Anti-Money Laundering Reporting Requirements for CPAs and CPA Firms

According to Criminal Intelligence Service Canada, between $45 and $113 billion gets laundered through Canada each year. While Canada has improved in its rankings in the Global Corruption Perceptions Index 2023, the country has not cracked the top ten, where Canada consistently ranked prior to 2019.

Transparency International Canada says that the use of complex ownership structures and anonymous corporate entities by money-launderers pose a risk to the integrity of Canada’s financial system. In the critical role they play in capital markets, CPAs can find themselves exposed to these risks. Further, CPAs are often referred to as “Gatekeepers” because they possess a unique responsibility in either safeguarding financial systems from illegitimate money or, conversely, allowing such funds to enter.

CPA Obligations under the CPA Code of Professional Conduct

Under Rule 102.4, CPAs have an obligation to report offences or adverse findings to CPA Ontario under any anti-money laundering or anti-terrorist financing Act in Canada or abroad, or under a regulation adopted thereunder.

In addition, Rule 213, prohibits CPAs and CPA Firms from association with any activity that the CPA or CPA firm knows, or should know, to be unlawful. This includes money laundering, terrorist financing or other financial crimes.

Additional information can be found on the CPA Ontario website.

Requirements for CPAs Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)

CPAs need to stay informed about their responsibilities under the PCMLTFA.

CPAs and CPA Firms must report any suspicious transactions, including those that may indicate sanctions evasion, to the Financial Transactions and Reports Analysis Centre of Canada (“FINTRAC”). CPAs and CPA Firms also have other obligations as part of their broader responsibilities in combating financial crimes. These obligations include monitoring and the reporting of relevant property ownership, export and import of goods and other activity in connection with sanctioned individuals and entities.

Additional information can be found on the FINTRAC website.

CPAs and CPA Firms are responsible for the following requirements under the PCMLTFA and associated Regulations when they carry out certain activities on behalf of a person or entity, or give instructions on behalf of a person or entity in respect of:

• receiving or paying funds or virtual currency;
• purchasing or selling securities, real property or immovables or business assets or entities; or
• transferring funds, virtual currency or securities by any means.

These activities do not include those that are carried out in the course of an audit, a review or a compilation engagement within the meaning of the Handbook.

1. Compliance Program
   All reporting entities must implement the following elements of a compliance program:
   • Appoint a compliance officer who is responsible for implementing the program.
   • Develop and apply written compliance policies and procedures that are kept up to date and, in the case of an entity, are approved by a senior officer.
   • Conduct a risk assessment of their business to assess and document the risk of a money laundering or terrorist activity financing offence occurring in the course of their business activities.
   • Develop and maintain a written, ongoing compliance training program for their employees, agents or mandataries, or other authorized persons.
   • Institute and document a plan for a review of the compliance program for the purpose of testing its effectiveness and carry out this review every two years at a minimum.
   Additional information can be found on the FINTRAC website.

2. Know Your Client
   CPAs must verify the identity of persons and entities for certain activities and transactions and carry out other customer due diligence activities.  These include:
   • Using verification methods prescribed by the PCMLTFA: See FINTRAC details about when to verify and what methods to use.
   • Performing ongoing monitoring activities when they enter into a business relationship with a client: See FINTRAC details on when a business relationship is formed and monitoring requirements.
   • Obtaining and taking reasonable measures to confirm the accuracy of beneficial ownership information for entities: See FINTRAC’S guidance on what is required to confirm beneficial ownership.
   • Understanding the third-party determination requirements for reports and records: See FINTRAC details on the third-party determination.
   • Taking reasonable measures to make Politically Exposed Persons (“PEP”) and Heads of International Organizations (“HIO”) determinations: See FINTRAC details on when to assess PEPs and HIOs.

3. Transaction Reporting
   Professional skepticism is at the core of the work performed by CPAs.  Adding to their existing toolkit, CPAs must be aware of the Money Laundering and Terrorist Financing risk typologies and other indicators that could (and should) initiate suspicion or indicate that something may be unusual in the absence of a reasonable explanation.
   Please see FINTRAC guidance for additional information: https://fintrac-canafe.canada.ca/guidance-directives/transaction-operation/indicators-indicateurs/accts_mltf-eng
   CPAs must submit the following reports to FINTRAC:
   • Suspicious Transaction Reports
   • Terrorist Property Reports
   • Sanctions Evasion
   • Large Cash Transaction Reports
   • Large Virtual Currency Transaction Reports
   • 24 hour Rule

4. Record Keeping
   CPAs and CPA Firms must keep certain records, including records related to transactions and client identification. Refer to additional information on record keeping from FINTRAC.

5. Ministerial Directives
   CPAs and CPA Firms need to be aware that Ministerial Directives, which are issued by the Minister of Finance, apply to all Reporting Entities (“REs”). FINTRAC will inform REs that a directive has been issued and will include on its website the date the directive came into force and the outlined countermeasures.
   Refer to additional information on ministerial directives from FINTRAC.

Penalties for non-compliance

FINTRAC has the legislative authority to issue administrative monetary penalties (“AMPs”) to reporting entities that are found to be non-compliant with the PCMLTFA and associated Regulations.  In addition, failure to comply with Parts 1 and 1.1 of the PCMLTFA may result in criminal charges for non-compliance offences.

Additional information can be found on the FINTRAC website.