Skip To Content

Anti-money laundering in Canada: Financial entities

Author(s): Elizabeth Sale, Haley Adams, Malcolm Aboud, Chelsea Rubin

May 5, 2021

Futuristic skyscrapers representing the financial district

For changes of general application that will apply to all Reporting Entity sectors as of June 1, 2021, please refer to Part 1 of the guide.

Read Part 1

Definition of financial entity

The Amendments repeal the previous definition for financial entity and replace that definition with a new one. Most critically, the definition of “financial entity” as of June 1 will also encompass

  • financial services cooperatives
  • life insurance companies, or entities acting as life insurance brokers/agents, in respect of loans or prepaid payment products offered to the public and accounts maintained for those loans or prepaid payment products (other than loans made by the insurer to the policy holder if the insured person has a terminal illness, loans made to fund the policy and advance payments to which the policy holder is entitled)
  • credit union central when offering financial services to a person or to an entity that is not a member of that credit union central
  • an agent of the Crown when accepting deposit liabilities in the course of providing financial services to the public

This substantially increases the compliance burdens for REs that the Amendments treat as financial entities for certain purposes, as those REs will be subject to the full requirements that financial entities have in respect of those prescribed activities.

New obligations – trust companies

Under the Amendments, as of June 1, 2021 trust companies will be subject to certain identity verification and recordkeeping requirements in respect of any inter vivos trust. Pursuant to the new regulations, a trust company must verify the identity of a person who is the settlor of an inter vivos trust and must keep a record of the name, address and telephone number of each beneficiary that is known when the trust company becomes a trustee for the inter vivos trust. If the beneficiary is an entity, the trust must record the principal business of the entity.

Prepaid payment products

The Amendments clarify the treatment of prepaid payment products under the PCMLTFA and accompanying regulations by introducing definitions for “prepaid payment product account” (“PPPA”) and “prepaid payment product” (“PPP”), and prescribe a number of additional obligations for financial entities that issue PPPs and maintain PPPAs. The Amendments define a PPPA as an account that is connected to a prepaid payment product and that permits funds or virtual currency totaling $1,000 or more to be added to the account within a 24-hour period or allow a balance of funds or virtual currency in the amount of $1,000 or more to be maintained in the account. A PPP is defined as a product issued by a financial entity that enables transactions by giving a person access to funds or virtual currency paid to a PPPA held with the financial entity[1].

As of June 1, 2021, any financial entity that issues prepaid payment products will be subject additional account-based obligations, including requirements pertaining to verifying the identity of account holders as well as account users, reporting suspicious transactions, recordkeeping, etc. These specific obligations are covered in further in the sections they relate to, but it should be noted that the Amendments and new FINTRAC guidance introduce know-your-client and PEP/HIO screening requirements for authorized users of PPPAs, which introduces serious compliance hurdles for financial entities given the current anonymity of many PPPs.

In May 2021, FINTRAC issued new guidance on prepaid payment products and prepaid payment product accounts, which will come into effect on June 1, 2021. In addition to the details noted above, the new guidance clarifies and confirms that:

  • PPPAs do not include accounts to which  only a public body or a registered charity acting for humanitarian aid purposes can add funds or virtual currency.
  • PPPAs are subject to account-opening obligations and transaction obligations, just like other types of accounts. In that respect, the guidance provides an example as to what obligations a financial entity will have in connection with a business PPPA: where a business opens a PPPA with a financial entity, deposits $5,000 in that account and then instructs the financial entity to issue 50 PPPs, each in the amount of $100, that are connected to the PPPA, the financial entity is subject to all PPP requirements.
    • These PPP obligations include client identification and screening obligations, record-keeping requirements, transaction reporting requirements, business relationship requirements, ongoing monitoring requirements, beneficial ownership requirements, and PEP and HIO screening requirements. Each of these obligations are detailed further in other guidance documents.

