FINTRAC’s supervisory framework

To ensure transparency and accountability, FINTRAC publishes information on its supervisory activities as part of its Annual Report to Parliament. This information encompasses the elements found in FINTRAC's supervisory strategic plan, including its main supervisory activities, the fulfillment of supervisory objectives, and budget expenditures during the year.

FINTRAC publishes guidance to ensure that reporting entities understand and comply with their regulatory requirements. Providing reporting entities with clear, consistent, and timely guidance promotes transparency, consistency, and effective risk management, which, in turn, builds public trust and maintains alignment with domestic regulations and international standards.

FINTRAC performs industry reviews to gather information from multiple reporting entities on particular themes, risks, controls, legislative obligations, or on other matters related to the financial ecosystem. These reviews serve to

• enhance the understanding of current or emerging trends or issues in a specific topic or theme
• identify and examine industry practices within FINTRAC's mandate
• verify levels of compliance with reporting entities' legislative obligations
• identify areas where additional engagement activities are needed

Memoranda of Understanding between financial regulators enhance cooperation, integration, consistency, and efficiency, leading to better risk management and streamlined regulatory processes. These benefits contribute to a more robust and coordinated regulatory environment, promoting financial system stability and integrity.

Money services businesses registration is a legal requirement under the Act. All money services businesses must register with FINTRAC to operate in Canada, or to provide or direct services to clients in Canada. The registry helps to verify the legitimacy of money services businesses, ensures transparency and accountability in the financial sector, and helps to prevent money laundering and terrorist activity financing through monitoring and regulation. FINTRAC has the authority to revoke the registration of money services businesses if they fail to comply with the requirements set out in the Act and associated Regulations.

Outreach activities are essential for enabling effective supervisory outcomes. Outreach build awareness, and encourages collaboration, and feedback. It also supports FINTRAC in understanding, managing, and mitigating non-compliance risks, helping to inform legislative and regulatory changes, and in building trust with stakeholders.

FINTRAC's public notices of administrative monetary penalties promote transparency, accountability, and deterrence by informing Canadians about non-compliance and encouraging other reporting entities to comply with their regulatory obligations. This contributes to a safe and secure financial system by building public trust, and by encouraging better, proactive compliance practices.

FINTRAC's risk outlooks identify and provide analysis of current and emerging risks. It is a critical resource for reporting entities and provides them with valuable insights into the risk landscape, typologies, trends, and potential vulnerabilities within their operations and broader market contexts.

The risk outlooks inform and enhance reporting entities' approaches to compliance, to assist them in prioritizing and mitigating risks effectively, and to support them in fulfilling their regulatory obligations more efficiently.

Action plans are used by FINTRAC to closely monitor and ensure that reporting entities effectively rectify deficiencies. When non-compliance is detected through supervisory activities, FINTRAC may require a reporting entity to create an action plan detailing the corrective measures they will implement, along with specific timelines.

These plans hold reporting entities accountable for making improvements, allow FINTRAC to track progress on remediation, and maintain open lines of communication regarding the plan's implementation. FINTRAC evaluates the action plans and follows up on the reporting entities' progress to confirm that the necessary changes are made in a timely and effective manner.

A set of measures are in place to safeguard reporting entity employees against reprisal should they report compliance concerns against their employer.

Under the Act, it is an offence for employers, or those acting on their behalf or in a position of authority, to discipline, demote, terminate, or adversely affect an employee's employment, or to threaten such actions, with the intent either to prevent the employee from fulfilling their obligations under the Act or to retaliate against them for having done so.

Examinations can be conducted through various methods, including on-site, off-site, or a hybrid approach that combines multiple techniques depending on the circumstances and objectives of the examination. Regardless of the approach taken, the objective of examinations is the same: to gain insight and establish findings into the strengths and weaknesses of a reporting entity's compliance program.

• Self-attestation: A self-attestation enables reporting entities to proactively evaluate and report on the state of implementation of their compliance program. This process involves a thorough examination by the reporting entity itself, assessing its adherence to the requirements set forth by the Act and associated Regulations.
• Targeted examinations: Targeted examinations are a focused supervisory activity, designed to assess specific components of a reporting entity's compliance program. The scope of a targeted examination emphasizes depth over breadth, concentrating on particular areas of a compliance program rather than evaluating the program in its entirety. This allows for a more detailed and in-depth review of the selected elements.
• Full scope examination: Full scope examinations emphasize breadth and depth, and are designed to thoroughly evaluate the entire compliance program of a reporting entity. The full scope examination encompasses a complete review of the reporting entity's compliance program and all of its components, ensuring that their compliance programs are both technically sound and effective in practice.

A targeted examination or a full scope examination can take the form of either a technical review or an effectiveness review:

• A technical review confirms the presence and proper establishment of a compliance program, either in its entirety or in its scoped components. It involves a detailed verification of the establishment of compliance program components as well as structural aspects such as policies, procedures, and controls, their implementation and their alignment with regulatory requirements.
• An effectiveness review is more in-depth than the technical review. This type of review considers the practical application and outcomes of compliance measures, and assesses how well the compliance program or its elements function in practice. The objective is to determine whether the program or its components, as implemented, are operating as intended and are successfully managing and mitigating a reporting entity's risks.

