Skip Navigation

But Wait, There’s More: Significant Amendments to Canada’s Anti-Money Laundering and Anti-Terrorist Financing Regime

December 2, 2024

On November 30, 2024, draft amendments to the regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the PCMLTFA) were released.  These proposed amendments to the regulations would be significant, affecting all regulated entities under the PCMLTFA and also including new sectors as regulated entities under the PCMLTFA regime. The proposed amendments are made, in part, in anticipation of Canada’s mutual evaluation by the Financial Action Task Force which commences in 2025.

The amendments include the requirements to enable information sharing by regulated entities without consent, the requirement for regulated entities to report on any discrepancies found in the federal beneficial ownership registry, and the inclusion of factoring, financing and leasing entities and those engaged in the cheque cashing business as regulated entities under the PCMLTFA regime. There is also a new proposed regulation that will require a declaration to be filed with the Canada Border Services Agency (CBSA) whenever a person or entity imports or exports goods into or out of Canada.

There is a 30-day comment period in respect of these regulations. Affected parties should review these provisions carefully to determine if commentary is warranted. We note that for parties that are not currently regulated under PCMLTFA, a lot of time and resources will be required to implement the requirements of the PCMLTFA, especially for those that carry on business digitally. The provisions set out below have an in force date of October 1, 2025 except for the information sharing provisions which are tied to the implementation of the , Budget Implementation Act, 2024 No. 1 and the regulations with respect to the importation/exportation of goods.

An overview of these provisions follows.

1. The inclusion of new regulated entities

As previously outlined in the 2024 Federal Budget (see our Blakes Bulletin: 2024 Federal Budget: Banking, Financial Services Highlights), the PCMLTFA will be expanded to include factoring entities, financing and leasing entities as well as those engaged in the cheque cashing business as regulated entities under the PCMLTFA.

(i) Factoring Companies

A “factor” is defined in the regulations as a person or entity that is engaged in the business of factoring, with or without recourse against the assignor. As such, even if arrangements are structured without recourse, they will be in scope of the PCMLTFA. As a result of these amendments, not only will traditional factoring companies be in scope of the PCMLTFA, but so will those engaged in the business of making merchant cash advances.

(ii) Finance and Leasing Entities

The draft regulations define a financing or leasing entity as a person or entity that is engaged in the business of financing or leasing of:

(a) property, other than real property or immovables, for business purposes

(b) passenger vehicles in Canada

(c) property, other than real property or immovables, that is valued at C$100,000 or more

The term “passenger vehicle” is also defined quite broadly and includes motor vehicles and utility trucks.

It should be noted that based on the above-noted definition of a financing or leasing entity, consumer lending, other than in the context of motor vehicles, will be out of scope except where the value of the property being financed is for more than C$100,000.

As a result of being regulated under the PCMLTFA, these entities will be required to implement a full PCMLTFA compliance program that includes the following components:

  • Appointing a compliance officer who is responsible for implementing the program
  • Developing and applying written compliance policies and procedures
  • Conducting a risk assessment of the business to assess and document the risk of a money laundering or terrorist activity financing offence occurring;
  • Developing and maintaining a written, ongoing compliance training program
  • Reviewing the compliance program to test its effectiveness every two years at a minimum

In addition to reporting suspicious transactions to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), factoring companies and finance and leasing entities will also be required to report and document large cash or large virtual currency transactions (C$10,000 plus). Similar to other regulated entities, there are also requirements to verify client identity, confirm beneficial ownership and make PEP determinations (politically exposed person) in respect of all clients with which they enter into transactions for factoring/leasing.

The regulations also require detailed record keeping requirements in respect of all payments received from clients in the normal course including records in respect of the method of payment, the name of every person or entity involved in the payment, and every account number or other equivalent reference number connected to the payment.

For those organizations engaged in these businesses that are not already complying with these requirements as part of their enterprise-wide anti-money laundering programs, a lot of time and resources will be required in order to implement the compliance policies and procedures required by the PCMLTFA.

