What is FINTRAC?

The Financial Transactions and Reports Analysis Centre (FINTRAC) is Canada’s financial intelligence unit (FIU) and the country’s anti-money laundering and countering the financing of terrorism (AML/CFT) regulator. 

FINTRAC was established in October 2000 under the Proceeds of Crime (Money Laundering) Act. In 2001, the legislation became the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), expanding FINTRAC’s mandate. It is now responsible for enforcing the terms of the PCMLTFA among the institutions under its supervision. 

FINTRAC is an independent body working at a federal level and reporting directly to Canada’s Department of Finance. FINTRAC is part of the Egmont Group, a global network of FIUs collaborating on AML/CFT information-sharing. It also contributes to cross-jurisdictional AML policy-making organizations such as the Financial Action Task Force (FATF), the Asia-Pacific Group on Money Laundering (APG), and the Caribbean Financial Action Task Force (CFATF). 

What does FINTRAC do? 

FINTRAC conducts regular audits and reviews of Canadian firms to ensure they comply with the PCMLTFA. These firms include financial institutions (FIs), securities dealers, brokers, casinos, insurance companies, money services businesses, and real estate firms. In cases of non-compliance, FINTRAC has the power to issue financial penalties on firms and compel them to follow action plans to improve their AML/CFT compliance programs. 

Although it cannot conduct criminal investigations, gather criminal evidence, or lay charges, FINTRAC works with other federal organizations like the police, the Border Services Agency, and the Revenue Agency to assist in enforcement actions and ensure PCMLTFA compliance. FINTRAC also works with the Office of the Superintendent of Financial Institutions (OSFI), Canada’s prudential regulator, to share information about risks facing the country’s banking sector. 

Beyond its oversight of FIs via auditing and review powers, FINTRAC analyzes information from the financial sector to uncover money laundering and terrorism financing patterns and trends. It also aims to increase public understanding of the risks financial crime poses to the Canadian financial system.

As part of Canada’s 2023-2026 AML/CFT strategy, FINTRAC now has the authority to publish more details about administrative monetary penalties and violations, increasing transparency in enforcement. This is aimed at deterring non-compliance by making public examples of entities that fail to meet regulatory obligations​.

FINTRAC compliance and reporting requirements

FINTRAC is responsible for ensuring firms’ compliance with the PCMLTFA, the main legislation in Canada’s AML/CFT regime. Essential tenets of the Act, which FINTRAC assesses firms on, include: 

• Policies and procedures: Firms’ AML compliance programs should be implemented and overseen by a specialist compliance officer, and based on the results of regular business-wide risk assessments that pinpoint the kinds of risk the firm is likely to face. Firms must also create written compliance policies and procedures and ensure staff are trained to implement them. Finally, firms should test the strength of their compliance programs with frequent external audits. 
• Customer due diligence (CDD): Canadian FIs must identify and verify their clients at onboarding. This includes verifying ultimate beneficial ownership (UBO). They must also be able to identify any customers who are politically exposed persons (PEPs) and their relatives and close associates (RCAs). 
• Ongoing monitoring: After onboarding has been completed, firms must monitor their transactions to detect any unusual or suspicious patterns of financial behavior. 
• Record-keeping: FIs should clearly document data on customers and their transactions and be able to transfer this information to FINTRAC within 30 days if requested. FINTRAC retains transaction reports for ten years, after which it must either be disclosed or destroyed. 
• Reporting: Firms must submit suspicious transaction reports (STRs) to FINTRAC in cases where they have reason to believe a transaction may be linked to a money laundering or terrorist financing offense. As of August 2024, this also includes suspicious behavior relating to sanctioned entities. They must also report transactions equalling $10,000 or more (whether as a single payment or multiple transactions within a 24-hour window). 

The following types of business in Canada must report to FINTRAC: 

• Financial entities, such as banks (including foreign banks operating in Canada), credit unions, loan companies, co-operatives, trust companies, and caisses populaires. 
• Securities dealers.
• Real estate brokers, sales representatives, and developers.
• Mortgage administrators, brokers, and lenders.
• Life insurance companies, brokers, and agents.
• Money services businesses. 
• Accountants. 
• Money order businesses.
• Armored car businesses. 
• Casinos.
• Precious metals and stones dealers. 
• Public notaries and notary corporations of British Columbia. 

STRs can be submitted online or on paper. They must include information on the transaction’s date, time, method, and status, as well as an explanation of its risk of money laundering or terrorist financing. 

