Key takeaways
- Financing and leasing entities and factors became regulated reporting entities on April 1, 2025 — AML obligations are no longer optional.
- Identity verification is triggered by specific transaction and record-creation events, not by every application.
- Factors have a $3,000 receipt-of-funds trigger — distinct from financing and leasing entities.
- A tailored compliance program is required; generic policies designed for banks will not satisfy FINTRAC examiners.
When financing or leasing entities and factors became regulated reporting entities on April 1, 2025, AML obligations changed for thousands of Canadian businesses.
The mistake many businesses make is applying a generic compliance policy designed for larger financial institutions. These sectors have distinct transaction patterns, client profiles and record-keeping obligations. This checklist walks you through the core requirements, practical implementation steps, and the risk areas that matter to your business.
Which Financing, Leasing and Factoring Businesses Are Covered?
Financing or Leasing Entities
A financing or leasing entity falls under FINTRAC regulation when it provides financing or leasing for: (1) property for business purposes, other than real property or immovables; (2) passenger vehicles in Canada; or (3) property valued at $100,000 or more, other than real property or immovables. A dealership that finances vehicles directly to its customers is covered. A company that leases commercial equipment is covered. A residential landlord entering a lease with a tenant is not. Neither is a business that introduces customers to third-party lenders without providing the financing itself.
Factors
A factor is engaged in the business of factoring—acquiring or financing accounts receivable or invoices, with or without recourse against the assignor. Factors work with accounts receivable; financing and leasing entities finance or lease tangible property.
The Five Elements of a FINTRAC Compliance Program
All reporting entities must implement a compliance program adapted to their sector. Appoint a compliance officer with the necessary authority and access to management. Develop and maintain written policies and procedures describing your obligations and the specific controls you have put in place. Conduct and document a risk assessment identifying the money laundering and terrorist financing risks specific to your business model. Develop an ongoing training program for all employees and persons authorised to act on your behalf. Establish a plan for an effectiveness review and conduct that review every two years. FINTRAC examines whether this program is actually implemented, not merely whether documentation exists.
When Client Identity Must Be Verified
Financing or Leasing Triggers
For financing or leasing entities, identity verification is required: when a suspicious transaction or attempted transaction occurs; when a large cash transaction of $10,000 or more occurs; when a large virtual currency transaction of $10,000 or more occurs; when an information record is created for a covered financing or leasing arrangement; or when payment records are required relating to receipts under an arrangement. Identity verification is tied to specific transaction events or record-creation triggers, not to every prospective application.
Factoring Triggers
For factors, identity verification is required: when a suspicious transaction or attempted transaction occurs; when a large cash transaction of $10,000 or more occurs; when a large virtual currency transaction of $10,000 or more occurs; when an information record is created relating to a factoring agreement; when a receipt-of-funds record is required for receipts of $3,000 or more; or for certain other factoring agreement records. The $3,000 receipt-of-funds trigger applies specifically to factors and reflects the nature of factoring transactions.
Business Relationships and Ongoing Monitoring
A business relationship is established when a financing or leasing entity enters into a covered financing or leasing arrangement, or the second time within five years that it is required to verify the client's identity. For factors, a business relationship begins when the factor is required to verify identity for a second time within a five-year period. Once established, ongoing monitoring means keeping client information current, monitoring transactions and activity patterns, assessing whether activity is consistent with the client's known profile, applying enhanced measures for high-risk clients, and reviewing risk ratings at appropriate frequencies.
Additional Know-Your-Client and Risk-Based Requirements
When a corporate client is identified, you must obtain and take reasonable measures to confirm the accuracy of beneficial ownership information. Third-party determination applies when an unexplained payment or transaction arrangement involves a third party acting on behalf of your client. When third-party involvement is identified, you must record information about the third party and maintain this record. Politically exposed persons and heads of international organisations require reasonable measures to identify them and possible enhanced monitoring if identified.
Reports That May Need to Be Submitted to FINTRAC
Suspicious Transaction Reports (STRs) must be submitted as soon as practicable when there are reasonable grounds to suspect a transaction is related to money laundering or terrorist financing, including suspected sanctions evasion. Large Cash Transaction Reports must be submitted within 15 calendar days after a cash receipt of $10,000 or more in a single transaction. Large Virtual Currency Transaction Reports must be submitted within 5 working days after a virtual currency receipt of $10,000 or more. Listed Person or Entity Property Reports must be submitted immediately when a client or transaction involves a person or entity on a sanctions list. The 24-hour rule is an aggregation requirement: multiple transactions of the same type within a consecutive 24-hour window that total $10,000 or more must be reported together as a single transaction. This is not a filing deadline but a rule for counting whether the threshold has been reached.
Records the Business Must Maintain
Financing or leasing entities must maintain information records for covered arrangements, payment records, client identification records, large cash and virtual currency records, copies of submitted reports, third-party determination records, beneficial ownership records, and PEP/HIO-related records. Factors must maintain factoring agreement records, information records, receipt-of-funds records, client identification records, transaction reporting records, third-party determination records, beneficial ownership records, and PEP/HIO-related records. Records must be maintained so they can be provided to FINTRAC within 30 days after a request.
Common Risk Indicators in Financing, Leasing and Factoring
Money laundering indicators are contextual. Patterns that warrant escalation include: unexplained third parties making payments on behalf of a client; multiple payments deliberately structured below reporting thresholds; rapid early repayment inconsistent with the client's stated business model; invoices with inflated values or circular payment patterns; use of cash or virtual currency inconsistent with the claimed business model; changes to beneficial ownership or authorised signatories without clear business rationale; clients in high-risk jurisdictions or industries beyond your normal customer base.
Practical FINTRAC Compliance Checklist
- Confirm your business falls within one of the regulated categories.
- Appoint a compliance officer with clear authority and access to senior management.
- Complete and document a sector-specific risk assessment.
- Adopt written compliance policies and procedures.
- Map client identification triggers to your transaction workflow.
- Configure record-keeping procedures to capture required information.
- Establish transaction reporting escalation procedures.
- Implement beneficial ownership and third-party procedures.
- Conduct initial and ongoing training for all relevant staff.
- Set monitoring frequencies appropriate to your risk profile.
- Test the program with a mock review.
- Schedule the two-year effectiveness review.
- Maintain evidence that controls are actually implemented.
How an AML Compliance Program Supports These Businesses
A tailored compliance program translates legal requirements into operational procedures. It gives your sales and onboarding teams clear instructions on information collection and verification. When FINTRAC examiners conduct an examination, your business can demonstrate that controls are actually implemented and tested. An AML compliance program in Canada tailored to your sector reduces friction, strengthens your audit trail, and positions your team to respond quickly to regulatory changes.
Role of a Fractional Compliance Officer
Not every business needs a full-time compliance officer. A fractional compliance officer in Canada provides program ownership without full-time payroll. This role oversees transaction escalation, ensures staff training covers regulatory updates, reviews monitoring reports, manages the two-year effectiveness review cycle, and maintains recordkeeping quality.