What is a fractional MLRO in Canada?

A fractional MLRO is a senior AML compliance officer who acts as your named Compliance Officer under the PCMLTFA on a part-time or shared basis, taking on all the same responsibilities a full-time in-house officer would carry, at a fraction of the cost. In Canada, FINTRAC refers to this role as the Compliance Officer, but the function is identical to what UK and international businesses know as the MLRO. ComplyFactor's fractional MLROs are named in FINTRAC's records and actively manage your reporting obligations, risk assessment, training, and program documentation.

Is a fractional MLRO legally recognised by FINTRAC?

Yes. The PCMLTFA requires a named senior officer responsible for your AML compliance program; it does not require that officer to be a full-time employee. Your fractional MLRO is designated as your Compliance Officer in FINTRAC's registry. From FINTRAC's perspective this is indistinguishable from an in-house hire. The individual must, however, have genuine authority within your organisation and be actively engaged in the program, not simply listed in name only.

How quickly can ComplyFactor provide a fractional MLRO?

For urgent situations such as staffing gaps or examination notices, a named MLRO can be in place and FINTRAC records updated within 24 to 48 hours. For planned engagements, we deliver a written proposal within 48 hours of a free scoping call and begin active management within the first week of engagement.

Can a fractional MLRO handle FINTRAC STR and EFTR filings?

Yes. FINTRAC reporting is a core responsibility of every ComplyFactor fractional MLRO engagement. This includes Suspicious Transaction Reports (STRs), Electronic Funds Transfer Reports (EFTRs), Large Cash Transaction Reports (LCTRs), and Large Virtual Currency Transaction Reports (LVCTRs). All reports are filed within FINTRAC's mandatory timelines with supporting documentation maintained in your compliance records.

What is the cost of a fractional MLRO in Canada?

ComplyFactor prices all MLRO engagements on a fixed monthly fee, not hourly billing. The fee depends on your business size, transaction volumes, and the scope of obligations to be managed. A straightforward MSB with low transaction volumes requires less MLRO time than a multi-product PSP with complex reporting. We provide a written fee proposal within 48 hours of a free scoping call. Contact us at +1 807 806 0444.

Do PSPs need a different type of MLRO than MSBs?

PSPs regulated under the Retail Payment Activities Act (RPAA) carry dual regulatory obligations: FINTRAC compliance under the PCMLTFA and operational oversight from the Bank of Canada. Most fractional MLRO providers are trained only in FINTRAC obligations. ComplyFactor's officers are trained in both, which means PSPs receive MLRO support that covers the full scope of their regulatory exposure rather than just one part of it.

Home / Services / AML Audit Canada

Independent AML audit services in Canada

ComplyFactor provides independent AML audit services to businesses across Canada — including Money Service Businesses, Payment Service Providers, fintechs, and Virtual Asset Service Providers registered with FINTRAC. Our effectiveness reviews are conducted by compliance specialists with direct experience in Canadian AML regulation.

Every regulated business in Canada must demonstrate that its AML program works in practice, not just on paper. ComplyFactor tests exactly that — and delivers a clear, written remediation roadmap your team can act on immediately.

Book a free scoping call See our process

Canada-wide service PCMLTFA specialists Bill C-12 updated Written report included

Our audit service

AML audit services for Canadian MSBs, PSPs & fintechs

We work with Canadian businesses that need to demonstrate AML compliance to FINTRAC — whether you are preparing for a scheduled effectiveness review, responding to a FINTRAC examination notice, or strengthening your program proactively.

Our AML audit covers the full scope of your PCMLTFA obligations — from transaction monitoring and KYC file quality to risk assessment validation and STR reporting. At the end of every engagement, you receive a written report suitable for presentation to senior management, satisfying the regulatory requirement for a biennial effectiveness review.

Bill C-12: FINTRAC penalties for serious AML violations now reach $4,000,000 under Bill C-12 (March 2026). Full examinations are active across all sectors. An independent audit is your strongest protection.

What is a FINTRAC AML audit (effectiveness review)?

A FINTRAC Effectiveness Review — also called an independent AML audit — is a structured assessment of your AML compliance program conducted by an external third party. It tests whether your controls work in practice, not just on paper. Under the PCMLTFA regulations, all reporting entities must conduct one at least once every two years, covering:

AML policies, procedures, and governance structure
Transaction monitoring systems and suspicious activity reporting
KYC and Customer Due Diligence (CDD) file quality
Risk assessment — whether it reflects current business activity
AML training program — documented, role-specific, and up to date

The findings must be reported in writing to senior management — including all deficiencies, planned corrective actions, and implementation timelines. ComplyFactor delivers a full written report that meets this regulatory requirement.

