Question 1

Which entities are reporting entities under PCMLTFA?

Accepted Answer

PCMLTFA reporting entities include financial entities (banks, credit unions, trust companies), money services businesses (MSBs), securities dealers, insurance companies and brokers, real estate brokers and sales representatives, real estate developers, casinos, and accountants and accounting firms in certain circumstances. Since 2020, virtual currency dealers registered as MSBs with FINTRAC are also reporting entities subject to the full suite of PCMLTFA obligations, including registration, identification, record-keeping, and transaction reporting requirements.

Question 2

What is a Suspicious Transaction Report (STR) under FINTRAC?

Accepted Answer

A STR must be filed when there are reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing. Unlike the Large Cash Transaction Report, there is no monetary threshold — the obligation is triggered by suspicion, not by the amount involved. STRs must be filed with FINTRAC within 30 days of the date on which the reporting entity first detected the facts giving rise to the suspicion, and disclosing the existence of an STR to the subject is a criminal offence under the PCMLTFA.

Question 3

How does Loi 25 (Québec) affect customer data in AML processes?

Accepted Answer

Québec's Law 25 (with key provisions effective September 2023) introduces stricter data privacy requirements than the baseline federal PIPEDA standard, including mandatory Privacy Impact Assessments (PIAs) for personal information projects, a 72-hour breach notification obligation to the Commission d'accès à l'information (CAI), and strengthened consent requirements for the collection and use of personal information. Financial institutions and other reporting entities operating in Québec must simultaneously satisfy both their PIPEDA (federal) and Law 25 (provincial) obligations when collecting, using, and retaining AML-related customer data, including sensitive identifiers such as the Social Insurance Number (SIN).

Question 4

What are FINTRAC penalties for non-compliant AML programs?

Accepted Answer

FINTRAC can impose administrative monetary penalties (AMPs) of up to CAD $500,000 per violation for individuals and CAD $1 million per violation for entities, with each discrete failure to comply treated as a separate violation. Serious and intentional violations can be referred to the Director of Public Prosecutions for criminal prosecution under the PCMLTFA, with penalties including fines and imprisonment of up to five years. FINTRAC publishes details of penalty decisions on its website, making enforcement actions publicly visible — a reputational consequence that frequently exceeds the financial penalty itself.

Question 5

What is the legal penalty for submitting a fake diploma to a Canadian employer?

Accepted Answer

Under the Criminal Code of Canada, forgery (sections 366–368) and fraud (section 380) are indictable offences. Using a forged document carries a maximum penalty of up to 14 years' imprisonment. In addition, the individual faces summary dismissal for cause, and in regulated professions, professional sanctions from the relevant provincial body. The mode of forgery — manual alteration or AI-generated document — does not affect criminal liability.

Question 6

Does PIPEDA apply to the credential verification process?

Accepted Answer

Yes. Collecting and processing a candidate's personal information — including their degree certificates, transcripts, and identity documents — during verification is subject to PIPEDA for most private-sector employers. Employers must inform candidates of the verification, obtain their consent, limit data collection to what is necessary, and store records securely. Quebec employers are subject to Loi 25, which imposes stricter obligations. The Office of the Privacy Commissioner (OPC) publishes practical guidance on privacy-compliant hiring.

Question 7

Is there a national credential verification database in Canada?

Accepted Answer

No. Canada's decentralized education system — in which each province grants degree-awarding authority separately — means there is no single national equivalent of a central credential registry. The ARUCC MyCreds platform is the closest approximation: it enables graduates at participating post-secondary institutions to share digitally signed credentials with employers. For institutions not on MyCreds, employers must contact the registrar directly. The CICIC is the reference point for assessing whether an institution is recognized, and WES handles international credential assessment.

Question 8

How do I verify a work permit without physically inspecting the document?

