Substance Law
Book Consultation
Call Now
★ More Than 150 5-Star Reviews ★

Identity Verification for FINTRAC MSBs and Reporting Entities

Obligations of FINTRAC Reporting Entity and Money Services Busineses to Verify Identity

Get Your Complimentary Quote Now ↓
Conversational Form (#3)

The Proceeds of Crime (Money Laundering) and Terrorist Financing Act

The Proceeds of Crime (Money Laundering) and Terrorist Financing Act, often called the PCMLTFA, is the main law that sets out what certain businesses and individuals in Canada need to do to help fight financial crimes. This includes things like money laundering and terrorist financing. If your business falls under this Act, you’re considered a ‘reporting entity’. This means you have specific duties to follow, and not keeping up can lead to serious trouble, like fines. It’s pretty important to know if this Act applies to you, especially if you’re involved in financial transactions.

Key Definitions for Reporting Entities

To get a handle on your duties, you’ll want to know a few terms. For instance, a ‘reporting entity’ is a business or person that the PCMLTFA says has obligations. This can include banks, credit unions, accountants, real estate agents, and importantly, money services businesses (MSBs). An MSB is generally a business that sends or receives money or virtual currency on behalf of others, or that deals in foreign currency. You’ll also hear about ‘suspicious transactions’, which are any transactions that seem a bit off or might be related to illegal activities. Knowing these terms helps you understand the rules.

Scope of Application for FINTRAC Reporting Entities

So, who exactly has to follow these rules? The PCMLTFA applies to a wide range of businesses and professions. This isn’t just for big banks; it covers many types of financial dealings. For example, if you’re in the business of currency exchange, money transfers, or dealing with virtual currency, you’re likely a reporting entity. Even certain professionals like accountants and lawyers can be reporting entities depending on the services they provide. The goal is to cover as many points where money could be moved illicitly. It’s a broad net, and it’s best to check if your specific business activities fall within its scope.

The PCMLTFA aims to prevent criminals from using Canada’s financial system for illegal purposes. Reporting entities play a key role in this by identifying clients, keeping records, and reporting suspicious activities to FINTRAC.

When Identity Verification is Mandated

Understanding when to verify identity is a core part of your obligations as a reporting entity under FINTRAC. It’s not just about ticking a box; it’s about building a defence against financial crime. There are specific triggers that require you to confirm who you’re dealing with.

Thresholds for Large Cash and Virtual Currency Transactions

For cash transactions, the rule is straightforward: if a client hands over $10,000 or more in cash, you must verify their identity. This applies to a single transaction. It’s also important to remember the 24-hour rule. If multiple cash transactions add up to $10,000 or more within a 24-hour period, even if they seem small individually, you need to verify the client’s identity once that cumulative threshold is met. The same principle applies to virtual currency transactions. If a single transaction involves $10,000 or more in virtual currency, identity verification is mandatory. Given the nature of virtual currency, extra diligence here is wise.

Verification for Suspicious Transactions

Beyond specific monetary thresholds, you must verify identity whenever a transaction appears suspicious. This means if something feels off, or if a transaction doesn’t align with what you know about the client, you need to take a closer look. Don’t wait for a dollar amount to trigger action; your professional judgment is key here. If you have doubts about the legitimacy of a transaction or the client’s behaviour, verification is required, and you may need to file a Suspicious Transaction Report.

Requirements for Traveler’s Cheques and Funds Transfers

Identity verification is also required when dealing with traveler’s cheques and similar instruments. Specifically, if a transaction involves $3,000 or more in traveler’s cheques or other similar negotiable instruments, you need to confirm the identity of the person involved. This also extends to certain funds transfer activities where the amount reaches specific reporting thresholds.

Foreign Currency Exchange and Remittance Transactions

When you engage in foreign currency exchange or remittance services, specific rules apply. For instance, if the amount of foreign currency being exchanged or remitted reaches $1,000 or more, you are obligated to verify the identity of the client. This helps to prevent the use of these services for illicit purposes. It’s always best to be aware of the exact thresholds as they can be updated, so keeping informed is part of the process.

Methods for Verifying Individual Identities

When it comes to verifying who someone is, there are several established ways to go about it. These methods are designed to give you confidence that the person you’re dealing with is who they say they are. It’s not just about checking a box; it’s about building a reliable picture of your client. The goal is to ensure that the information provided matches the individual, which is a core part of Canada’s anti-money laundering and anti-terrorist financing rules.

