Enforcement trends are going sky high for FMSBs  📈

In the last 6 months, FINTRAC has taken a harder line than ever on the enforcement of regulated entities, and in particular against Foreign MSBs (FMSBs) that have routinely made volumes of non-compliance errors - with total penalties issued to the tune of over $197 million dollars. This all since July 2025…😱

Here are some key facts on violations that are getting FMSBs into hot water:

🚫 No Registration with FINTRAC.

This is non-negotiable. FINTRAC requires any entity that is considered an MSB in Canada (including foreign and virtual currency operators), must be registered with FINTRAC.

🚫 Multiple Violations and the “Per-Instance” Strategy.  

FINTRAC is actively leveraging their powers to penalize each infraction SEPARATELY and issue cumulative penalties. Meaning, for businesses like virtual currency operators that have high transaction volumes, penalties can really add up if non-compliance is rampant. For example, in the case of Cryptomus (fined nearly $177 million), over 1,000 STR violations were found - and each violation was penalized individually…Yikes. This per-instance style enforcement paired with potential new administrative penalties of up to 40X more (as tabled in proposed Bill C-12), could have entities seeing even higher record penalties. 

If you would like to learn more about proposed Bill-C12, read our article on this topic here.

🚫 Ministerial Directive Violations.

As part of anticipated shifts in legislation and the global AML FATF audit, to help the perception of increased security of our borders and illicit activities, tougher ministerial directives on sanctioned countries are now a reality and the enforcement against non-compliance is a big focus for FINTRAC.

Canada is a nuanced market and you need experts that know the intricacies of the local regulations and laws to help.  We have assisted hundreds of MSBs with their compliance and we would love to support yours. Reach out to us for a free consult today contactus@theamlshop.ca

In June 2025, the Federal Government read proposed Bill C-2 (aka The Strong Borders Act) for the first time in the House of Commons. This proposed bill was highly scrutinized due to controversial policies surrounding lawful access and digital surveillance powers, resulting in a bill that would have been difficult to pass quickly.  As a result, Bill C-2 was paused, and Bill C-12 was introduced.

Proposed Bill C-12 eliminates the controversial policies from proposed Bill C-2 surrounding lawful access and digital surveillance powers that would allow law enforcement powers to basic subscriber information from any provider in Canada, without a warrant.

Additionally, proposed guidelines that would have restricted cash payments, donations and deposits over $10,000 and all third-party deposits (for non-bank businesses) were originally tabled in C-2, but left out of Bill C-12 as well due to their controversial nature. However, although these restrictions on cash transactions and deposits did not make their way into Bill C-12, they did not disappear entirely and have resurfaced in the 2025 Fall Budget (see our post on this topic here).

Pushing Bill C-2 forward would have been difficult because of these highly critiqued propositions and thus, the Bill has now been split into an “easier to implement version”…enter proposed Bill C-12.

Want to learn more? Below our experts have put together a recap for you of important things you need to know regarding AML and the new proposed Bill C-12:

➡️ Higher FINTRAC penalties and new cumulative caps are still expected.

If enacted, this bill would authorize FINTRAC to penalize up to 40X the current penalty structure. This means maximum penalties for very serious offences could skyrocket up to $20 million per offence. For cumulative violations, there would be a cap set at $20 million or 3% of gross revenues.

As you can imagine, for high revenue entities - multiple violations could result in penalties of hundreds of millions of dollars or higher 💸

➡️ FINTRAC enrollment requirements would still broaden by requiring universal enrollment.

All PCMLTFA reporting entities would have to be enrolled with FINTRAC and maintain their enrollment. If you don’t enroll or maintain enrollment, you could face consequences which could even potentially include the possibility of criminal charges.

FINTRAC’s current registration processes take months now, with only several thousand registrants. Prepare for a far longer delay when 30,000 businesses have to go through the enrollment processes.

Keep fear of regulators at bay. We can help you, just like we have helped hundreds of other companies and MSBs in their registration and enrollment process. 🤝

➡️ Anonymous Accounts prohibition.

Although this may seem obvious and already enforced, there is more to it than you might imagine. This amendment to the PCMLTFA would prohibit any anonymous accounts from being opened. However, if you dig under the surface, what this would really mean for regulated entities is that an account is deemed anonymous if the account opener cannot be verified under existing identity verification requirements.

No verified existence = no opened account 🚫

➡️ More scrutiny of compliance programs and effectiveness reviews.

FINTRAC would take a harder stance on its review of compliance programs and their component elements. FINTRAC would have the ability to levy fines and penalties where compliance programs and documents may exist but are perhaps not in FINTRAC’s judgement of being effective in mitigating money laundering, terrorist financing and sanctions risks.

