If you follow the news, you may remember reading about the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) issuing their largest administrative monetary penalty (AMP) to date, totaling about $9.2 million. As Canada’s financial intelligence unit and AML supervisor, FINTRAC enforces anti-money laundering regulations and ensures businesses comply with strict reporting, record-keeping, client identification, and ongoing monitoring requirements.
To encourage future compliance with AML regulations and promote changes in behaviour, FINTRAC issues AMPs to non-compliant reporting entities. Over the past few years, FINTRAC has significantly increased its enforcement efforts across the sectors covered by the current AML regime. Further, at the end of 2024, the federal government released its Fall Economic Statement, which proposed increasing AMPs 40-fold.
This shift isn’t only about larger penalties — it symbolizes a movement toward more stringent compliance expectations. For business leaders like you, the message is clear: compliance is not optional, and a weak compliance program could result in financial and reputation damage.
The question is: How prepared is your business?
Breaking down the data
Trends in AMPs
By analyzing FINTRAC’s public notice of AMPs from 2020 to 2024 and the 49 penalties issued as of March 31, 2025, we can identify the most impacted business sectors. The three sectors that received the most AMPs include:
- Real estate brokerages: 17 penalties issued
- Money services businesses (MSBs): 16 penalties issued
- Banks: Seven penalties issued
This trend aligns with FINTRAC’s evolving examination focuses. From 2020 to 2023, the sectors with the most FINTRAC examinations were MSBs, real estate, and securities dealers. However, from 2023 to 2024, FINTRAC had a greater examination focus on financial entities, as the sector joined MSBs, securities dealers, and real estate in being the most examined sectors during this period.
While these sectors are most commonly examined by FINTRAC, it’s important to remember that any business covered under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act — known as a Reporting Entity — needs to be prepared. FINTRAC can initiate an examination at any time, no matter the industry, size, or scale of the business.
Severity of AMPs
There also appears to be a trend in penalties becoming more severe and common in recent years, as summarized in the table below. According to FINTRAC’s public notice of AMPs, total penalties levied toward non-compliant Reporting Entities have increased by 40 times.
Year AMP Imposed | Number of Penalties | Total Penalties |
---|---|---|
2020 | 3 | 455,234 |
2021 | 12 | 1,826,613 |
2022 | 9 | 1,811,206 |
2023 | 12 | 10,115,884 |
2024 | 13 | 18,644,865 |
The table below highlights the sectors with the most severe penalties to date. Historically, banks and MSBs have received the largest AMPs, averaging at $3.2 million and $481,000, respectively. However, in contrast, the average AMP for the remaining sectors is approximately $130,000.
Reporting Entity | Number of Penalties | Average of Total Penalty Amount |
---|---|---|
Bank | 7 | 3,187,343 |
Casino | 1 | 147,015 |
Credit Union | 2 | 165,875 |
Dealer in precious metals and stones | 4 | 148,744 |
Money services business | 16 | 480,607 |
Real estate brokerage | 17 | 126,121 |
Securities dealer | 2 | 57,750 |
As the federal government’s latest proposal is to issue 40 times higher penalties, this is a wake-up call for businesses that have yet to take compliance seriously.
Common AML program shortfalls
By looking at the specific violations that have led to AMPs, businesses may be able to pinpoint areas where their compliance program may be falling short. While some of these issues stem from simple oversight, others may indicate a weakness or significant gaps in your compliance programs.
By analyzing the 49 penalties that were issued to Reporting Entities as of March 31, 2025, the following common AML program shortfalls were identified.
1. Policies and procedures
Sixty-three percent of Reporting Entities received AMPs related to their policies and procedures. These relate to both the documentation and the implementation of the policies and procedures.
The most common penalty in this category relates to the documentation and/or implementation of ongoing monitoring procedures as these businesses did not apply, conduct, and/or have sufficient ongoing monitoring measures in place for their business relationships.
Other common policy and procedure penalties related to third-party determinations, record-keeping, reporting, ministerial directives, and client identification requirements.
2. Risk assessments
Sixty-three percent of Reporting Entities received AMPs related to their risk assessment. Of those, the three most common areas where the risk assessment was noted as deficient include:
- Inadequate consideration of geographic risks
- Failure to consider all products and delivery channels
- Inadequate consideration of the risk associated with clients and business relationships
Entities are repeatedly missing sufficient detail when considering and documenting the money laundering and terrorist financing risks their business faces across these dimensions.
3. Missed reports
Fifty-one percent of Reporting Entities missed report filings:
- Suspicious transaction reports: 20 violations
- Electronic funds transfer reports: Six violations
- Large cash transaction reports: Six violations
- Large virtual currency transaction reports: One violation
Sometimes, entities might not realize that the systems they’ve put in place to detect all reportable activity aren’t working as expected. This can lead to missed reports or overlooked aggregations.
Another deficiency area relates to data quality, which can lead to inaccuracies in the disclosures sent to FINTRAC, and in turn, damages the value of the intelligence that can be gleaned from these reports. With the wholesale changes implemented in FINTRAC’s reporting forms, businesses should pay special attention to the quality of data reported to FINTRAC, ensuring that all information on file is reported accurately and reasonable measures were taken to fill out all applicable sections.
4. Prescribed reviews
A prescribed review tests the effectiveness of your compliance program and is required, at minimum, every two years. Forty-one percent of Reporting Entities received AMPs related to their prescribed review. We further observed that 65 percent of those failed to institute and document a review, and the other 35 percent had inadequate reviews.
Entities need to ensure their reviews occur every two years at a minimum, are conducted by a qualified and independent party, and that these reviews cover all areas of their compliance program in sufficient detail to identify possible areas of non-compliance.
5. Record keeping
Thirty-one percent of Reporting Entities received AMPs related to their record-keeping. The most repeated penalties are related to client and identity verification information. Entities must ensure required information is recorded at the time of onboarding/transaction and maintained on file for a minimum of five years.
6. Training programs
Thirty-one percent of Reporting Entities received AMPs related to their training programs. These entities failed to develop and maintain a written ongoing compliance training program, had incomplete and/or outdated training program documentation, or failed to implement and deliver the training program to staff.
What this means for your business
If you’re wondering whether your business is at risk, keep this in mind: AMPs aren’t only reserved for financial institutions or other large Reporting Entities. Businesses of all sizes are being penalized for failing to meet FINTRAC’s expectations.
Here are three takeaways from the data above:
Compliance is no longer an option: The cost of non-compliance is increasing dramatically — by 40 times, to be exact.
Your reputation could be at risk: Publicized penalties can destroy customer trust.
Regulatory scrutiny is growing: Compliance is something you should take more seriously than ever.
It is important to stay up-to-date with FINTRAC’s guidance and develop an AML compliance program that meets the requirements and addresses current risk trends.
Learn more in our AMPs series
This article is the first of our four-part series on administrative monetary penalties. Stay tuned for part two of the series, where our advisors delve deeper into AMPs, their impact on financial institutions, and emerging trends.
We're here every step of the way
If you’re unsure whether your compliance program meets FINTRAC’s standards, now is the time to act. MNP’s team of advisors are here to help assess your current state and can help you stay ahead of regulatory changes. To learn more, reach out to our AML team today.