PROCESSING...

Anti-Money Laundering
Consulting Services & Strategies

0 Items - Total: $0.00 CAD

Securities Dealers See Rising FINTRAC Penalties

We’re seeing FINTRAC ramp up Administrative Monetary Penalties against all sectors, however, for securities dealers we’re starting to see some heavy hits, something we haven’t seen before, signaling a graduated approach to compliance assessments by FINTRAC.

On July 3, 2025, FINTRAC announced an Administrative Monetary Penalty of $544,500 against an investment dealer headquartered in Vancouver, British Columbia. Additionally, on February 13, 2025, FINTRAC announced an Administrative Monetary Penalty of $66,000 against, a Wealth Management Securities Dealer in Ontario.

Securities dealers must fulfill specific obligations as required by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations, to help combat money laundering and terrorist activity financing in Canada. As defined under the PCMLTFA, a securities dealer means a person or entity authorized under provincial legislation to engage in the business of dealing in securities or any other financial instruments or to provide portfolio management or investment advising services.

FINTRAC has the legislative authority to issue administrative monetary penalties (AMPs) to reporting entities that are found to be non-compliant with the PCMLTFA and associated Regulations. For more information, see Penalties for non-compliance.

Between the two notices, it was found that following compliance examinations, the following failures were found, which resulted in the AMPs:

  • Failure to develop and apply written compliance policies and procedures that are kept up to date; and, in the case of an entity, are approved by a senior officer. Specifically, the firm did not sufficiently develop and document its compliance policies and procedures in relation to know your client and record keeping requirements.
  • Failure to assess and document the risk of a money laundering or terrorist financing offence, taking into consideration prescribed factors. Specifically, the firm’s risk assessment was incomplete, as it did not clearly outline the risks associated with its clients and did not contain assessment of all the required categories. In addition, the risk assessment did not document an adequate methodology for the assessment of its money laundering and terrorist financing risks.
  • Failure to institute and document the prescribed review of its policies and procedures, risk assessment and training program. Specifically, the scope of a review did not cover the firm’s risk assessment. Additionally, the review did not specify how the organization ensured that its compliance program was tested for effectiveness.
  • Failure to submit suspicious transaction reports where there were reasonable grounds to suspect that transactions or attempted transactions were related to a money laundering or terrorist activity financing offence.
  • Failure to take the prescribed special measures for high risk.

Of all the findings, the ones that netted the highest AMP were related specifically to:

  • Failure to submit suspicious transaction reports where there were reasonable grounds to suspect that transactions or attempted transactions were related to a money laundering or terrorist activity financing offence.
  • Failure to take the prescribed special measures for high risk.

Failures in suspicious transaction reporting continue to be a big focus for FINTRAC and a trend with the larger value AMPs that we’ve been seeing.

Securities dealers are responsible for the following requirements under the PCMLTFA and associated Regulations:

  1. Compliance program:
    1. Appoint a compliance officer who is responsible for implementing the program. The Compliance Officer must always have access to management and the authority to carry out their duties.
    2. Develop and apply written compliance policies and procedures that are kept up to date and, in the case of an entity, are approved by a senior officer. Policies and procedures must be detailed and reflect the reporting entities business model.
    3. Conduct a risk assessment of your business to assess and document the risk of a money laundering or terrorist activity financing offence occurring in the course of your activities. The categories that must be assessed are outlined in guidance.
    4. Develop and maintain a written, ongoing compliance training program for your employees, agents or mandataries, or other authorized persons.
    5. Institute and document a plan for the ongoing compliance training program and deliver the training (training plan).
    6. Institute and document a plan for a review of the compliance program for the purpose of testing its effectiveness, and carry out this review every two years at a minimum (two-year effectiveness review). The review must test all parts of your compliance program as well as operations.
  2. Know your client:
    1. verifying client identity,
    2. politically exposed persons, heads of international organizations, their family members and close associates, beneficial ownership, and
    3. third party determination.
  3. Transaction reporting:
    1. Suspicious Transaction reporting
    2. Listed Person or Entity Property Reports
    3. Large Cash Transactions reporting
    4. Large Virtual Currency Transaction reporting; and
    5. Reporting suspected sanctions evasion.
  4. Record keeping;
  5. Foreign branches, foreign subsidiaries and affiliates; and
  6. Ministerial directives

We’re Here To Help

If you need help in creating or updating your compliance program and processes, are due for a Compliance Effectiveness Review, or have general questions on your compliance obligations,  please get in touch.

What Should You Do After Submitting Suspicious Transaction Reports to FINTRAC?

