Global Regulations and Requirements for KYC Onboarding
(powered by KYCC small icon KYC-Chain)

Contact us

namedate of birthaddressoccupationdriving licensepassport
namedate of birth
name and address legal documentationarticles of incorporationarticles of association
Canadian citizenship cards
The Personal Information Protection and Electronic Documents Act (PIPEDA); the Uniform Electronic Commerce Act (UECA); the Act to Establish a Legal Framework for Information Technology;
Proceeds of Crime (Money Laundering) and Terrorist Financing Act (“PCMLTFA”) was passed in 2000, and amended in 2001, 2006, 2008, 2010, 2013 and 2014
In 2000, the Financial Transactions Reports Analysis Centre of Canada (“FINTRAC”) was established under the PCMLTFA to serve as Canada’s financial intelligence unit. FINTRAC is responsible for ensuring compliance with AML/AFT requirements by all Reporting Entities, including financial entities (banks, trust companies, credit unions, etc.), life insurance companies, securities dealers (including asset managers/investment advisers), casinos, money services businesses, dealers in precious metals and stones, real estate agents and certain developers, accountants and notaries public based in the province of British Columbia
The Office of the Superintendent of Financial Institutions (“OSFI”), established in 1987, is the federal agency responsible for the supervision and regulation of all federally incorporated or registered banks, life
Yes, the FINTRAC has published plain language interpretations and guidelines as well as interpretation notices, OSFI Guideline B-8: Deterring and Detecting Money Laundering was issued in December 2008, and IIROC issued Anti-Money Laundering Compliance Guidance in October 2010
No, however pursuant to the adoption of a Risk Based Approach to ML/TF governance, customers considered to be a higher ML/TF risk are required to be identified.
Yes, FATF released its third evaluation of Canada in February 2008, The fourth evaluation of Canada is in process with on-site visits occurring in October and November 2015, and In 2014, FATF recognised that Canada had made significant progress in addressing deficiencies identified in the 2008 report and removed Canada from the regular follow-up process
Yes, Customer identification is not required for: a) electronic Funds Transfer (“EFT”) transactions less than CAD1,000 (approx. USD710); b) foreign currency exchange transactions less than CAD3,000 (approx. USD2,130); c) issuance/redemption of traveller’s cheques, money orders or other similar negotiable instruments less than CAD3,000 (approx. USD2,130); and d) cash transactions less than c (approx. USD7,100) (other than when multiple (two or more) transactions occur over a 24 hour time period aggregate to more than CAD10,000 (approx. USD7,100) and are believed to be conducted by or on behalf of the same individual or entity). Customer identification is not required when the transaction exceeds the thresholds noted above provided a signed signature card for an account exists with the institution. In 2014, amendments were introduced to require ongoing monitoring once a business relationship has been established. Non-account-based business relationships are established when the entity conducts two or more transactions in which the identity of an individual must be ascertained or the organization’s existence must be confirmed.
Individuals: Reporting Entities must obtain, verify and maintain the following records of an individual’s identity: customer name, date of birth, address, the nature of the customer’s principal business or occupation and intended use of the account. Regulations state that the identity of a person should be ascertained by referring to a birth certificate, driver’s licence, passport, permanent resident card or any similar record. You can refer to a provincial/territorial health insurance card, but only if it is not prohibited by provincial/territorial legislation. The original document (not a copy) must be reviewed.
Legal entities: Reporting Entities must confirm the existence, name and address of any legal entity for which it opens a business account by obtaining such legal documentation as Articles of Incorporation, Articles of Association, Partnership Agreement or other similar record. The record used to confirm the corporation’s existence can be in paper or electronic format. If the record is an electronic version, entities must keep a record of the corporation’s registration number, the type and source of the record. Furthermore, depending on legal entity type, additional documentation may be required. For example, in the case of a corporation, the name of the corporation’s directors, the name, address and principal occupation of all individuals who directly or indirectly own or control 25% or more of the shares of the corporation and information on the ownership, control and structure of the corporation must also be obtained. The identity of up to 3 individuals authorised to transact on behalf of the legal entity must also be verified as well as the evidence of the individuals’ authorisation to transact on behalf of the legal entity such as articles of incorporation or the bylaws.
