Common AML program failures for Canadian MSBs
The compliance program failures that most frequently produce FINTRAC findings are structural, not incidental — and most are preventable.
Suspicious transaction reporting: when legal triage is needed
The STR decision turns on reasonable grounds to suspect, not proof — and the line between a compliance decision and a legal one is not always obvious.
Suspicious transaction reporting under FINTRAC’s framework is triggered by reasonable grounds to suspect that a transaction is related to money laundering or terrorist financing. Proof is not required. That standard creates judgment calls that compliance teams handle routinely, and judgment calls that require legal input to navigate correctly.
What reasonable grounds to suspect means in practice
Reasonable grounds to suspect is a lower threshold than reasonable grounds to believe. It does not require the company to conclude that a transaction is actually connected to money laundering. It requires that, based on the facts available at the time, a reasonable person in the same circumstances would suspect a connection.
That standard is deliberately low. FINTRAC’s position is that reporting obligation is not contingent on the company being certain. The obligation arises when suspicion is reasonable, and the company’s job is to assess whether that threshold has been crossed.
What makes this difficult in practice is that many transactions that look unusual have innocent explanations. A customer sending a large international transfer may have a business reason. A series of round-dollar transactions may reflect a payment schedule. An account that suddenly becomes active may be responding to a life event. The compliance function has to assess whether the facts, taken together, cross the suspicion threshold, not whether there is an innocent explanation that could be constructed.
When the STR question becomes legally complex
Most STR decisions are compliance decisions. Trained compliance staff applying documented escalation procedures can assess the majority of potential STRs without legal input.
Legal complexity arises in several situations. Where a transaction pattern touches a politically exposed person, a sanctioned jurisdiction, or a high-risk counterparty and the company is uncertain whether reporting is required, legal analysis can help clarify the obligation and the consequences of the decision. Where the company has received a law enforcement inquiry or court order related to a customer, the interaction between the reporting obligation and the legal process requires legal oversight. Where a potential STR relates to activity that could expose the company to civil liability or regulatory consequences, the decision should not be made by compliance staff alone.
Tipping off is a separate consideration. Disclosing to a customer that a suspicious transaction report has been or may be filed is prohibited under the PCMLTFA. If a customer inquiry, a complaint, or a dispute resolution process creates risk of tipping off, the compliance and legal functions need to coordinate.
What the narrative and documentation must accomplish
The STR narrative is not a summary of the customer’s transaction history. It is an explanation of why the company suspected the transaction was related to money laundering or terrorist financing, what the reasonable grounds were, and what steps were taken to verify or assess the suspicion.
FINTRAC reviews STR quality, not just volume. An STR that does not explain the grounds for suspicion, or that describes what happened without explaining why it was suspicious, does not satisfy the reporting obligation and may not provide the intelligence value FINTRAC requires.
Documentation of the escalation process — who reviewed the transaction, when, what information was available, what analysis was applied, and what the outcome was — is part of the operating evidence FINTRAC examines. If an STR was filed, the record should show why. If a transaction was reviewed and not reported, the record should show that the review happened and what the conclusion was.
What gets missed in STR processes
Under-reporting is a documented problem. Fintech companies that rely on automated monitoring without documented human review of alerts will have gaps in their STR process. Alerts that are closed without documentation of the review do not satisfy the ongoing compliance obligation and cannot demonstrate that potential STRs were properly assessed.
Over-reporting creates a different problem. Filing STRs on transactions that do not meet the suspicion threshold does not satisfy the reporting obligation and can create other complications. FINTRAC’s expectation is accurate, considered reporting, not volume reporting designed to demonstrate compliance effort.
The quality of the escalation workflow matters as much as the policy. A compliance team that understands the suspicion standard, applies it consistently, and documents its decisions is in a fundamentally different position than one following a script.
Related topics
Related Posts
View All Posts »Documentation matters more than policy language
In a FINTRAC examination, the records that show how the compliance program runs carry more weight than the policies that describe it.
Transaction monitoring gaps in fintech compliance
The monitoring gaps most likely to produce FINTRAC findings are not technology failures — they are documentation and design failures.
FINTRAC enforcement case study
How enforcement outcomes can inform fintech compliance design, governance, and operational evidence.