The current standard of having a documented, written compliance program would no longer cut it.  It would have to be effective…not just tested routinely for its effectiveness.

And, failure to meet FINTRAC’s new compliance program standards in this proposed regime could result in a serious violation and cost your company millions of dollars in penalties.

The catch is understanding and knowing exactly what regulators are looking for here…as we predict, it will be highly subjective and industry specific. Remember, our experts have been involved in numerous FINTRAC exams and we have seen how things typically play out during an examination. Our in-depth experience in this area can help evaluate the benchmarks appropriate for your business and industry.

Because of the subjective nature of these proposed requirements, having an AML Shop expert on your side could save you a ton of headache. 💆

Conclusion:

Despite provisions from proposed Bill C-2 dropping off the current radar in the new revised legislation, select key elements remain proposed in Bill C-12 to help increase Canada’s efforts against financial crime and AML compliance.

Namely in:

🇨🇦 Significantly increasing Administrative Monetary Penalties

🇨🇦 The broadening of FINTRAC registration requirements

🇨🇦 Prohibiting anonymous accounts

🇨🇦 More scrutiny of compliance programs and effectiveness reviews

Our AML expert team has worked on volumes of engagements for all reporting entity types and can help you navigate how your business handles these potential new changes with accuracy and ease. Reach out to our team today to get started.

We Help Keep FINTRAC Happy.

In proposed Bill C-2, restrictions were introduced disallowing acceptance of cash payments, donations or deposits over $10,000 for most organizations, except Banks and Credit Unions with an additional blanket banning of all 3rd party cash deposits (regardless of amount, with exceptions to be prescribed).

After receiving much public critique, proposed Bill C-12 was introduced shortly after to replace proposed Bill-C2, eliminating these controversial measures.

But guess what? The proposed regulations were not left behind entirely - in actuality, they were paused - and are now BACK on the table...this time in the Government of Canada’s Fall 2025 Budget (also known as “Canada Strong”).

How this will ultimately shape within the regulatory landscape in 2026 is still to be determined - but critiques of these proposed regulations remain, including:

🔴 The possibility of unnecessary administrative burdens for developing new processes. There are many situations where cash deposits over $10,000 (especially since $10,000 is quite a low deposit amount) or transfers by a third-party over are indeed legitimate. For example, a family member sending funds to a relative in a foreign country, employee deposits into a company bank account or a parent depositing money into their child’s bank account all can constitute legitimate transaction types that should not be flagged or require enforcement – ultimately prohibiting these types of deposits could lead businesses to develop new processes to accommodate the law, resulting in administrative burdens.

🔴 Too many legitimate transactions will be prohibited.  Because acceptance of cash transactions over $10,000 will be banned for all businesses in Canada (excluding banks), many payments that are for legitimate reasons will be banned and might adversely affect groups that have large reserves of cash required for a transaction (for example, immigrants who are trying to pay for housing or school who may not have the correct banking channels established in Canada to send digital payments or inter-family transactions, for example, repaying a loan to a family member).

🔴 Negative impacts and losses for charities and non-profits that often rely on large cash donations. Many charities and non-profits also rely on very large cash donations to fulfill their mandates. These new policies would introduce a roadblock for charities and non-profits generating donation revenue...which is meant for good.

If you have any questions about how these regulatory changes if enacted could affect your business or clients, reach out to us today to connect with an AML expert.

Did you know that the Bank of Canada (BoC) has RPAA frequently asked questions (FAQs) that they update on a regular basis? 💡

In a recent newsletter, the BoC featured an FAQ that many of our clients have inquired about and we thought you might be interested in knowing their position:

“Will the Bank develop or pre-approve insurance or guarantee products that meet the requirements of the RPAA and Retail Payments Activities Regulations ❓”

The simple answer is no 🚫

The BoC will not pre-approve designs for potential insurance or guarantee products. The Bank’s role is to supervise PSPs that perform retail payment activities in order to determine whether they comply with the RPAA ✅

This ‘no pre-approval’ stance from The Bank of Canada highlights a core principle of the RPAA’s supervisory framework: the responsibility of compliance is entirely on the PSP.

This reinforces the importance for each PSP to independently conduct thorough due diligence aligning with the RPAA’s risk mitigation objectives. This diligence must ensure safeguarding of end-user funds when choosing a financial protection mechanism, whether that be insurance or guarantee products.

If your business needs help with due diligence or navigating how to choose insurance or guarantee products that are RPAA compliant, our in-house experts can advise. We have worked on volumes of RPAA programs and your business could be next to benefit from our expert support.

Has your Retail Payment Activities Act (RPAA) application approval been delayed? 🏦 🇨🇦 

As we previously reported, the Bank of Canada’s Registry of approved Payment Service Providers is now live, with a list of registered PSPs published to date. You can also view applicants currently under review here. 