Government-Issued Photo Identification

This is probably the most common approach. You’re looking for a document that’s been issued by a federal, provincial, or territorial government. It needs to be current, valid, and not expired. The key things to check for are the person’s name, a photograph of them, and a unique identifying number. Think of your driver’s licence or passport – these are good examples of what to look for. It’s important that the document is authentic and hasn’t been tampered with.

Credit File Verification Method

Another way to verify identity is by using a Canadian credit file. For this method to be acceptable, the credit file needs to have been in existence for at least three years. It should also contain information from various sources that confirm the individual’s name, address, and date of birth. This method provides a layer of verification through established financial data.

Dual-Process Verification Approach

This method involves combining any two distinct verification steps from a specific list. For instance, you could use information from an independent, reliable source that confirms the person’s name and address, and then combine that with independent information confirming their name and date of birth. Alternatively, you could use one of those plus information that shows the person holds a deposit account, prepaid product, credit card, or loan with a financial entity. The idea here is to use multiple, independent sources for a more robust check.

Affiliate or Member Verification

In certain situations, particularly within financial cooperatives or credit union centrals, you might be able to verify an individual’s identity by confirming that an affiliate or member institution has already done so. This relies on a pre-existing relationship and verification process within a trusted network. However, you still need to record specific details about the previous verification, including the method used and the information gathered by the affiliate or member.

Here’s a quick look at the primary methods:

  • Government-Issued Photo ID: Requires a valid, current ID with name, photo, and unique number.
  • Credit File: Needs a 3-year-old Canadian credit file showing name, address, and DOB from multiple sources.
  • Dual-Process: Combines two independent verification sources (e.g., name/address + name/DOB, or name/address + financial account verification).
  • Affiliate/Member: Relies on verification done by a related entity within a network, with specific record-keeping.

It’s important to remember that the specific requirements and acceptable documents can be detailed in FINTRAC guidelines. Always refer to the latest guidance to ensure your verification processes are fully compliant. The goal is to have a clear, documented process for how to verify identity.

These different methods of verifying identity offer flexibility, allowing reporting entities to choose the approach that best suits their operations and client base, while always keeping compliance at the forefront.

Verifying the Identity of Entities

When you’re dealing with businesses, partnerships, or other organisations, verifying their identity is a bit different than with individuals. It’s all about confirming they’re legitimate and actually exist. FINTRAC has laid out a few ways you can go about this, and it’s important to pick the method that fits the situation.

Confirmation of Existence Method

This is a pretty straightforward approach. You’re basically looking for official documents that prove the entity is real. For a corporation, this could be a certificate of incorporation, or maybe their latest annual filings with the government. These documents should show the entity’s name, where it’s located, and who the directors are. For other types of organisations, like partnerships, you might look at their partnership agreement or articles of association. The key is that the document has to be current and valid, showing the entity is legally recognised.

Reliance on Previous Verifications

Sometimes, you can rely on verification work that’s already been done. This is similar to how you might verify an individual’s identity if another reporting entity has already done it. If you’re going to use this method for an entity, you need to have a written agreement with that other entity. This agreement should state that they’ll give you all the verification information they used if you ask for it. You also need to be sure that their verification was done properly and is still up-to-date. It’s not a ‘set it and forget it’ kind of deal; you need to keep an eye on it.

Simplified Identification for Low-Risk Entities

Not all entities carry the same level of risk. For those that are generally considered low-risk, like government bodies or companies whose shares are traded publicly, you might be able to use a simpler method. Publicly traded companies, for instance, are already under a lot of scrutiny, so they’re often seen as lower risk. For these types of entities, you might just need to check public records or their official website to confirm their identity. It’s about matching the verification effort to the actual risk involved.

Special Considerations for Identity Verification

Identifying Children and Minors

When dealing with clients who are under the age of 18, things get a bit more complicated. You can’t just use the standard methods for adults. For minors, you’ll typically need to verify the identity of their parent or legal guardian. This usually involves getting the guardian’s ID and also some proof that they are indeed the guardian, like a birth certificate or a court order. It’s all about making sure the transaction is legitimate and that the minor’s interests are protected.

