KYC Canada: Learn about regulations to remain compliant

Explore the evolution, key regulatory bodies, and onboarding requirements of KYC regulations in Canada.

An icon showing a person learning about Canadian KYC
Read time:
Share this post
Table of contents
⚡ Key takeaways
  • Canada was an early adopter of Know Your Customer (KYC) and Anti-Money Laundering (AML) efforts and continues to be at the forefront, even if they have fallen short of global standards in recent reviews.
  • The government takes a cooperative approach to the process, involving 13 of its federal agencies as well as international partners and the regulated entities themselves.

As the largest trading partner to the largest economy on the planet — and sharing the world’s longest international border with that same country — Canada shoulders an immense burden when it comes to protecting North America against money laundering and financial fraud. 

Complicating its border defense position, Canada also has different international sanctions than the United States, most notably its long-standing open trade and travel policy with Cuba.

And yet, the home nation of hockey has been a leader in fighting money laundering, terrorist financing, and proliferation of weapons of mass destruction dating back to 1990, when it became a founding member of the Financial Action Task Force (FATF). The FATF sets standards for global Anti-Money Laundering (AML) regulations and also measures the effectiveness of country efforts.

In 2016, when Canada fell short of FATF’s expectations, the country spent the next five years shoring up its technical compliance and continues to amend its efforts to remain compliant.

Overview of KYC in Canada

The Canadian government views the fight against money laundering and terrorist financing as a team effort among divisions, international partners, and Canada’s public and private sectors.

Key to AML efforts are Know Your Customer (KYC) regulations, which help banks and financial institutions better understand who is using their products well before any illicit funds can be integrated into the financial system. 

KYC first became a law in Canada in 1991 with the passage of the Proceeds of Crime (Money Laundering) Act, which was notably enhanced in December 2001 as part of a global response to the Sept. 11 terrorist attacks. It was renamed the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).

One of the primary objectives of the PCMLTFA is to standardize the following protective measures across an estimated 24,000 businesses in Canada:

  • Customer identification and verification
  • Record keeping
  • Monitoring
  • Reporting

Which entities are required to follow Canada’s KYC laws?

Canada has an extensive list of entities currently required to follow KYC laws, including:

  • Money Services Businesses
  • Real estate brokers (or sales representatives) and developers if transactions exceed C$10,000 (USD$7,300) within 24 hours
  • Insurance companies if policies exceed C$10,000 (USD$7,300) in life, annuity, or group plans
  • Professional services, such as law offices and accounting firms
  • Casinos and gaming establishments if exchange activities exceed C$3,000 (US$2,200) or more in foreign currency, C$1,000 (US$730) or more in local currency exchange, or payouts exceed C$10,000 (USD$7,300) or more in a single transaction or multiple within 24 hours
  • Fintech if activity involves large transactions over C$10,000 (USD$7,300) within 24 hours
  • E-commerce if there are age-regulated sales (such as alcohol)

The list also includes banks and other financial institutions undertaking the following activities:

  • Opening accounts and/or creating signature cards 
  • Opening credit cards
  • Supporting trusts with settlors or co-trustees
  • Facilitating large cash transactions, defined as electronic funds transfers worth C$1,000 (USD$730) or more, foreign currency exchange worth C$3,000 (USD$2,200) or more, and redemption or issuance of C$3,000 or more in traveler’s checks, money orders, or other forms

Cryptocurrency transactions are the most recent allowable activity for certain eligible businesses if they receive more than C$10,000 (USD$7,300) in crypto funds.

Free ebook
Get Persona's guide to global identity verification

Key regulatory bodies

In Canada, 13 federal departments and agencies oversee the AML process, which is ultimately coordinated by the Department of Finance Canada. These are some of the key agencies:


The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) oversees the PCMLTFA in addition to investigating suspicious transaction reports filed with law enforcement and government agencies and prosecuting parties involved in confirmed reports of money laundering and terrorist financing. From 2018-19, FINTRAC received 235,661 such reports representing 10 percent of the total reports filed.


The Office of the Superintendent of Financial Institutions (OSFI) is an independent agency of the Canadian government that regulates and supervises financial institutions and private pension plans. It mandates the soundness of these institutions as well as the adoption of risk mitigation policies.