Accepted Answer

Use the IRCC Employer Portal for real-time digital verification of work permit status, conditions, and employer authorization. Physical inspection of a work permit document alone is no longer sufficient, given the quality of AI-generated replicas. For employers with ongoing obligations under the Temporary Foreign Worker Program or International Mobility Program, the portal also provides the record-keeping infrastructure required under the Immigration and Refugee Protection Regulations.

Question 9

What sectors face the highest risk from credential fraud in Canada?

Accepted Answer

The highest-risk sectors are those where a professional credential is both the gateway to employment and a direct determinant of public safety: healthcare (nursing, medicine, pharmacy), engineering, law, financial services (investment advisers, compliance officers), and education (teachers, school administrators). In each of these sectors, the relevant provincial regulatory body maintains an online register that employers can query in real time. Financial services employers subject to FINTRAC or OSFI oversight face additional obligations under the PCMLTFA and OSFI fitness and propriety guidelines.

Question 10

Is adverse media screening specifically required under the PCMLTFA?

Accepted Answer

Adverse media screening is not named as such in the PCMLTFA text, but it is a standard component of the ongoing monitoring obligation in PCMLTFR section 11.1 and is expected by FINTRAC as part of a robust compliance programme. FINTRAC's examination methodology assesses whether reporting entities have effective processes to detect suspicious activity — and adverse media is one of the key inputs to that detection. Reporting entities that rely solely on transaction monitoring without any adverse media programme are unlikely to satisfy FINTRAC that their ongoing monitoring is adequate.

Compliance

Risk-Based AML Compliance in Canada: Customer Risk Scoring Under PCMLTFA/FINTRAC 2026

AI CV and Diploma Fraud: Canadian Employer Guide 2026

Adverse Media Screening for FINTRAC Compliance: Canada 2026

AML Compliance for Real Estate Agents in Canada 2026: FINTRAC and PCMLTFA Guide

Enhanced Due Diligence (EDD) in Canada: Complete FINTRAC & PCMLTFA Compliance Guide

Perpetual KYC: Continuous Customer Monitoring for Canadian Institutions 2026

Retail Employee Screening: Canadian Compliance Guide 2026

EU AI Act Synthetic Media: Obligations for Canadian Businesses 2026

Synthetic Identity Fraud: How AI Fabricates KYC Documents

Cross-Border Compliance in Canada: Document Verification for International Business

KYC Remediation in Canada: Complete Guide to Re-Verifying Customers

Money Laundering Typologies: Schemes and Document Red Flags

AML Red Flags: Suspicious Activity Indicators for Canadian Compliance Teams

SOC 2 Compliance for SaaS in Canada: Document Security, Controls and Audit Readiness

How to Choose an AML Solution: Evaluation Criteria and Checklist

KYC: The Complete Guide for Canadian Businesses in 2026

Sanctions Screening: OFAC, Canadian Autonomous

Equipment Leasing: Document Compliance in 2026

Canadian Digital Identity: Verified.Me, Provincial

Vendor Compliance Certificate Verification in Canada

KYB: Business Document Verification Guide for Canada

OSFI B-13 2026: Doc Verification for Finance

AML Transaction Monitoring: Rules & Alerts

CRA E-Filing 2026: GST/HST Compliance and Document

Work Permit Verification: Canadian Employer Compliance

How to Build a Document Compliance Program from Scratch

Enterprise KYC Solutions Comparison: Features, Pricing and Compliance

PCMLTFA Beneficial Ownership Verification Requirements

Compliance Audit Checklist: Preparation Guide

KYC 2026: Document Verification Requirements in Canada

PEP Screening in Canada: Identify PEPs

Compliance Risk Assessment: A Practical Guide

Due diligence explained: business checklist

PIPEDA and Identity Documents: Compliance Guide

Third-Party Risk Management (TPRM): Complete Guide

PCMLTFA Compliance Guide: What Canadian Reporting

Anti-Money Laundering: Complete AML Compliance Guide

Document Compliance Guide for Businesses in 2026

GRC Guide: Complete Guide 2026

Crypto KYC: CSA, FINTRAC & Verification for 2026

PIPEDA and Document Management: Practical Compliance