EU AMLA: What Canadian Firms with EU Operations Must Know

The European Union's new anti-money laundering architecture is no longer a distant concern for Canadian financial institutions. With the EU Anti-Money Laundering Authority (AMLA) operational since 1 July 2025 and the directly applicable AML Regulation (AMLR, Regulation (EU) 2024/1624) taking effect from 10 July 2027, Canadian banks, investment dealers, and fintech firms with EU branches or subsidiaries face a concrete new compliance layer — on top of their existing obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and FINTRAC.

This article explains the AMLA framework, how it compares to Canada's domestic AML regime, and what compliance officers at Canadian firms with EU exposure need to do now.

---

What Is AMLA and Does It Apply to Canadian Firms?

AMLA — the EU Anti-Money Laundering Authority — was created by Regulation (EU) 2024/1620 and is headquartered at the Messeturm in Frankfurt, Germany. It is the new EU-level supervisor responsible for coordinating financial intelligence units (FIUs) across member states and directly supervising the highest-risk obliged entities operating in the EU single market.

Does AMLA directly regulate Canadian firms? No. AMLA's jurisdiction is confined to entities operating within the European Union. Canadian financial institutions operating solely within Canada remain governed exclusively by PCMLTFA and supervised by FINTRAC, with OSFI providing prudential oversight for federally regulated institutions.

However, the picture changes significantly for Canadian firms with EU operations. A Canadian bank with a branch in Frankfurt, a subsidiary in Amsterdam, or a significant client-servicing operation in Paris must comply with the AMLR in those EU jurisdictions. The AMLR is directly applicable — meaning it does not need to be transposed into national law — and will govern AML/CFT obligations for all obliged entities operating in EU member states from 10 July 2027.

In short: Canada remains the primary AML jurisdiction for domestic operations, but Canadian groups with EU footprints must plan for dual-regime compliance. FINTRAC and PCMLTFA govern your Canadian book; AMLA and the AMLR govern your EU book.

---

AMLA vs FINTRAC/PCMLTFA: A Comparison

Understanding where the two frameworks align — and where they diverge — is the first step for any compliance officer managing cross-border obligations.

---

Timeline: Key AMLA Dates Canadian Compliance Officers Should Track

The AMLA framework has a phased rollout. Canadian firms should map these milestones against their own internal planning cycles.

A note on OSFI: Guideline E-13 (Proceeds of Crime and Terrorist Financing) sets OSFI's expectations for federally regulated financial institutions on AML/ATF controls. As AMLA matures, OSFI may update E-13 to reflect emerging international standards, particularly for Canadian banks with material EU operations. Compliance officers should monitor OSFI publications alongside AMLA's technical output.

---

AMLR Obligations for EU-Based Operations of Canadian Firms

From 10 July 2027, the AMLR imposes a detailed set of obligations on all obliged entities operating in the EU. For Canadian firms, the most operationally significant requirements include:

Customer Due Diligence (CDD). EU entities must verify customer identity before establishing a business relationship or conducting occasional transactions above €10,000 (or €3,000 for cash). Enhanced due diligence applies for politically exposed persons (PEPs), high-risk third countries, and complex or unusual transactions.

Beneficial Ownership (UBO). The AMLR sets the beneficial ownership identification threshold at 25% or more of shares or voting rights (AMLR Art. 62). Canadian compliance officers will find this familiar: the CBCA (Canada Business Corporations Act) amendments requiring corporations to maintain registers of individuals with "significant control" use the same 25% threshold.

"The AMLR's 25% beneficial ownership threshold mirrors Canada's CBCA significant control register requirement — both use the same 25% threshold, simplifying cross-border compliance for Canadian firms with EU operations." [Sources: Regulation (EU) 2024/1624, Art. 62; CBCA s. 21.1]

Cash Payment Cap. The AMLR introduces an EU-wide €10,000 cap on cash payments. This has no direct Canadian equivalent at the federal level, but Canadian firms must train their EU-based staff accordingly and update their transaction monitoring rules for EU operations.

