Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Don’t Share STRs or STR Data

Recently the Compliance Officer from a small reporting entity reached out to me to ask an uncomfortable question: should they provide copies of the Suspicious Transaction Reports (STRs) that they had filed with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) to their financial services providers such as a credit union or bank?

This was a difficult situation for the reporting entity’s Compliance Officer because they were afraid of pushing back too much with the financial services provider. Like most non-bank reporting entities, they rely heavily on the services provided by the bank in order to be able to operate their business. Financial service providers, such as banks and credit unions, have the ability to close the accounts of businesses in Canada (often called de-risking), and it can be difficult for some types of reporting entities to establish new banking or payments relationships. The financial services provider in this situation has significantly more power than the reporting entity that is dependent on them.

My gut reaction was that the reporting entity should not disclose the contents of their STR reports, or provide copies. In Canadian legislation, disclosing the fact that an STR was made, or disclosing the contents of such a report, with the intent to “prejudice a criminal investigation” can be punishable as a criminal offence, with penalties of up to 2 years imprisonment (this is also known as “tipping off”). While there did not appear to be any intent to prejudice a criminal investigation in this case, it still seemed like a bad idea. I did a quick check-in with fellow AML geeks on LinkedIn. There are some great comments here, and I had a number of conversations in DMs and by phone. No one seemed to think that the reporting entity should be providing copies of STRs.

The question then became how to best empower the reporting entity to push back effectively. I submitted the following request to FINTRAC and to the Office of the Privacy Commissioner (OPC), both of which have mechanisms to allow Canadians and Canadian companies to ask the regulators to opine on matters free of charge:

One of our clients, a Canadian Money services business (MSB) has been asked by their financial services provider (bank/credit union) to provide copies of the suspicious transaction reports (STRs) and Attempted Suspicious Transaction Reports (ASTRs) that have been filed with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) on an ongoing basis. This struck us as being an overreach in terms of the information that should be disclosed to a service provider, and we are reaching out for an opinion on the appropriateness of these requests.

The financial service provider appears to be of the opinion that this is a reasonable request, and that they may close the MSB’s bank account if the STRs and ASTRs are not provided by the MSB.

I let both FINTRAC and OPC know that I had submitted requests to both. So far, only FINTRAC has responded. Their response is below in full (TL:DR: reporting entities should not share copies of STRs reported to FINTRAC).

Thank you for contacting the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canada’s independent agency responsible for the receipt, analysis, assessment and disclosure of information in order to assist in the detection, prevention and deterrence of money laundering and the financing of terrorist activities in Canada and abroad.

I am writing further to your email of July 16th, 2020, wherein you requested clarification regarding the sharing of suspicious transaction reports (STRs) submitted to FINTRAC.

As you know, section 8 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) states that no person or entity shall disclose that they have made, are making, or will make a report under section 7, or disclose the contents of such a report, with the intent to prejudice a criminal investigation, whether or not a criminal investigation has begun.

The PCMLTFA sets out a regime in which the information contained in financial transaction reports sent to FINTRAC (including STRs) is protected from disclosure except in very limited circumstances. The Act also includes specific provisions aimed at protecting the personal information under FINTRAC’s control. For example, as you may be aware, the PCMLTFA is founded on a prohibition on disclosure (s. 55(1), PCMLTFA). Any disclosure of information or intelligence by FINTRAC must fall under one of the exceptions to this prohibition. Outside of these exceptions, FINTRAC is prohibited from disclosing the contents of financial transaction reports, or even acknowledging their existence.

While reporting entities (REs) are not subject to the same prohibitions, FINTRAC strongly believes that STRs should be regarded as highly sensitive documents, given the role FINTRAC plays in the fight against money laundering (ML) and terrorist activity financing (TF) in Canada, and the fact that STRs are a key source of FINTRAC’s intelligence holdings. From FINTRAC’s perspective, it is not in the public interest for REs to disclose financial transaction reports and the information contained therein. Even beyond this, the collection or disclosure of financial transaction reports, including STRs, without a valid purpose and authority, may infringe on legislated privacy protection obligations. Almost all information within financial transaction reports is personal information about an identifiable individual and is considered financial intelligence by

FINTRAC, collected for the sole purpose of reporting to FINTRAC. The potential harm that could occur from the disclosure of the information in these financial transactions reports is great, and includes compromising: (1) police and national security investigations that are both ongoing or could be undertaken in the future; (2) sources of the information/intelligence within the reports, placing those sources at risk of retaliation; and (3) FINTRAC’s compliance activities, given that data provided by REs is always provided in confidence and that confidence is expected to be maintained by all parties. FINTRAC relies on the information included within STRs to support disclosure of financial intelligence to police and other law enforcement and national security organizations, in the interest of detecting, preventing and deterring ML and TF.