In a recent update, the Bank of Canada noted that some PSPs have received a notice from the Department of Finance stating that their RPAA registration may take an additional 60 days to process. 

Not to worry - these notices are routine and a standard part of the legislative process, but PSPs must be prepared for potential delays. 

✨ Why does this delay occur in certain cases? ✨

The Minister of Finance may need more time to determine if a national security review of the applicant is required. When the notice is issued, the period for the Minister to decide if a review is required is extended by 60 days.

Note, It is possible that the decision may be made and communicated before the 60 days has lapsed. 

✨ Can the applicant ask questions if this happens?✨

Yes, they can - the applicant may reply directly to the email notice they were issued with any questions they may have. However you should note: the Bank of Canada does not have answers specific to questions regarding National Security Screenings - these questions must be directed to the Department of Finance. 

Virtually every MSB (who are now also considered PSPs) in Canada is regulated now under the RPAA - ease the friction with regulators and contact our experts today to find out how we can help you, help keep FINTRAC and The Bank of Canada Happy 😎

Struggling to translate Retail Payment Activities Act (RPAA) regulatory expectations into day-to-day processes? 

Join us on December 10th from 12pm-2pm EST for a focused webinar where we break down some best practices for operationalizing RPAA requirements, to better ensure PSPs compliance.

Topics to be discussed include:

📒Ledger Reconciliation

👥 Human & Financial Resource Planning

🛡️Third-Party Service Provider Risk Management

This session is hosted by The AML Shop’s Marcelle Dadoun (Principal, Program Design and Advisory) and Deanna Ladouceur (AML Advisor) and is a must attend for PSPs. 

Don’t miss your chance to get practical insights and pose your RPAA questions to us in advance, via our registration form.

Spots are limited!

This week there was a very important guidance update from FINTRAC below on the Ministerial Directive on financial transactions associated with the Islamic Republic of Iran.

FINTRAC has announced that the Iran directive is now applicable to ALL reporting entities (REs). Previously, only Financial Institutions and MSBs had to comply.

The guidance updates include:

❗All REs subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) must report every financial transaction to or from Iran, regardless of amount

❗Risk assessment of a sanctions evasion offence

❗New correspondent banking relationship requirements

If you are an RE, it is imperative that you update your program documents to reflect your compliance with these updates immediately. And, very important - you must now begin to report every financial transaction to and from this jurisdiction to avoid non-compliance and potential enforcement.

You can read the updated guidance here .

Reach out to us for more information on how our expert team can help you complete these updates accurately and swiftly. 

Recently, FINTRAC released crucial new guidance regarding private-to-private information sharing between Reporting Entities (REs) 🔐 

Private Information sharing is intended to help close gaps typically exploited by criminals and money launderers by enabling REs to obtain a more complete view of client activity and to better detect suspicious transactions.  

 The key takeaway?  

Information sharing is voluntary, but for those REs that wish to engage - they must do so legally according to the rules as set forth in the guidance. This includes: 

🟠 Establishing and implementing an internal Code of Practice for disclosure, collection and use of information. Codes of Practice are submitted to FINTRAC and the Office of the Privacy Commissioner of Canada (OPC) and approved by the OPC. The OPC has 120 days to review your application and provide a decision, with an additional 15-day extension if required. If no decision is communicated to you by the end of the review period, your Code of Practice will be deemed approved.  

🟠 The code of practice must be accompanied by an acknowledgement that each participating reporting entity has approved the code of practice and has consented to its submission to FINTRAC and the Office of the Privacy Commissioner of Canada. 

🟠 If your Code of Practice is approved, you may only share information with other reporting entities identified within your Code of Practice. Remember, information sharing is voluntary and not a mandatory requirement.  

What should a Code of Practice include?  

✅ The legal names and FINTRAC reporting entity numbers for all REs involved in private information sharing activities  

✅ A description of the personal information that may be shared, including the purpose for sharing and the way information is shared 

✅ Detailed measures to securely protect and retain shared information.  

✅ Your Code of Practice should demonstrate adherence with privacy regulations as set forth in the Proceeds of Crime (Money Laundering) and Terrorist Financing (PCMLTFA), meeting substantially the same or greater privacy protections as PIPEDA. 

Looking beyond compliance - why does having an approved Code of Practice matter? 🤔 

If your information sharing activities are completed in compliance with the PCMLTFA, regulations and in good faith, an approved Code of Practice could provide at least a soft layer of liability protection, although not a complete “safe harbour” for your business. 

Information sharing can be a complicated matter - especially when it comes to AML compliance, privacy and situations where REs may feel grey areas exist. 

