and address and the names of its directors; and
  • a document that sets out the ownership, control and structure of the corporation.

If the applicant is an entity other than a corporation:

  • the partnership agreement, articles of association or the most recent version of any other record that confirms its existence and contains its name and address; and
  • a document that sets out the ownership, control and structure of the entity.

Additionally, domestic MSBs will have to submit criminal record checks covering the CEO, President and directors, as well as every person who owns or controls 20% or more of the MSB. These criminal record checks must also be updated every two years as part of the renewal process. Where an MSB uses an agent or mandatary, criminal record checks are also required on those individuals. It should be noted that the 20% threshold does not align with reporting entity requirements for beneficial owners, which is at 25%. While industry asked for these numbers to align, Finance did not accept the change.

Sanctioned Property Reporting

The final amendments expand the definition of a listed person or entity to capture individuals and entities listed under all Canadian sanctions legislation including Special Economic Measures Act, the United Nations Act and the Justice for Victims of Corrupt Foreign Officials Act.

These changes also result in a new sanctioned property report. The report includes information fields such as:

  • how the reporting entity came to know that property in question is owned, held or controlled by or on behalf of listed person or entity;
  • the name of any person or entity that owns, holds or controls property on behalf of listed person or entity;
  • the name of any person or entity that has an interest or right in or is authorized to deal with property; and
  • a description of transactions involving property within previous six months.

White-Label ATMs

Final amendments will require those that provide acquiring services to white-label ATMs (WLATMs) to register with FINTRAC as MSBs and implement a full AML compliance regime. Similar to that of other regulated entities, a compliance regime will have to be in place which includes the following:

  • Appointment of a Compliance Officer;
  • Development of a documented compliance program (policies, procedures, risk assessment, ongoing training);
  • Conducting compliance effectiveness reviews;
  • Reporting certain transactions;
  • Identifying customers;
  • Keeping records;
  • Risk ranking customers and business relationships;
  • Conducting transaction monitoring and watchlist screening;
  • Conducting enhanced due diligence and transaction monitoring for high-risk customers and business relationships; and
  • Follow Ministerial Directives, sanctions, and other relevant transaction restrictions.

In addition to the records that must be retained as an MSB, WLATM operators will need to keep the following records:

  • Information on who owns, leases or operates a private automated banking machine in respect of which they provide acquirer services;
  • Information on the source of the cash that is loaded into a private automated banking machine in respect of which they provide acquirer services;
  • Information on account holder of a settlement account for a private automated banking machine in respect of which they provide acquirer services; and
  • The source and method used to transport cash loaded into a private automated banking machine.

Real Estate – Title Insurance

Final amendments will make title insurers reporting entities under Canada’s AML/ATF Regime. Title insurers are defined as a person or entity that is engaged in the business of providing title insurance, as defined in the schedule to the Insurance Companies Act when they provide a title insurance policy to the purchaser of real property or an immovable.

Specifically, title insurers will be required to develop a compliance program, meet certain identity verification requirements, submit required reporting to FINTRAC, keep certain records, and follow application Ministerial Directives.

It should be noted that changes were made to remove certain record-keeping obligations noted in the draft regulations. Title insurers will only be required to keep records of information that is obtained for the sale of title insurance. The following are the specific records that must be kept for every title insurance policy provided to a purchaser of real property or an immovable:

  • the name and address of the purchaser and, in the case of a person, their date of birth;
  • the legal description and address of the real property or immovable;
  • the closing date of the purchase;
  • the purchase price;
  • the amount of any loan secured by a mortgage on the real property or a hypothec on the immovable and the name of the lender;
  • if known, the name of the vendor; and
  • any title information respecting the real property or immovable that is found in the land registry in which the title to the real property or immovable is recorded.

Given title insurers’ business model, wherein they do not have direct contact with the purchasers of title insurance, final amendments have been updated to remove beneficial ownership requirements as well as exempt third-party determination and PEP requirements for title insurers.

Real Estate – Unrepresented Parties

Final amendments will require real estate brokers and sales representatives to identify the party or parties (including third parties) not represented in real estate transactions. This is a change from the current requirement where real estate brokers and sales representatives are only required to take “reasonable measures” to identify unrepresented parties.

What Next?

The requirements summarized above come into force October 1, 2025. In the meantime, FINTRAC will have to issue guidance which has been promised before the noted in-force date.

While we await guidance, newly regulated entities should start working on developing their compliance program in anticipation of the respective in-force dates noted above. Other Reporting Entity types should take note of MSB framework changes and changes related to sanction property as it relates to their business model.

