Skip To Content

Anti-money laundering in Canada: Changes affecting all Reporting Entities

Author(s): Elizabeth Sale, Malcolm Aboud, Chelsea Rubin

May 5, 2021

Collage of Business Person, Stock Market, Signing a document, and Binary Code

Beneficial ownership requirements and proof of corporate existence

The Amendments introduce new requirements for all REs to take reasonable measures to confirm the accuracy of information regarding beneficial ownership. Under the prior regulations, only financial entities, securities dealers, and life insurance and money services businesses had obligations related to beneficial ownership. The Amendments expand this obligation to all RE sectors. Further, under prior regulations, entities with beneficial ownership obligations were required to collect beneficial ownership information at the beginning of a business relationship, to take reasonable measures to confirm the accuracy of previously collected beneficial ownership information and to update beneficial ownership information on an ongoing basis when the client was identified as high-risk. The Amendments make explicit the requirement – which had not been explicitly stated, but was previously considered to be implied – to ensure beneficial ownership information is updated on an ongoing basis. This obligation is not restricted to high-risk clients.

The updated regulations also expand the requirement that entities confirming beneficial ownership obtain proof of corporate existence. While the requirement to obtain proof of corporate existence predates the Amendments, it has been updated to require proof of corporate existence that is either the “most recent” certificate of corporate status, or is no less than a year old, depending on the circumstances.

In March 2021, FINTRAC issued new guidance on beneficial ownership requirements to reflect the Amendments, which will also take effect on June 1, 2021. The changes specify that all Reporting Entities will be required to comply with beneficial ownership requirements as of June 1. Beneficial ownership requirements continue to apply only with respect to the verification of the identity of an entity. Other changes include

  • As noted below in Part 1(f), the new guidance removes all requirements to maintain records of unsuccessful “reasonable measures.” Under the prior guidance, these requirements applied with respect to beneficial ownership verification when
    • confirming the accuracy of an entity’s ownership, control and structure (including corporations and trusts)
    • confirming the accuracy of other information obtained regarding beneficial ownership
    • verifying the identity of the most senior managing officer
  • The new guidance makes explicit (where it was previously only implied) that reasonable measures to confirm the accuracy of beneficial ownership information must be taken in the course of conducting ongoing monitoring of business relationships – and not just in the context of high-risk relationships.
  • The new guidance makes a slight change to the language for the requirement when an RE cannot obtain beneficial ownership information or confirm the accuracy of that information. Under the prior guidance, under such circumstances, an RE would need to take reasonable measures to verify the identity of the most senior managing officer. The new guidance explicitly requires that the RE take reasonable measures to verify the identity of the entity’s CEO – or the person performing the same function.
  • The new guidance adds new specialized recordkeeping requirements when the entity is a widely-held or publicly-traded trust. Under the new requirements, REs must record
    • the names of all trustees
    • the names and addresses of persons who directly or indirectly own or control 25% or more of the trust
    • information establishing ownership, control and the structure of the trust
  • The new guidance adds an exception to the beneficial ownership requirements for financial entities: If the RE is a financial entity, beneficial ownership requirements do not apply to activities in respect of processing payments by prepaid payment product for a merchant.

Screening for politically exposed persons and heads of international organizations

As of June 1, 2021, all REs will have to conduct screenings for politically exposed persons (PEPs), heads of international organizations (HIOs), and certain family members and close associates of PEPs and HIOs. Under the prior regulations and guidance, only financial entities, securities dealers, money services businesses and life insurance companies were subject to these screening obligations.

