Business people in the office
Anti-Money Laundering

AML rules: why you need to know the meaning of non-compliance

As reporting entities under Canada’s AML regime, accountants and accounting firms need to know—and comply with—their obligations

Business people in the officeBeing compliant with AML legislation means keeping your obligations in view at all times (vgajic/Getty Images)

While it has always been important for reporting entities to be aware of their obligations under Canada’s anti-money laundering (AML) regime, new rules effective on June 1, 2021 significantly increased the risks and complexities associated with non-compliance.

“The updates set out a number of circumstances in which CPAs engaged in activities covered by the legislation need to verify the identity of the persons or organizations with whom they are dealing, as well as what they need to report and how,” says Michele Wood-Tweel, FCPA, FCA, vice-president, regulatory affairs at CPA Canada. “Non-compliance can lead to administrative penalties and much more.”

Here is what it means to be compliant, as well as the consequences of noncompliance.


As reporting entities under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), accountants and accounting firms that are involved in certain activities (such as receiving or paying funds on behalf of a person or entity) are required to verify the identity of the persons and entities with whom they’re dealing in certain circumstances: 

  • Large cash transactions ($10,000 or more within a 24-hour period, as defined by the 24-hour rule)
  • Large virtual currency transactions (again, $10,000 or more within a 24-hour period)
  • Suspicious transactions, regardless of the amount
  • Receipt of funds of $3,000 or more.

Other “know your client” (KYC) obligations include obtaining beneficial ownership information and determining if you are dealing with a politically exposed person or the head of an international organization. Also, to comply with record-keeping rules,  there are a variety of records and reports that must be kept on file. 


For reporting entities, the first step toward fulfilling AML obligations is to establish a compliance program. This serves as a framework for the subsequent elements of an AML regime, including KYC, reporting and record keeping.

“Reporting entities must have a documented compliance program that requires the name of a compliance officer, written compliance policies and procedures, and a risk assessment report, as well as records of ongoing compliance training and a periodic compliance program review,” says Wood-Tweel.


Any organization that is subject to AML regulations can expect to be examined by FINTRAC, says Eric Lachapelle, CPA, national finance crime leader for KPMG Canada. “When you will be examined and how frequently depends on the risk model established by FINTRAC. If you are in a high-risk sector, they will come to see you more often.”

Generally, FINTRAC begins its examination process by contacting reporting entities and sending a formal letter to an organization’s compliance officer saying when the examiners will be coming or when a desk examination conducted at FINTRAC will occur. Prior to the examination beginning, the reporting entity may be required to provide requested documentation.

FINTRAC uses a variety of different assessment tools during an examination, including monitoring large financial transaction reports, determining business activities that are subject to the PCMLTFA, and documenting compliance program gaps, progress and improvements.

“The examiners will not necessarily verify everything from A to Z, as there are many elements within an AML compliance program,” says Lachapelle.


With its assessment completed, FINTRAC will provide details of the findings and a findings letter will be issued. Depending upon the outcome, no follow up will be required, follow-up compliance action will be undertaken, it may issue an administrative penalty or disclose information to law enforcement for criminal investigation.

Lachapelle stresses that enforcement in Canada on the part of FINTRAC is not designed to be punitive, but rather to encourage behavioural change. “A report doesn’t mean that all findings are severe,” he says. “However, while FINTRAC is not out to be punitive, every law needs enforcement at some point.”


The PCMLTFA and its associated regulations establish precise penalty ranges for each violation, says Mélanie Goulette Nadon, senior communications advisor, external communications, FINTRAC. Within these ranges, specific penalty amounts are calculated based on FINTRAC’s Administrative Monetary Penalties (AMP) policy.

To determine a penalty amount, FINTRAC considers three criteria:

  • The harm caused by the violation(s): FINTRAC has developed and published a number of specific guides that describe its approach to assessing the harm done by violating the PCMLTFA regulations and its rationale in determining the penalty amounts.
  • The reporting entity’s compliance history.
  • The non-punitive nature of an administrative monetary penalty.

Penalties are categorized into three levels and amounts determined on a sliding scale: minor ($1 to $1,000 per violation); serious ($1 to $100,000 per violation; and very serious ($1 to $100,000 per violation for an individual, $1 to $500,000 for an entity).

“If you don’t have the right program in place or aren’t doing proper monitoring, you are at risk of being fined. If you are not doing the proper regulatory reporting or not reporting at all, you are definitely at risk,” says Lachapelle.

Where examiners find multiple violations, each can be penalized individually, cautions Lachapelle.

There may be more violations with major reporting entities simply because of transaction volumes, says Lachapelle. “Understandably, the higher the volume, the greater the risk of having more violations. It’s also important to note that all AMPs are now disclosed to the public.”

Once the letter outlining findings is received, the organization may simply accept the results and agree to the terms laid out in the letter, says Lachapelle. “If you don’t agree with the findings, however, you have 30 days to present your argument. Depending on the type of finding, you can ask for a review, present a demand to negotiate the terms or, in the case of more serious findings, appeal to the federal court.”


Being compliant means keeping your obligations in view at all times, says Lachapelle. “The best way to keep up to date is to read the FINTRAC website. Everything is there. Remember there are always changes and updates, so you need to know by heart what is required.”

Nadon adds that in addition to publishing comprehensive and sector-specific guidance for businesses subject to the PCMLTFA, FINTRAC publishes hundreds of policy interpretations and responds to thousands of enquiries every year.

Lachapelle notes that CPAs can expect more changes to come. “I’ve been in the field 15 years and things are definitely changing. Canada is catching up to our G7 and G20 peers and moving in the right direction.”

Wood-Tweel takes a similar view. “We’ve seen a lot of momentum over the past four to five years and Canada’s regime is becoming more on par internationally. As we go forward, it will be important to keep that momentum going.”


CPA Canada has a wealth of information on all aspects of anti-money laundering. For more on noncompliance, see Risky business: Non-compliance with anti-money laundering requirements.

Check out the CPA Canada AML guide for more detailed information on staying within all AML guidelines. And be sure to read our Q&A with guide contributor Marc Tassé.

For more updates, see New AML measures that CPAs need to keep on their radar. And attend the course on anti-money laundering and ethics to gain the knowledge and tools necessary to instill financial ethics in your organization.