We’re Here To Help

If you would like assistance in understanding what these changes mean to your business, or if you need help in creating or updating your compliance program and processes, please get in touch.

Proposed 2025 AML Changes: New Import/Export Declarations, Information Sharing, Beneficial Ownership Transparency and New Reporting Entities

Background

On November 30, 2025 draft amendments to the regulations under the Proceeds of Crime Money Laundering and Terrorist Financing Act (PCMLTFA) were published in the Canada Gazette.

In the interest of time, we have published this blog summarizing what we feel to be the most noteworthy amendments but will follow up with a redlined version of the regulations, with new content showing as tracked changes, at a later date.

The noted changes are meant to improve Canada’s anti-money laundering (AML) and anti-Terrorist Financing (ATF) regime and implement measures announced in Budget 2022, Budget 2023, Budget 2024, the 2023 Fall Economic Statement and Canada’s last Parliamentary Review. This is addressed through six separate measures including the introduction of new regulated entities.

Measure 1: Trade Based Money Laundering (TBML)

The draft amendments include a new Proceeds of Crime (Money Laundering) and Terrorist Financing Reporting of Goods Regulation.

Currently, the Canada Border Services Agency (CBSA) can require receipts and invoices for the purposes of determining compliance with import laws, but they cannot request these documents for the purposes of detecting money laundering or terrorist financing.

 Under the proposed regulations, anyone who is importing or exporting goods into or out of Canada needs to file a declaration with the CBSA as follows:

  • whether the goods are proceeds of crime as defined by subsection 462.3(1) of the Criminal Code or are goods related to money laundering, to the financing of terrorist activities or to sanctions evasion; and
  • that the goods are actually being imported or exported, as the case may be.

The latter is meant to address “phantom shipments” that are used in trade-based money laundering (TBML) which was identified as a primary money laundering concern in Canada’s last Financial Action Task Force (FATF) evaluation.

The new regulations also bring about substantial record keeping requirements which include information such as the origin, marking, purchase, importation, costs and value of the goods, and records relating to payment for the goods. It’s noteworthy that FINTRAC’s 2023-24 Annual Report lists customs and excise related offences as being in the top five predicate offences related to case disclosures during the period.

Measure 2: Information Sharing

Information sharing between private entities has been recognized by the FATF as an important tool for disrupting money laundering and terrorist financing. Budget 2024 introduced legislative amendments to the Criminal Code and the PCMLTFA to enhance the ability of reporting entities to share information with each other as it relates to the detection of money laundering and terrorist financing.

The draft amendments introduce measures to allow for reporting entities to share information with each other to detect and deter money laundering, terrorist financing, and sanctions evasion, while maintaining privacy protections for personal information.

Reporting entities that wish to share information (it’s voluntary) would be required to establish and implement a code of practice for disclosing, collecting and using personal information without consent. The code must:

  • describe the purposes for which an individual’s personal information may be disclosed, collected or used without their knowledge or consent;
  • describe the manner in which an individual’s personal information may be disclosed, collected or used without their knowledge or consent;
  • describe the measures to be taken to ensure the protection of personal information, including measures concerning the retention of such information and the keeping of records;
  • include information demonstrating that the code complies with the requirements of the Act.

The Code must be provided to the Office of the Privacy Commissioner of Canada (OPC) for approval and to FINTRAC for comment in advance of use. The OPC would have a prescribed period of 90 days to approve a Code. The proposed amendments also include procedures for reporting entities to modify the Code, which would need the OPC’s approval if the changes are material. Reporting entities would be required to resubmit their Codes every five years regardless of changes or not.

Measure 3: Discrepancy Reporting

The draft amendments will require reporting entities who are dealing with a Canada Business Corporations Act (CBCA) corporation to report any material discrepancy it finds as part of obtaining and verify the accuracy of beneficial ownership information under current AML requirements. The reporting requirement will not apply if the material discrepancy is resolved within 15 days after the day on which it is identified. Currently, what is deemed to be material is not well defined (outside of missing beneficial owners).

The Information with respect to the discrepancy includes:

  • Name of reported company and identifying number on its certificate of incorporation, amalgamation or continuance,
  • Date on which discrepancy was identified, and
  • Description of discrepancy.

In case you missed it, the federal government launched a public, searchable beneficial ownership registry of federal corporations in early 2024.

Measure 4, 5 and 6: New Reporting Entities

The draft amendments outline the inclusion of three new regulated entities which were announced in Budget 2024 and where noted as concerns during Canada’s last FATF mutual evaluation: factoring companies (referred to as “factors”), cheque cashing companies, and financing and leasing companies.

