Proceeds of Crime (Money Laundering) and Terrorist Financing Act its Regulations

    North America

    Proceeds of Crime (Money Laundering) and Terrorist Financing Act its Regulations

    The Proceeds of Crime (Money Laundering) and Terrorist Financing Act of 2000 (PCMLTFA) facilitates combatting the laundering of proceeds of crime and the financing of terrorist activities, as well as to establish the Financial Transactions and Reports Analysis Centre of Canada (‘FINTRAC’)The PCMLTFA is supplemented by five regulations, namely the Cross-Border Currency and Monetary Instruments Reporting Regulations, the Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations, the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations, the Proceeds of Crime (Money Laundering) and Terrorist Financing Registration Regulations, and the Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations. 

    Last Updated: July 30, 2019

  • The PCMLTFA requires (Article 3 PCMLTFA): 

    • establishing record keeping and client identification requirements for financial services providers and other persons or entities that engage in businesses, professions or activities that are susceptible to being used for money laundering or the financing of terrorist activities; 
    • reporting of suspicious financial transactions and of cross-border movements of currency and monetary instruments; and 
    • establishing an agency that is responsible for ensuring compliance and dealing with reported and other information. 

    Moreover, the PCMLTFA outlines, in Article 36, the circumstances under which information regarding money-laundering or terrorist activities may be disclosed to a police force, FINTRAC or to the Canada Revenue Agency (‘CRA’). Furthermore, FINTRAC may disclose designated information to an institution or agency of a foreign state or of an international organisation that has powers and duties similar to those of FINTRAC, if FINTRAC has reasonable grounds to suspect that the information would be relevant to the investigation or prosecution of a money laundering offence or a terrorist activity financing offence, and the Minister of Finance has entered into an agreement with a foreign state or international organisation regarding the exchange of such information (Article 56.1 of the PCMLTFA).  

    Article 38 of the PCMLTFA outlines, that the Minister of Public Safety and Emergency Preparedness may, with the consent of the Minister of Finance, enter into an agreement or arrangement in writing with the government of a foreign state, or an institution or agency of that state, that has similar reporting requirements for the exchange of information. 

    In addition to this, FINTRAC has issued Guidance on the Risk-Based Approach to Combatting Money-Laundering and Terrorist Financing (‘ML/TF’) (‘the Guidance’), which outlines a risk-based approach (‘RBA’) requiring reporting entities to conduct assessments of their exposure to ML/TF risks using a number of prescribed criteria. In particular, compliance regimes of reporting entities must include: 

    • the appointment of a compliance officer; 
    • the development and application of compliance policies and procedures which must be written and kept up to date; 
    • an assessment and the documentation of risks related to ML/TF, as well as the documentation and implementation of mitigation measures to deal with those risks; 
    • an ongoing compliance training program if there are employees, agents, or other individuals authorised to act on behalf of the entity; and 
    • a review of compliance policies and procedures to test their effectiveness. 

    The Guidance further outlines six steps in carrying out such risk assessments 

    In addition to the Guidance, FINTRAC has issued a guideline on Compliance Programme Requirements under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and Associated Regulations (the Compliance Programme Requirements’) which are applicable to all individuals and entities subject to the PCMLTFA, and which mirror the requirements provided by the Guidance and listed above. The Compliance Programme Requirements, in outlining risk assessments, provides guidance on determinative factors for the complexity of the assessment, how to document the assessment, and enhanced measures to mitigate high risks. 

  • How OneTrust Helps

    OneTrust Vendorpedia simplifies third-party risk management by combining automation with aggregated vendor research to streamline the vendor engagement lifecycle, from onboarding to offboarding. The platform helps organizations conduct faster and more in-depth security and privacy reviews. 

    Vendorpedia is backed by the world’s largest and most up-to-date database of privacy and security laws, frameworks, and standards, which directly power and enrich OneTrust Vendorpedia. Research is generated by 30 in-house security and privacy experts and a network of 500 lawyers across 300 jurisdictions. 

    For additional details on Vendorpedia, read more here. 

Want to learn more? Login to the full DataGuidance platform.

About OneTrust

OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust's three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit or connect on LinkedIn, Twitter and Facebook.