Our team of AML and network of legal experts can help your business navigate these nuanced situations and figure out how to execute compliantly - please reach out to us today should you have any questions regarding this update or anything regarding AML and information sharing.  

With the release of the latest National Risk Assessment in Canada, now is the perfect time to ensure your Risk Based Approach (RBA) is in good order ✨ 

Recently, the Government of Canada published the 2025 Assessment of Money Laundering and Terrorist Financing Risks in Canada (aka the National Risk Assessment).  

All businesses regulated under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) have an obligation to assess and document their Money Laundering and Terrorist Financing Risks. 

What does this mean? 

Your company requires a Risk Based Approach (RBA) as part of your overall AML compliance plan and it should be informed by the latest National Risk Assessment (and of course the specifics of your own business and inherent risks involved…but we will get more into that later!).   

And remember - your RBA must be effective - it’s not enough just to have an RBA “on paper”, you need to demonstrate that your RBA is effective in practice. 

2025 National Risk Assessment Highlights 

The updated 2025 National Risk Assessment for Canada was created based on historical data, strategic intelligence and sector specific guidance and comes with notable updates, including: 

🟠 A focus on residual risk.  

Although the National Risk Assessment focuses on Canada’s inherent risk, the 2025 update notably highlights the importance of “Residual Risk”.  Determining the appropriate Residual Risk of a nation provides a true picture of faced risk and is the foundation for making effective policy and resource decisions.  

So, what is residual risk and how is it determined?  

In the National Risk Assessment, the residual risk of Money Laundering and Terrorist Financing (ML/TF) risk is determined by:  

✅ first, highlighting the inherent ML/TF risk that exists within Canada   

✅ then, analyzing existing mitigation measures that are in place to respond to this risk  

✅ and finally, noting the residual risk levels that remains after mitigation measures and controls are put in place.   

This process helps inform the nation’s overall approach to ML/TF risk, and regulators expect that reporting entities will use this blueprint in determining their own RBA.  

 Determining your residual risk is the cornerstone of a sound compliance program, as it will give you the clearest scope of the ML/TF risk your business faces.  FINTRAC requires that all reporting entities document their RBA, including noting all mitigation measures to control risk and then, establishing the residual risk that remains after those controls are put in place.  

 Failure to document this end-to-end process and demonstrate the effectiveness of your RBA and residual risk assessment is a big error…and a common and costly deficiency cited in FINTRAC penalty actions! 

🟠 There are Sector Specific changes to assessed risk, 

Below are a few examples of Sectors and Industries that have been highlighted in the National Risk Assessment:   

📄 Mortgage Companies:  Mortgage Fraud has been flagged as a high-risk vulnerability. Given this, the expectation will be that mortgage businesses will need to have stronger processes in place to mitigate risks. This is already evident as seen in the implementation of Beneficial Ownership Discrepancy reporting obligations, which became effective October 1st under the PCMLTFA. The Mortgage Industry is one of the industries that will need to comply with this update. 

🏡 Real Estate: with more ways than ever to conceal cash through a seemingly valid economic transaction, there will be a greater expectation for real estate companies to assess risk appropriately and demonstrate that their RBA is sound. Of critical importance will be identifying the possible misuse of funds in large cash transactions, anonymous ownership structures, over or under valuations, exploitation of assignment clauses and other real estate transactions that could potentially involve illegal funds. We are seeing more FINTRAC oversight in 2025 within the real estate transaction and this will continue to trend. For example, 2025 PCMLTFA requirements have recently expanded when it comes to client identification obligations and the addition of more newly regulated industries like Title Insurers (who are a vital player in real estate transactions).  

💰MSBs (this includes Crypto and Virtual Currency companies!) will face increasing scrutiny due to a high level of inherent risk because of high transaction volumes, speed of transactions, cross-border dealings and risk of sanctioned persons and geography clients. For these sectors, stronger AML processes, effective RBA’s and ensuring transparency in transactions with proper record keeping and filing of STRs, is more crucial than ever. In 2025 for non-compliant MSBs, we have seen record penalties issued by FINTRAC – to the tune of nearly $176 Million against FMSB (registered in British Columbia) Crypto MSB Xeltox (operating as Cryptomus) – and FINTRAC’s priority is to continue ramping up on enforcements here. 

How exactly does FINTRAC approach enforcement and penalties when it comes to RBA’s?   

As, far as enforcement and penalties go -  FINTRAC does not take a prescribed or linear approach when it comes to expectation of a risk assessment and how they penalize non-compliance; but what is certain is that avoiding enforcement and penalties requires an effective, proven RBA in your AML compliance plan (it is not enough just to have documentation stating your RBA, your actions must demonstrate adherence to your RBA).  

