Skip to content Skip to sidebar Skip to footer
AMLForms Logo

Bill C-12 AML Changes: What FINTRAC Reporting Entities Need to Know

May 8, 2026
Bill C-12 AML Changes: What FINTRAC Reporting Entities Need to Know

Bill C-12 Signals a Shift in AML Compliance Expectations

Previously:

  • Emphasis on policies and procedures
  • Checklist-driven compliance
  • Limited financial exposure

Now:

  • Greater emphasis on operational execution and compliance effectiveness
  • Increased scrutiny of compliance workflows
  • Audit readiness
    Evidence-based decision making
  • Defensible compliance controls

As a result, FINTRAC compliance programs increasingly need to be:

  • Consistent
  • Auditable
  • Centralized
  • Evidence-driven
  • Operationally defensible

Organizations that cannot demonstrate how compliance decisions were made may face increased regulatory risk.

Introduction

Canada’s anti-money laundering (AML) framework is entering a more enforcement-driven era.

With the passage of Bill C-12 on March 26, 2026, the federal government introduced significant amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), increasing expectations for how FINTRAC reporting entities design, implement, and demonstrate AML compliance.

For organizations responsible for customer onboarding, identity verification, transaction monitoring, and ongoing compliance oversight, these changes affect more than written policies. FINTRAC’s focus is increasingly shifting toward whether AML compliance programs are operationally effective, consistently applied, and defensible under regulatory scrutiny.

This article explains what Bill C-12 changes, which organizations are affected, and what FINTRAC reporting entities should do to prepare.

What Is Bill C-12?

Bill C-12, the Strengthening Canada’s Immigration System and Borders Act (passed March 26, 2026), is a federal statute that primarily reforms Canada’s immigration framework while also introducing important amendments to the PCMLTFA.
The legislation strengthens FINTRAC’s enforcement and supervisory powers while increasing financial and operational consequences for non-compliance.

Key AML-related changes under Bill C-12 include:

  • Significantly higher administrative monetary penalties (AMPs)
  • Mandatory compliance agreements for certain violations
  • Greater regulatory emphasis on AML program effectiveness
  • Reinforced customer due diligence (CDD) and identity verification expectations
  • Expanded FINTRAC enforcement authority

While Bill C-12 is not a standalone AML law, it materially changes how AML compliance obligations are enforced in Canada.

What Bill C-12 Changes

Bill C-12 introduces several major updates to Canada’s AML compliance framework under the PCMLTFA.

Key Changes at a Glance

  • Increased FINTRAC administrative monetary penalties
  • Mandatory remediation and compliance agreements
  • Stronger oversight of AML compliance program effectiveness
  • Increased scrutiny of onboarding and KYC controls
  • Expanded FINTRAC enforcement powers
  • Higher expectations for audit readiness and documentation

Together, these changes represent a shift away from checklist-driven compliance toward measurable operational effectiveness.

1. Significantly Higher FINTRAC Penalties

One of the most substantial changes under Bill C-12 is the increase in AML administrative monetary penalties.

The updated framework raises maximum penalties by up to 40 times previous levels:

  • Minor violations: up to $40,000
  • Serious violations: up to $4 million
  • Very serious violations: up to $20 million

In certain cases, penalties may reach:

  • Up to $20 million or 3% of global revenue, whichever is greater

This significantly increases the financial and operational risk associated with AML non-compliance.

For many organizations, AML non-compliance now represents a material enterprise risk rather than a manageable regulatory expense.

The increased penalty framework also raises expectations for:

  • Executive oversight
  • Internal accountability
  • Documented compliance controls
  • Demonstrable program effectiveness

Organizations with fragmented onboarding systems, inconsistent KYC processes, or weak audit trails may face significantly greater regulatory exposure.

2. Mandatory Compliance Agreements

Bill C-12 introduces a mandatory compliance agreement regime as part of FINTRAC’s enforcement framework.