A Guide to AML for Canadian FinTechs

Find out what your firm’s AML compliance program should include with our comprehensive, step-by-step guide.

Download your copy

The challenges of FINTRAC compliance

Although FINTRAC’s instructions on firms’ PCMLTFA compliance obligations, AML compliance is a multi-layered process that takes significant effort to achieve correctly. Specific compliance challenges faced by Canadian businesses include: 

• Data processing requirements: Data is at the heart of compliance, from customer screening (including sanctions, PEP, and adverse media screening) to transaction monitoring. For effective compliance, firms need to be able to collect and analyze large amounts of data across these stages of the customer journey. They also need access to good-quality, comprehensive, up-to-date data in the first place since any solution will only be as good as the data it uses. 
• False positives: When a customer or transaction is wrongly flagged as suspicious, it wastes valuable compliance resources and time, restricting a firm’s ability to onboard customers at scale. A high false positive rate leads to inefficient compliance procedures and slower business growth. 
• New sanctions designations: Given Canadian businesses’ new (since August 2024) obligations to report possible sanctions evasion attempts to FINTRAC, they must be aware of the latest updates to Canada’s frequently updated sanctions list. As of October 2024, Canada’s autonomous sanctions list had 4415 entries. 
• Sophisticated financial crime typologies: Criminals are constantly developing new and complex methods of money laundering, terrorist financing, and sanctions evasion. Specific challenges here include using opaque corporate structures to disguise beneficial ownership or using emerging technologies to commit crimes in ways not yet widely recognized by FIs. 

Best practices for FINTRAC compliance

Non-compliance with the PCMLTFA carries severe punitive measures for firms, such as fines between $250,000 and $2 million or imprisonment for up to five years. The reputational damage of compliance failures and the loss of existing or potential customers can also offset Canadian firms’ growth by significant margins. Compliance teams working in these firms should, therefore, keep in mind a few compliance best practices: 

• Formulate a risk-based approach: A risk-based approach should form the bedrock of any firm’s compliance program. This involves identifying specific AML/CFT risks to the business based on their products, locations, and clients, then designing policies and procedures to address these and devote resources to more pressing risks. 
• Apply thorough know your customer (KYC) and CDD measures: Firms must know who their customers are and their reason for establishing a business relationship before doing business with them. To this end, they should establish CDD measures to verify customer identities and gauge each customer’s risk level. When customers are judged to be higher risk, firms should carry out enhanced due diligence (EDD), which includes measures like verifying source of wealth (SOW) and source of funds (SOF). 
• Continue to monitor customers throughout the relationship: Customer risk levels can change over time – for example, because of changes in PEP status, new sanctions designations, or new adverse media hits. Ongoing monitoring allows firms to capture changes to customer risk levels and take action where necessary. 
• Test the effectiveness of compliance policies: Firms should regularly audit their compliance programs using qualified third-party organizations (or an independent internal team in larger businesses). FINTRAC specifies firms should conduct “effectiveness reviews” at least every two years. 
• Enhance AML processes with automation: Firms should choose the best AML software solutions to maximize their ability to comply with FINTRAC regulations. Artificial intelligence (AI) has AML applications from customer screening to transaction monitoring that can significantly increase the efficiency of compliance programs. 

AI-powered solutions for seamless FINTRAC compliance

ComplyAdvantage leverages AI and machine learning (ML) for industry-leading compliance solutions. Firms using ComplyAdvantage can optimize their FINTRAC compliance with the following: 

• Quality AML data: The large amounts of data firms have to process as part of customer screening risks causing false positives by linking inaccurate, duplicate, or irrelevant information to customer profiles. ML systems can eliminate this data with semantic and statistical analysis to reduce false positives. 
• Real-time updates: ComplyAdvantage’s AI-enhanced customer screening solutions use continuously refreshed databases relating to sanctions, watchlists, law enforcement, PEPs & RCAs, and adverse media, enabling firms to stay compliant with the latest rules. 
• Automated risk scoring: Firms benefit from ComplyAdvantage’s configurable, dynamically updated customer and event risk scoring, allowing them to optimize their risk-based approach and develop a data-driven understanding of their customers. Intelligent alert prioritization then empowers firms to deal with the highest-risk cases first. 
• Graph analysis to identify unusual behavior: AI-driven transaction monitoring can further detect connections between customers and other entities while uncovering new or emerging financial crime typologies faster than manual processes.