 
FINTRAC will be ensuring reporting entities are considering the National Risk Assessment within their RBA’s – and deficiencies in implementing these guidelines can result in sky-high penalties and reputational damage.  

How Can We Help? 

Taking a Risk Based Approach is essential for your overall compliance health.  

Our team can help upgrade your RBA by: 

🔶 Assessing your company’s inherent risks, including your client base, geographic risk, technology or factors specific to your business that might indicate Money Laundering or Terrorist Financing Risk 

🔶 Determining an acceptable level of risk for your organization and establishing thresholds within your compliance program  

🔶 Implementing compliance processes and strategies to help you determine risk including, Enhanced Due Diligence processes, KYC (Know Your Customer) Protocols, Record Keeping, Transaction Monitoring and Reporting, application of ministerial directives and ongoing monitoring of ML/TF risk and effectiveness. 

What are your next steps? 

Get valuable expert help! 

Our team has routinely engaged with clients that need their RBA refreshed and we have been present for hundreds of FINTRAC exams – we KNOW what regulators are looking for and what is truly valuable within a compliance program.  

In this risk-focused regulatory landscape, now is the time to reach out to us and learn about how our experts can help with your RBA. Contact us via the form below or email contactus@theamlshop.ca

We Help Keep FINTRAC Happy.  

Newly listed Terrorist Entity alert 🚨 You are going to want to read this update as this impacts a variety of entities and businesses subject to Anti-Money Laundering regulations.

Recently, Public Safety Canada named the transnational criminal organization Bishnoi Gang as a listed Terrorist Entity under the Criminal Code of Canada.

Criminal organizations like the Bishnoi Gang threaten the security and safety of the nation and our citizens - and much of the reason why they can operate and proliferate is due to the flow of illicit money that funds their day-to-day illegal operations.

FINTRAC is emphasizing their enforcement of Sanctions related offences more than ever to stop the illegal activities of Listed Terrorist Entities…. And you need to take note of the following compliance requirements 📝

✅ Suspicious Transaction Reports (STRs)

You must report any transactions (whether completed or attempted) where you have reasonable grounds to suspect Money, Laundering, Terrorist Financing or Sanctions evasion offences; and this applies to interactions with Listed Terrorist Entities - like the Bishnoi Gang.

✅ Compliance Program Updates.

FINTRAC requires you to keep your risk assessment and processes up to date for newly Listed Terrorist Entities. You must always ensure your company records are up to date with any new additions to this list.

And yes…it is expected that you comb through retroactive transactions and consider submitting reports as required.

✅ Prohibited Dealings

Reporting entities are prohibited from dealing in money or property owned or controlled by listed entities and from providing financial services that will benefit terrorist groups. As you can imagine, the threat of illegal activity via listed entities can span a variety of entities and industries including Financial Services, MSBs, Real Estate, Securities, Mortgage and more…

Get onside and reach out to one of our experts today to discuss how to incorporate or strengthen your sanctions compliance within your overall AML objectives.  We have helped hundreds of clients nationwide be compliant and avoid enforcements - and you could be next!

🚨 Update: The Bank of Canada has published their registry of payment service providers (PSPs), registered under the Retail Payment Activities Act (RPAA). This list will be updated regularly as applicants become approved. 

We know our PSP followers and clients will want to check the registry to see their status. You can consult the registry here https://tinyurl.com/5crcauwv

Additionally, the bank has also published (as promised) a list of applicants under review  https://tinyurl.com/3ymkkuu4

Our RPAA expert team is on standby to support you with any questions you may have. If you have been approved or are under review and need support, reach out to us to find out how We Help Keep the Bank of Canada Happy 😎

TORONTO, 30 September 2025 -- The AML Shop (TAS), the Canadian anti-money laundering (AML) consultancy and compliance solutions provider leading the fight against financial crime, today announced a significant strategic investment from London-based venture studio, Big Ideas Group (BIG).

The deal marks TAS’s transformation from national advisory leader into a global force in financial crime compliance, with expansion into both the US and UK already underway and a wave of new services and solutions slated for 2026.

TAS serves companies across a wide range of sectors, from banking, insurance and mortgages to real estate, crypto and casinos, with AI increasingly powering the solutions it provides.

The urgency is clear: Less than 1% of the world’s laundered money is intercepted, leaving an estimated $2 trillion flowing freely through the global financial system[1].

With regulators applying ever more pressure and financial crime becoming increasingly sophisticated, institutions need not just cutting-edge software but expert-led insight, faster execution and future-ready tools. TAS delivers all of this and more.

Backed by BIG, a London-based venture studio with extensive experience in AML and financial technology, the firm is now accelerating into the UK and US, scaling its Financial Intelligence Unit (FIU) and investing heavily in AI-driven compliance technology.