In May, FINTRAC published new PEP and HIO guidance to take effect on June 1, 2021 for all RE sectors, which is broken out across several guidance documents. The first guidance includes general PEP/HIO guidance applicable to all REs, and sets out definitions and basic processes. In addition to that general guidance, FINTRAC also published further PEP and HIO guidance documents containing compliance obligations specific to certain RE sectors. The “Politically exposed persons and heads of international organizations guidance for account-based reporting entity sectors” sets out specific screening and monitoring obligations for financial entities, casinos and securities dealers while the “Politically exposed persons and heads of international organizations guidance for non-account-based reporting entity sectors” sets out specific screening and monitoring obligations for accountants, agents of the Crown, British Columbia notaries, dealers in precious metals and precious stones, real estate developers, brokers and sales representatives, and money services businesses (including, as of June 1, foreign money services businesses). A separate guidance applies to life insurance companies, brokers and agents. We address these sector-specific PEP/HIO requirements in further detail in Part 2 of this guide.

At a high level, changes to PEP/HIO obligations that apply across multiple RE sectors under the new guidance include

  • the duration of a person’s status as a PEP,[1] HIO,[2] family member[3] or close associate[4] has been revised
  • the definition of “family member” has been expanded to include ex-spouses
  • recordkeeping of unsuccessful reasonable measures is no longer required (this is a universal change under the Amendments affecting multiple obligations and is noted in further detail below)
  • additional measures that apply to REs after certain PEP and HIO (or family member or close associate of a PEP or HIO) determinations have been made
  • additional recordkeeping obligations have been established

We describe obligations specific to each type of Reporting Entity in further detail in Part 2.

Ongoing monitoring requirements

In February 2021, FINTRAC published new ongoing monitoring requirements guidance for all RE sectors to take effect on June 1, 2021. The new guidance is largely the same as prior guidance, but does introduce additional recordkeeping requirements for ongoing monitoring. Additional obligations include keeping records of the processes used to record information gathered during ongoing monitoring, and keeping records of processes used to record information gathered during enhanced ongoing monitoring of high-risk clients. As with other ongoing monitoring records (which remain unchanged under the new guidance), these additional records that must be maintained as of June 1 must be kept for at least five years from the date the record is created.

The new guidance provides that requirements for enhanced ongoing monitoring end when the business relationship ends or the client is no longer high-risk. This is significantly less burdensome than the ongoing monitoring obligations under prior guidance, which required that REs perform enhanced monitoring for high-risk clients for five years after the closure of the account.

Additionally, under the new guidance, insurance companies, brokers and agents do not have to conduct ongoing monitoring when dealing in reinsurance.

As a note, the prior guidance included certain requirements pertaining to ongoing monitoring specific to correspondent banking; effective, June 1, 2021, these requirements can all be found in a separate guidance pertaining to correspondent banking, which we address in Part 2 under “Financial entities.”

Virtual currency transaction records and reports

The Amendments set out new obligations triggered by virtual currency transactions for all Reporting Entities:

  • Large virtual currency transaction records: All reporting entities will be required to keep a “large virtual currency transaction record” for amounts received in virtual currency of C$10,000 or more in a single transaction, or across multiple virtual currency transactions that total $10,000 or more within a span of 24 hours. Records must include the identity of the person from whom the amount was received, as well as certain prescribed information including the date, amount, type of currency and exchange rate. Entities must also take reasonable measures to determine whether the transaction was made on behalf of a third party and, if so, the identity of the third party. Reports are not required for amounts received from another financial entity or a public body, or a person acting on their behalf.
  • Large virtual currency transaction reports: Reporting entities are also required to file large virtual currency transaction reports (LVCTRs) in prescribed circumstances, including situations where the RE receives virtual currency that can be exchanged for $10,000 or more in cash in the course of a single transaction, or across multiple virtual currency transactions that total $10,000 or more within a span of 24 hours.

REs can review the LVCTR upload process and conduct system tests between March 15, 2021 and May 28, 2021.[5]

The 24-hour rule

The Amendments simplify the way Reporting Entities report large cash transactions, large virtual currency transactions, electronic funds transfers and casino disbursements. Under the prior regulations and guidance, REs were required to file separate a separate report, as applicable, for each transaction that, in the aggregate, amounted to the $10,000 threshold within 24 hours. The Amendments deem all transactions by one customer within 24 hours to be one transaction for reporting purposes, so only one large cash, electronic funds transfer, or casino disbursement report, depending on the RE and the transactions involved, would need to be filed for the total amount. This is referred to as the “24-hour rule”. This simplified system also applies to large virtual currency transaction reports that must be filed as of June 1, 2021.