Who this is for

Who needs an AML audit in Canada?

Any business registered with FINTRAC as a reporting entity is required to have its AML compliance program independently reviewed for effectiveness at least once every two years. This includes:

Money Service Businesses (MSBs)

Currency exchange, remittance, and money transfer businesses.

Payment Service Providers (PSPs / RPAA)

Entities regulated under Canada's evolving payments framework.

Crypto / VASP Companies

Virtual asset service providers registered with FINTRAC.

Finance & Leasing Companies

NEW — April 2026. Finance and leasing firms are now subject to AML compliance obligations.

If your business falls into any of these categories, a biennial AML audit is mandatory.

Learn from enforcement

Common AML audit failures in Canada (MSBs & PSPs)

Based on FINTRAC enforcement actions and our audit work with Canadian businesses, these are the most frequently identified compliance failures:

#

Common failure

Why it gets you penalised

01

Outdated risk assessment

FINTRAC expects your risk assessment to reflect your current business. One written at registration and never updated is a primary finding in most examinations.

02

Undocumented transaction monitoring

Many MSBs monitor manually without written thresholds. FINTRAC looks for documented, tested parameters — verbal processes do not count.

03

Incomplete KYC and EDD files

Missing source of funds or incomplete beneficial ownership records are cited in the majority of FINTRAC enforcement actions.

04

STRs not filed or filed late

Failure to file Suspicious Transaction Reports is among the most penalised violations. Under Bill C-12, a single serious violation can now result in a $4M fine.

05

AML training not documented

Training must be written, role-specific, and completed on schedule. Informal training does not satisfy PCMLTFA requirements.

06

No biennial effectiveness review

Many newly registered MSBs are unaware that a two-year independent review is mandatory. This is the most common gap we identify on first engagement.

Scope

What our AML audit covers

Our independent AML audit is a full review of your compliance program — tested against FINTRAC's current examination standards. Every engagement covers:

Transaction Monitoring Review

We assess whether your monitoring system is calibrated correctly — including documented thresholds, escalation procedures, and evidence that alerts are being reviewed and actioned.

KYC & Enhanced Due Diligence (EDD) Testing

Risk-based sampling of your customer files — verifying identity verification, source of funds documentation, beneficial ownership records for corporate clients, and ongoing monitoring evidence.

Risk Assessment Validation

We review whether your risk assessment covers the right customer types, geographies, products, and delivery channels — and flag areas that would concern a FINTRAC examiner.

STR & LCTR Compliance Check

We verify that Suspicious Transaction Reports and Large Cash Transaction Reports have been filed correctly, on time, and with the required information.

AML Training Program Review

We confirm that your training is documented, role-specific, completed on schedule, and meets the standard FINTRAC expects during an examination.

How we work

Our 4-step AML audit process

Every ComplyFactor AML audit follows the same structured methodology — designed to meet FINTRAC's effectiveness review requirements and deliver a written report your senior management can act on.

01

Scoping & Population Analysis

We map your full PCMLTFA obligations before any fieldwork begins — identifying your customer cohorts, transaction volumes, geographic exposures, and applicable reporting thresholds. A scoping call confirms scope and timeline.

02

Control Stress-Testing

We test your controls in practice — recalibrating transaction monitoring thresholds, validating sanctions screening logic, and reviewing your STR escalation process. We apply the same scrutiny a FINTRAC examiner would.

03

Evidence Sampling

We conduct risk-based sampling of KYC and EDD files — verifying identity verification, source of funds, beneficial ownership, and ongoing monitoring documentation against FINTRAC's current standards.

04

Remediation Roadmap & Written Report

You receive a full written audit report with all findings, a severity rating per deficiency, and a prioritised action plan with implementation timelines — satisfying the PCMLTFA written reporting requirement.

Bill C-12 · Royal Assent March 26, 2026

FINTRAC AML audit requirements in Canada (PCMLTFA & Bill C-12)

Canada's AML enforcement framework was significantly strengthened in 2026. Bill C-12 introduced the largest increase to FINTRAC penalties in the history of the PCMLTFA. FINTRAC's full enforcement phase is now active — the grace period that ran from April 2025 to April 2026 has ended. The cost of an independent AML audit is a fraction of a single FINTRAC penalty.