Verification for Individuals Lacking Standard Documentation

Sometimes, people just don’t have the usual government-issued ID or a credit file. This can happen for various reasons, and it doesn’t mean they can’t be verified. FINTRAC allows for alternative methods. For instance, you might use a combination of documents that, together, confirm the person’s identity. This could include things like a social insurance number card, a birth certificate, and maybe a utility bill showing their address. The key is that the information from these different sources must align and provide a reasonable level of certainty about who the person is. It’s a bit like piecing together a puzzle.

Re-verification Procedures

Identity verification isn’t a one-and-done deal. You need to keep an eye on things. If a client’s risk profile changes, or if there’s a significant change in their transaction patterns, you might need to re-verify their identity. This also applies if you suspect something is off, like if their usual behaviour suddenly changes. It’s about staying vigilant and making sure the information you have on file is still accurate and relevant. Think of it as a periodic check-up to keep your client records up to date and secure.

Utilizing Agents and Mandataries for Verification

Hands exchanging a document for verification.

Sometimes, your business might need to delegate the task of verifying a client’s identity. This is where agents and mandataries come into play. You can absolutely use them to carry out identity verification on your behalf, but there are specific rules you need to follow to stay compliant with FINTRAC. It’s not just a matter of handing off the job; you remain responsible for making sure it’s done correctly.

Delegating Verification Responsibilities

When you decide to use an agent or mandatary for identity verification, they must follow the prescribed methods. For individuals, this means using one of the approved approaches: the government-issued photo identification method, the credit file verification method, or the dual-process verification approach. If the verification is for a corporation or another type of entity, the agent must use the confirmation of existence method.

  • Individuals: Must use government-issued photo ID, credit file, or dual-process methods.
  • Entities: Must use the confirmation of existence method.

Ultimately, you are responsible for ensuring your client identification requirements are met, even when using a third party.

Requirements for Agent Agreements

To properly delegate verification duties, a formal, written agreement or arrangement between your business and the agent or mandatary is absolutely necessary. This document should clearly outline the responsibilities and the verification processes they are expected to follow. It’s not enough to just have a verbal understanding; a written contract is key.

When you use an agent or mandatary, you must obtain all the information they used for the verification as soon as possible. This includes the details they confirmed as belonging to the individual or entity. You also need to be satisfied that the information they provided is valid and current.

Ongoing Oversight and Responsibility

Even with a written agreement, your responsibility doesn’t end there. You need to ensure that the agent or mandatary is consistently applying the correct verification methods and keeping the required records. If your agent fails to properly verify an identity or maintain adequate records, your business can still be held accountable by FINTRAC. This means your internal policies and procedures should detail how you manage these delegated verification tasks and how you confirm the ongoing validity of the information obtained.

It is vital to remember that reliance on an agent or mandatary does not absolve your reporting entity of its obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and its associated Regulations. You must have robust processes in place to monitor their performance and ensure continued compliance.

Risk-Based Approaches in Verification

Assessing Client Risk Profiles

Not all clients are created equal when it comes to the potential for illicit activities. FINTRAC reporting entities are expected to develop and apply a risk-based approach to their identity verification processes. This means you need to think about who your clients are and what they’re doing with your services. Are they individuals, or are they businesses? What kind of business is it? Where are they located? These factors, among others, help determine the level of risk associated with a particular client.

For instance, a large corporation with a long history of public reporting might be considered lower risk than a new, privately held company operating in a sector known for money laundering. Similarly, an individual conducting frequent, high-value transactions might warrant more scrutiny than someone making occasional, small transfers.

Tailoring Verification to Risk Levels

Once you’ve assessed the risk, you can adjust your verification methods accordingly. This is where the “risk-based” part really comes into play. For clients identified as low risk, you might be able to use simplified verification methods. This could involve relying on readily available public information or less stringent documentation.

However, for clients deemed higher risk, more robust verification measures are necessary. This might include:

  • Requesting additional supporting documents beyond standard identification.
  • Conducting more in-depth background checks.
  • Seeking information from multiple independent sources.
  • Performing enhanced due diligence on the source of funds.

The goal is to apply a level of scrutiny that is proportionate to the identified risk. This doesn’t mean you skip verification for low-risk clients; it means you use the most efficient and appropriate methods for each situation.

Ongoing Monitoring and Due Diligence

Identity verification isn’t a one-time event. Your risk assessment and verification efforts should continue throughout the business relationship. This is known as ongoing monitoring and due diligence. You need to keep an eye on client activity to ensure it aligns with what you know about them and their risk profile.