In May 2021, FINTRAC issued new transaction reporting guidance on the 24-hour rule. The new guidance broadly explains the requirements under the amended Regulations; however, when the guidance comes into effect on June 1, 2021 the guidance will apply only to large virtual currency reporting.  Separate guidance will be issued for large cash transactions, electronic funds transfers and casino disbursements and until such guidance is issued, REs should continue to apply the 24-hour rule as outlined in the pre-June 1, 2021 guidance.

Changes under the new guidance include:

  • If an amount under $10,000 is received from a person, and then another amount under $10,000 is received on behalf of that same person, the 24-hour rule is not triggered, as the amounts are not received by or on behalf of the same person.
  • The 24-hour window is static. Reporting entities must determine the beginning and end of the window, and include this information in policies and procedures. Reporting entities have the option to use different static 24-hour windows for different types of reports or business lines, and must indicate the times the window begins and ends in reports to FINTRAC.
  • If an RE has multiple locations across Canada, transactions fall under the 24-hour rule even if they occur at different locations. These transactions must be reported in a single report.
  • Exceptions to the 24-hour rule for certain large virtual currency transaction reports and electronic funds transfer reports.
    • These exceptions below do not apply if one or more of the amounts is equivalent to $10,000 or more – in that case, the reporting threshold has been met by the individual transaction and the report must always be sent to FINTRAC.
    • Large virtual currency transaction reports are not required where the beneficiary is (1) a public body, (2) a very large corporation (i.e. with $75 million on its most recent audited balance sheet, or publicly traded on the exchange of an FATF country), or (3) an administrator of a regulated pension fund.  
    • Electronic funds transfer reports are similarly not required where the electronic funds transfers are initiated at the request of, or on behalf of: (1) a public body, (2) a very large corporation (i.e. with $75 million on its most recent audited balance sheet, or publicly traded on the exchange of an FATF country), or (3) an administrator of a regulated pension fund or when the final beneficiary of two or more electronic funds transfers that total $10,000 or more is one of these three types of entities. This exception does not apply if one or more of the amounts is equivalent to $10,000 or more – in that case, the reporting threshold has been met by the individual transaction and the report must  be sent to FINTRAC.  

Recordkeeping: Unsuccessful reasonable measures

The Amendments repeal the prior requirement for REs to maintain records documenting all “reasonable measures taken” when the RE is unsuccessful in verifying certain information under the PCLMTFA and its regulations. This change will substantially ease recordkeeping burdens on REs, since the “reasonable measures taken” requirements apply to a wide variety of client verification obligations, including obligations to make third-party determinations, obligations to verify beneficial ownership or proof of corporate existence, obligations to maintain records in respect of certain accounts and various PEP/HIO screening obligations. As of June 1, 2021, REs will no longer be subject to onerous requirements to maintain records each time “reasonable measures” taken were not successful.

Methods to identify individuals and entities

In May 2021, FINTRAC issued updated guidance regarding acceptable methods to verify the identity of individuals and entities, which will take effect on June 1, 2021 and which reflects changes introduced under the Amendments and other interpretive shifts. The updated guidance largely contains minor changes to the prior guidance, with several notable key differences: the guidance now indicates that there are five methods to verify the identity of an individual, where, by contrast, the prior guidance contained only three, and there are now three separate methods to confirm the existence of corporations. With respect to individuals, the difference from the prior guidance is entirely cosmetic, and the methods are all familiar: the fourth “affiliate or member method” was previously included with agents and mandataries in the prior guidance, and the fifth method is the “reliance method”, which has been permitted under the Regulations to the PCMLTFA since 2016, although this is the first time the method has appeared in the guidance. The updated guidance also introduces a new “reliance method” and “simplified identification method” for confirming the existence of entities; of these, only the “simplified identification method” is wholly new as of June 1, 2021.

