How to Stay Compliant with AML Laws in Canada in 2024

Canada has been continuously working to develop an efficient Anti-Money Laundering (AML) system. Being one of the founding countries of the Financial Action Task Force (FATF), Canada follows the recommendations provided by the organization. However, the results of the FATF’s 2016 evaluation have shown that the country has several deficiencies. As a result, the government amended regulations to strengthen AML/CFT requirements. In October 2021, the FATF re-evaluated the country, pointing to visible changes and improvements in tackling money laundering.

From 2016 to 2021, Canada reversed most of its deficient indexes. This means that the regulatory environment in Canada is fast developing, and entities working in this jurisdiction need to keep up.

Failure to comply with Canadian regulations can lead to all sorts of penalties. Just recently, Wealth One Bank of Canada was fined C$650,000 ($480,000) over compliance. 

We at Sumsub have prepared an article explaining how companies working in Canada can stay compliant with changing regulations.

Who’s affected?

Entities obligated to follow Canadian AML law and report to FINTRAC (the Financial Transactions and Reports Analysis Centre of Canada) include:

• Financial institutions (banks, credit firms, etc.)
• Money Service Businesses (crypto companies, forex, etc.)
• Insurance companies
• Real estate businesses
• Casinos
• Security dealers
• Accounting firms
• Agents of the crown
• British Columbia notaries
• Dealers in precious metals and stones

Notably, certain non-Canadian businesses must also comply with the country’s new AML requirements. These are so-called foreign Money Service Businesses—that is, foreign companies that have a place of business in Canada. This can be an offshore crypto platform that advertises to and onboards Canadian users.

Who are the regulators?

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) is the main AML regulator in Canada. It was established in 2000 as per the Proceeds of Crime Act. Its goal is to detect, investigate, and confront any money laundering activity. Entities must, therefore, submit reports related toAML to FINTRAC, which analyzes them and cooperates with other law enforcement institutions (e.g., police) to resolve the cases. 

To maximize the efficiency of its investigations, the Canadian government has created two additional organizations: The Financial Crime Coordination Centre and The Canadian Financial Crime Agency. 

What are the regulations?

The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) is the main AML regulation in Canada. The law was implemented in 2000 and amended several times since then, with the latest changes proposed this year. In general, the main goal of PCMLTFA is to establish an efficient set of requirements for:

• Customer identification and verification
• Recordkeeping
• Monitoring
• Reporting

How to stay compliant

To stay compliant with Canadian AML law, companies have to implement a clear set of procedures. This includes at least the following:

• Appointing a Money Laundering Reporting Officer (MLRO)
• Staff training
• Risk assessment
• Conducting Customer Due Diligence (CDD), Simplified Due Diligence (SDD) and Enhanced Due Diligence (EDD) 
• Screening for persons on sanction lists, Politically Exposed Persons (PEPs) lists
• Transaction monitoring
• Ongoing monitoring of customer behavior and transactions
• Recordkeeping for at least five years from the date of the end of a business relationship or final transaction
• Reporting suspicious activity

When it comes to identity verification, Canada provides companies with several options to ensure the authenticity of clients.

Government-issued photo identification 

The first option is the government-issued photo identification method, wherecompanies must record the following information:

• Name
• Date of verification
• Type of document
• ID number
• The country of issuance
• Expiration date

Credit file 

Using the credit file method, companies have to obtain a client’s credit file either directly from the Canadian credit bureau or a service provider. The information that companies have to collect includes:

• Name
• Credit file number
• Name of the bureau or service provider that has the file
• Date when the business’s employee consulted the file

Dual-process 

When using the dual-process method, companies access information from two different agencies (e.g., bureau and bank). 

Suggested read: All You Need to Know About Remote Verification in Canada

What are the penalties?

Fines for AML record-keeping violations  in Canada range from just one Canadian dollar to C$500,000 (approximately US$375,000) per violation. The exact amount depends on the degree of the breach. For instance, a one-time failure to report a large transaction can cost businesses up to C$1,000 (around $800/€680), while repeat violations of record-keeping obligations can result in fines of up to C$500,000.

Recent developments

In 2021, businesses had to adapt to Canada’s new regulatory requirements, which included several crucial changes. 

The first change was the implementation of new reporting and record-keeping obligations for crypto transactions. All businesses now must keep a “large virtual currency transaction record” and file reports to FINTRAC if they receive C$10,000 (around $7,500) and more in cryptocurrency within 24 hours. The new amendments also require businesses to record information about crypto transactions over C$10,000. This should include:

• The date of the transfer
• Names, addresses, and date of births of participants in the transaction
• The amount and type of cryptocurrency
• The exchange rate
• All other transaction identifiers

This information must be sent to FINTRAC through the web reporting system within five working days after the transfer.

The latest regulations have also simplified transaction reporting. While previous obligations required filing a separate report for each transaction over C$10,000, the new requirements permit businesses to create a single report for all transfers made by a customer within 24 hours. This is called the 24-hour rule, and it works for both electronic and crypto transfers.

Another visible change is the widened scope of the Travel Rule, which now extends to crypto and electronic fiat transfers made by financial institutions, domestic and foreign Money Service Businesses, and casinos. Therefore, businesses must collect names, account numbers, and addresses of senders and recipients in crypto or electronic fiat transfers over C$1,000 (around $750). Also, financial platforms are required to share Travel Rule data on transacting parties.

Suggested read: What is the FATF Travel Rule? The Ultimate Guide to Compliance (2023)

There are also changes to beneficial ownership obligations. Now, when entering into a partnership with another legal entity, businesses must verify the identities of any beneficiaries as part of their KYB procedure. Importantly, businesses must update this information on an ongoing basis. Companies therefore must collect and verify two types of data: 1) information about the partner company and 2) the identities of the beneficial owners. This includes:

• Information about beneficiaries. Businesses need to perform a standard KYC/AML procedure to obtain and confirm the identities of beneficiaries. Under Canadian legislation, beneficial owners are individuals who directly or indirectly own or control at least 25% of a company, regardless of where the company is located. 
• Information on company ownership, control, and structure. Businesses must identify legal entities and natural persons who have a percentage of shares in a company. It’s important to record the total percentage of shares owned along with the names of every individual involved.

Businesses can verify beneficial ownership through corporate documents or external data sources. The latter could include the securities and shareholders registers, articles of incorporation, and more. 

It’s clear that Canada is developing a more comprehensive AML system, and this will likely be the trend in coming years. Companies have to be able to adapt in this fast-paced environment. Moreover, companies should also be aware of the increasing number of criminals trying to abuse gaps in the system. That’s why it’s essential for businesses to take measures in a timely manner. One of them is implementing an efficient AML solution,consisting of several technologies, such as Transaction Monitoring and Know Your Customer checks. If implemented correctly, the right AML solution can minimize the risks of criminal activity, ensure compliance with regulations, and uphold a company’s reputation.