If a client’s behaviour or transaction patterns change significantly, it might indicate a shift in their risk level. For example, if a client who previously conducted only small, local transactions suddenly starts making large international transfers, this change warrants further investigation and potentially re-verification of their identity and the nature of their activities. This continuous oversight helps you detect and respond to potential threats effectively.

Record Keeping for Identity Verification

Maintaining thorough records of identity verification processes is not just a regulatory requirement; it’s a cornerstone of a robust compliance program. These records serve as tangible proof of your due diligence efforts and are indispensable during FINTRAC examinations. Think of them as your business’s memory, documenting who you’ve verified and how.

Essential Information to Document

When you verify an individual’s identity, you need to capture specific details. This typically includes the client’s name, the method used for verification, and the supporting documentation or information relied upon. For instance, if you used a government-issued photo ID, you’d record the type of ID, its issuing authority, and the unique identifier number. If you employed the credit file method, you’d note the credit bureau and the date of the file review.

For entities, the documentation will differ. You’ll need to record information confirming the entity’s existence, such as its legal name, address, and registration number. If you relied on previous verifications, you must document the details of that prior verification and the agreement allowing you to rely on it.

  • For individuals: Record name, address, date of birth, verification method, and details of the supporting documents (e.g., ID number, issuing body).
  • For entities: Record legal name, address, registration details, and the method used to confirm existence or reliance.
  • For agents/mandataries: Document the written agreement and all information the agent used in their verification process.

Retention Periods for Records

FINTRAC mandates specific retention periods for these records. Generally, you must keep records of identity verification for a minimum of five years from the date the account was opened or the business relationship was established. This timeframe is critical; failing to retain records for the required duration can lead to compliance issues.

Demonstrating Compliance Through Records

These meticulously kept records are your primary tool for demonstrating compliance. When FINTRAC conducts an examination, they will review these documents to assess whether your identity verification procedures align with regulatory expectations. Accurate and complete records show that you are actively managing your anti-money laundering and anti-terrorist financing risks. They also help in tracking the effectiveness of your verification methods over time and identifying any patterns or anomalies that might warrant further investigation. Properly maintained records are key to a successful FINTRAC audit.

The integrity of your record-keeping directly reflects the robustness of your overall compliance framework. It’s not just about ticking boxes; it’s about building a verifiable history of responsible client identification that stands up to scrutiny.

Compliance and FINTRAC Examinations

FINTRAC’s Role in Compliance Monitoring

FINTRAC, Canada’s financial intelligence unit, plays a significant role in overseeing whether reporting entities are following the rules laid out in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated regulations. They aren’t just there to set the rules; they actively monitor businesses to make sure those rules are being put into practice. This involves checking if entities have proper anti-money laundering (AML) and counter-terrorist financing (ATF) programs in place, which includes how they verify client identities. FINTRAC uses a risk-based approach to its monitoring, meaning they focus their attention where the risk of illicit activity is potentially higher. This can involve reviewing submitted reports, conducting outreach, and, of course, performing examinations.

Auditing Verification Processes

When FINTRAC conducts an examination, a key part of their review will be auditing your identity verification processes. They want to see that you’re not just talking the talk, but walking the walk. This means they’ll look at your documented policies and procedures to confirm they align with regulatory requirements. More importantly, they’ll check if these procedures are actually being followed in your day-to-day operations. This could involve reviewing client files to see how identities were verified, checking the methods used against regulatory standards, and assessing whether the information collected is sufficient and accurate. The goal is to ensure that your entity has a robust system for identifying clients and that this system is consistently applied. They might also look at how you handle situations where standard identification isn’t available or how you re-verify identities when necessary.

Addressing Deficiencies Identified During Examinations

If FINTRAC finds any issues or deficiencies during an examination, they will communicate these to your organization. It’s really important to take these findings seriously. You’ll likely be given a specific timeframe to address the identified problems. This might involve updating your policies, providing additional staff training, or making changes to your operational procedures for identity verification. FINTRAC will expect to see a clear plan of action from your end, and they may follow up to ensure that the deficiencies have been corrected. Failing to address these issues can lead to more serious consequences, including administrative monetary penalties (AMPs). It’s all about continuous improvement and making sure your compliance program stays effective and up-to-date with evolving risks and regulations.