Correspondent banking relationships

On March 22, 2021, FINTRAC issued new “Correspondent banking relationship requirements” guidance to take effect June 1, 2021. The new guidance contains changes from the prior guidance issued in June 2017:

  • The new guidance clarifies the definition of “Canadian financial entity.” The new definition adds “cooperative credit societies,” “financial services cooperatives,” “credit union central” (when offering financial services to non-members), “agents of the Crown” (when accepting deposit liabilities) and “life insurance companies, brokers, or agents” (when offering loans or prepaid payment products or maintaining accounts for those products) to the list of Canadian financial institutions capable of entering into correspondent banking relationships. The new definition of “Canadian financial entity” also separately denominates trust companies into “federally or provincially regulated trust or loan companies” and “unregulated trust companies.”
  • The prior guidance provided that correspondent banking transactions between Canadian financial entities and foreign institutions could not take place until the Canadian entity verified certain required information and met certain obligations. While the substantive obligations are unchanged, the new guidance specifies that certain obligations must be met before the Canadian entity enters into the correspondent banking relationship with the international entity:
    • The RE must obtain information about the foreign financial institution and its activities as needed to fulfill the correspondent banking recordkeeping requirements.
    • The RE must ensure that the foreign financial institution is not a shell bank, and if it is, it must not form a correspondent banking relationship.
    • The RE must obtain the approval of senior management to enter into the relationship.
    • The RE must set out in writing the correspondent banking agreement or arrangement setting out the parties’ obligations.

Under the new guidance, the following obligations must be met but need not occur prior to the formation of the correspondent banking relationship. The substantive obligations are unchanged from prior guidance:

  • The RE must take reasonable measures to verify whether the foreign financial institution has AML/ATF policies and procedures, including for opening new accounts. Under the prior guidance, this needed to take place prior to correspondent banking transactions.
  • The RE must verify the name and address of the foreign financial institution.
  • The RE must take reasonable measures to verify if civil or criminal penalties have been imposed on the foreign financial institution under AML/ATF laws.
  • The new guidance adds an exception to the correspondent banking relationship requirements and clarifies the pre-existing exception for credit card acquiring businesses. Under the prior guidance, the requirements did not apply to “credit card acquiring businesses”; under the new guidance, the requirements do not apply to “activities related to the processing of payments by credit card or prepaid payment product for a merchant.”
  • The new guidance specifies that the requirement to take reasonable measures to ensure that the foreign financial institution agrees to provide the Canadian entity with relevant customer identification data on request is only required for correspondent banking relationships where a client of the foreign financial institution has direct access to the services the Canadian entity provides. Under the prior guidance, this obligation was required for all correspondent banking relationships.
  • The new guidance also contains additional recordkeeping requirements:
    • Statements from foreign financial institutions regarding shell banking relationships must be in writing.
    • Statements from foreign financial institutions regarding compliance with AML/ATF legislation must be in writing and must confirm compliance in all relevant jurisdictions.
    • Records of measures taken regarding any AML/ATF penalties imposed on the foreign financial institution should include steps taken to ascertain the information.
    • Records must be retained at least five years after the day on which the last business transaction is conducted. Under the prior guidance, no timing was specified for the retention of records.

Entering into business relationships

FINTRAC has issued new guidance as of February that will come into effect on June 1, 2021 that redefines when a financial entity is considered to have entered into a business relationship. This has wide-reaching implications for various obligations financial entities have under the PCMLTFA and its regulations as the beginning of a “business relationship” triggers beneficial ownership determination obligations, ongoing monitoring obligations and obligations to conduct certain PEP/HIO screenings. Under the new definition, a financial entity enters into a business relationship with a client when one of the following occurs

  • the financial entity opens an account for a client (except in certain circumstances, see the guidance for the full list)
  • if the person does not hold an account, the second time, within a five-year period, that the client engages in a transaction for which the financial entity is required to verify their identity

Know-your-client requirements

On March 22, 2021, FINTRAC issued new guidance on when to verify the identity of persons and entities for financial entities in order to reflect the Amendments. This guidance will come into effect on June 1, 2021.

Changes from the prior guidance include

  • additional client verification requirements for large virtual currency transactions (equivalent to $10,000 or more), which are subject to the 24-hour rule
  • the addition of a new exception: there is no need to verify the identity of a person or entity that conducts a large virtual currency transaction if the virtual currency is received from a financial entity or a public body or a person acting on behalf of a financial entity or public body

Screening for politically exposed persons and heads of international organizations

In addition to the new PEP/HIO guidance of general application discussed in Part 1, FINTRAC’s new PEP/HIO guidance for account-based reporting entities, which was issued in May and will take effect on June 1, 2021, makes a number of changes to the obligations financial entities have with respect to PEP/HIO screening, monitoring and recordkeeping. At a high level, financial entities will no longer need to keep records regarding unsuccessful reasonable attempts, but will have additional responsibilities with respect to PPPAs and virtual currency transactions. We highlight only those changes made to the existing requirements and have not repeated requirements that continue to be in effect:

