Breaking down FINTRAC’s Anti-Money Laundering (AML) compliance crackdown

Breaking down the data

Trends in AMPs

By analyzing FINTRAC’s public notice of AMPs from 2020 to 2024 and the 49 penalties issued as of March 31, 2025, we can identify the most impacted business sectors. The three sectors that received the most AMPs include:

• Real estate brokerages: 17 penalties issued
• Money services businesses (MSBs): 16 penalties issued
• Banks: Seven penalties issued

This trend aligns with FINTRAC’s evolving examination focuses. From 2020 to 2023, the sectors with the most FINTRAC examinations were MSBs, real estate, and securities dealers. However, from 2023 to 2024, FINTRAC had a greater examination focus on financial entities, as the sector joined MSBs, securities dealers, and real estate in being the most examined sectors during this period.

While these sectors are most commonly examined by FINTRAC, it’s important to remember that any business covered under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act — known as a Reporting Entity — needs to be prepared. FINTRAC can initiate an examination at any time, no matter the industry, size, or scale of the business.

Severity of AMPs

There also appears to be a trend in penalties becoming more severe and common in recent years, as summarized in the table below. According to FINTRAC’s public notice of AMPs, total penalties levied toward non-compliant Reporting Entities have increased by 40 times.

The table below highlights the sectors with the most severe penalties to date. Historically, banks and MSBs have received the largest AMPs, averaging at $3.2 million and $481,000, respectively. However, in contrast, the average AMP for the remaining sectors is approximately $130,000.

As the federal government’s latest proposal is to issue 40 times higher penalties, this is a wake-up call for businesses that have yet to take compliance seriously. 

Common AML program shortfalls

By looking at the specific violations that have led to AMPs, businesses may be able to pinpoint areas where their compliance program may be falling short. While some of these issues stem from simple oversight, others may indicate a weakness or significant gaps in your compliance programs.

By analyzing the 49 penalties that were issued to Reporting Entities as of March 31, 2025, the following common AML program shortfalls were identified.

1. Policies and procedures

Sixty-three percent of Reporting Entities received AMPs related to their policies and procedures. These relate to both the documentation and the implementation of the policies and procedures.

The most common penalty in this category relates to the documentation and/or implementation of ongoing monitoring procedures as these businesses did not apply, conduct, and/or have sufficient ongoing monitoring measures in place for their business relationships.

Other common policy and procedure penalties related to third-party determinations, record-keeping, reporting, ministerial directives, and client identification requirements.

2. Risk assessments

Sixty-three percent of Reporting Entities received AMPs related to their risk assessment. Of those, the three most common areas where the risk assessment was noted as deficient include:

• Inadequate consideration of geographic risks
• Failure to consider all products and delivery channels
• Inadequate consideration of the risk associated with clients and business relationships

Entities are repeatedly missing sufficient detail when considering and documenting the money laundering and terrorist financing risks their business faces across these dimensions.

3. Missed reports

Fifty-one percent of Reporting Entities missed report filings:

• Suspicious transaction reports: 20 violations
• Electronic funds transfer reports: Six violations
• Large cash transaction reports: Six violations
• Large virtual currency transaction reports: One violation

Sometimes, entities might not realize that the systems they’ve put in place to detect all reportable activity aren’t working as expected. This can lead to missed reports or overlooked aggregations.

Another deficiency area relates to data quality, which can lead to inaccuracies in the disclosures sent to FINTRAC, and in turn, damages the value of the intelligence that can be gleaned from these reports. With the wholesale changes implemented in FINTRAC’s reporting forms, businesses should pay special attention to the quality of data reported to FINTRAC, ensuring that all information on file is reported accurately and reasonable measures were taken to fill out all applicable sections.

4. Prescribed reviews

A prescribed review tests the effectiveness of your compliance program and is required, at minimum, every two years. Forty-one percent of Reporting Entities received AMPs related to their prescribed review. We further observed that 65 percent of those failed to institute and document a review, and the other 35 percent had inadequate reviews.

Entities need to ensure their reviews occur every two years at a minimum, are conducted by a qualified and independent party, and that these reviews cover all areas of their compliance program in sufficient detail to identify possible areas of non-compliance.

5. Record keeping

Thirty-one percent of Reporting Entities received AMPs related to their record-keeping. The most repeated penalties are related to client and identity verification information. Entities must ensure required information is recorded at the time of onboarding/transaction and maintained on file for a minimum of five years.

6. Training programs

Thirty-one percent of Reporting Entities received AMPs related to their training programs. These entities failed to develop and maintain a written ongoing compliance training program, had incomplete and/or outdated training program documentation, or failed to implement and deliver the training program to staff.

What this means for your business

If you’re wondering whether your business is at risk, keep this in mind: AMPs aren’t only reserved for financial institutions or other large Reporting Entities. Businesses of all sizes are being penalized for failing to meet FINTRAC’s expectations.

Here are three takeaways from the data above:

Compliance is no longer an option: The cost of non-compliance is increasing dramatically — by 40 times, to be exact.

Your reputation could be at risk: Publicized penalties can destroy customer trust.

Regulatory scrutiny is growing: Compliance is something you should take more seriously than ever.

It is important to stay up-to-date with FINTRAC’s guidance and develop an AML compliance program that meets the requirements and addresses current risk trends.

Learn more in our AMPs series

This article is the first of our four-part series on administrative monetary penalties. Stay tuned for part two of the series, where our advisors delve deeper into AMPs, their impact on financial institutions, and emerging trends.