Common AML program failures for Canadian MSBs
The compliance program failures that most frequently produce FINTRAC findings are structural, not incidental — and most are preventable.
Preparing for a FINTRAC examination
FINTRAC examinations test operating evidence, not just policy documents — preparation means assembling the records that show how the compliance program runs in practice.
FINTRAC examinations assess the five elements of a compliance program — policies, risk assessment, training, ongoing compliance, and records and reporting — against both the written documentation and the operational evidence that the program is implemented. The distinction between documentation and operating evidence is where most examination findings arise, and it is what preparation needs to address.
How FINTRAC examinations are conducted
FINTRAC examinations can be conducted remotely or on-site. Remote examinations, which are more common, involve the submission of documents and records in response to a structured information request. On-site examinations involve FINTRAC staff reviewing records and interviewing compliance staff directly.
FINTRAC selects businesses for examination based on registration data, reporting patterns, and risk-based criteria. There is no fixed cycle that determines when any given business will be examined. Examinations can follow a complaint, unusual reporting activity, or registration of a new business.
The examination process typically begins with an information request that identifies the documents and records FINTRAC wants to review. The response period is usually 30 days, though FINTRAC can grant extensions. The information request sets the scope of the examination, and the records produced in response to it are the primary basis for the examination findings.
What documents are typically requested
FINTRAC examinations typically request the written AML compliance policies and procedures, the risk assessment, the training program description and training records, a description of the transaction monitoring system and its configuration, records of transactions reported to FINTRAC during the examination period, records of suspicious transaction escalations and their outcomes, the most recent periodic compliance review, and the compliance officer appointment documentation.
The examination period is usually the most recent 12 months or the period since the last examination, whichever is shorter. For businesses that have not been examined before, the examination period may extend further back.
Having a complete and organized set of these records, current as of the examination period, is the core of examination preparation.
Organizing the compliance record
The most useful preparation step is to organize the compliance record into a format that can be submitted quickly in response to a FINTRAC information request. That means having the policy documents in a single accessible location with version history, the risk assessment with its most recent update date, training records organized by employee and topic, monitoring records organized by date and alert, STR records with narratives and supporting documentation, and the periodic compliance review with its findings and outcomes.
Companies that maintain their compliance records in this way as a regular operational practice are in a fundamentally different position from companies that reconstruct their records in response to an examination request. The former can respond to the information request quickly and accurately. The latter spend the examination period trying to reconstruct what they did and why.
What examiners test in interviews
On-site examinations and follow-up calls typically involve questions to compliance staff about how the program operates in practice. Examiners ask how a specific type of transaction is identified and reviewed, who is responsible for escalating suspicious activity and how that escalation works, how new employees are trained and when training is considered complete, how the risk assessment was updated after a specific business change, and what the outcome was of a specific monitoring alert.
These questions test whether the compliance program described in the documentation is actually running. Staff who have not been trained on the program, or who describe processes that differ from the written procedures, create inconsistencies that produce findings.
After the examination
FINTRAC issues an examination report that identifies any deficiencies found and any administrative monetary penalties proposed. There is an opportunity to respond to proposed penalties before they are finalized. The response process involves submissions about whether the deficiency occurred, whether it was serious, and what the business has done or is doing to address it.
Businesses that respond to examination findings with credible and specific remediation plans, supported by evidence of implementation, are in a better position in the penalty assessment process than those that dispute the findings without addressing the underlying gaps.
Related topics
Related Posts
View All Posts »What FINTRAC looks for in an MSB review
FINTRAC examinations test whether a compliance program works in practice, not whether it exists on paper.
Documentation matters more than policy language
In a FINTRAC examination, the records that show how the compliance program runs carry more weight than the policies that describe it.
Six pillars of MSB defensibility
A defensible AML compliance program for Canadian MSBs is built on six elements that FINTRAC examines both as documentation and as operating evidence.