Legal Framework and Regulatory Updates

Staying current with the legal landscape is pretty important for any business, especially when you’re dealing with financial reporting and identity verification. In Canada, the main law you’ll be looking at is the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). This act, along with its associated regulations, sets out the rules for reporting entities, including Money Services Businesses (MSBs), on how to identify their clients and report certain transactions. It’s not just a static document, though; it gets updated. For instance, recent amendments have brought new requirements for various sectors, including title insurers and private automated banking machine (ABM) acquirers, who are now treated more like MSBs. These changes often mean updating your internal policies and training your staff.

Relevant Sections of the Regulations

The PCMLTFA is the big one, but the details are often found in the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations. These regulations specify things like the thresholds for when you need to verify someone’s identity, what methods are acceptable, and how long you need to keep records. For example, there are specific rules about verifying individuals versus entities, and different requirements depending on the type of transaction, like large cash transactions or funds transfers. It’s a good idea to be familiar with these sections to know exactly what’s expected of you. You can find more information on FINTRAC’s website regarding these specific obligations.

Impact of Recent Amendments

Canada’s regulatory environment is always evolving. We’ve seen significant updates recently, particularly concerning MSBs and other reporting entities. For example, there are now stricter requirements for verifying agents or mandataries, including criminal record checks and biennial reviews. These changes are designed to strengthen oversight and prevent illicit activities. For MSBs, this means a closer look at who you’re working with and ensuring their background is clear. These updates often come with specific deadlines for implementation, so it’s vital to track them. For instance, some new measures came into force in April 2025, with others following in October 2025, and a key deadline for legacy MSB agents is October 1, 2027.

Staying Informed on FINTRAC Requirements

Keeping up with FINTRAC requirements can feel like a full-time job. The best approach is to make it a regular part of your business operations. This means:

  • Regularly visiting the FINTRAC website for official guidance and updates.
  • Subscribing to industry newsletters or alerts that focus on AML/ATF compliance.
  • Participating in training sessions or webinars offered by FINTRAC or industry associations.

The regulatory landscape is dynamic, and proactive engagement with these updates is key to maintaining compliance and avoiding penalties. It’s not just about avoiding fines; it’s about contributing to a more secure financial system.

Remember, staying informed isn’t just about avoiding trouble; it’s about doing your part to prevent financial crime. The rules are there for a reason, and understanding them helps you protect your business and your clients. If you’re unsure about specific requirements, reaching out to FINTRAC directly or consulting with a compliance professional is always a good step. You can find details on various reporting obligations, such as those for money services businesses, on the FINTRAC website.

Frequently Asked Questions

What does it mean for a business to be a “FINTRAC Reporting Entity”?

A FINTRAC Reporting Entity is a business or organization that must follow specific rules set by FINTRAC, Canada’s financial intelligence unit. These rules are in place to help fight money laundering and the financing of terrorism. Businesses like banks, credit unions, and money services businesses (MSBs) are often reporting entities and have to keep track of certain financial activities and verify customer identities.

When do I absolutely have to check someone’s identity?

You must check someone’s identity in a few key situations. This includes when dealing with large cash transactions (over $10,000), large virtual currency transactions (over $10,000), or when a transaction seems suspicious, no matter the amount. Also, if you’re issuing or cashing traveler’s checks or sending money electronically or otherwise, and the amount is $1,000 or more, you’ll need to verify identity.

What are the main ways to verify an individual’s identity?

There are a few common methods. You can use a government-issued photo ID, like a driver’s license or passport. Another way is through a credit file check, where you confirm information with a credit bureau. Sometimes, a ‘dual-process’ method is used, which combines two pieces of information, such as name and address, plus name and date of birth. Relying on previous verifications from trusted sources is also an option.

How do I verify the identity of a business or organization?

To check a business’s identity, you can use the ‘confirmation of existence’ method. This means looking at official documents like articles of incorporation or annual filings to make sure the business is real and has a legal standing. You can also sometimes rely on previous verifications or use a simplified method for businesses that are low-risk, like government agencies or publicly traded companies.

What if a client doesn’t have the usual ID documents?

FINTRAC understands that not everyone has standard identification. In such cases, you might need to use alternative methods. This could involve combining several pieces of information, like their name and address, along with confirmation of a financial account. It’s important to document these efforts and follow your company’s specific procedures for these situations.