Cheque Cashing

While the PCMLTFA currently includes cheque cashers in the category of money services businesses, there is a carve out for persons who cash cheques made payable to a named person or entity (in other words cheques that are not payable to order or to bearer). The draft regulations eliminate this carve out so that cheque cashing of every nature is now caught within the money services business framework of the PCMLTFA.

Alongside the current money services business (MSB) requirements, there is also a new record keeping requirement when an MSB cashes a cheque for more than C$3,000. This will require detailed records to be kept in respect of these cheques including:

  • The name of the issuer of each cheque
  • The number of every account that is affected by the cashing of the cheque
  • The type of account and the name of each account holder
  • Every reference number that is connected to the cashing of the cheque and that has a function equivalent to that of an account number

Where a person cashes a cheque for more than C$3,000, the identity verification requirements of the regulations will also apply.

2. Beneficial Ownership Discrepancies

Regulated entities under the PCMLTFA are required, as part of their business relationships, to obtain and confirm information in respect of the beneficial ownership of their entity clients when they onboard the client and as part of their ongoing monitoring obligations, subject to certain limited exceptions.

As many are aware, earlier this year the federal government launched a public, searchable beneficial ownership registry of those corporations incorporated under the Canada Business Corporations Act (CBCA). While originally it was thought this would assist regulated entities in determining the beneficial ownership of entities, instead, regulated entities are tasked with the requirement to report any discrepancies that they find in the registry from the information that they collected from their clients.

In that regard, the regulations provide an express requirement for a regulated entity that is dealing with a CBCA corporation to consult the beneficial ownership registry at onboarding and as part of ongoing monitoring, if they consider that there is a high risk of a money laundering offence or terrorist activity financing offence (i.e., for high-risk clients). Where a regulated entity identifies a material discrepancy between the information that they collect and the information contained in the registry, they are required to report the discrepancy to the Director under CBCA within 15 days after the day on which the discrepancy is identified and maintain a copy of any acknowledgement of receipt of the report.

The reporting requirement will not apply if the material discrepancy is resolved within 15 days after the day on which it is identified. The meaning of the term “resolved” is unclear, but could mean that the federal registry is updated to reflect the proper information. It will be interesting to see if FINTRAC interprets the provision of incorrect beneficial ownership information as “reasonable grounds to suspect” the occurrence of a money laundering or sanctions evasion offence, requiring the filing of a suspicious transaction report.

While the regulations do not define what constitutes a “material discrepancy,” the regulations do provide that a material discrepancy would not include spelling errors or a minor variation in a name or address. While the clearest example of a material discrepancy would be missing beneficial ownership information in the Registry, there is a lot of grey area between the omission of beneficial ownership information and minor typographical errors, which absent FINTRAC guidance, will leave this matter for the determination of regulated entities.

Where there is a material discrepancy, regulated entities are required to file a report in the form of a Schedule to the regulations. Information required to be disclosed includes the name of the CBCA entity and its identifying number on its certificate of incorporation, the date on which discrepancy was identified and a description of discrepancy.

As a result of this new requirement, regulated entities will be required to update their compliance policies and procedures to ensure that the registry is consulted where required and that material discrepancies are reported within the required 15 day period.

This requirement applies to all regulated entities.

Information Sharing

As contemplated in the 2024 Budget, and noted in our Blakes Bulletin: 2024 Federal Budget: Update on Financial Services Regulatory Policy Changes, the PCMLTFA will permit regulated entities to share personal information without a person’s knowledge or consent where:

  • The information was collected in the course of the regulated entity’s activities
  • The disclosure is reasonable for the purpose of detecting or deterring money laundering, terrorist financing or sanctions evasion
  • Making the disclosure with the individual’s knowledge or consent would risk compromising the ability to detect or deter money laundering, terrorist financing or sanctions evasion
  • The disclosure is made in accordance with the regulations

The regulations now set out the processes required in order to share information in these circumstances.

