Anti-Money Laundering: Complete AML Compliance Guide
Complete anti-money laundering guide for Canadian businesses: PCMLTFA obligations, FINTRAC requirements, compliance officer role, FATF standards
Summarize this article with
ChatGPT
Claude
Perplexity
Gemini
GrokAnti-money laundering (AML) refers to the laws, regulations, and institutional controls that prevent criminals from converting proceeds of crime into apparently legitimate funds. For Canadian regulated businesses, non-compliance carries criminal liability, significant administrative monetary penalties, and reputational damage โ consequences that make a robust AML programme a commercial necessity, not a regulatory checkbox.
For further reading, see How to Prepare for Regulatory Audits.
This guide sets out the Canadian AML framework as of March 2026, identifies who bears legal obligations, and explains how to build a programme that withstands regulatory scrutiny.
This article is for informational purposes only and does not constitute legal, financial, or regulatory advice.
What Is Anti-Money Laundering?
Anti-money laundering is the collective term for controls that detect and disrupt the process of making illegally obtained funds appear legitimate. Money laundering proceeds through three recognised stages:
- Placement: criminal proceeds enter the financial system (cash deposits, asset purchases)
- Layering: complex transactions obscure the money trail (wire transfers, shell companies)
- Integration: funds re-enter the legitimate economy as apparently lawful income
The RCMP estimates that between CAD 47 billion and CAD 113 billion is laundered in Canada annually (Government of Canada โ National Inherent Risk Assessment). This scale explains why AML enforcement has intensified significantly since the PCMLTFA was enacted in 2000.
Canadian Legal Framework for AML Compliance
Canadian anti-money laundering obligations derive from three primary legislative instruments:
Automated field extraction reaches 94.3% accuracy on the CheckFile platform, with 99.94% uptime SLA โ enabling compliance teams to focus on genuinely ambiguous cases.
- Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA, S.C. 2000, c. 17): establishes the reporting, client identification, and record-keeping framework for reporting entities (PCMLTFA)
- Criminal Code (Part XII.2): creates the core money laundering offences (ss. 462.31) and proceeds of crime provisions
- Anti-Terrorism Act (S.C. 2001, c. 41): covers terrorist financing obligations
FINTRAC's Role
FINTRAC is Canada's financial intelligence unit and the administrator of the PCMLTFA. FINTRAC receives and analyses financial transaction reports, conducts compliance examinations, and imposes administrative monetary penalties for non-compliance. In 2024-2025, FINTRAC imposed CAD 5.2 million in total AMPs across multiple sectors (FINTRAC โ Penalties).
OSFI supervises federally regulated financial institutions for prudential purposes, including AML controls. Provincial securities commissions and provincial CPA bodies also play supervisory roles within their respective sectors.
Who Must Comply with Canadian AML Regulations?
The PCMLTFA designates the following as "reporting entities" subject to the full compliance obligations:
| Sector | Regulator / Supervisor |
|---|---|
| Banks, credit unions, caisses populaires | OSFI / Provincial regulators |
| Securities dealers, portfolio managers | Provincial securities commissions |
| Money services businesses (MSBs) | FINTRAC (registration required) |
| Accountants, accounting firms | FINTRAC / Provincial CPA bodies |
| Real estate agents, brokers, developers | FINTRAC / Provincial regulators |
| Life insurance companies and brokers | OSFI / Provincial regulators |
| Dealers in precious metals and stones | FINTRAC |
| British Columbia notaries | FINTRAC |
| Virtual currency dealers | FINTRAC (registration required) |
| Mortgage brokers, administrators, lenders | FINTRAC / Provincial regulators |
Compliance professionals frequently ask: does my fintech startup need to register with FINTRAC? Any firm that qualifies as a money services business โ including virtual currency dealers โ must register with FINTRAC and comply with the PCMLTFA in full, regardless of company size (FINTRAC โ MSB Registration).
Explore further
Discover our practical guides and resources to master document compliance.
Explore our guidesThe Five Pillars of AML Compliance
1. Client Identification and Verification (KYC)
Client identification is the bedrock of AML compliance. FINTRAC's guidance requires reporting entities to verify customer identity before establishing a business relationship or carrying out certain transactions.
Standard identification requires:
- Identifying the customer and verifying that identity using reliable, independent source documents (Canadian passport, provincial driver's licence, PR Card)
- Identifying the beneficial owner โ any individual owning or controlling 25% or more of a legal entity
- Understanding the nature and purpose of the business relationship
Enhanced due diligence is mandatory for politically exposed persons (PEPs), customers connected to high-risk jurisdictions, and relationships assessed as higher risk. Enhanced measures include senior management approval and additional scrutiny of source of funds (FINTRAC โ PEP Guidance).
Automated document verification reduces the time spent on identification by validating identity documents, extracting data via OCR, and checking for signs of tampering โ all within seconds of document submission.
2. Risk-Based Approach
The PCMLTFA does not prescribe identical obligations for all customers. Reporting entities must apply a risk-based approach: calibrating the intensity of due diligence to the money laundering risk each customer, product, geography, or transaction presents.
