Administrative monetary penalty on VersaBank

[2026-05-05]

VersaBank, a bank headquartered in London, Ontario, was imposed an administrative monetary penalty of $42,075 on February 23, 2026, for committing 2 violations. The violations were found during the course of a compliance assessment activity. The administrative monetary penalty has been paid in full and the case is closed.

Nature of violation

Violation #1

Failure to develop and apply written compliance policies and procedures that are kept up to date and, in the case of an entity, are approved by a senior officer – Proceeds of Crime (Money Laundering) and Terrorist Financing Act, subsection 9.6(1) and Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations, paragraph 156(1)(b)

FINTRAC determined that VersaBank did not develop or apply adequate policies and procedures to meet its prescribed obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and associated Regulations. Specifically, VersaBank did not adequately document the required policies and procedures related to the reasonable grounds to suspect threshold for the filing of suspicious transaction reports, the filing of suspicious transaction reports when fraud is suspected, ongoing monitoring of clients, and performing a prescribed risk assessment at least once every 2 years. FINTRAC determined that VersaBank’s policies and procedures for the ongoing monitoring of its elevated and high-risk clients are inadequate because the monitoring frequency is the same for both categories. FINTRAC also identified that VersaBank’s policies and procedures specifies that it will complete the prescribed risk assessment at least once every 3 years. This does not meet the regulatory requirement, which requires financial institutions to complete the prescribed risk assessment at least once every 2 years.

Violation #1 is classified by the regulations as a Serious violation. The imposed penalty takes into account the criteria in section 73.11 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and section 6 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations.

Violation #2

Failure to take the prescribed special measures that are required to be taken by a person or entity when the person or entity considers that the risk is high, or in the prescribed circumstances, the person or entity shall take the special measures referred to in the regulations – Proceeds of Crime (Money Laundering) and Terrorist Financing Act, subsection 9.6(3) and Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations, section 157.

VersaBank failed to correctly identify elevated and high-risk clients in at least 7 instances and apply enhanced due diligence measures. FINTRAC’s assessment identified 3 instances where clients were identified as “standard risk” but should have been identified as “elevated” risk due to the presence of bank-documented risk factors (such as negative media). In addition, there were 3 separate clients who had triggered multiple alerts against VersaBank’s internal controls and had previous suspicious transaction reports filed on them, which necessitated the application of special measures as prescribed by the Regulations. VersaBank also failed to correctly identify a high-risk client and apply the required enhanced due diligence measures.

Violation #2 is classified by the regulations as a Serious violation. The imposed penalty takes into account the criteria in section 73.11 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and section 6 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations.

Related link

• News release: FINTRAC imposes an administrative monetary penalty on VersaBank