Importantly, TAS will remain fully independent, with its existing leadership, people, and values intact — while gaining the firepower to think bigger, move faster and deliver robust, future-proof AML solutions at scale.

Matt McGuire, Principal & Co-Founder, TAS, commented:

“Financial crime is getting smarter. While AI is reshaping the tools available to fight it, it is also increasing the threats we face. Yet the industry still drowns in false positives with around 95% of alerts going nowhere, wasting thousands of hours and driving financial exclusion. Our mission at TAS is to make AML functional, affordable and accessible to businesses in multiple sectors. This investment gives us the scale, expertise, and reach to expand into the UK and US while keeping our independence and leadership exactly as they are today. What changes is our ability to move faster and give clients the confidence to stay ahead and stay compliant.”

Monika Cywinska, Principal & Co-Founder, TAS, added:

“TAS has always combined deep AML expertise with practical solutions. With BIG’s backing we can now accelerate our Financial Intelligence Unit (FIU), an elite force of financial crime first responders harnessing AI and emerging technologies to help clients worldwide strengthen their defences, outpace regulatory change and stay ahead of increasingly sophisticated threats.”

Sebastian Gray, Founder, Big Ideas Group, commented:

“TAS has built something rare: a trusted, independent firm with a culture clients love and AML expertise they can trust. With global demand for smarter compliance surging, we believe TAS has the potential to become the go-to brand in AML internationally and are excited to back that journey. It offers an end-to-end service for financial institutions, fintech platforms and businesses in countless other sectors seeking smarter, faster and more cost-effective compliance.”

1. World Economic Forum (Global Coalition to Fight Financial Crime)

For more information, pics and interviews, please contact: 

Newspage.agency

agency@newspage.media 

+44 7507 706434

About TAS

The AML Shop (TAS) is Canada’s leading anti-money laundering advisory and managed services firm, working with financial institutions and regulated entities across the country to deliver expert-driven compliance, investigation, and risk solutions.

https://www.theamlshop.ca

About BIG

Big Ideas Group (BIG) is a London-based fund investing in purpose-led, high-growth fintech and financial services companies. Its portfolio includes innovators in AML, local banking and digital tools helping financial institutions thrive.

https://www.bigideasgroup.co.uk

October 1st is almost here and so is Beneficial Ownership Discrepancy Reporting ⏰

As of October 1st, FINTRAC reporting entities will be required to report to Corporations Canada any material discrepancies identified between the beneficial ownership information that they have obtained and the information related to individuals with significant control (ISC) that is available in Corporations Canada's database. 

Reporting entities will have to submit discrepancy reports when they determine that an active corporation incorporated under the Canada Business Corporations Act (CBCA) poses a high risk of a money laundering offence or terrorist activity financing offence. 

Reports are made directly to Corporations Canada, via their website and will need to be made within 30 days of discovering the discrepancy, unless the discrepancy has been resolved within 30 days of being identified. 🗓️

Now here’s the fun part where we break down the process and explain what could indicate a material discrepancy…

ENROLL IN FINTRAC’S WEB REPORTING SYSTEM

In order to submit a discrepancy report, the reporting entity must first be enrolled in FINTRAC’s Web Reporting system. If you are not yet enrolled, you must work with FINTRAC directly. 🤝

CREATE A “MY ISED ACCOUNT” 

Once enrolled in the FINTRAC Web Reporting System, reporting entities will also be required to create a “My ISED Account” - you can find instructions for doing so here.

CROSS-CHECK AND DETERMINE DISCREPANCIES

When you have a high risk client, you will cross check your high risk client Beneficial Ownership records information with the ISC information found in Corporation’s Canada’s database. If there are any discrepancies related to the ISC information, you will scroll to the bottom of the corporation’s results page, log into your My ISED Account and follow the instructions for submitting the discrepancy report. ☑️

HOW TO DETERMINE IF A DISCREPANCY IS A “MATERIAL DISCREPANCY”

Although FINTRAC and Corporations Canada have not yet formally released a list of material discrepancies, here are some examples of situations where a material discrepancy could arise:

🟠 Beneficial Owners found in the registry are different individuals vs. your records

🟠 You spot any differences in stated percentage of ownership or control of the corporation

🟠 Identity Information does not match what your client has provided to you. For example: addresses, names, dates of birth or citizenship of owners

🟠 Any indication or information that suggests public records are inaccurate

And if any of the above occur in tandem with a high risk client, this is when your obligations to report a discrepancy are triggered. 

NEXT STEPS

Recently, Corporations Canada released some guidance to help reporting entities with these new obligations and reporting material discrepancies. We strongly encourage you to review in advance of October 1st.  