Similar to that of other regulated entities, a compliance regime will have to be in place which includes the following:

  • Appointment of a Compliance Officer;
  • Development of a documented compliance program (policies, procedures, risk assessment, ongoing training);
  • Conducting compliance effectiveness reviews;
  • Reporting certain transactions;
  • Identifying customers;
  • Keeping records;
  • Risk ranking customers and business relationships;
  • Conducting transaction monitoring and watchlist screening;
  • Conducting enhanced due diligence and transaction monitoring for high-risk customers and business relationships; and
  • Follow Ministerial Directives, sanctions, and other relevant transaction restrictions.

4. Factoring Companies

Factoring companies supply liquidity to a customer in exchange for the cash value of a certain amount of the customer’s accounts receivable (i.e. invoices) to be collected later by the factoring company. A factor is defined as a person or entity that is engaged in the business of factoring, with or without recourse against the assignor.

The draft amendments require factoring companies to keep certain records which include:

  • an information record in respect of the person or entity with whom it enters into the agreement;
  • if the information record is in respect of an entity, a record of the name, address and date of birth of every person who enters into the agreement on behalf of the entity and the nature of the person’s principal business or their occupation;
  • if the information record is in respect of a corporation, a copy of the part of official corporate records that contains any provision relating to the power to bind the corporation in respect of transactions with the factor;
  • a record of the financial capacity of the person or entity with which it enters into the agreement and the terms of the agreement;
  • for any payment it makes, a record of:
    • the date of the payment,
    • if the payment is in funds, the type and amount of each type of funds involved,
    • if the payment is not in funds, the type of payment and its value,
    • the method by which the payment is made,
    • the name of every person or entity involved in the payment, and
    • every account number or other equivalent reference number connected to the payment; and
  • a receipt of funds record in respect of every amount of $3,000 or more that it receives, unless the amount is received from a financial entity or public body or from a person who is acting on behalf of a client that is a financial entity or public body.

5. Cheque Cashing

Cheque cashing is a financial service that offers clients the ability to cash a cheque immediately and hold free, for a fee.

Cheque cashing where cheques are not payable to a named person or entity is not currently captured under the PCMLTFA, but draft amendments would introduce such as regulated activity.

In addition to current money services business (MSB) requirements, the draft amendments require keeping certain records in respect to where an MSB cashes a cheque for more than CAD 3,000, including:

  • the date when each cheque is cashed,
  • the person’s or entity’s name and address, the nature of their principal business or their occupation and, in the case of a person, their date of birth,
  • the total amount of the cheque or cheques,
  • the name of the issuer of each cheque,
  • the number of every account that is affected by the cashing of the cheque or cheques, the type of account and the name of each account holder,
  • every reference number that is connected to the cashing of the cheque or cheques and that has a function equivalent to that of an account number, and
  • if the cashing of the cheque or cheques involves virtual currency, every transaction identifier, including the sending and receiving addresses.

 6. Finance and Leasing Entities

The draft amendments define a financing or leasing entity as a person or entity that is engaged in the business of financing or leasing of:

  • property, other than real property or immovables, for business purposes;
  • passenger vehicles in Canada; or
  • property, other than real property or immovables, that is valued at $100,000 or more. (entité de financement ou de bail)

The draft amendments require financing or leasing entities to keep certain records in respect of every financing or leasing arrangement which include:

  • an information record in respect of the person or entity with which it enters into the arrangement;
  • if the information record is in respect of an entity, a record of the name, address and date of birth of every person who enters into the arrangement on behalf of the entity and the nature of the person’s principal business or their occupation;
  • if the information record is in respect of a corporation, a copy of the part of official corporate records that contains any provision relating to the power to bind the corporation in respect of transactions with the financial leasing entity;
  • a record of the financial capacity of the person or entity with which it enters into the arrangement and the terms of the arrangement; and
  • in respect of every payment that it receives under the arrangement, other than a payment received from a financial entity or public body or from a person who is acting on behalf of a client that is a financial entity or public body, a record of
    • the date of the payment,
    • the name of the person or entity that makes the payment,
    • the amount of the payment and of any part of it that is made in cash, and
    • the method by which the payment is made.

What Next?

The proposed changes related to measures 1, 3, 4, 5 and 6 would come into force on October 1, 2025, and the proposed amendments related to information sharing would come into force immediately on final publication in the Canada Gazette.