When a firm has to identify an entity, it must obtain, take reasonable measures to confirm and keep records of the information relating to the entity’s beneficial ownership. For a corporation, this includes the name and address of all individuals who directly or indirectly own or control 25% or more of the shares of the corporation. In cases where there is no individual who owns or controls 25% or more of an entity, a record must be kept of the measures taken and the information obtained in order to reach that conclusion. If the information cannot be obtained or its accuracy confirmed, reasonable measures must be taken to ascertain the identity of the most senior managing officer of the entity and treat the entity as high-risk and subject to more frequent monitoring. A record must be maintained explaining why beneficial ownership could not be determined as well as the information pertaining to the most senior managing officer.
A firm's compliance program must include the development and application of policies and procedures to assess the risk of a money laundering offence or a terrorist activity financing offence. Special measures should be taken in high risk situations for identifying customers and monitoring transactions. When a risk assessment determines that the risk is high for money laundering or terrorist financing, policies and procedures to keep customer identification information up to date must be developed and more frequent monitoring must be performed. For a financial entity, a securities dealer, a life insurance company, broker or agent, or a money services business, this also applies to keeping beneficial ownership information up to date. All Reporting Entities must develop and apply policies and procedures to keep information on business relationships up to date. This information should be reviewed at a minimum at least every two years. OSFI Guidance states that federally registered or incorporated firms that conduct business in offshore jurisdictions or that have customers that operate in those jurisdictions, need to be especially vigilant. Certain customers may merit additional due diligence, and examples given include businesses that handle large amounts of cash or those that hold important public positions.
When dealing with PEPs, the following additional due diligence measures must be taken: a) enhanced account monitoring; b) senior management approval to maintain the account or senior management review of transaction within 14 days of account activation or EFT transaction; and c) reasonable measures to obtain source of funds.
The following due diligence requirements are required for correspondent banking relationships: a) obtaining personal information about the foreign entity and its activities; b) ensuring that the foreign entity is not a shell bank; c) obtaining the approval of senior management; and d) setting out in writing the firm's obligations and those of the foreign entity in respect of the correspondent banking services.
Recent amendments have introduced a broader and more flexible set of identification requirements related to non-face-to-face transactions. The requirements set out the following two options for identification of individuals not physically present: a) Confirmation from an affiliated entity that they have ascertained the identity by referring to an original identification document and verify the name, address and date of birth received; or b) Combination of two of the following methods: referring to an independent identification product or, with the individual’s permission, referring to a credit file; obtaining an attestation concerning an identification document for the individual from a Commissioner of Oaths or a guarantor; confirming that a cheque drawn on a deposit account with a financial entity (other than one that is exempt from identification requirements) has cleared; and confirming that the individual has a deposit account with a financial entity (other than one that is exempt from identification requirements).
Yes. Under the PCMLTFA, all reporting entities are required to report to FINTRAC transactions for which they have reasonable grounds to suspect that the transactions are related to money laundering or terrorist financing (this includes attempted suspicious transactions). In addition, all reporting entities must report the following transactions to FINTRAC, unless stated otherwise: a) large cash transactions – receipt of an amount of CAD10,000 (approx. USD7,100) or more in the course of a single transaction, or multiple transactions over a 24 hour time period by or on behalf of the same individual or entity; b) electronic funds transfers – international ingoing and outgoing EFTs valued at CAD10,000 (approx. USD7,100) or more in the course of a single transaction, or multiple transactions in a 24 hour time period by or on behalf of the same individual or entity. This requirement applies to financial entities, MSBs (Money Service Business) and casinos; c) terrorist property – a report must be submitted to FINTRAC if a reporting entity has property in its control or possession that is owned or controlled by or on behalf of a terrorist, a terrorist group, or listed person. Nil reports must also be filed by certain reporting entities on a monthly basis with their principal regulators such as OSFI or IIROC. The monthly reporting requirement is separate and distinct from the requirements to immediately disclose detailed information to law enforcement agencies such as the Royal Canadian Mounted Police and the Canadian Security Intelligence Service; and d) casino disbursements – a casino must file a report when it makes a disbursement valued at CAD10,000 (approx. USD7,100) or more in the course of a single transaction, or over the course of multiple transactions in a 24 hour time period by or on behalf of the same individual or entity.
