Being AML compliant means keeping your obligations in mind at all times (vgajic/Getty Images)

While it has always been important for reporting entities to be aware of their obligations under Canada’s anti-money laundering (AML) regime, the new rules that came into effect on June 1, 2021 have significantly increased the risks and complexities associated with non-compliance.

“The updates set out a number of circumstances under which CPAs carrying out activities covered by the legislation must verify the identity of the persons or organizations with whom they do business, as well as what they must report and how,” explains Michele Wood. -Tweel, FCPA, FCA, Vice President, Regulatory Affairs at CPA Canada. “Failure to comply can result in administrative penalties and more.”

Here’s what it means to be compliant, and the consequences of non-compliance.


As reporting entities under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (RPCFAT), accountants and accounting firms that are involved in certain activities (such as receiving or paying funds on behalf of a person or entity) are required to verify the identity of the persons and entities with which they do business in certain circumstances:

  • Large cash transactions ($10,000 or more in a 24-hour period, as defined by the 24-hour rule)
  • Large virtual currency transactions (again, $10,000 or more in a 24-hour period)
  • Suspicious transactions, regardless of the amount
  • Receipt of funds of $3,000 or more.

Other “know your customer” (KYC) obligations include obtaining beneficial ownership information and determining whether you are dealing with a politically exposed person or the head of an international organization. Additionally, to comply with record keeping rules, there are a variety of records and reports that must be kept in a file.


For reporting entities, the first step towards meeting anti-money laundering obligations is to establish a compliance program. This serves as a frame for subsequent elements of an anti-money laundering regime, including KYC, reporting and record keeping.

“Reporting entities must have a documented compliance program this requires the name of a compliance officer, written compliance policies and procedures, and a risk assessment report, as well as records of ongoing compliance training and periodic review of the compliance program,” explains Wood-Tweel.


Any organization subject to anti-money laundering regulations can expect to be examined by FINTRAC, says Eric Lachapelle, CPA, National Head of Financial Crimes for KPMG Canada. “When you will be examined and how often depends on the risk model established by FINTRAC. If you are in a risky sector, they will come to see you more often.

FINTRAC typically begins its examination process by contacting reporting entities and sending a formal letter to an organization’s compliance officer indicating when examiners will be coming or when an in-office examination by FINTRAC will take place. Prior to the start of the examination, the reporting entity may be required to provide the requested documents.

FINTRAC uses a variety of assessment tools during an examination, including monitoring significant financial transaction reports, determining business activities subject to the PCMLTFA, and documenting compliance program deficiencies, progress and improvements.

“Reviewers won’t necessarily check everything from A to Z, because there are many elements to an AML compliance program,” says Lachapelle.


Once its assessment is complete, FINTRAC will provide details of the findings and a letter of findings will be issued. Depending on the outcome, no follow-up will be required, follow-up compliance action will be taken, it may impose an administrative penalty or disclose information to law enforcement for criminal investigation.

Lachapelle points out that FINTRAC’s enforcement in Canada is not designed to be punitive, but rather to encourage behavioral change. “One report does not mean that all findings are serious,” he says. “However, while FINTRAC is not intended to be punitive, every law must be enforced at some point.”


The PCMLTFA and its related regulations establish specific penalty scales for each offence, explains Mélanie Goulette Nadon, Senior Communications Advisor, External Communications, FINTRAC. Within these ranges, specific penalty amounts are calculated based on Administrative monetary penalties (AMP).

To determine the amount of a penalty, FINTRAC considers three criteria:

  • The harm caused by the breach(es): FINTRAC has developed and published a number of guide which describe its approach to assessing the harm caused by the violation of the LRPCFAT regulations and its justification in determining the amounts of the penalties.
  • The reporting entity’s compliance history.
  • The non-punitive nature of a monetary administrative penalty.

Penalties are categorized into three levels and amounts determined on a sliding scale: minor ($1 to $1,000 per violation); severe ($1 to $100,000 per breach; and very severe ($1 to $100,000 per breach for an individual, $1 to $500,000 for an entity).

“If you don’t have the right program in place or don’t do proper monitoring, you could be fined. If you don’t do the proper regulatory reporting or if you don’t do any reporting at all, you’re definitely at risk,” Lachapelle says.

When reviewers find multiple violations, each can be penalized individually, Lachapelle warns.

There may be more breaches with major reporting entities simply because of transaction volumes, Lachapelle says. “Naturally, the higher the volume, the greater the risk of having more breaches. It is also important to note that all SAPs are now disclosed to the public.”

Once the letter outlining the results is received, the organization can simply accept the results and agree to the terms set out in the letter, Lachapelle explains. “If you do not agree with the conclusions, you must 30 days to present your case. Depending on the type of finding, you can request a review, submit a request to negotiate terms, or in the case of more serious findings, appeal to federal court.


Being compliant means keeping your obligations in mind at all times, says Lachapelle. “The best way to keep up to date is to read FINTRAC website. Everything is here. Remember that there are always changes and updates, so you should know by heart what is needed.

Nadon adds that in addition to publishing complete and sector-specific information tips for businesses subject to the PCMLTFA, FINTRAC issues hundreds of policy interpretations and responds to thousands of inquiries each year.

Lachapelle notes that CPAs can expect more changes to come. “I’ve been in the business for 15 years and things are definitely changing. Canada is catching up with its G7 and G20 peers and moving in the right direction.

Wood-Tweel takes a similar view. “We have seen a lot of momentum over the past four to five years and Canada’s regime is increasingly on par internationally. As we move forward, it will be important to maintain this momentum. »


CPA Canada has a wealth of information on all aspects of anti-money laundering. For more information on non-compliance, see Risky Business: Non-Compliance with Anti-Money Laundering Requirements.

See CPA Canada’s AML guide for more detailed information on meeting all AML guidelines. And be sure to read our Q&A with guide contributor Marc Tassé.

For more updates, see New AML metrics CPAs should keep on their radar. And attend the Anti-Money Laundering and Ethics course to gain the knowledge and tools to instill financial ethics in your organization.