Book your independent review

ViolationBefore 2026After Bill C-12

Minor$1,000$40,000

Serious$100,000$4,000,000

Cumulative cap$500,000$20M or 3% of global revenue

Pricing

Cost of an AML audit in Canada

The cost of an independent AML audit depends on the size of your business, the complexity of your compliance program, and the scope of the review. Key factors include:

Number of FINTRAC-reportable transaction types your business handles
Size of your customer base and transaction volumes
Current state of your AML documentation and controls
Number of product lines or jurisdictions in scope

ComplyFactor provides transparent, scope-based pricing. We begin with a free 30-minute scoping call and provide a written quote within 48 hours — no retainer required for a standalone audit engagement.

Free quote. Book a free scoping call with our Canada team. Written quote within 48 hours.

+1 807 806 0444
Suite 211, 320 Matheson Blvd West, Mississauga, ON L5R 0H2

Book a free scoping call

Regulatory documents and legal workspace

Be ready

How to prepare for a FINTRAC audit

Whether you have received notice of a FINTRAC examination or want to be proactive, these steps will put your business in the strongest position:

Gather compliance documentation

Collect your AML policies, procedures, risk assessment, and training records. FINTRAC expects dated, current versions of all documents.

Review STR and LCTR filing history

Confirm all reports have been filed on time. Late or missing filings are a primary audit finding.

Test KYC files

Review a sample of 10 to 20 customer files. Confirm identity verification, source of funds, and ongoing monitoring documentation is complete.

Check transaction monitoring thresholds

Confirm your system flags the right transactions. Document the thresholds and the logic used.

Commission an independent AML audit

Find and fix gaps on your own terms — before FINTRAC does.

Compliance professional reviewing AML documentation

Deliverables

What you get — AML audit deliverables

Every ComplyFactor AML audit engagement includes the following — all within the agreed scope price, with no hidden fees:

Written Audit Report

Full findings document structured for senior management — satisfies the PCMLTFA written reporting requirement.

Findings & Severity Ratings

Every deficiency rated by severity (Critical / High / Medium) so your team knows exactly what to fix first.

Remediation Roadmap

Prioritised action plan with specific steps and implementation timelines for every finding.

Risk Assessment Gap Analysis

Separate review of your current risk assessment against FINTRAC's risk-based approach requirements.

Management Debrief Call

Live walkthrough of findings with your compliance team and/or senior management — included at no extra cost.

Why ComplyFactor

Why Canadian businesses choose us for their AML audit

Canada-wide AML specialists

We work with regulated businesses across Canada — MSBs, PSPs, fintechs, and VASPs. Not banks. Not insurance companies. The businesses FINTRAC focuses on.

MSB & PSP focus

Unlike large accounting firms, we focus exclusively on the businesses most frequently targeted in FINTRAC enforcement actions.

Bill C-12 ready

Our audit methodology reflects the March 2026 legislative changes — assessed against the new penalty regime from day one.

Scope-based pricing

No retainer. No surprise fees. We agree scope and price before work begins and provide a written quote within 48 hours.

Remediation support

We do not just identify gaps. We provide a prioritised action plan and can support implementation — so your fixes hold up under the next FINTRAC examination.

Led by Saeed Abbasi, CAMS

Our audits are led by a CAMS-certified specialist with direct MLRO and FINTRAC examination experience across Canadian MSBs and PSPs.

ComplyFactor specialist finalising an audit report

Find and fix your gaps before FINTRAC does.

Book your independent AML audit

FAQ

Frequently asked questions — AML audit Canada

How long does an AML audit take in Canada?

Most independent AML effectiveness reviews for Canadian businesses are completed within 2 to 4 weeks, depending on the size of your business and the current state of your documentation. ComplyFactor will provide a specific timeline estimate during your free scoping call.

Is an AML audit mandatory for MSBs in Canada?

Yes. Under the PCMLTFA, all FINTRAC-registered reporting entities — including MSBs, PSPs, and VASPs — must have their AML program independently reviewed at least once every two years. The findings must be reported in writing to senior management.

What happens if you fail a FINTRAC audit?

FINTRAC may issue a compliance agreement, an administrative monetary penalty, or in serious cases pursue revocation of your MSB registration. Under Bill C-12 (2026), serious violations can now result in penalties of up to $4 million. Businesses that conduct regular independent audits and fix findings proactively are far less likely to face enforcement action.

How much does an AML audit cost in Canada?

ComplyFactor provides scope-based pricing following a free 30-minute scoping call. We deliver a written quote within 48 hours — no retainer required. Contact our team at +1 807 806 0444 to get started.

Can ComplyFactor act as our external auditor for FINTRAC purposes?

Yes. ComplyFactor conducts independent AML effectiveness reviews that satisfy the PCMLTFA biennial audit requirement. We are fully independent of your compliance function — as required by regulation — and our written report meets FINTRAC's reporting standards.

Message us on Telegram Chat with us on WhatsApp