An information demand allows FINTRAC to request and receive documents or data from reporting entities to verify compliance with the Act and associated Regulations. The requests made through information demands are mandatory, precise and are intended to scrutinize particular elements of a reporting entity's compliance program, or certain documents or transactions. The information obtained helps FINTRAC to confirm that reporting entities are fulfilling their obligations and contribute in assessing the risk exposure of an entity, and inform FINTRAC's overall analysis and oversight activities.

Reporting entities are required to submit certain types of financial transaction reports and compliance-related information to FINTRAC. FINTRAC reviews this reporting for compliance with reporting obligations, ensuring that they are complete, timely, and of high quality. This allows FINTRAC to assess the performance of reporting entities, identify areas where they may need to improve their compliance programs, and determine whether further action is necessary.

Consult the list of mandatory reports.

Money services businesses are legally required to register with FINTRAC before they can operate. Money services businesses registered with FINTRAC must renew their registration every 2 years to continue operating legally. The renewal process includes verifying and updating business information, ownership details, and confirming compliance with record-keeping, reporting, and other obligations under the Act and associated Regulations to ensure continued adherence to Canada's anti-money laundering/anti-terrorist financing regulatory framework.

The scorecard is a tool used by FINTRAC to evaluate the integrity and completeness of mandatory reporting submissions. It serves as a mechanism to detect any deficiencies, such as incomplete data, substandard report quality, or non-compliance with other requirements.

Supervisory colleges are collaborative arrangements among various financial sector regulators and supervisors from different jurisdictions who oversee the activities of complex, cross‑border reporting entities. The objectives of supervisory colleges are to enhance the collective understanding of the global operations of the regulated community, to promote the safety and soundness of the financial system, and to ensure effective and consistent supervision across borders. It does this by facilitating information sharing, coordinating supervisory activities, and assessing risks presented by these multinational reporting entities.

A supervisory letter is an official communication issued by FINTRAC to a reporting entity's senior management. Its purpose is broad: a supervisory letter may convey findings, identify deficiencies, recommend corrective actions, and set out timelines for compliance improvement. It may provide feedback and guidance with supervisory expectations, or impose directives related to specific regulations.

When a reporting entity discovers a deficiency or lapse in its compliance measures, it is expected to proactively report it to FINTRAC, along with a detailed account of the issue, its root causes, and the steps taken to address it.

Voluntary self-declaration is not intended to replace regular monitoring activities, nor to relieve reporting entities of their compliance obligations. Rather, it serves as a complementary mechanism to encourage reporting entities to proactively identify, report, and rectify instances of non-compliance.

Voluntary self-declaration operates on a principle of transparency that allows reporting entities to maintain open communication with FINTRAC, and provides reporting entities an opportunity to receive guidance or assistance to take the necessary steps to meet regulatory responsibilities or to strengthen their compliance program. For more information, consult: Voluntary self-declaration of non-compliance.

An administrative monetary penalty is a civil penalty intended to secure compliance with the Act and associated Regulations and is not intended to be punitive. The Act and the Administrative Monetary Penalties Regulations set out 3 criteria that must be taken into account when determining a penalty amount:

• the purpose of administrative monetary penalties which is to encourage compliance
• the harm done by the violation
• the reporting entity's compliance history

For more information, consult: Assessment and enforcement.

A notice of violation may be accompanied by an offer to enter into a compliance agreement. This incentive is provided with the explicit intent to encourage reporting entities to take concrete, documented action to rectify the underlying issue.

FINTRAC can deny or revoke a money services business' registration for a variety of reasons specified in the Act. Reporting entities can request a review by the Director of FINTRAC to dispute FINTRAC's denial or revocation. In this case, the Director analyses the reporting entity's review request along with FINTRAC's denial or revocation report, and decides whether to confirm the denial or revocation or to suggest other actions.

Note that a reporting entity may appeal the Director's decision to the Federal Court within 30 days of receipt of the notice of denial or revocation.

FINTRAC may disclose instances of non-compliance to law enforcement where the offences and punishment pertain to criminal charges. For more information, consult: Criminal non-compliance offences.

If a reporting entity makes representations to the Director of FINTRAC to dispute a notice of violation, the Director reviews and decides, on a balance of probabilities, whether a violation has occurred. Upon deciding that a violation has occurred, the Director may decide to impose, reduce or cancel the administrative monetary penalty proposed in the notice of violation. This decision is communicated to the reporting entity by way of a notice of decision.

Note that a reporting entity may appeal the notice of decision to the Federal Court within 30 days of receipt.

If FINTRAC believes on reasonable grounds that a reporting entity has committed a violation against the Act or associated Regulations, FINTRAC can issue a notice of violation. A notice of violation is accompanied by an administrative monetary penalty, and may be accompanied by an offer to enter into a compliance agreement.

Notices of violation are published with the name of the reporting entity that committed the violation, and the amount of the penalty.