Canada’s AML Requirements: How Fintechs Can Comply

How AML Requirements in Canada Affect Fintechs

Canada is the second-largest financial destination in North America after the United States and hosts diverse business interests from across the world including commercial fintech service providers. While Canada has a developed a modern financial system, recent high-profile criminal incidents have exposed structural vulnerabilities to a range of money laundering and terrorism financing activities including many that affect the fintech industry. Therefore, Canada’s AML requirements for Fintechs need to be seriously considered.

In 2016, the Financial Action Task Force (FATF) pointed out Canada’s shortcomings in an evaluation, prompting the Canadian government to increase its focus on addressing AML requirements in Canada and in the fintech industry at a federal and provincial level. 

Given that increased focus, and the significant penalties for noncompliance, fintech firms in Canada should be familiar with their regulatory obligations, and how to deploy appropriate AML/CFT measures to detect and prevent money laundering.

Canada AML Regulations

Like banks and other financial institutions, fintech service providers in Canada must abide by both public and private legislation at the federal and provincial levels. These Canadian AML requirements include:

• The Canadian Payments Act 
• The Payment Clearing and Settlement Act (Canada)
• The Bank Act
• The Bills of Exchange Act (Canada)

Fintech regulations: Certain Canadian financial regulations are specifically relevant to fintech service providers. These include the Personal Information Protection and Electronic Documents Act (PIPEDA) which protects personal information handled by private sector firms, and the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).

PCMLTFA AML Compliance

The PCMLTFA is particularly important because sets out the regulations for CFT/AML compliance in Canada and requires all firms, including fintech service providers, to:

• Establish a risk-based AML/CFT compliance program.
• Establish and verify the identities of their customers and clients.
• Maintain records on customers and clients. 
• Report suspicious activity to the authorities.

PCMLTFA Amendments: In 2018, the PCMLTFA was amended to modernize and align Canada’s AML requirements with international standards. The amendments introduce a definition of virtual currency and expand the scope of the legislation to cryptocurrency exchange and wallet providers. The amendments will come into force in Canada in 2021. 

Fintechs may also be subject to provincial AML/CFT laws that vary based on the sector in which they operate. Fintech firms that are involved in the securities market, for example, are regulated at the provincial level by securities commissions. Similarly, provinces may impose their own data privacy and cybersecurity regulations.

Financial Authorities that Impact AML Requirements in Canada

Canada’s primary financial regulator is the Financial Transactions and Reports Analysis Centre (FINTRAC), which is responsible for identifying incidents of money laundering and terrorism. Fintech firms in Canada must report to FINTRAC when they detect suspicious activity that could indicate money laundering is taking place. FINTRAC maintains a national register of money services businesses and works with other law enforcement agencies to conduct investigations into fintech firms and other financial institutions that are suspected of wrongdoing.

Are you an early stage FinTech and need money laundering act guidance or an AML solution?

Discover ComplyLaunch™, our automated solutions package for early stage FinTechs.

Register Now

Fintech AML Risks

Fintech firms may face specific AML/CFT risks depending on the sector in which they operate. Certain weaknesses in the industry, presented by products such as prepaid cards or remittance services, may also present opportunities for money launderers. With that in mind, specific AML risks and vulnerabilities for fintech firms include: 

• Anonymity: Many fintech services offer criminals a level of anonymity that conventional services do not. Money launderers may seek to use fintech products to conceal their identities, use stolen identities, or engage third parties to act on their behalf in order to access the legitimate financial system.  
• Speed: Electronic money transfers can take place at much greater speed and in greater volume than transfers using traditional banking products. That capacity allows criminals in Canada to use fintech products to disguise and transfer large amounts of illegal funds and avoid AML investigations by moving those funds around rapidly. 
• Regulatory disparity: There are not any dedicated fintech legislation or AML requirements in Canada. Criminals may seek to exploit blindspots or disparities in AML/CFT regulations by using fintech services to move funds into or out of Canada. Similarly, criminals may seek to exploit disparities in provincial jurisdictions. 

Structuring: Criminals may seek to take advantage of different Canadian fintech products or service providers in order to engage in multiple transactions, structing the introduction of their illegal money into the legitimate financial system without triggering AML measures.

Fintech AML Red Flags

• Fintech firms should be alert to a range of characteristic behaviours or red flags that indicate criminals are attempting to exploit their services to launder money or finance terrorist activities. Those red flags include:
  • Customers that attempt to conceal their identities when using fintech services. 
  • Discrepancies in customer identity verification. 
  • Transactions that consistently exceed or fall just below regulatory reporting thresholds.
  • Unusual transactional behavior such as unusually high frequencies of transactions or transactions with high-risk countries.
  • Transactions that seem connected to each other or multiple account registrations that share identifying information.

How to Comply with Canadian AML Regulations

Under FATF recommendations and the AML requirements of Canada as part of the updated PCMLTFA, fintech firms must put a risk-based AML/CFT program in place in order to achieve regulatory compliance. In the fintech industry, it is particularly important that firms deploy suitable Know Your Customer (KYC) measures in order to verify customer identities and understand the ways in which those customers use and interact with their fintech products. Accordingly, an AML program must include the following due diligence, screening and monitoring measures: 

• Customer due diligence: Fintech firms should put CDD measures in place in order to accurately establish and verify their customers’ identities. Customers that present a higher AML risk should be subject to enhanced due diligence (EDD). 
• Transaction monitoring: Firms should monitor their customers’ transactions for suspicious activity on an ongoing basis. When suspicious activity is detected, firms should submit suspicious activity reports (SAR) to FINTRAC in a timely manner. 
• Sanctions screening: Fintech services may be misused in order to avoid international sanctions. Accordingly, firms should screen their customers against the relevant international sanctions lists. 
• PEP screening: Politically exposed persons (PEP) may present a greater risk of money laundering to fintech firms. With that in mind, firms should screen their customers on an ongoing basis to establish their PEP status. 
• Negative News Screening: Adverse or negative news stories often indicate that a customer is involved in money laundering or terrorism financing activities. Fintech firms should monitor for adverse media on traditional screen and print media and from online sources.