There is a 30 day comment period ending December 30, 2024 for the proposed regulations. It is strongly recommended that industry, and potentially impacted companies, review carefully and provide feedback. Comments can be submitted online via the commenting feature after each section of the proposed changes, or via email directly to Erin Hunt, Director General, Financial Crimes and Security Division, Financial Sector Policy Branch, Department of Finance, 90 Elgin Street, Ottawa, Ontario, K1A 0G5.

We’re Here To Help

If you have questions related to the proposed changes, or need help starting to plan, you can get in touch using the online form on our website, by emailing us directly at info@outliercanada.com, or by calling us toll-free at 1-844-919-1623.

FATF, VASP – What Does It All Mean?

On June 21, 2019 the Financial Action Task Force (FATF) released “Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers”. In the ensuing days, while we read through and considered the implications of this dense 57 page document, we watched social media go overboard with all sorts of wild speculation and inaccurate representations. When that happens, and it’s within our power to get good information out there, we do our best to get solid information out fast to fight the fear, uncertainty and doubt (affectionately referred to as FUD online). Let’s take a closer look at the latest FATF guidance, and what it means for businesses that deal in crypto/digital/virtual currencies like bitcoin, and other virtual assets.

What is the FATF Anyway?

If you’re an AML geek, you can probably skip this section. For the other 99.99% of the world, the Financial Action Task Force (FATF for short) is an inter-governmental body formed in 1989 by its member jurisdictions. If you live in the developed world, odds are good that your country is a FATF member. The role of this organization is to issue guidance to countries on anti-money laundering (AML) and combatting terrorist financing. Countries that are members of the FATF are also evaluated in terms of how well they’re doing at following the FATF’s recommendations (these are called mutual evaluations). Generally speaking, member countries face a good deal of pressure to achieve positive results in mutual evaluations. Countries that are deemed to be non-compliant, or to have strategic deficiencies, are publicly listed and can face significant trade barriers.

To sum it up, the FATF is an international group made up of member countries that issues guidance to countries. That guidance is not law, but it certainly shapes the laws that are written by member countries. It may seem pedantic, but if you hear/read someone saying that the FATF has issued a law or a regulation, it’s likely that the speaker/writer doesn’t really understand how the FATF works – and this is the first piece of FUD that we’re going to dispel today: the FATF does not write laws or regulations.

Once the FATF has issued guidance, its member countries adapt their existing laws and regulations, and in some instances, impose new ones. Generally speaking, the more common approach is to adapt existing laws and regulations.  Regardless of the approach taken, a statement released with the guidance stating that the FATF will monitor implementation of the new requirements by countries and service providers and conduct a 12-month review in June 2020. The guidance is also expected to be the subject of further discussion at other international forums, including the G20.

Virtual Assets and Virtual Asset Service Providers

The FATF’s Guidance introduces new terms (and corresponding acronyms): virtual assets (VAs) and virtual asset service providers (VASPs). These are defined in the glossary at the end of the document, but it’s useful to start off by understanding what the terms mean.

A virtual asset is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the FATF Recommendations.

The broader text makes it clear that VAs are being broadly defined, and may include cryptocurrencies like bitcoin as well as other types of assets, like initial coin offering (ICO) tokens, which may also be considered securities.

There are also clear statements about the intent of the guidance, and that it is not an attempt to regulate technology. This is another important distinction, in particular where there is a discussion of regulation applicable to Bitcoin (with the capital B indicating that this is a reference to the Bitcoin protocol). That is simply not the case. In fact, the guidance notes that the intent is to remain technology agnostic, and that no specific technological adaptations to protocols are being proposed (we’ll dive a bit more deeply into this in the section that covers customer information).

What the guidance is, however, suggesting should be regulated are certain business activities that involve virtual assets.

Virtual asset service provider means any natural or legal person who is not covered elsewhere under the Recommendations, and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person:

i) exchange between virtual assets and fiat currencies;

ii) exchange between one or more forms of virtual assets;

iii) transfer of virtual assets;

iv) safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and

v) participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

The first, and probably most important, piece of FUD to fight here is the idea that peer-to-peer activity that is not being conducted for business purposes should be covered. This simply is not the FATF’s recommendation. This doesn’t preclude a country from writing laws or regulation that impose requirements on non-business peer-to-peer activity, but it does make that less likely in our estimation.

If you’ve looked at previous FATF guidance, you’ll notice that the scope is a bit different. Earlier guidance was focussed on what were termed “on and off ramps”, meaning transactions that involved trading fiat currency for a VA, or vice versa. The current scope includes trading between different VAs. To understand this change, consider that when the earlier guidance was issued there were no popular “stablecoin” VAs pegged to the value of an underlying asset (often a fiat currency) and ICOs had yet to raise millions in value in VA alone.

