AML Resources & Guidance

An AML independent review is a mandatory assessment of your compliance program required under Canada's Proceeds of Crime (Money Laundering) and Terrorist Financing Act. FINTRAC requires that all reporting entities — including banks, MSBs, crypto exchanges, real estate brokers, and others — undergo an independent effectiveness review at least every two years. The review must be conducted by an internal auditor, a compliance officer (not the one being reviewed), or an external specialist like C&G.

The duration depends on the size and complexity of your organisation. For a typical MSB or small-to-mid-size reporting entity, C&G completes an independent review in 2–4 weeks from the time we receive access to your documentation. Larger or more complex organisations may require 4–8 weeks. We provide a written review report upon completion that can be presented to FINTRAC.

Missing the mandatory 2-year review deadline is itself a compliance deficiency that FINTRAC will identify during an examination — and it can contribute to an administrative monetary penalty (AMP). If you are overdue, contact us immediately. We can complete a catch-up review quickly and help you document the circumstances, which is important context if FINTRAC does conduct an examination.

Call us immediately at +1 (289) 505-1158. Do not wait. FINTRAC typically provides 30–90 days' notice before an on-site examination, and that time is critical for preparation. C&G will conduct a rapid readiness assessment, identify gaps, implement remediation, train your staff, and if needed, stand alongside your compliance officer during the examination itself. The earlier you engage us, the better your outcome.

FINTRAC examiners assess whether your compliance program meets all requirements of the PCMLTFA — including: a written compliance policies and procedures manual, a risk assessment, an ongoing training program, a compliance officer designation, a customer due diligence/KYC process, and transaction monitoring and reporting (STRs, LCTRs, EFTRs as applicable). They also review your records to confirm actual compliance with these policies. C&G has helped dozens of reporting entities prepare for and pass FINTRAC examinations.

FINTRAC can issue Administrative Monetary Penalties (AMPs) ranging from $1 to $1,000,000 per violation for individuals, and up to $2,000,000 per violation for businesses. Serious or willful non-compliance can also be referred for criminal prosecution. Penalties are published publicly on FINTRAC's website, creating reputational damage in addition to financial exposure. The key to avoiding penalties is having a robust, documented, and demonstrably effective AML compliance program.

Most businesses that deal in financial transactions are required to register with FINTRAC as a reporting entity. This includes money services businesses, currency dealers, cryptocurrency exchanges, real estate brokers and developers, casinos, dealers in precious metals or stones, and certain financial entities. Recent regulatory changes have also brought leasing/financing companies and private ABM acquirers within FINTRAC's scope. If you are unsure whether your business is captured, contact C&G for a no-obligation assessment.

FINTRAC's compliance program requirements include five core elements: (1) a designated compliance officer responsible for implementing the program; (2) written compliance policies and procedures; (3) a documented risk assessment; (4) an ongoing employee training program; and (5) an effectiveness review conducted at least every two years by an independent party. Beyond these five pillars, reporting entities must also meet specific obligations around record-keeping, know-your-client (KYC), and transaction reporting (STRs, LCTRs, EFTRs).

A Compliance Officer — sometimes referred to as a Chief AML Officer — is the senior officer responsible for overseeing and implementing your AML compliance program. FINTRAC requires every reporting entity to designate a compliance officer. This person must have the authority, resources, and knowledge to manage the program effectively. C&G helps businesses identify, appoint, and support their compliance officer — and can provide training and advisory services to ensure they are equipped to meet FINTRAC's expectations.

Do not confront the suspected individual or take internal action before consulting a forensic specialist. Premature confrontation can compromise the integrity of evidence and your ability to pursue recovery or prosecution. Contact C&G immediately — in strict confidence. We will conduct an independent forensic investigation, preserve and document evidence, trace asset flows, and produce a report suitable for use in legal proceedings, disciplinary action, or insurance claims.

An AML independent review is a forward-looking assessment of whether your compliance program is effective — it evaluates policies, procedures, and controls. A forensic investigation is a retrospective, evidence-based inquiry into suspected wrongdoing — fraud, asset misappropriation, money laundering, or financial crime. Forensic investigations produce evidence-based reports that can withstand scrutiny in legal proceedings. C&G conducts both, and many engagements involve elements of each.