Record-Keeping. Five-year retention of CDD records and transaction documentation is required under the AMLR. This aligns with PCMLTFA's five-year retention requirement, reducing the operational burden for firms maintaining unified records management.

Reporting to FIUs. EU-based entities must file suspicious transaction reports with their relevant national FIU (not FINTRAC). Canadian compliance teams must ensure that EU entity STRs are routed to the correct national FIU and that there is no conflation with Canadian FINTRAC reporting.

---

Provincial Considerations: Quebec and AMLA

Canadian compliance officers based in Quebec, or at institutions with significant Quebec operations, face an additional layer of complexity.

Quebec operates under a civil law system (derived from the French legal tradition), distinct from the common law system in other Canadian provinces. Quebec's financial markets regulator is the AMF Québec (Autorité des marchés financiers), which should not be confused with France's AMF (Autorité des marchés financiers) — the acronym is shared, but these are entirely separate regulators with no hierarchical relationship.

On privacy, Quebec's Loi 25 (Act respecting the protection of personal information in the private sector, as amended in 2021–2023) imposes stricter requirements than the federal PIPEDA, including mandatory privacy impact assessments and shorter breach notification timelines. Canadian firms operating in Quebec and the EU therefore face three overlapping privacy regimes: GDPR (for EU data subjects), Loi 25 (for Quebec data subjects), and PIPEDA (for other Canadian data subjects).

For AML compliance specifically, FINTRAC and PCMLTFA apply uniformly across all provinces, including Quebec. However, client identification documents may differ: Quebec-issued driver's licences, health cards, and other provincial IDs must be treated consistently within a Canadian firm's KYC framework, alongside EU national identity documents for EU-facing operations.

---

New Obliged Entities: Crypto and Beyond

The AMLR significantly expands the scope of obliged entities in the EU. Crypto-asset service providers (CASPs) authorised under the EU's Markets in Crypto-Assets Regulation (MiCA) are brought fully within the AMLR's AML/CFT framework. This means any Canadian crypto exchange, custodian, or payment processor operating in the EU must register as a CASP under MiCA and comply with the AMLR's CDD, UBO, and reporting obligations.

In Canada, crypto businesses must register with FINTRAC as Money Services Businesses (MSBs). The registration and reporting frameworks differ in important ways:

• FINTRAC MSB registration covers both domestic and foreign-located businesses serving Canadian clients.
• MiCA CASP authorisation is required per EU member state (or passported across the EU single market).
• AML obligations under AMLR for CASPs are more granular than PCMLTFA's current requirements, particularly around transaction monitoring thresholds and travel rule implementation.

Canadian crypto firms with EU ambitions should begin MiCA/AMLR readiness assessments immediately, given that AMLR compliance is required from July 2027 and MiCA authorisation processes are already underway in EU member states.

Beyond crypto, the AMLR also brings certain high-value goods dealers, real estate agents, and professional service providers (lawyers, accountants, notaries) within the obliged entity perimeter. Canadian professional services firms with EU offices should audit their EU-entity AML programmes against the AMLR's expanded scope.

---

Practical Steps for Canadian Firms with EU Exposure

Compliance teams at Canadian firms with EU operations should consider the following actions before the July 2027 AMLR go-live:

1. Map your EU footprint. Identify all EU branches, subsidiaries, and passported entities. Determine which will be subject to direct AMLA supervision (the initial cohort of up to 40 entities from January 2028 will be selected based on cross-border risk and size).

2. Gap analysis against AMLR. Compare your EU entities' current AML policies against AMLR requirements. Focus on CDD triggers, UBO identification at 25%, cash handling procedures, and STR routing to national FIUs.

3. Unify UBO registers. The alignment of AMLR's 25% threshold with CBCA's significant control definition is an opportunity: build a single global UBO register that satisfies both frameworks, reducing duplication.

4. Update your document verification technology. EU nationals presenting identity documents (national ID cards, passports) must be verified against AMLR standards. Canadian clients may present SINs (Social Insurance Numbers) or provincial IDs. A platform capable of handling both reduces operational friction.

