CanucktAI
HomeFrameworksFINTRAC
FinancialFederal — CanadaIn force July 5, 2000

FINTRAC

Proceeds of Crime (Money Laundering) and Terrorist Financing Act — FINTRAC

Canada's AML/CFT compliance framework

Run FINTRAC assessment ← All frameworks
Overview

FINTRAC administers the PCMLTFA — Canada's anti-money laundering and counter-terrorist financing legislation. Reporting entities must collect and verify client identity (KYC), monitor transactions, report suspicious activities, and maintain compliance programs. FINTRAC intersects with PIPEDA because the KYC data collected must also be handled according to privacy law.

Authority
Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)
Jurisdiction
Federal — Canada
Effective date
July 5, 2000
Applicability

Who must comply with FINTRAC?

Reporting entities include financial institutions, securities dealers, money services businesses, real estate brokers, accountants, casinos, dealers in precious metals, notaries in BC, and life insurance companies — among others.

Compliance scope
Your organization collects personal information
You operate in the applicable jurisdiction
Commercial activities are involved
You use or disclose personal data

Not sure if FINTRAC applies? Run a free assessment →

Requirements

Key obligations under FINTRAC

Client Identification

Verify the identity of clients before providing services. Collect government-issued ID, business registration, and beneficial ownership data.

Suspicious Transaction Reports

File STRs with FINTRAC within 30 days of detecting a transaction that you reasonably suspect is related to money laundering or terrorist financing.

Large Cash Transaction Reports

Report to FINTRAC within 15 days any single cash transaction of $10,000 or more.

Compliance Program

Maintain a documented compliance program including policies, training, risk assessment, and a compliance officer — FINTRAC will audit this.

Record Keeping

Keep KYC and transaction records for 5 years. Records must be organized to support FINTRAC examination on demand.

Privacy Balance

KYC data collected under FINTRAC obligations must still be handled in accordance with PIPEDA or provincial privacy law.

Enforcement

Penalties & enforcement

Maximum penalty
Unlimited fines; criminal penalties up to 5 years imprisonment
Enforced by: FINTRAC / Public Prosecution Service of Canada
Notable case

TD Bank was fined $9.16M CAD by FINTRAC for AML compliance violations (2023)

How Canuckt keeps you penalty-free:
Privacy-compliant KYC policy templates that satisfy both FINTRAC identity verification and PIPEDA consent requirements
Data retention schedule configured with FINTRAC 5-year retention rules pre-loaded
FINTRAC-PIPEDA conflict resolver — shows you what to collect, how to disclose it, and how long to keep it
Compliance program documentation builder for FINTRAC examination readiness
Related

Frameworks that often overlap with FINTRAC

Privacy
PIPEDA

Canada's federal private-sector privacy law

Financial
OSFI B-10

Canada's federal financial institution technology risk framework

Privacy
CASL

Canada's anti-spam and electronic consent law

Run a free FINTRAC gap assessment

Answer 47 questions, get a scored gap report, and see exactly what you need to do to comply with FINTRAC — in under 3 hours. Free forever.

Start free assessment
No credit card
Results in hours
Canadian data residency
FINTRAC AML Compliance Guide for Canadian Businesses | Canuckt | Canuckt AI