And of course, like many things in AML, there are interpretations and nuances when it comes to figuring out what constitutes a material discrepancy and when risk is present.  That’s why the safest bet is always to leave it to the experts! 🤓

Our AML team has helped numerous clients reduce the regulatory burden associated with beneficial ownership, using technology led approaches that minimize client friction. ✅

Reach out to us today if you have any questions about these upcoming changes to your obligations or if you want to learn more about how We Help Keep FINTRAC Happy. 

The AML Shop's Michael Ecclestone is back with another feature in Money Laundering Bulletin titled:  “Up the learning curve - AML Training”.

This article highlights how the world of AML training is changing and discusses best practices in developing knowledge, understanding and skills - all of which are now largely driven and delivered by AI. 

From the article:

“AI has the ability to identify opportunities to make it (training) more relevant for specific audiences, skillsets, goals and outcomes.” And the move away from relying on “ one PowerPoint deck that everybody has to click through once a year and press ‘Ok’, so the computer knows you’ve done it, to actual targeted outcomes that are almost microtrainings…” 

 Read more about what Michael has to say on this topic…read the full article below!

PSPs… don’t forget, you can check your application and registration status with the Bank of Canada via your PSP connect portal.

We know that with the RPAA coming into effect this week, many of you are eager for updates on your application status. 🔄

With that in mind, we have supplied a useful screenshot below of the details that you will see when checking your application status in PSP Connect, along with each step of the review process, including reviews by the Bank of Canada, FINTRAC, and the Department of Finance…with the most important part - the decision! 

Know that The AML Shop is *always* here to help with anything RPAA related. Contactus@thamlshop.ca with any questions you may have and someone from our team will be in touch.

The Retail Payment Activities Act (RPAA) - applicable to virtually every MSB (who are now considered PSPs) - is now in effect.

What does this mean for PSPs?

🔶  You should have by now applied for registration under the RPAA

🔶  Supervisory Requirements come into effect on today

If you have been approved as a registered PSP, you are now regulated under the RPAA 🎉

New obligations are set forth in the act and you must now comply with:

🔴  Operational risk management

🔴  Safeguarding of end-user funds

🔴  Reporting Obligations under the Retail Payment Activities Act (RPAA)

For a full recap of detailed expert insights and key-dates you need to know about the RPAA, be sure to check out our RPAA expert article series straight from our in-house RPAA team.

In a recent Money Laundering Bulletin feature titled “Law Reforms, Enforcement Lags”, The AML Shop’s own Michael Ecclestone (Governance, Risk and Compliance Leader) contributed his thoughts on the major overhaul and expansion of AML legislation in Canada coming this fall. 

This article covers hot topics like the proposed Strong Borders Act (Bill C-2) and related discussions like the potential barring of cash transactions, new Beneficial Ownership reporting reforms, broader FINTRAC registration for all obligated entities (except lawyers) and more. 

The big day is coming soon. Are you RPAA ready?

In anticipation of September 8th, the Bank of Canada has sent out a few reminders that we thought our audience may find interesting. 

There are 3 important updates you need to be aware of.

1. Supervisory Requirements come into effect on September 8th ✅

As of September 8, 2025, registered PSPs will be subject to supervisory assessments.

First, it is important to note that a supervisory assessment under the RPAA aims to achieve different goals than a FINTRAC examination.  A supervisory assessment under the RPAA is only applicable to registered PSPs, to ensure end-users are protected and the retail payments system in Canada is reliable and safe. A conducted FINTRAC examination on the other hand is applicable to all reporting entities under the Proceeds of Crime (Money Laundering) and Terrorist Financing (PCMLTFA), to help ensure AML/ATF compliance.

As far as supervisory assessments, for PSPs ….what does this mean?

It means you will have to comply with the Bank of Canada’s new requirements under the RPAA including:

🔴 Operational risk management

🔴 Safeguarding of end-user funds

🔴 Reporting Obligations under the Retail Payment Activities Act (RPAA)

2. The Bank of Canada will begin publishing a registry of PSPs operating in Canada as of September 8th 📋 

Here are the main points: 

🔴 A full list of PSPs that have registered under the RPAA will be available as of September 8th. Additionally, businesses and entities that applied but were not approved will also be listed. There are many reasons a PSP application may not be approved, including if the Bank determines that an entity is not really a PSP under RPAA. The Bank can also reject an application for various reasons. Rejections will also be listed publicly. This is very important as a publicly listed rejection can have implications for your business. Banking service providers will have access to this list and if your business is shown as a rejected applicant, you may be denied access to banking services. 

🔴 The Registry will be updated on a rolling basis as more PSPs are registered. Note, not all applications will be processed by September 8th. Therefore, if you have applied before this date and don’t see your entity name listed, keep yourself in the loop, as your application status will become public…eventually! 