  • When to make a PEP/HIO determination
    • Financial entities must screen authorized users of PPPAs to determine whether that person is a PEP, HIO, a family member of a PEP or HIO, or a close associate of a foreign PEP.
    • Financial entities must also conduct periodic reviews of authorized users of PPPAs to determine whether an authorized user is a PEP, HIO, the family member of a PEP or HIO, or a close associate of a foreign PEP.
    • Financial entities must determine whether an authorized user of a PPPA is a PEP, HIO, or a family member or close associate of a PEP or HIO upon detection of a fact by the financial entity or its employees or officers that raises a reasonable suspicion.
    • Only the initiation of international EFTs in the amount of $100,000 or more triggers the requirement to determine whether the person initiating the transaction is a PEP, HIO, or a family member or close associate of a PEP or HIO. Under the prior guidance, all EFTs initiated triggered the determination requirements.
    • Payment in the amount of $100,000 or more to a PPPA triggers a duty to determine whether the person who made the payment is a PEP, HIO, or a family member or close associate of a PEP or HIO.
    • Transfers of cash or virtual currency equivalents of $100,000 or more trigger a duty to determine whether the person who made the transfer is a PEP, HIO, or a family member or a close associate of a PEP or HIO.
    • Receiving an amount of virtual currency equivalent to $100,000 on behalf of a beneficiary triggers a duty to determine whether the person for whom the amount is received is a PEP, HIO, or a family member or a close associate of a PEP or HIO.
  • If a person who holds an account or is an authorized user of a PPPA is determined to be a foreign PEP (or a family member or close associate of a foreign PEP), or a high-risk domestic PEP or high-risk HIO (or a high-risk family member or high-risk close associate of a domestic PEP or HIO), a financial entity must take reasonable measures to establish the source of the funds or source of the virtual currency to be deposited, and to establish the source of the person’s wealth. Approval of senior management is required to keep the account open.
  • Financial entities must take transaction-related measures once it is determined that the person conducting the transaction is a foreign PEP (or a family member or close associate of a foreign PEP), a high-risk domestic PEP or a high-risk HIO (or a high-risk family member or high-risk close associate of a domestic PEP or HIO):
    • When payment is made to a PPPA in the amount of $100,000 or more, financial entities must take reasonable measures to establish the source of funds or virtual currency, and the person’s source of wealth for any authorized user of that PPPA who is determined to be a foreign PEP (or a family member or close associate of a foreign PEP), a high-risk domestic PEP or a high-risk HIO (or a high-risk family member or high-risk close associate of a domestic PEP or HIO). Senior management must review the transaction.
    • When initiating an international EFT for $100,000 or more, financial entities must establish the source of funds or virtual currency, and the source of wealth for any authorized user of a PPPA who is determined to be a foreign PEP (or a family member or close associate of a foreign PEP), a high-risk domestic PEP or a high-risk HIO (or a high-risk family member or high-risk close associate of a PEP or HIO). Senior management must review the transaction.
    • When transferring an amount of virtual currency equivalent to $100,000 or more, financial entities must establish the source of funds or virtual currency, and the source of wealth for any authorized user of a PPPA who is determined to be a foreign PEP (or a family member or close associate of a foreign PEP), a high-risk domestic PEP or a high-risk HIO (or a high-risk family member or high-risk close associate of a PEP or HIO). Senior management must review the transaction.
  • Approval of senior management is required to keep the account open and enhanced measures must be taken.
  • Recordkeeping requirements
    • Recordkeeping is not required for unsuccessful reasonable measures taken when “reasonable measures” are required.
    • PEP/HIO records must be kept with respect to authorized users of PPPAs, the periodic review of authorized users of PPPAs or detected facts about PPPAs.
    • PEP/HIO records must be kept only for international EFTs in the amount of $100,000 or more.
    • PEP/HIO records must be kept when a financial entity receives an amount of virtual currency equivalent to $100,000 or more on behalf of a beneficiary

Recordkeeping Requirements

Financial entities will be subject to new recordkeeping requirements under the Amendments. In anticipation of these changes, FINTRAC issued new recordkeeping guidance in March to take effect June 1, 2021. As with prior guidance, the new FINTRAC recordkeeping guidance does not consolidate all recordkeeping requirements and additional recordkeeping requirements continue to be found in the beneficial ownership guidance, the ongoing monitoring guidance and the PEP/HIO screening guidance, among others.