As a starting point, regulated entities that wish to share information (it is not mandatory) are required to establish and implement a code of practice for disclosing, collecting and using personal information without consent (Code), of which Code must be approved by the Privacy Commissioner. Any reporting entity is entitled to apply to the Privacy Commissioner on behalf of itself and other reporting entities for the approval of a Code that will govern their sharing arrangements. As such, the regulatory framework will allow for different sharing arrangements with different regulated entities with different Codes. This will likely result in a more fractured information sharing process based on sector type.

The regulations require that all Codes must do the following:

  • Identify which regulated entities will be subject to it
  • Describe what type of personal information may be disclosed, collected or used without knowledge or consent
  • Describe the purposes for which personal information may be disclosed, collected or used without knowledge or consent
  • Describe the manner in which personal information may be disclosed, collected or used without knowledge or consent
  • Describe the measures to be taken to ensure the protection of personal information, including measures concerning the retention of such information and the keeping of records
  • Include information demonstrating that the Code complies with the requirements for disclosure under the PCMLTFA and otherwise provide for substantially the same or greater protection of personal information as that provided under the Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Include any other information necessary for the assessment of the Code by the Privacy Commissioner

The “manner in which personal information may be disclosed” is significant. In other jurisdictions, the governments have developed the infrastructure to allow for the sharing of information. In some jurisdictions this is undertaken by private enterprise. The development of these sharing platforms will take time and will likely require regulatory input.

In approving a Code, the Privacy Commissioner has the right to request further information from reporting entities and will have a 90-day period to approve a Code, subject to a 15-day extension right. Where a Code is rejected, the Privacy Commissioner is required to provide reasons and if a regulated entity does not hear from the Privacy Commissioner within the above-noted timeframe, the Code is deemed to be approved. When a Code is provided to the Privacy Commissioner for approval, the applicant regulated entity is also required to provide a copy on the same day to FINTRAC, and FINTRAC will also have a right to make comments. Once a Code has been approved, the regulated entities participating in information sharing are required to comply with its requirements.

Any changes made to the Code require the approval of the Privacy Commissioner and if the Commissioner believes a Code has been revised without consent, they may direct that a person apply for approval of the revised Code. Where a person fails to comply with the Privacy Commissioner’s direction, the Privacy Commissioner may suspend a previously approved Code.

All approved Codes require reapproval every five years.

The regulations provide a right for any person to complain to the Privacy Commissioner under Division 2 of Part 1 of PIPEDA in the event that they believe a regulated entity has not complied with a Code. This provision, while reasonable on its face, is completely counter-intuitive to the information sharing provisions of the PCMLTFA and is ripe for abuse by criminals and others that engage in illegal activities. The underlying premise of information sharing under the PCMLTFA is that information is being shared without consent because “making the disclosure with the individual’s knowledge or consent would risk compromising the ability to detect or deter money laundering, terrorist financing or sanctions evasion.” This complaint mechanism provides individuals with the right to inquire into whether in fact information is being shared about them by regulated entities, which conflicts with the purpose and intent of the information sharing provisions.

Importation and Exportation of Goods 

A new regulation, the Proceeds of Crime (Money Laundering) and Terrorist Financing Reporting of Goods Regulations would implement a new Part 2.1 the PCMLTFA for the reporting of imported or exported goods. This will require all persons who are importing or exporting goods into or out of Canada to file a declaration with the CBSA indicating whether their goods are proceeds of crime or related to money laundering, terrorist financing or sanctions evasion. There is also a requirement for importers and exporters to attest that goods are in fact being imported or exported to address “phantom shipments” that are used in trade-based money laundering.

CBSA border officers would also have greater investigative powers and would be provided with the power to seize goods where there are reasonable grounds to believe that the goods are proceeds of crime or related to money laundering, terrorist financing or sanctions evasion.

There is also an administrative monetary penalty scheme to promote compliance with these new requirements.

For more information about these amendments to the regulations, please contact the author of this bulletin or any other member of our Financial Services group.


More insights