Mid-tier institutions face FINTRAC reporting pressures

Updates to Canada’s anti-money laundering (AML) and anti-terrorist financing (ATF) regulatory regime have increased the cost and complexity of regulatory compliance. Regulators have brought more companies under their purview and introduced new requirements for current reporting entities. Credit unions, small- and medium-sized banks and a widening range of money service businesses in particular now find themselves under more scrutiny.

Companies face serious financial and reputational consequences if they fall short of Canada’s AML compliance requirements. In the last four years alone, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) publicly named and imposed more than $5 million in penalties on non-compliant companies.1

Against this backdrop, many organizations are reviewing their AML/ATF programs to better understand their risk exposure. They’re frequently finding gaps and realizing their traditional approaches are unsustainable and unable to keep pace with their own business growth or the evolving regulatory landscape.

The FINTRAC reporting challenges facing mid-tier financial institutions

Small- and mid-sized institutions often struggle to develop—as well as regularly review and update—a comprehensive compliance program that’s specific to their size and industry. At the same time, many smaller organizations lack the analytical and operational capabilities needed to collect, aggregate and investigate customer and transaction data, as well as pinpoint and remediate risks on a timely basis.

This makes it hard to comply with regulatory and legislative changes (see sidebar), including revisions to the forms institutions must file with FINTRAC to flag various transactions, such as large cash transfers and suspicious transactions. 

These organizations also often struggle to keep up with their FINTRAC reporting obligations because of inadequate systems, resourcing, program structure or a combination of all three. Insufficient investments in preventative AML compliance create costly operational challenges, such as backlogs of alerts that need adjudication, cases requiring investigation and reports that must be filed.

Proceeds of Crime (Money Laundering) and Terrorist Financing Act: What’s changing?

Proposed and enacted amendments include:

  • Extending AML/ATF requirements to more businesses: Armoured car carriers and mortgage administrators, brokers and lenders will be treated as reporting entities as of July 2024 and October 2024, respectively. The new reporting entities must establish AML/ATF compliance programs.
  • An expanded definition of money services businesses (MSB) that includes payment services providers and crowdfunding platform services.
  • New due diligence obligations for MSBs to make sure agents and their associated parties are not subject to Canadian sanctions and have not been convicted of money laundering, terrorist financing or drug trafficking offences.
  • Revised obligations for all reporting entities, including changes to forms for disclosing large cash, virtual currency and suspicious transactions, as well as electronic fund transfers.
  • Additional offences and penalties, such as provisions around structured financial transactions.

Key AML compliance considerations

Companies with high levels of compliance maturity understand the business case for reimagining their AML/ATF program. They develop end-to-end processes to extract data from across their organization and aggregate it into a single source of truth that can be analyzed using advanced analytics tools and used for decision making.

These organizations typically include the following considerations in their approach:

  • Incorporate unique business characteristics. AML/ATF compliance, underpinned by a sound risk-based approach, looks different for every organization. Compliance requirements are based on principles and are rarely explicitly prescribed. Companies need to assess the inherent risks of their unique products, services and customers to enact the right processes and controls to mitigate them. 
  • Pinpoint opportunities for tech enhancements. These include know-your-customer (KYC), transaction monitoring, alert adjudication and case management solutions that can be scaled to handle increased and more complex volumes of data.
  • Establish risk-based AML/ATF controls. Your controls should be shaped by a documented risk assessment methodology that helps you link how key risks are mitigated through an appropriate set of controls.
  • Standardize the collection, aggregation and reporting of data. This requires validating the quality of the data collected from disparate systems across various business units and using that data in your decision making.
  • Upskill employees with AML training. Role-based upskilling programs give employees resources and support to perform their day-to-day duties and implement your organization’s AML/ATF compliance framework.
  • Explore emerging technologies. Leading companies already consider how new technologies such as robotic process automation and artificial intelligence can increase the accuracy and efficiency of their processes.

Closing your AML/ATF capability gaps: There's no reason to go it alone

For most companies, resolving the operational challenges that lead to case backlogs requires a fresh approach. This is particularly true for complex and labour-intensive processes, such as transaction monitoring. Legacy operating models that rely on adding manual resources to manage a company’s AML/ATF compliance program become even more ineffective and inefficient as you grow in size and expand your operations.

We’ve seen companies bridge these gaps through managed services relationships that strengthen their financial crime risk management. Companies can gain a strategic advantage through these arrangements when they move beyond traditional outsourcing arrangements and look for more than cost savings. In fact, our research found that top-performing businesses often turn to a more strategic set of managed services partnerships that improves their access to talent and technology.

To gain this performance premium from a managed services relationship, it’s helpful to consider the business outcomes you want to achieve, rather than focusing on one-off solutions. Working with a managed services provider that combines industry insights, financial crime specialists and technology expertise lets you take a holistic approach to strengthening your risk management program—from policy and governance, to implementing and refining your monitoring program through to case investigations.

Building trust and enhancing resilience through AML/ATF

Small- and medium-sized financial institutions face pressure to modernize their financial crime risk management programs and meet evolving regulatory requirements. But reimagining your operations can do more than help you achieve compliance. It’s an opportunity to make your AML/ATF framework more reflective of your risk profile, reduce false positive alerts and onboard new clients faster.

This enhances your effectiveness, efficiency and client experiences, helping you build trust and deliver sustained risk management outcomes. Importantly, it also lowers the chances of your company inadvertently facilitating or participating in a financial crime—strengthening and protecting the community in which you operate.

At PwC Canada, we take a human-led and tech-powered approach to helping organizations solve their compliance challenges. We combine subject matter expertise, human judgment and advanced digital tools in our managed services capabilities and other financial crime solutions. Reach out to start a conversation about how we can help you modernize your AML/ATF program.

1. “Public notice of administrative monetary penalties,” Financial Transactions and Reports Analysis Centre of Canada, accessed October 12, 2023, https://fintrac-canafe.canada.ca/pen/4-eng.

Contact us

Michael Reystone

Michael Reystone

Partner, National Financial Crime Practice Leader, PwC Canada

Tel: +1 416 869 2349

Follow PwC Canada