What Will It Mean for Businesses to be Regulated?

Businesses (including individuals that are conducting VASP activities on behalf of customers that have not incorporated a separate legal entity such as a company or partnership) may be subject to laws and regulations in more than one jurisdiction, and the specific requirements for each jurisdiction may be different (though most will follow the FATF’s guidance in broad strokes). For VASPs, it is important to understand the requirements that apply in each jurisdiction in which they operate (it is not enough to say that your business is following the FATF’s guidance).

The FATF recommends in its guidance that countries enact laws and regulations that apply to VASPs. This should include (not a comprehensive list):

  • The licensing and/or registration of VASPs;
  • A prohibition against criminals and their associates being beneficial owners of VASPs;
  • A requirement for VASPs to have qualified Compliance Officers, written policies and procedures, documented risk assessments, ongoing training, and measures of the effectiveness of the compliance program (audits);
  • Know your client (KYC) information and identification should be collected by VASPs for customers and business relationships (with a de minimis exception for occasional transactions valued at less than 1,000 EUR/USD);
  • Where transactions occur between two VASPs or between a VASP and another regulated entity type (such as banks), sender and receiver information must be transmitted. This has received a lot of attention, and it is not yet clear how this will be accomplished. The options noted in the guidance include:
    • Public and private keys,
    • Transport Layer Security/Secure Sockets Layer (TLS/SSL),
    • 590 Certificates,
    • 509 Attribute Certificates,
    • API Technology, and
    • Other Commercially Available Technology.
  • VASPs’ customers and business relationships should be subject to ongoing monitoring; and
  • Mechanisms in place to freeze assets and stop transfers in the case of listed persons and entities (such as known terrorists or sanctioned persons/entities).

The guidance also states that there should be true regulatory oversight, not self-regulatory organizations. There are additional considerations for other entity types that are already regulated (including securities dealers and banks) that engage in VASP activities.

Thinking about Risk

Some of the most interesting content in the guidance is related to the money laundering and terrorist financing risk posed by VAs and VASPs. Here, it was clear that the FATF had done their homework as the discussion included TOR, tumblers, mixers, and other technologies referred to as being “anonymity enhanced”. The factors that are listed as increasing a VAs/VASPs risk include:

  • Value moving into and out of fiat currency,
  • The use of anonymity-enhanced technologies,
  • Operations that are entirely online (non-face-to-face),
  • Links to high risk jurisdictions, and
  • The value that can be accessed/transferred.

The guidance does note that not all VAs/VASPs should be considered to be high risk.

A Quick Note on Financial Inclusion & De-Risking

The FATF’s page on financial inclusion defines the term as: Ensuring that financially excluded or underserved groups (such as low income, rural sector or undocumented groups) have access to regulated financial services helps to strengthen the implementation of AML/ATF measures.

If you’ve been watching or participating in VAs or VASPs, you’ll understand that many of these have financial inclusion related goals themselves, but VASPs often struggle with access to banking. In their guidance, the FATF makes a strong statement against banks and financial service providers de-risking all VASPs: It is important that FIs apply the risk-based approach properly and do not resort to the wholesale termination or exclusion of customer relationships within the VASP sector without a proper risk assessment.

Unfortunately, the same cannot be said of prohibition by countries: Some countries may decide to prohibit VA activities or VASPs, based on their assessment of risk and national regulatory context or in order to support other policy goals not addressed in this Guidance (e.g., consumer protection, safety and soundness, or monetary policy). The guidance goes on to note that countries that chose to ban VAs and/or VASPs would still need to ensure that sufficient safeguards are in place. This approach did not seem to be encouraged, but that it is explicitly mentioned is interesting of itself, as this is not the case for other asset or regulated entity types.

Margin Notes

We’ve been asked to post the annotated copy of the first read-through of the FATF’s guidance document. The annotations were not created with the expectation of the audience. They’re likely to be hard to read, idiosyncratic, and to clearly reveal that the author is dyslexic… but if they are of use to you, then these notes are yours to use.

Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers Marked Up Copy

Need a Hand?

If you want to understand the regulations that apply to your VA business/VASP, please contact us.

Compliance with laws and regulations is nuanced; we do not practice in all jurisdictions (and quite frankly, we believe that anyone claiming to understand the nuance of AML in every jurisdiction is greatly exaggerating their skill set). If we don’t practice in the places that matter to you, we’ll do our best to connect you with qualified people that do.

Return to Blog Listing