What Happens After You Submit a Suspicious Transaction Report?

When it comes to AML compliance, submitting a Suspicious Transaction Report (STR) to FINTRAC is just the beginning, not the end.

In this short video presentation, Divya Bhaktha from Outlier Compliance Group breaks down exactly what you need to do after an STR is filed, and the consequences if you don’t follow-up correctly.

Reference Links

Public notice of administrative monetary penalties

Reporting suspicious transactions to FINTRAC

Guide on harm done assessment for suspicious transaction reports violations (section 2.3.4)

 

Need help navigating STR obligations? Email us at info@outliercanada.com or get in touch here.

Ministerial Directives Related to Iran & LVCTRs

There have been a number of conversations floating around about FINTRAC Large Virtual Currency Transaction Reporting (LVCTR) obligations as it relates to transactions involving Iran, and potentially involving Iran, under the current Ministerial Directive (MD). While this is not a new requirement (LVCTRs were effective June 1, 2021 and the original MD became effective July 25, 2020), there has been clarification provided with regards to reporting, and what activities trigger which reports.

For background, Outlier Compliance Group wrote an article on what the Iran-related MD entails, so if you are not familiar with the requirements, we suggest starting there.

Existing Guidance

The existing MD guidance does not align with the information provided in a recent policy interpretation for reporting transactions involving Iran that generally are not otherwise reportable, such as a transaction below the reporting threshold. The current guidance says the following:

Any transaction involving the receipt of virtual currency (VC) for exchange to Iranian rial, or VC that is equivalent to an amount under the reporting threshold of $10,000 CAD must be reported using the LVCTR by:

    • Inserting the IR2020 code when using the LVCTR upload; or
    • Selecting IR2020 in the ‘Ministerial Directive’ field of the LVCTR.
    • Because the report is related to the MD, you must ensure that the information provided reflects a connection to Iran.

Recent Interpretation

On June 11, 2023, a policy interpretation was submitted to clarify FINTRAC’s expectations with regards to reporting VC transactions related to the Iran MD. A few specific scenarios were included to ensure an easily digestible response was provided. The portion below is the most noteworthy sections of the response from FINTRAC clarifying the expectation of reporting virtual currency transactions that are below the reporting threshold where there is a nexus to Iran:

To answer your question regarding other instances that could involve the receipt of VC originating from Iran in one or more transactions under the threshold, please refer to section 3) of the Ministerial Directive. It states that any transaction (originating from or bound for Iran) must be treated as a high-risk transaction for the purposes of subsection 9.6(3) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), and must be reported to FINTRAC. Where these transactions involve the receipt of VC but cannot be reported using an LVCTR, they must be reported using the Suspicious Transaction Report (STR) with the IR2020 code.  Only completed transactions can be reported through an STR if the only reason for reporting is that the transaction is originating from or bound for Iran. An attempted transaction should only be reported when you have reasonable grounds to suspect that the transaction is related to the attempted commission of a money laundering or terrorist activity financing offence. 

Further to section 3(a) of the Ministerial Directive, you need to look at a variety of elements when determining whether a transaction originates from or is bound for Iran because the circumstances of each transaction are different. The exchange of VC for Iranian rial is not the only circumstance in which a VC transaction may fall under the Ministerial Directive. After you’ve considered the facts, contexts and indicators of a transaction and you determine it is subject to the Ministerial Directive, you must determine if the transaction(s) should be reported using the LVCTR or STR, as described above.

I’ve provided the reporting information for the scenarios you presented in your email:

    1. Virtual currency that originates from an identified virtual currency exchange in Iran.
      • Report the transaction in the STR with code IR2020.
    2. Virtual currency that originates from a wallet address identified as being in or from Iran.
      • When the conductor, beneficiary or third party address details list Iran as the country, and the transaction is not a VC exchange to Iranian rial, report the transaction in the STR with code IR2020.
    3. Travel rule information from the receiving client (or from a participant in the travel rule network) that sent the virtual currency from an address associated with an Iranian virtual currency exchange, or a person or entity in Iran that is not captured under the Ministerial Directive.
      • If a VC transaction has travel rule information that indicates it originates from or is bound for Iran and it does not meet the LVCTR criteria for the Ministerial Directive, the transaction must be reported using the STR with code IR2020.

So What Do I Need To Do?