Therefore, while your client (MSB) is not prohibited from sharing the STRs it has submitted to FINTRAC with its service provider (Bank/CU), unless it is with the intent to prejudice a criminal investigation, strong consideration should be given to the above.

If you would like a PDF copy of the complete question and policy position for your due diligence files, or to provide to an external party that is requesting copies of your STRs, or information about their content, you can download it here.

Response from FINTRAC – Re_ Sharing Copies of STRs_ASTRs

A version of this Q&A is also now posted on FINTRAC’s website (PI-10662).

The response from OPC, in contrast, was underwhelming. In essence, they will investigate specific complaints, but they will not issue advanced rulings. That said, if any service provider is insisting that copies of STRs must be shared with them, a complaint to the OPC may be an option.

Response from the Office of the Privacy Commissioner of Canada – INFO-084075

Need a hand?

If you have AML or privacy-related questions, we can help. You can get in touch using our online form, by emailing, or by calling us toll-free at 1-844-919-1623.

An MSB by Any Other Name

What’s in an MSB?

Under Canadian federal legislation, a money services business (MSB), in Canada, is a person or entity engaged in the business of any of the following activities:

  • Foreign exchange dealing;
  • Remitting or transmitting funds by any means or through any person, entity or electronic funds transfer network; or
  • Issuing or redeeming money orders, traveller’s cheques or other similar negotiable instruments (except for cheques payable to a named person or entity).

More detailed guidance on these specifications can be found in FINTRAC Interpretation Notice no. 1, published by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). There is also a number of excellent guidance documents for MSBs available on FINTRAC’s website.

Payment Service Providers (PSPs) and Payment Processors

We’ve had a lot of MSBs lately calling to ask if they can simply declare themselves as payment service providers (PSPs) or payment processors rather than MSBs.

The short answer is “no.”

The long answer is “only if you change your business model to include only PSP activities.”

PSP or payment processing services, in FINTRAC’s view are quite restricted. These include providing payment processing services for the purposes of:

  • Payroll and commission payments, or
  • Tuition fee payments, or
  • Utility bill payments, or
  • Mortgage and rent payment.

These services do not, generally, involve any element of foreign exchange. While this is probably not the answer that many MSBs are looking for, especially those that are labouring to maintain banking relationships in the current climate, it is important information. Operating an MSB without registering with FINTRAC or maintaining a compliance program can lead to penalties including administrative monetary penalties (AMPs) and the publication of the MSB’s name on FINTRAC’s website. To date, 36 MSBs have received a total of $814,805 in AMPs.

Corollary Services

There are also cases where MSB type activities are performed as a “corollary” another product or service. In these instances, the business does not offer MSB type products or services to the public as standalone services, but provides these in order to facilitate other services. The most common exemption that we have seen relates to lending services.

For example: A company that is in the business of automotive lending (loans) might make a payment on its customer’s behalf to a car dealership. In this case, the payment that is remitted to the car dealership could be considered “remitting or transmitting funds by any means or through any person, entity or electronic funds transfer network” (which would be an MSB service), however, it is only remitted for the purpose of issuing the loan, and is considered a corollary.

There are, however, a number of cases that might appear to be corollary services on the surface, which are not. Unless your business model is identical to a business model where FINTRAC has already issued a policy interpretation citing the MSB services offered as a corollary, we highly recommend seeking a policy interpretation from FINTRAC in order to ensure that you are not carrying out MSB business in the regulator’s view.

FINTRAC’s Policy Interpretations – Just Ask

Fortunately, FINTRAC publishes its policy interpretations on its website. We’ve pulled together the most relevant of these in this document.

MSB PSP FINTRAC Policy Interpretation at 16Jan2017

FINTRAC’s policy positions are provided as guidance to the industry. If you have specific questions about your business model, you may contact FINTRAC directly via email at:

There is no cost to contacting FINTRAC directly, however, it generally takes 4-8 weeks (in our experience) to receive a response in writing. We recommend reading and referring to FINTRAC’s existing guidance (including guidelines and policy interpretations) in order to frame your question effectively.

Need a Hand?

If you have questions about this document, would like to receive a copy in Word, or need assistance with compliance, please feel free to contact us. We aim to answer all queries within 2 business days.

Phone: (844) 919-1623


Web Form:

Return to Blog Listing