Changes under the new guidance include

  • new obligations to retain records of terrorist property reports, large cash transaction reports, large virtual currency reports and EFT transfer reports for five years
  • recordkeeping requirements for large cash transactions also includes transactions in which another person or entity is authorized to receive funds and the other person or entity receives $10,000 or more in cash
  • the modification of the information that must be kept as part of the large cash transaction record and the addition of new information to be retained. New information that must be provided in the record includes information regarding entities involved in the transaction, exchange rates used, reference numbers connected to the transaction and details of the remittance of the cash received
  • the modification of the information that must be kept as part of the transaction record for the issuance of traveller’s cheques, money orders or similar instruments upon receipt of $3,000 or more in funds – or an equivalent amount of virtual currency – including additional information about the person or entity making the payment, the accounts involved or affected, reference numbers and information specific to any virtual currency
  • additional information must be retained in records pertaining to EFTs of $1,000 or more, including exchange rates and their sources and information pertaining to beneficiaries. There are a number of additional and specific recordkeeping requirements that apply under the new guidance when sending an international EFT of $1,000 or more
  • the addition of detailed recordkeeping requirements for virtual currency transfers of $1,000, including information about the transfer, the client, beneficiaries, affected accounts, information about account holders, transaction identifiers and exchange rates. There are separate recordkeeping requirements that have been added for virtual currency equivalent to $1,000 or more for remittance to a beneficiary, which are largely the same
  • the addition of detailed recordkeeping requirements for virtual currency transaction tickets for every virtual currency exchange transaction conducted, including information about the transaction, the individuals or entities requesting the transaction, the amount and type of virtual currency, exchange rates, every account affected and information about the account, reference numbers and other identifiers
  • transaction records related to a credit card account must contain, where applicable, foreign currency exchange transaction tickets, virtual currency exchange transaction tickets, records of initiated international EFTs for $1,000 or more and records of final receipt of international EFTs of $1,000 or more remitted to a beneficiary
  • records must be kept regarding prepaid payment product accounts and transactions, including information about the account holder and authorized users, applications, account statements, debit and credit memos, records of payments, any virtual currency involved in the payment, payment methods, account numbers, as well as any applicable foreign currency exchange transaction tickets, virtual currency exchange transaction tickets, records of initiated international EFTs for $1,000 or more and records of final receipt of international EFTs of $1,000 or more remitted to a beneficiary
  • records of unsuccessful reasonable measures are no longer required
  • large virtual currency transaction records do not need to be kept if received from a financial entity or public body or person acting on behalf of a financial entity or public body
  • a receipt of funds record does not need to be kept if the funds are received from a very large trust
  • if a financial institution is processing prepaid payment product payments on behalf of a merchant, the recordkeeping requirements do not apply to those activities

Travel rule requirements

In May 2021, FINTRAC issued new guidance regarding the travel rule for electronic funds and virtual currency transfers, which reflects new obligations introduced by the Amendments and which will come into effect on June 1, 2021. The guidance is applicable to financial entities, MSBs (including foreign MSBs) and casinos only. The travel rule is the requirement to ensure that specific information (“travel information”) is included with the information sent or received in an electronic funds transfer (EFT) or a virtual currency transfer. Information received under the travel rule cannot be subsequently removed from a transfer.

  • The following information must be included when initiating an EFT:
    • the name, address and account number or other reference number (if any) of the person or entity who requested the transfer (originator information)
    • the name and address of the beneficiary
    • if applicable, the beneficiary's account number or other reference number
  • Reasonable measures must be taken to ensure that the travel rule information is included when receiving an EFT, either as an intermediary or as the final recipient. When sending an incoming or outgoing EFT (after receiving it as an intermediary), the travel rule information received or obtained through reasonable measures must be included.
  • The following information must be included when sending virtual currency transfers, and reasonable measures must be taken to ensure that this information is included when receiving virtual currency transfers that require a virtual currency record to be kept:
    • the name, address and the account number or other reference number (if any) of the person or entity who requested the transfer (originator information)
    • the name, address and the account number or other reference number (if any) of the beneficiary
  • If an EFT or virtual currency transfer is received and does not have the required travel information, reasonable measures must be taken to obtain that information.

The policies and procedures must document the following travel rule requirements: i) the reasonable measures to be taken; and ii) risk-based policies and procedures for determining what to do when, after taking reasonable measures, the RE is unable to obtain the travel rule information. Policies and procedures must address under which circumstances REs allow, suspend or reject the transaction, and outline any follow-up measures to be taken. 


[1] The definition of prepaid payment product under the Amendments excludes prepaid payment products that enable a person or entity to access a credit or debit account, prepaid payment products issued for use with a particular merchant, and prepaid payment products that are issued for a single use for the purposes of a retail rebate program.