What is important to understand in this clarification, is the obligation to report every transaction that has a nexus to Iran, such as originating from a VC exchange in Iran, and how that is to be reported. Where a transaction is not otherwise reportable to FINTRAC via an LVCTR, it must be reported using a Suspicious Transaction Report (STR) and the MD indicator IR2020 must be selected (we also suggest including IR2020 in the opening of the narrative in Section G). Transactions that are not otherwise reportable to FINTRAC include VC exchange transactions below the reporting threshold, as referenced in the response from FINTRAC.

Moving Forward

In order to ensure you are compliant with the MD obligation, a thorough lookback to June 1, 2021 for all VC transactions below the reporting threshold, that may have had a nexus with Iran, needs to be performed. Should transactions that should have been reported be found, a Voluntary Self-Disclosure of Non Compliance (VSDONC) should be submitted to FINTRAC. For more information on VSDONCs and how to complete one, please see our blog post on the topic.

Need a Hand?

If you are looking for help completing a lookback or would like a second set of eyes on a VSDONC, please feel free to contact us.

Would You Recognize Real Estate Red Flags?

Rodney_FINTRACOn November 14th, 2016 FINTRAC released a brief for all reporting entities who may be involved in real estate transactions.  The briefing is intended as guidance to provide some examples of indicators that may be present in transactions that may suggest they are linked to money laundering or terrorist financing.  The indicators described have been taken from transactions suspected of being related to money laundering or terrorist financing reported internationally.  The briefing focuses on the potential risks and vulnerabilities within the real estate industry and provides suggestions on how to ensure reporting entities are sufficiently meeting suspicious transaction reporting obligations.

The briefing is meant to provide operational guidance given the small overall number of suspicious transactions that have been reported to FINTRAC by the Real Estate industry.  The briefing states that these indicators will be used by FINTRAC to assess compliance with your reporting obligations.  If you are a reporting entity that interacts with the real estate industry in one form or another, the indicators and scenarios outlined in this brief should be considered when updating your Risk Assessment and training materials.

To put things into perspective, though the actual size of the real estate market is difficult to determine precisely, CMHC has produced some statistics.  CMHC suggests that between 2003 and 2013 over $9 trillion of mortgage credits were negotiated and roughly 5 million sales took place through Multiple Listing Services (MLS).  In contrast, FINTRAC received only 127 Suspicious Transactions Reports (STRs) from real estate brokers, agents and developers and 152 by other types of reporting entities, such as banks and trust/loan companies.  To go a step further, in FINTRAC’s 2015 Annual Report, between April 1, 2014 and March 31, 2015, a total of 92,531 STRs were filed across all reporting entities.

 

re-strs-filed-vs-sales

This evidence supports FINTRAC’s assertion that operational guidance for the real estate industry is needed.

The indicators and examples covered in the brief outline numerous scenarios that may suggest that a transaction is related to a money laundering or terrorist financing offense.  It also speaks to how the appearance of legitimacy obfuscates the clarity of suspicious transactions and requires more than a just “gut feel”.  What is required is the consideration of the facts related to the transaction and their context.  Does the transaction with all the known factors, positive or negative, make sense?

 

What This Means to Your Business? 

First off, FINTRAC will be using the indicators provided to assess your compliance with reporting obligations.  This has a couple different applications.  The first being, does your AML compliance program documentation make reference to the suspicious indicators that are provided.  Basically, are staff aware of the elements that may be present in a transaction that would suggest money laundering or terrorist financing may be occurring?

Secondly, is there an oversight process to ensure if there are transactions that contain one or more of these indicators where an STR was not submitted, is reviewed?  If so, does the process ensure supporting evidence that the Compliance Officer reviewed the transaction and determined there were not reasonable grounds to suspect its relation to money laundering or terrorist financing?  When you encounter a transaction involving any of the indicators provided, it is very important that you collect as much information as possible to assist the Compliance Officer with their determination of whether there are reasonable grounds to suspect that a transaction, or attempted transaction, may be related to money laundering or terrorist financing.  Alternatively, even if none of the indicators provided by FINTRAC are present but we still feel there is “something off” about our customer’s transaction, speak with your Compliance Officer.  They will be able to provide some insight on additional information that may assist our decision.  Once you have collected any additional information you may still not feel comfortable, but this does not mean you cannot complete the transaction, but that you must be sure your Compliance Officer is provided with all the information, which includes our reason for the escalation, so that they can decide whether there are reasonable grounds to suspect it may be related to a money laundering or terrorist financing offense.  The Compliance Officer will document their decision and, if necessary, submit an STR to FINTRAC.

Need a Hand?

If you are a reporting entity that interacts with the real estate industry and would like assistance updating your AML compliance program documentation or simply have some questions, please contact us.

Return to Blog Listing