Per the Canadian Securities Administrators (CSA), KYC obligations also apply to investment advisors, who must verify the following customer details as part of the New Account Application Form:

  • Identification
  • Date of birth
  • Marital status
  • Occupation
  • Income
  • Net worth

Prior to any investments or trades, they must also understand their client’s risk tolerance, investment objectives, and horizon as well as ascertain the client’s level of investment knowledge. This information is auditable and must be updated regularly if there are any material changes.

KYC Canada requirements for onboarding

The four objectives of KYC are to identify the customer, verify their true identity, understand their activities and source of funding, and monitor the customer’s activities.

The heart of the KYC process hinges on identifying the individuals opening accounts as well as those responsible for the business decisions of corporate clients. This is the responsibility of financial institutions and banks.

Canada has three approved methods for identity verification:

  • Government-issued photo identification 
  • Credit file 
  • Dual-process 

Government-issued photo identification method 

To qualify for identity verification of an individual, a government-issued photo identification document must have been issued by either a federal, provincial, or territorial government. A foreign government-issued photo identification document can be accepted for verification if it is the equivalent of a Canadian document. Photo identification documents by municipal governments, Canadian or foreign, are not valid.

Credit file method

A credit file document represents an independent rating of an individual’s ability to repay loans. Companies can also request a credit file that does not include a credit assessment in order to verify a person’s information. 

Dual-process method 

Verifying the identity of a person using the dual-process method requires two separate and “reliable” sources that have originated or issued the information. These options can include digital sources. One of the sources can also be a photocopy of a government-issued ID. Other examples include statements, letters, certificates, and forms. 

It should be noted that in 2019, FINTRAC amended the rules to allow for remote verification of photo ID documents.

How to stay compliant with Canadian laws and regulations

KYC doesn’t stop after initial identification measures are taken. Banks and financial institutions need to proactively protect against new threats and changing regulations as well as ensure that existing clients continue to be monitored and understood. FINTRAC expects its reporting entities to build out a fully responsive and dynamic compliance program.

Develop a compliance policy and procedures

A written set of guidelines that outlines the full scope of KYC and related measures, including employee training, should be created and not only kept on file but treated as a living reference document that is updated regularly.

Appoint a compliance officer

FINTRAC suggests appointing a chief compliance officer who is, ideally, not directly involved in the receipt, transfer, or payment of funds. Simply appointing this individual does not meet requirements; the company needs to fully address all regulations.

Perform customer due diligence

In addition to verifying client identification and individuals responsible for managing corporate clients as part of customer due diligence procedures, there are requirements for collecting information on beneficial ownership, third parties, expected transaction size and scope, and the rationale for account usage as well as any nexus with high-risk or sanctioned jurisdictions, politically exposed persons (PEPs), and applicable third parties.

Apply enhanced measures as needed

High-risk clients and activities require additional controls, also known as enhanced due diligence. These enhancements might include obtaining additional information from the client or about the client based on public records research; requiring additional information about the source of funds for a company or the source of wealth for an individual; and detailed rationale for certain transactions, whether due to size, frequency, geography, or some other risk indicator.

Conduct screening 

Banks and financial institutions must conduct screening of transactions to monitor for suspicious activity and also have a process in place for reviewing and reporting. They should also regularly screen names of individuals for their presence on sanctions lists, watch lists (such as for PEPs), and negative news, as these can not only change without warning but they can also increase a financial institution’s risk of money laundering.

Become KYC compliant in Canada with Persona

Whether your organization is entering or expanding within Canada, it’s crucial that you understand which KYC obligations apply to your industry. It’s also crucial to select a KYC and AML tool kit that’s flexible enough to adapt to these varied requirements.

Here at Persona, just like we know that Canada has runners and toques, not sneakers and beanies, we also know that an approach in one country or company doesn’t work for all. That’s why we’ve designed our identity infrastructure with flexibility in mind so that our partners are empowered to build the verification workflows that make the most sense to their unique business needs and regulatory environment.