Yes. There are criminal or administrative penalties associated with non-compliance with reporting requirements, including tipping off. Both criminal and administrative monetary penalties (“AMPs”) cannot be issued against the same instance of non-compliance. AMPs violations are classified by the PCMLTF Regulations as “Minor”, “Serious” or “Very Serious” and multiple violations can result in a total amount that exceeds the individual violation limits. a) minor violation: from CAD1 (approx. USD0.71) to CAD1,000 (approx. USD710) per violation; b) serious violation: from CAD1 (approx. USD0.71) to CAD100,000 (approx. USD70,990) per violation; and c) very Serious violation: from CAD1 (approx. USD0.71) to CAD100,000 (approx. USD70,990) per violation for an individual; and from CAD1 (approx. USD0.72) to CAD500,000 (approx. USD354,940) per violation for an entity. FINTRAC may disclose cases of non-compliance to law enforcement when there is extensive non-compliance or little expectation of immediate or future compliance. Criminal penalties may include the following: a) failure to report suspicious transactions: up to CAD2 million (approx. USD1.4m) and/or 5 years imprisonment; b) failure to report a large cash transaction or an electronic funds transfer: up to CAD500,000 (approx. USD354,940) for the first offence, CAD1 million (approx. USD709,870) for subsequent offences; c) failure to meet record keeping requirements: up to CAD500,000 (approx. USD354,940) and/or 5 years imprisonment; d) failure to provide assistance or provide information during compliance examination: up to CAD500,000 (approx. USD354,940) and/or 5 years imprisonment; and e) disclosing the fact that a suspicious transaction report was made, or disclosing the contents of such a report, with the intent to prejudice a criminal investigation: up to 2 years imprisonment.
The regulations do not specify whether transaction monitoring can be performed outside of Canada.
No however, federally registered or incorporated financial institutions are required to test all key AML/ATF program components at least every two years.
does not apply – only personally identifiable information is covered under Canada’s Privacy laws
not explicitly defined, however examples are provided in the Schedule 1 PIPEDA, Section 4.3.4 (Canada’s Privacy Law). Sensitivity of information is considered, in some cases, to be dependent on
Prohibited unless the customer allows the transfer of this information based on the premise of informed consent.
2014, 2014, 2008
Confirmation from an affiliatedidentification documentsverify the nameaddress and date of birth received;
No national identity card.
CAD 10,000
Some real estate agreements, wills, estate agreements and powers of attorney are excluded from the law. There is some variation among the provinces respecting restrictions. See, for example, Quebec’s Act to Establish a Legal Framework for Information Technology.
The laws of Canada and each of its provinces explicitly grant electronic signatures the same status as handwritten signatures. Summary of law Canada’s laws follow the permissive approach. These minimalist, or permissive, laws permit the use of electronic signatures for virtually all types of agreements. However, it is important to obtain the prior consent of all parties to conduct business electronically. Electronic signatures are presumed valid unless proof to the contrary is produced.
The Canadian Securities Administrators (“CSA”) is an umbrella organisation comprised of 13 provincial and territorial securities regulatory authorities. The CSA serves as a forum for coordinating and harmonising the regulation of Canadian capital markets. Securities regulators also delegate certain aspects of securities regulation to self-regulatory organisations including the Investment Industry Regulatory Organisation of Canada (“IIROC”)
Yes. Entities are required to assess and document the risk related to money laundering and terrorist activity financing in their business. This assessment must be tailored and should consider factors such as customers and business relationships, products, delivery channels and geographic areas where business is conducted, as well as other relevant factors. This assessment is in addition to the client identification, record keeping and reporting requirements.
Copies of identification documents are not permitted. In order for a document to be acceptable for identification purposes, it must be valid (i.e. not expired), have a unique identifier number and be issued by a provincial, territorial or federal government. Customer identification through attestation is also permitted, in which case confirmation must be obtained to demonstrate that the customer’s ID has been certified to be true and correct by a commissioner of oaths or a guarantor. The attestation method requires that the document is a legible photocopy and contains the name, profession, address and signature of the commissioner of oaths or the guarantor, and the type and number of the identifying document. This method can only be used in conjunction with other prescribed methods of customer identification, including referring to an independent and reliable identification product, cleared cheque or deposit account. It is acceptable for a reporting entity to rely on the customer identification records of an affiliate or co-member when the customer is not physically present, provided that affiliate or co-member viewed the original identification documents. In this case, the reporting entity must verify the individual’s name, address and date of birth against the information maintained by the affiliate.
None that we are aware of.