Organizations found to be non-compliant may be required to:

  • Enter into formal remediation agreements with FINTRAC
  • Implement corrective compliance measures
  • Demonstrate ongoing operational improvements
  • Submit evidence of remediation activities

Remediation requirements may include:

  • Enhanced monitoring procedures
  • Independent compliance reviews
  • Additional control testing
  • Workflow standardization
  • Improved documentation practices

Failure to comply with these agreements may result in:

  • Additional penalties
  • Escalated enforcement action
  • Public disclosure of violations

This represents a meaningful shift in regulatory oversight.

Bill C-12 increases FINTRAC’s ability to apply ongoing remediation and supervisory measures following compliance violations. In many cases, organizations may be subject to ongoing regulatory supervision until deficiencies are addressed.

3. Greater FINTRAC Focus on AML Program Effectiveness

Bill C-12 reinforces FINTRAC’s ability to assess whether AML compliance programs are:

  • Risk-based
  • Properly designed
  • Operationally effective
  • Consistently applied across the organization

Although effectiveness reviews already existed under the PCMLTFA framework, the updated legislation places greater emphasis on evidence, execution, and operational consistency.

FINTRAC is expected to focus more heavily on:

  • Whether controls operate as intended
  • Whether onboarding procedures are consistently followed
  • Whether monitoring decisions are documented
  • Whether risk assessments align with customer activity
  • Whether audit trails support compliance decisions

Having documented policies alone is no longer sufficient.

Organizations are increasingly expected to demonstrate that compliance controls function effectively in day-to-day operations.

This is particularly important for businesses relying heavily on:

  • Manual reviews
  • Spreadsheet-based tracking
  • Disconnected onboarding systems
  • Inconsistent recordkeeping practices

Operational gaps can make it difficult to demonstrate compliance effectiveness during a FINTRAC examination.

4. Stronger KYC and Identity Verification Requirements

Bill C-12 reinforces expectations surrounding customer due diligence (CDD), identity verification, and onboarding consistency.

The updated framework strengthens requirements related to:

  • Prohibitions on anonymous or fictitious accounts
  • Reliability of identity verification methods
  • Consistency in customer onboarding workflows
  • Ongoing monitoring obligations
  • Risk-based customer verification procedures

For many FINTRAC reporting entities, this increases the need for alignment between:

  • Customer data collection
  • Identity verification procedures
  • Risk assessments
  • Ongoing monitoring activities
  • Recordkeeping requirements

Organizations using fragmented or partially manual onboarding processes may face greater difficulty maintaining consistent compliance standards.

As FINTRAC increases its focus on operational effectiveness, onboarding deficiencies may receive greater regulatory attention.

5. Who Is Affected by Bill C-12?

Bill C-12 affects all FINTRAC reporting entities regulated under the PCMLTFA, including:

  • Financing and leasing companies
  • Dealers in precious metals and stones (DPMS)
  • Title insurers
  • Mortgage lenders, brokers, and administrators
  • Banks and credit unions
  • Securities dealers
  • Money services businesses (MSBs)
  • Real estate brokers, developers, and sales representatives
  • Life insurance companies and intermediaries
  • Accountants conducting regulated activities

Applicability depends on the regulated activities conducted under the PCMLTFA, rather than the organization’s industry classification.

Organizations involved in customer onboarding, transaction processing, or regulated financial activity should assess how the updated enforcement framework affects their compliance operations.

How FINTRAC Reporting Entities Should Prepare

1. Conduct an AML Program Effectiveness Review

Organizations should validate whether existing controls operate as intended in practice.

This includes:

  • Reviewing onboarding procedures
  • Testing monitoring controls
  • Evaluating risk assessment processes
  • Identifying gaps between policy and execution
  • Conducting documented effectiveness reviews

The goal is to identify operational weaknesses before regulatory scrutiny occurs.

2. Strengthen Customer Onboarding and KYC Workflows

Organizations should ensure onboarding processes are:

  • Standardized
  • Consistently applied
  • Properly documented
  • Supported by reliable identity verification procedures

Inconsistent onboarding practices create regulatory exposure and make compliance programs more difficult to defend during examinations.