FINTRAC's risk-based approach guidance lists risk factors for enhanced due diligence, including customers in jurisdictions on the FATF grey or black lists, complex corporate structures with no clear economic purpose, and transactions inconsistent with the customer's known profile (FINTRAC โ Risk-Based Approach).
3. Suspicious Transaction Reports (STRs)
The duty to report is one of the most operationally demanding AML obligations. The PCMLTFA requires reporting entities to file a STR with FINTRAC when there are reasonable grounds to suspect that a transaction is related to money laundering or terrorist financing โ regardless of the amount.
In 2022-2023, FINTRAC received over 36 million transaction reports, including STRs, LCTRs, and EFTRs (FINTRAC โ Annual Report).
4. Compliance Officer
The PCMLTFA requires every reporting entity to appoint a compliance officer responsible for the implementation and oversight of the compliance programme. The compliance officer:
- Oversees the compliance programme, policies, and procedures
- Ensures staff training is delivered and documented
- Monitors the effectiveness of controls
- Reports to senior management on AML risks
FINTRAC examinations consistently identify compliance officer inadequacy as a root cause of systemic AML failures. The compliance officer must have sufficient seniority, resources, and access to management information to fulfil this role effectively.
5. Staff Training and Record-Keeping
The PCMLTFA requires reporting entities to provide ongoing training to all relevant employees on AML risks and their obligations. Records of training completion must be maintained.
Records of client identification, transactions, and STRs must be retained for five years from the end of the business relationship or the date of the transaction.
AML Compliance Programme: Key Requirements Matrix
| Component | Legal Basis | Minimum Standard |
|---|---|---|
| Written AML policies | PCMLTFA + FINTRAC guidance | Risk-based, management-approved |
| Client risk assessment | FINTRAC risk-based approach | Before onboarding |
| Identity verification | FINTRAC identity methods | Government-issued photo ID |
| Beneficial ownership check | PCMLTFA regulations | 25% threshold |
| STR filing | PCMLTFA, s. 7 | No minimum threshold |
| Compliance officer | PCMLTFA compliance programme | Senior management level |
| Staff training | FINTRAC guidance | Documented, role-specific |
| Record retention | PCMLTFA regulations | 5 years minimum |
FATF Standards and International Context
Canada is a founding member of the Financial Action Task Force (FATF), established in 1989. FATF's 40 Recommendations set the global AML standard that the PCMLTFA implements domestically.
FATF's 2016 Mutual Evaluation of Canada found the country to be "largely compliant" overall but identified weaknesses in beneficial ownership transparency, supervision of designated non-financial businesses and professions, and the range of sanctions available (FATF Mutual Evaluation Report Canada). Canada's ongoing reforms โ including the CBCA amendments on beneficial ownership and the development of a federal Beneficial Ownership Transparency Registry โ reflect action on these findings.
Technology and AML Automation
Compliance professionals frequently raise the question of false positives in transaction monitoring โ screening systems generating hundreds of alerts per day that analysts must manually review. The industry average false positive rate exceeds 95%, consuming significant compliance resources for minimal investigative output.
Modern automated document checking platforms integrate with existing onboarding workflows to front-load KYC quality โ reducing the number of suspicious alerts generated downstream by ensuring only accurately verified clients enter the system.
The CheckFile platform applies AI-based document analysis to detect manipulated identity documents at the point of submission, helping reporting entities meet their PCMLTFA obligations without adding headcount.
For a comprehensive overview, see our document compliance complete guide.
Go further
To dive deeper into this topic, explore our complete guide on document verification.
Frequently Asked Questions
What is anti-money laundering in simple terms?
Anti-money laundering (AML) is the set of legal obligations that require businesses to check who their customers are, monitor their transactions, and report suspicious activity to authorities. The goal is to prevent criminals from disguising the proceeds of crime as legitimate income.
What is the difference between AML and KYC?
KYC (Know Your Customer) is one part of AML. KYC covers the initial identity verification and customer due diligence steps. AML is broader: it includes KYC, ongoing transaction monitoring, suspicious activity reporting, staff training, and governance requirements.
Who is the compliance officer and why do they matter?
The compliance officer is the senior individual responsible for a reporting entity's AML programme. Under the PCMLTFA, every reporting entity must designate one. The compliance officer oversees policies and procedures, ensures staff training, and is the primary point of contact for FINTRAC examinations.
What happens if a firm fails to file a Suspicious Transaction Report?
Failure to file a STR when there are reasonable grounds to suspect money laundering or terrorist financing is a violation of the PCMLTFA. FINTRAC can impose administrative monetary penalties of up to CAD 500,000 per violation for individuals and higher for entities. Criminal penalties may also apply for wilful non-compliance.
How long must AML records be kept?
Under the PCMLTFA and its regulations, AML records โ including client identification documents and transaction records โ must be kept for five years from the end of the business relationship. Reporting entities should have a documented retention and disposal policy covering these records.
Stay informed
Get our compliance insights and practical guides delivered to your inbox.