AML Compliance for Canadian Wealth Managers and Investment Advisers 2026

Canadian portfolio managers, investment dealers, mutual fund dealers, and wealth advisers are subject to anti-money laundering and anti-terrorist financing (AML/ATF) obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and regulations administered by FINTRAC (Financial Transactions and Reports Analysis Centre of Canada). In 2026, significant amendments to the PCMLTFA Regulations — including enhanced beneficial ownership verification and expanded Politically Exposed Person (PEP) requirements — came into force, reshaping compliance programs for wealth management firms across all provinces. This guide covers the current obligations and how to operationalize them efficiently.

Who Is Covered: PCMLTFA Scope for Wealth Management

The PCMLTFA's definition of "reporting entities" in the financial sector encompasses: securities dealers (broker-dealers) registered with provincial securities commissions, portfolio managers with discretionary authority over client funds, investment fund managers (IFMs), mortgage brokers acting as dealers, and life insurance companies selling individual annuities or segregated funds.

As of January 1, 2026, amendments to the PCMLTFA Regulations expanded the beneficial ownership (BO) verification requirements to align with FATF Recommendation 24, reducing the beneficial ownership threshold from 25% to 25% while adding new verification methods for complex corporate structures including numbered companies. (FINTRAC, 2026 Regulatory Amendments)

Family offices operating under a single family arrangement may qualify as exempt from certain PCMLTFA reporting requirements under the "large corporation" exemption in the Securities Act (Ontario, s. 209.1), but any extension of services to non-family clients removes this exemption.

Five Core AML/ATF Obligations Under the PCMLTFA

1. Client Identification and Verification (CDD)

FINTRAC's client identification requirements (PCMLTFA Regulations, s. 105) require collecting and verifying the full name, date of birth, current address, and occupation for every individual client. Acceptable identification methods include: photo ID verification (Canadian passport, provincial driver's licence, provincial government-issued photo ID), dual-process method (two reliable sources of identifying information), or credit file method (credit bureau verification). For corporate clients: verify legal name, incorporation number, and province/territory of incorporation, and identify all individuals with 25% or more of shares.

The Social Insurance Number (SIN) is not required for standard CDD, but must be collected for tax purposes under the Income Tax Act when applicable. CheckFile supports over 3,200 document types across 32 jurisdictions, enabling rapid verification of provincial driving licences from all 13 Canadian provinces and territories, as well as international documents for non-resident clients.

2. Enhanced Due Diligence (EDD) for High-Risk Clients

The PCMLTFA Regulations (ss. 60.2–62) require EDD for: domestic and foreign politically exposed persons (PEPs) and their heads of international organizations (HIOs) and their family members and close associates, clients from FATF-identified high-risk jurisdictions, and clients with complex or opaque beneficial ownership structures.

EDD measures must include: confirming the source of funds, obtaining senior management approval, and applying enhanced ongoing monitoring. A key difference from the EU framework is that Canada requires EDD for domestic PEPs (federal and provincial politicians, senior government officials, judges) in addition to foreign PEPs, creating a broader EDD trigger population for Canadian wealth managers.

For detailed EDD procedures applicable to Canadian wealth managers, see our guide on enhanced due diligence for high-risk clients.

3. Ongoing Monitoring

The PCMLTFA (s. 9.6) requires reporting entities to keep client information up to date and monitor business relationships on an ongoing basis. The FINTRAC guidelines recommend annual reviews for high-risk clients and reviews at least every three years for standard-risk clients. Monitoring must include reviewing transaction patterns against the client's known profile and flagging atypical activity.

FINTRAC's 2025-2026 examination priorities specifically target the adequacy of ongoing monitoring systems at portfolio managers and investment dealers, following findings that 34% of examined firms lacked systematic procedures for flagging beneficial ownership changes in corporate client structures. (FINTRAC, Annual Report 2025)

4. Suspicious Transaction Reports (STRs)

Reporting entities must submit a Suspicious Transaction Report (STR) to FINTRAC through the FINTRAC Web Reporting System within 30 days of the day on which the entity first detects a fact that leads it to suspect a transaction is related to money laundering or terrorist financing (PCMLTFA, s. 7). There is no minimum threshold for STR filing — suspicion alone triggers the obligation regardless of transaction size.