3. Reduce Reliance on Manual Compliance Processes

Manual workflows often increase:

  • Error rates
  • Operational inconsistency
  • Documentation gaps
  • Audit complexity
  • Compliance review delays

Centralized and structured compliance systems can improve:

  • Workflow consistency
  • Audit readiness
  • Recordkeeping quality
  • Regulatory defensibility

4. Improve Documentation and Audit Trails

Organizations should ensure they can produce clear records supporting compliance activities.

This includes:

  • Policies and procedures
  • Risk assessments
  • Monitoring records
  • Decision logs
  • Identity verification evidence
  • Escalation documentation

If compliance actions cannot be demonstrated, regulators may determine they did not occur.

Where Many Organizations Will Struggle

The biggest challenge under Bill C-12 is not understanding AML requirements.

It is operationalizing them consistently across the organization.

Common compliance gaps include:

  • Fragmented onboarding systems
  • Spreadsheet-based compliance tracking
  • Duplicated or inconsistent customer records
  • Weak audit trails
  • Limited visibility into compliance workflows
  • Inconsistent risk scoring methodologies
  • Poor documentation retention practices

These operational weaknesses make it difficult to demonstrate compliance effectiveness during FINTRAC examinations.

As regulatory expectations increase, organizations with disconnected or manual compliance processes may face greater scrutiny.

Final Takeaway

Bill C-12 marks a significant evolution in Canada’s AML enforcement framework.

The regulatory focus is shifting:

  • From procedural compliance
  • Toward measurable operational effectiveness

For FINTRAC reporting entities, this means:

  • Greater scrutiny of AML compliance programs
  • Increased expectations for audit readiness
  • Higher financial and reputational exposure
  • Stronger focus on onboarding and KYC consistency
  • Increased pressure to demonstrate defensible compliance controls

Organizations that implement structured onboarding processes, standardized workflows, reliable audit trails, and evidence-driven compliance systems will be better positioned to meet FINTRAC’s evolving expectations.

As FINTRAC increases its focus on operational effectiveness, organizations should evaluate whether their onboarding, monitoring, documentation, and compliance review processes can withstand regulatory scrutiny in practice — not just on paper.

Disclaimer

This article is provided for general informational purposes only and does not constitute legal, regulatory, or compliance advice. While every effort has been made to ensure accuracy at the time of publication, AML requirements and regulatory interpretations may evolve. Organizations should consult qualified legal or compliance professionals regarding their specific obligations under the PCMLTFA and related FINTRAC guidance.

Sources & References

  1. Bill C-12, Strengthening Canada’s Immigration System and Borders Act
  2. FINTRAC – Compliance Program Requirements Guidance
  3. McCarthy Tétrault – Canada’s AML Reform Advances: Bill C-12 Brings Hefty Penalties and Higher Compliance Expectations into Force
  4. MNP – How Will Bill C-12 Impact AML Compliance in Canada

See AMLForms in Action

Book a personalized demo to see how AMLForms helps you onboard, verify, screen, and monitor customers with confidence.

Book A Demo

FAQs

Bill C-12, the Strengthening Canada’s Immigration System and Borders Act, is federal legislation passed on March 26, 2026, that introduces important amendments to the PCMLTFA, including stronger FINTRAC enforcement powers, higher AML penalties, and increased compliance expectations.

Bill C-12 increases administrative monetary penalties, introduces mandatory compliance agreements, and strengthens FINTRAC’s ability to assess whether AML compliance programs are effective in practice.

Bill C-12 affects FINTRAC reporting entities under the PCMLTFA, including financing and leasing companies, DPMS businesses, title insurers, mortgage entities, MSBs, financial institutions, real estate businesses, and certain accountants.

Maximum penalties may increase to:

  • $40,000 for minor violations
  • $4 million for serious violations
  • $20 million for very serious violations

In certain cases, penalties may reach up to 3% of global revenue.

Organizations should review AML program effectiveness, strengthen onboarding and KYC procedures, reduce reliance on manual workflows, improve audit trails, and ensure compliance controls are consistently documented and operationally effective.