The updated guidance also introduces a new exception to the verification requirements if the individual’s identity was already verified, which reflects the Amendments coming into force as of June 1.

Specific changes, including changes introduced to reflect the Amendments, include:

  • Five methods to verify the identity of an individual are listed. Each of these methods is contained in prior guidance, however, and the difference is one of structuring and format
  • The updated guidance now specifies that all information relied on, regardless of the verification method used, must be valid and current; this is not a new requirement under the Amendments, but does better reflect the requirements articulated in the Regulations
  • The updated guidance no longer requires that the authenticity of the government-issued document be determined by using a technology capable of assessing the document’s authenticity when the government-issued photo identification method is used and an individual is not physically present. Under the updated guidance, the RE reviewing the government photo identification must simply have a process in place to authenticate the government identification – which could include using a technology capable of assessing the document’s authenticity. Simply viewing a person and their photo identification through a video conference remains insufficient under the updated guidance, just as it was under the prior guidance.
  • The updated guidance makes small tweaks to the dual-process method, and now clarifies that when referring to a given reliable source, the reviewer must actually confirm that the specified information in the document relates to the individual being verified.  Information regarding an individual’s prepaid payment product account that includes their name and confirms they have a prepaid payment product account with a financial entity has been added as a reliable source that may be relied on for the dual-process method.
  • The updated guidance adds the “reliance method” as a method to verify the identity of an individual or an entity, which was already previously permissible under the Regulations even though it was not specifically called out in the prior guidance. To use this method, an RE may verify the identity of an individual or entity by relying on measures previously taken by another RE (or a foreign entity affiliated with an RE and carrying on activities that are similar to the activities of certain REs under the PCMLTFA[6].) If relying on the verification of an affiliated foreign entity, that entity must have policies in place similar to those required by the PCMLTFA and be regulated by a competent authority. When using this method, an RE must obtain the information that was used to identify the individual or entity, check that the information is valid and current, and that an appropriate process was used. There must be a written agreement or arrangement with that other RE or affiliated foreign entity requiring them to provide the information used to identify the individual or entity.
  • Reporting Entities using the “reliance method” to verify the identity of individuals or entities must describe the processes it uses in its compliance policies and procedures, and must maintain records with the individual’s name, the written agreement with the other RE or affiliated foreign entity and the information that was used to verify the individual’s identity.
  • Banks, credit unions, life insurance companies, federal and provincial trust and loan companies, and securities dealers may use a simplified identification method to verify the identity of another bank, credit union, life insurance company, federal or provincial trust and loan company, or securities dealer, or foreign corporation carrying out similar activities. The simplified process may also be used for an entity that administers a pension plan or investment fund subject to regulation by a foreign state, a corporation whose shares are traded on the Canadian stock exchange or a stock exchange designated under the Income Tax Act, a subsidiary whose financial statements are consolidated with these entities, or a state-owned enterprise, institution or agency or public service body. There are specific recordkeeping obligations that apply when using this method.
  • If a person or entity’s identity was previously verified in accordance with the PCMLTFA, an RE does not need to verify their identity again for subsequent transactions if the required records were kept – so long as there are no doubts about the information that was relied on to verify their identity previously. An RE may rely on the measures that were previously taken by an agent or mandatary, if the agent or mandatary was acting in their own capacity at the time, whether or not they were required to use the methods in accordance with the PCMLTFR or acting as an agent or mandatory under a written agreement or arrangement that was entered into with another RE for identity verification purposes.

Compliance program requirements

In May 2021, FINTRAC released updated guidance on Reporting Entities’ compliance program requirements, which will come into effect on June 1, 2021. The changes in the updated guidance are generally consequential to changes made to other portions of the PCMLTFA and its Regulations, and the differences are fairly minor, although the guidance has been re-structured to look quite different.