🔴 The bank will maintain the list of of applicants whose reviews have not been completed yet. You can find that here

3. In due course, there will be annual assessment fees for PSPs. 💸

Why? 

This will be so that the Bank of Canada can recover its supervision costs. Currently, the cost recovery formula is to be determined and we do not have a date for when this will come into effect. However, we know that many of you are probably interested in the potential costs; as soon as we have more information, we will make an announcement.  

For now you can consult the Bank of Canada’s published materials

We have helped multiple PSPs prepare for the RPAA with ease. Leverage our Retail Payment experts if you want to make sure you are in top shape for September 8th. 

Recently, the Federal Government read proposed Bill C-2 (aka The Strong Borders Act) for the first time in the House of Commons. 

Proposed Bill C-2 addresses securing of the border, combatting transnational organized crime and illegal fentanyl and disrupting illicit financing.  

These topics relate directly to how AML functions in Canada and builds upon the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) changes outlined in the 2024 Fall Economic Statement, bringing potential critical updates to Canada AML/ATF regulations.

Now, let’s double click on some key points from the proposed Strong Borders Act (Bill C-2) that would directly affect your AML compliance, if enacted 🖱️

➡️ Higher FINTRAC penalties and new cumulative caps are expected. If enacted, this bill would authorize FINTRAC to penalize up to 40X the current penalty structure. This means maximum penalties for very serious offences could skyrocket up to $20 million per offence. For cumulative violations, there would be a cap set at $20 million or 3% of gross revenues. 

As you can imagine, for high revenue entities - multiple violations could result in penalties of hundreds of millions of dollars or higher 💸

➡️ FINTRAC Registration Requirements would broaden. Similar to MSBs, all PCMLTFA reporting entities would have to be registered with FINTRAC and maintain their registration. If you don’t register or maintain registration, you could face consequences which could even potentially include the possibility of criminal charges.   

Registration processes take months now, with only several thousand registrants. Prepare for a far longer delay when 30,000 businesses have to go through registration processes. And look out for our article on managing the risks of registration delays to business relationships…coming soon. 

Keep fear of regulators at bay. We can help you, just like we have helped 100’s of other companies and MSBs in their registration process. 🤝

➡️ New rules regarding cash transactions and deposits would be established. In an effort to curb the use of cash to launder money, there are new proposed restrictions on cash deposits and transactions over $10,000. Additionally, no charities would be allowed to accept cash deposits greater than $10,000.  

Further, financial entities would not be allowed to accept third party cash deposits. These big shifts if enacted are unprecedented and would greatly impact industries like Real Estate, Money Services Businesses, Financial Institutions and Credit Unions. 

And we already know what you are thinking…questions about how to enforce compliance under these rules and issues in verification of “depositors” will surely be an ongoing, hot discussion topic. 

You may want to leverage our experts in these potential “grey area” situations to ensure your compliance 💪

➡️ Anonymous Accounts prohibition. Although this may seem obvious and already enforced, there is more to it than you might imagine. This amendment to the PCMLTFA would prohibit any anonymous accounts from being opened. However, if you dig under the surface, what this would really mean for regulated entities is that an account is deemed anonymous if the account opener cannot be verified under existing identity verification requirements. 

No verified existence = no opened account 🚫

➡️ More scrutiny of compliance programs and effectiveness reviews.  FINTRAC would take a harder stance on its review of compliance programs and their component elements. FINTRAC would have the ability to levy fines and penalties where compliance programs and documents may exist, but perhaps not in FINTRAC’s judgement of being effective in mitigating money laundering, terrorist financing and sanctions risks. 

The current standard of having a documented, written compliance program would no longer cut it.  It would have to be effective…not just tested routinely for its effectiveness.

And, failure to meet FINTRAC’s new compliance program standards in this proposed regime could result in a serious violation and cost your company millions of dollars in penalties.  

What’s tricky is understanding and knowing exactly what regulators are looking for here…as we predict it will be highly subjective and industry specific. Remember, our experts have been involved in numerous FINTRAC exams and we have seen how things typically play out during an examination. Our in-depth experience in this area can help evaluate the benchmarks appropriate for your business and industry. 

Because of the subjective nature of these new requirements, having an AML Shop expert on your side could save you a ton of headache. 💆

Conclusion:

As you can see, Proposed Bill C-2 could shake up how AML functions in Canada; the good news is that we can help you achieve and maintain compliance with ease. 

Reach out to our experts today at contactus@theamlshop.ca if you have any questions about these proposed changes and in the meantime, please refer to our Strong Borders Act (Bill C-2) & AML Infographic to keep these details top of mind.

We Help Keep FINTRAC Happy.