5. Train EU-based staff. EU branch employees need training on AMLR-specific obligations — particularly the €10,000 cash cap, enhanced CDD for high-risk countries, and the 5-day FIU response window — which differ from PCMLTFA.

6. Monitor AMLA technical standards. AMLA will issue binding regulatory technical standards (RTS) and guidelines over 2025–2027. Assign responsibility for tracking AMLA publications alongside OSFI and FINTRAC updates.

CheckFile's document verification platform supports 3,200+ document types across 32 jurisdictions, including EU national identity documents, Canadian provincial IDs, and international passports — helping compliance teams at Canadian firms meet both FINTRAC and AMLR customer identification requirements from a single workflow. Learn more about our KYC banking solutions, review CheckFile pricing, or explore our security architecture.

For a broader overview of document compliance requirements, see our document compliance guide.

---

Frequently Asked Questions

Does AMLA directly apply to Canadian financial institutions?

No. AMLA's jurisdiction covers entities operating within the European Union. Canadian financial institutions operating solely in Canada are governed by PCMLTFA and supervised by FINTRAC (with OSFI providing prudential oversight). However, any Canadian firm with EU branches, subsidiaries, or EU-licensed entities must comply with the AMLR in those EU jurisdictions from 10 July 2027. The AMLR is directly applicable EU law — it does not need national transposition — and overrides any less stringent national AML rules in EU member states.

How does FINTRAC's STR threshold compare to EU FIU requirements?

In Canada, Suspicious Transaction Reports (STRs) must be filed with FINTRAC whenever there are reasonable grounds to suspect a transaction is related to money laundering or terrorist financing — there is no minimum dollar threshold. Large Cash Transaction Reports (LCTRs) are separately required for cash transactions of CAD $10,000 or more. In the EU under the AMLR, obliged entities must report suspicious transactions to their national FIU and must respond to FIU information requests within 5 working days. The EU does not apply a single EU-wide monetary threshold for STR filing; the obligation is risk- and suspicion-based, similar to Canada's approach. However, the €10,000 cash payment cap under the AMLR is a significant new restriction with no direct Canadian federal equivalent.

What is the beneficial ownership threshold under AMLR vs PCMLTFA?

Both frameworks converge at 25%. The AMLR (Art. 62 of Regulation (EU) 2024/1624) requires identification of beneficial owners holding 25% or more of shares, voting rights, or ownership interest. Canada's CBCA (as amended) requires corporations to maintain a register of individuals with "significant control," defined as holding 25% or more of shares or votes. PCMLTFA and FINTRAC guidelines also use a 25% threshold for beneficial ownership identification in the context of corporate customer due diligence. This alignment simplifies compliance for Canadian firms operating across both jurisdictions.

Do Canadian crypto firms need to comply with AMLA?

Canadian crypto firms operating solely in Canada must register with FINTRAC as Money Services Businesses (MSBs) and comply with PCMLTFA obligations. If a Canadian crypto firm operates in the EU — offering services to EU residents, holding a MiCA CASP authorisation, or maintaining an EU establishment — it must also comply with the AMLR's AML/CFT requirements for crypto-asset service providers from 10 July 2027. AMLA will have direct supervisory authority over the largest and highest-risk CASPs. Canadian crypto firms should assess their EU exposure and begin MiCA/AMLR readiness planning now.

How does CheckFile support Canadian firms with EU AML compliance?

CheckFile provides automated document verification for KYC and AML workflows, supporting 3,200+ document types across 32 jurisdictions — including Canadian provincial identity documents, EU national identity cards, and international travel documents. Our platform helps compliance teams at Canadian firms with EU operations run consistent, auditable identity checks that meet both FINTRAC's customer identification requirements under PCMLTFA and the AMLR's CDD standards. Explore our KYC banking solutions or contact us to discuss your cross-border compliance needs.

---

Regulated disclaimer: This article is provided for general informational purposes only and does not constitute legal or compliance advice. AML/CFT obligations vary by jurisdiction, entity type, and individual circumstances. Canadian firms with EU operations should seek qualified legal and compliance counsel familiar with both PCMLTFA/FINTRAC requirements and EU AMLR obligations. CheckFile does not provide legal advice.