Changes include:

  • Reporting Entities’ compliance policies and procedures must contain specific references to the travel rule requirements, including risk-based policies to determine whether to suspend or reject electronic funds transfers (EFTs) or virtual currency transfers received if the required information is not obtained.
  • Reporting Entities’ compliance policies and procedures must contain specific references to ministerial directive requirements.
  • Further requirements for training plans. In addition to other requirements, the training plan must include how the compliance training program will be implemented and delivered, and how relevant employees, agents and mandataries will receive training commensurate to their duties and position.

Third party determination requirements

In May 2021 FINTRAC issued updated guidance effective June 1, 2021 on third party determination requirements for all reporting entities. Among other minor changes, the updated guidance introduces new third-party determination and recordkeeping requirements with respect to large virtual currency transactions, and introduces additional recordkeeping requirements that are triggered when a RE is unable to make a third-party determination but has reasonable grounds to suspect that a third party is involved. Account-based reporting entities and life insurance companies also enjoy additional third-party determination exemptions under the updated guidance.

Specific changes include:

  • Reporting Entities must take reasonable measures to make a third party determination any time they report a large virtual currency transaction or keep a large virtual currency transaction record.
  • If a Reporting Entity determines that there is a third party involved in a transaction or account, the RE must take reasonable measures to obtain certain information for the record. The “reasonable measures” standard is new to this guidance. The information required for the third party record is largely the same, except that the third party’s telephone number is required under the updated guidance (except for large cash and large virtual currency transactions).
  • Reporting Entities that are not able to make third party determinations but have reasonable grounds to suspect the involvement of a third party must include in the applicable record whether, according to the person, they are acting on their own behalf only.
  • Financial entities do not need to make third party determinations when opening an account if the account is for processing credit card payments or prepaid payment products for a merchant.
  • Financial entities, securities dealers and casinos do not need to make third-party determinations when opening an account if every account holder is a financial entity or Canadian securities dealer.
  • Life insurance companies, brokers and agents do not need to make third-party determinations with respect to beneficiaries in connection with the sale of a life insurance policy that involves remitting $10,000 or more to a beneficiary over the course of the policy.

Terrorist property reporting

In May 2021, FINTRAC released updated guidance to take effect June 1, 2021 on Reporting Entities’ obligations to make terrorist property reports. (This updated guidance replaces “Guideline 5: Submitting Terrorist Property Reports to FINTRAC”).

In addition to minor changes and cosmetic restructuring – including, most notably, replacing the prior guidance’s discussion of terrorist property report triggers with specific references to the legislative sources for those triggers, the updated guidance requires REs to submit terrorist property reports to FINTRAC electronically by fax if the RE has the capability to do so. If the RE does not have the capability to submit by fax, the report may still be sent by mail.

Download: Changes affecting all Reporting Entities [PDF]

Read: Anti-money laundering in Canada: A guide to the June 1, 2021 changes


[1] Under the prior guidance, a person ceased to be a domestic PEP five years after leaving office; under the new guidance, a person ceases to be a domestic PEP five years after leaving office or five years after they are deceased. The guidance with respect to foreign PEPs is unchanged: once a person is determined to be a foreign PEP, they remain a foreign PEP forever.

[2] Under the prior guidance, a person ceased to be an HIO once that person was no longer the head of an international organization; under the new guidance, a person ceases to be an HIO five years after they are no longer the head of the international organization or five years after they are deceased.

[3] Under the prior guidance, no direction was given for the duration of a PEP family member’s status. Under the new guidance, once someone is determined to be a family member of a foreign PEP that person must remain a foreign PEP in perpetuity; if someone is determined to be a family member of a domestic PEP or HIO, the status lasts for five years after the domestic PEP or HIO has left office or dies.

[4] Under the prior guidance, no timeframe was specified for the duration of the status for close associates of PEPs; under the new guidance, the “close associate” designation lasts as long as the connection to the PEP or HIO lasts.

[5] To aid with this review and system testing process, the following documents are available to REs directly from FINTRAC upon request: Reporting Large Virtual Currency Transaction to FINTRAC guidance;

Validation rules; and JSON Schema.

[6] Banks, credit unions, life insurance companies, federal and provincial trust and loan companies; and securities dealers