In addition, Large Cash Transaction Reports (LCTRs) are required for cash transactions of CAD $10,000 or more, and Electronic Funds Transfer Reports (EFTRs) for international wire transfers of CAD $10,000 or more.

5. Record-Keeping (5 to 7 Years)

PCMLTFA Regulations require keeping client identification records for 5 years after the last business activity (or 5 years from the creation of the record for certain transaction records). Corporate client records must be kept for 7 years. All records must be available to FINTRAC within 30 days of a request.

AML Risk Classification for Canadian Wealth Managers

2026 Updates: Regulatory Amendments and Provincial Variations

Key 2026 changes to the PCMLTFA framework:

• Beneficial ownership: new verification methods added for trusts and complex corporate structures, including a requirement to verify trustee identity and settlor identity where determinable.
• Correspondent banking relationships: enhanced due diligence requirements for international transfers involving correspondent relationships with financial institutions in high-risk jurisdictions.
• Virtual assets: crypto asset exchanges and custodians are now treated as "money services businesses" under the PCMLTFA, requiring the same KYC/AML compliance as traditional financial institutions.

Provincial variations: Quebec wealth managers must additionally comply with Loi 25 (Loi modernisant des dispositions législatives en matière de protection des renseignements personnels), which introduced consent and data governance requirements for client personal data that are more stringent than PIPEDA. Ontario's Securities Commission (OSC) applies its own AML compliance standards through the dealer registration regime.

Penalties for Non-Compliance

FINTRAC can impose administrative monetary penalties up to CAD $1 million for individuals and CAD $2 million for entities per violation. The RCMP and Public Prosecution Service of Canada handle criminal prosecutions. Conviction for money laundering under the Criminal Code of Canada (Part XII.2) carries penalties of up to 10 years imprisonment.

For a comprehensive overview of AML obligations across all sectors, see our complete guide to anti-money laundering compliance.

How to Automate AML Document Verification for Canadian Wealth Managers

Canadian wealth managers face a unique compliance challenge: provincial diversity in identification documents (13 different provincial/territorial driver's licences and ID cards), a significant non-resident client population, and FINTRAC's requirement for contemporaneous records of verification. CheckFile provides a methodology combining OCR, metadata analysis, and cross-document consistency checks that handles Canadian provincial IDs as well as international documents.

The API integration embeds document verification into existing CRM and portfolio management systems (Salesforce, Croesus, PortfolioPath) without disrupting the adviser workflow. See pricing information or contact us for a compliance-focused demo.

Frequently Asked Questions

Do portfolio managers registered with provincial securities commissions need a FINTRAC registration?

Yes. Portfolio managers that execute or arrange transactions in securities must register as "securities dealers" with FINTRAC (separately from their provincial registration) and comply with all PCMLTFA obligations. The provincial securities registration and the FINTRAC registration are parallel and independent requirements.

How does PIPEDA affect the KYC process in Canada?

PIPEDA requires informed consent for collecting personal information, with exceptions for legal compliance purposes. The PCMLTFA obligation to collect and verify client identity constitutes a "legal requirement" that overrides PIPEDA's consent requirement. However, firms must document the legal basis for collection and must not use KYC data for purposes beyond what is necessary for AML/ATF compliance.

What is required for EDD on a domestic PEP in Canada?

For a domestic PEP (e.g., a federal cabinet minister or a provincial premier), EDD requires: verified government-issued photo ID, source of funds documentation (pay stubs, T4 or T1 General, parliamentary salary records where available), written approval from a senior officer before the relationship proceeds, and annual reviews of the relationship.

Is a SIN number required for all wealth management clients?

No — SIN is not required for KYC/AML purposes under the PCMLTFA. However, it is required under the Income Tax Act when the client earns investment income or capital gains that must be reported to the CRA. Firms typically collect SIN as part of the account-opening process for tax reporting purposes, not specifically for AML compliance.

What are the FINTRAC record-keeping requirements for electronic records?

FINTRAC accepts electronic records if they are readily accessible, in a format that does not prevent FINTRAC from reading, copying, or reproducing them, and include electronic signatures or authentication as applicable. Records must be provided to FINTRAC within 30 days of a written request or within any shorter period specified in a production order.