With our Verifications solution, you can quickly and easily collect and analyze government IDs, other identifying documents, and selfies from your clients — either for initial verification or for periodic reverification. Our variety of reports allows you to build out a fuller picture of your users via watch list checks, sanctions checks, PEP scans, and other database queries. Cases can be built to act as the central dashboard for your team to conduct manual reviews. And all of this can be done knowing that your customers’ personal data is safe and secure.

For the fintech firm Brex, which created a new cash management product for businesses, Persona’s suite of identity tools enabled the company to seamlessly comply with KYC regulations in over 100 jurisdictions — including Canada. The company leverages Persona to verify government-issued IDs supplied by customers looking to scale their use of Brex products. By automating the cross-checking of ID information to existing information on file with Brex, the company is able to ensure that its customers are legitimate. Persona helps Brex standardize its processes, save time, and reduce the frequency of identification requests from its users. 

Interested in learning more? Start for free or get a demo today.

Frequently asked questions

What is the main regulatory body for KYC in Canada?

There are 13 federal agencies in Canada that are responsible for AML, but the primary regulator is the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), which oversees the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), the primary AML law, as well as investigates suspicious transaction reports filed with law enforcement and government agencies and prosecutes individuals and entities suspected of related financial crimes.

How has the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) evolved over the years?

The Proceeds of Crime (Money Laundering) Act was enacted in 1991 and was notably enhanced in December 2001 as part of a global response to the Sept. 11 terrorist attacks, which added the final three letters to the acronym. The law has also evolved to keep pace with changes in money-based crimes. Notable amendments have expanded the regulated entities to include fintech, cryptocurrency, correspondent banks, real estate and mortgage sectors, casinos and gaming establishments, etc.

What are the penalties for noncompliance with KYC regulations?

FINTRAC divides PCMLTFA violations into three levels, each with ranges depending on severity:

  • Minor: C$1 (USD$0.73) to C$1,000 (USD$730) per violation
  • Serious: C$1 to C$100,000 ($73,000) per violation
  • Very serious: C$1 to $100,000 per violation for an individual and up to C$500,000 (USD$364,000) for a company or organization

One of the largest recent penalties was for four administrative violations totaling $676,500 issued to Wealth One bank, which was found to have fallen short of developing and reviewing sufficient compliance record-keeping policies, failing to document geographic and product risks, and failing to submit suspicious transaction reports related to money laundering offenses.

How is technology changing the KYC landscape in Canada?

Digital banking and fintech are dramatically changing the speed and scope of financial transactions. Technological innovation, including artificial intelligence, is also increasing the levels of insight and oversight that financial institutions can manage. Technology is also being used to benefit customers, including recent changes to how KYC is conducted, such as by allowing video identification verification.

Continue reading

Continue reading

Identity challenges in the travel industry: How hospitality businesses can fight fraud
Identity challenges in the travel industry: How hospitality businesses can fight fraud

Identity challenges in the travel industry: How hospitality businesses can fight fraud

Identity fraud in the travel industry has become increasingly common. Here are some common identity challenges and potential solutions businesses need to know about.

How digital health apps can overcome four barriers to converting users
How digital health apps can overcome four barriers to converting users

How digital health apps can overcome four barriers to converting users

New patients might abandon onboarding if they’re confused, frustrated, or overwhelmed. Here are four ways digital health apps can improve conversion.

How to create scalable and compliant international KYB processes
How to create scalable and compliant international KYB processes

How to create scalable and compliant international KYB processes

Industry experts discuss international KYB and debunk common myths while sharing how to build a scalable global KYB process.

KYC India: The types, documentation, and standards

KYC India: The types, documentation, and standards

Learn about the types of KYC in India, essential documents, and how Persona can help businesses achieve KYC compliance in India.

KYC in Singapore: How businesses can stay compliant

KYC in Singapore: How businesses can stay compliant

Learn the intricacies of KYC and AML regulations in Singapore, from the role of the Monetary Authority of Singapore to the importance of digital identity.

Global KYC: A KYC breakdown by countries

Global KYC: A KYC breakdown by countries

Learn how KYC regulations differ by country.

Ready to get started?

Get in touch or start exploring Persona today.