Can I have someone else verify identities for me?

Yes, you can use an agent or a representative to verify identities on your behalf. However, you must have a written agreement with them that clearly outlines the verification process they will follow. Even if you delegate this task, you, as the reporting entity, remain fully responsible for making sure the verification is done correctly and in line with FINTRAC’s rules.

What does a ‘risk-based approach’ mean for identity verification?

A risk-based approach means you assess how likely a client is to be involved in money laundering or terrorist financing. Based on this risk level, you adjust how thoroughly you verify their identity and how often you monitor their activities. For example, a client considered higher risk might require more detailed verification and closer ongoing monitoring than a client considered low risk.

How long do I need to keep records of identity verifications?

You generally need to keep records of identity verification for at least five years from the date the record was created. These records should include all the essential information used to verify the identity, such as names, addresses, dates of verification, and the specific methods and sources used. Proper record-keeping is crucial for demonstrating compliance during FINTRAC examinations.

{ “@context”: “https://schema.org“, “@type”: “FAQPage”, “mainEntity”: [ { “@type”: “Question”, “name”: “What does it mean for a business to be a “FINTRAC Reporting Entity”?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “A FINTRAC Reporting Entity is a business or organization that must follow specific rules set by FINTRAC, Canada’s financial intelligence unit. These rules are in place to help fight money laundering and the financing of terrorism. Businesses like banks, credit unions, and money services businesses (MSBs) are often reporting entities and have to keep track of certain financial activities and verify customer identities.” } }, { “@type”: “Question”, “name”: “When do I absolutely have to check someone’s identity?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “You must check someone’s identity in a few key situations. This includes when dealing with large cash transactions (over $10,000), large virtual currency transactions (over $10,000), or when a transaction seems suspicious, no matter the amount. Also, if you’re issuing or cashing traveler’s checks or sending money electronically or otherwise, and the amount is $1,000 or more, you’ll need to verify identity.” } }, { “@type”: “Question”, “name”: “What are the main ways to verify an individual’s identity?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “There are a few common methods. You can use a government-issued photo ID, like a driver’s license or passport. Another way is through a credit file check, where you confirm information with a credit bureau. Sometimes, a ‘dual-process’ method is used, which combines two pieces of information, such as name and address, plus name and date of birth. Relying on previous verifications from trusted sources is also an option.” } }, { “@type”: “Question”, “name”: “How do I verify the identity of a business or organization?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “To check a business’s identity, you can use the ‘confirmation of existence’ method. This means looking at official documents like articles of incorporation or annual filings to make sure the business is real and has a legal standing. You can also sometimes rely on previous verifications or use a simplified method for businesses that are low-risk, like government agencies or publicly traded companies.” } }, { “@type”: “Question”, “name”: “What if a client doesn’t have the usual ID documents?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “FINTRAC understands that not everyone has standard identification. In such cases, you might need to use alternative methods. This could involve combining several pieces of information, like their name and address, along with confirmation of a financial account. It’s important to document these efforts and follow your company’s specific procedures for these situations.” } }, { “@type”: “Question”, “name”: “Can I have someone else verify identities for me?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “Yes, you can use an agent or a representative to verify identities on your behalf. However, you must have a written agreement with them that clearly outlines the verification process they will follow. Even if you delegate this task, you, as the reporting entity, remain fully responsible for making sure the verification is done correctly and in line with FINTRAC’s rules.” } }, { “@type”: “Question”, “name”: “What does a ‘risk-based approach’ mean for identity verification?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “A risk-based approach means you assess how likely a client is to be involved in money laundering or terrorist financing. Based on this risk level, you adjust how thoroughly you verify their identity and how often you monitor their activities. For example, a client considered higher risk might require more detailed verification and closer ongoing monitoring than a client considered low risk.” } }, { “@type”: “Question”, “name”: “How long do I need to keep records of identity verifications?”, “acceptedAnswer”: { “@type”: “Answer”, “text”: “You generally need to keep records of identity verification for at least five years from the date the record was created. These records should include all the essential information used to verify the identity, such as names, addresses, dates of verification, and the specific methods and sources used. Proper record-keeping is crucial for demonstrating compliance during FINTRAC examinations.” } } ] }

Supplemented Foods in Canada: Guide for Food Producers
Canada Introduces Stablecoin Act To Regulate Fiat-Referenced Crypto Assets
Sidebar