FINTRAC Examination Playbook
A structured guide to how examinations begin, what FINTRAC actually assesses, where brokerages fail, and how to measure readiness before scrutiny starts.
A FINTRAC examination is not a surprise inspection of individual transactions. It is a structured review of your compliance program — the governance, documentation, and control structures your brokerage has built to satisfy its obligations under the PCMLTFA.
The critical question FINTRAC is asking is not simply whether obligations exist in your jurisdiction. It is whether your brokerage can demonstrate that those obligations are understood, operationalized, and consistently maintained. Documented control matters as much as actual practice — and undocumented decisions, however sound, carry no weight under examination.
This guide is structured as a practical readiness reference. It is not legal advice. It is not a compliance program. It is an examination-readiness framework designed to help Brokers of Record and Compliance Officers understand what the process involves, where exposure typically emerges, and how to assess whether their current program would hold up under scrutiny.
Section 01
FINTRAC examinations begin with formal written notification to the reporting entity. There is no advance warning beyond this notice, and once initiated, the examination proceeds on FINTRAC's timeline, not the brokerage's.
The notification will specify the examination period under review and outline the information and documentation FINTRAC requires for the initial assessment. What happens next is largely determined by the state of your compliance program at the time of receipt — not at the time you begin preparing.
Brokerages that treat FINTRAC compliance as a preparation exercise — something assembled when examination becomes imminent — consistently underperform. Examiners are experienced at distinguishing programs built over time from documentation assembled reactively. Consistency across records, version history, training logs, and decision trails is difficult to fabricate quickly. Programs with structural gaps tend to expose themselves in ways that cannot be resolved in the weeks between notification and examination.
The standard is not perfection. FINTRAC is assessing whether your brokerage has implemented a reasonable, functional compliance program — and whether that program is embedded in how your brokerage operates. The question is demonstrable control, not flawless execution.
Section 02
FINTRAC does not publicly disclose its examination selection criteria. Examinations may be risk-based, sector-wide, or follow specific intelligence gathered through reporting, complaint channels, or pattern analysis. No brokerage can assume low transaction volume or clean deal history makes it unlikely to be examined.
Real estate has been identified by FINTRAC as a consistently high-risk sector for money laundering and terrorist financing activity. Canadian residential real estate transactions — particularly in major urban markets — represent a persistent vulnerability in the national AML/CTF framework. Sector-level examination campaigns are a standard enforcement approach.
Selection is not the risk to manage. Examination readiness is the risk to manage.
Section 03
FINTRAC examinations are structured assessments of a reporting entity's compliance program — not a review of individual transactions in isolation. The five pillars of a complete compliance program define the examination scope:
Each pillar is assessed independently. A strong performance in one area does not compensate for a deficiency in another. FINTRAC's findings are pillar-specific, and Administrative Monetary Penalties can be assessed against each deficiency independently.
Compliance is not what you have. It is what you can prove. A policy manual that cannot be dated, a training record that cannot be produced, or a risk assessment that cannot be tied to documented controls — each of these represents a provable deficiency, regardless of the underlying intent or practice.
Section 04
Non-compliance findings cluster around predictable failure points. These are not obscure technical deficiencies — they are structural gaps that result from treating compliance as an afterthought rather than an embedded operational discipline.
The Broker of Record is performing compliance functions informally without formal appointment, documentation of authority, or a current acknowledgment of responsibility.
Policies borrowed from other sectors, sourced from unverified templates, or not updated following legislative amendments. FINTRAC assesses whether policies reflect current obligations.
Risk assessments that exist as verbal understanding rather than documented analysis. Controls that are not explicitly mapped to identified risk levels are effectively invisible to examiners.
Training delivered without completion tracking. Agents who have not been trained — or whose training cannot be evidenced — represent a specific, citable deficiency.
The independent review obligation is frequently missed entirely or confused with internal self-assessment. Independence requirements make this one of the most commonly cited deficiencies.
Brokerages that cannot demonstrate a consistent process for identifying and documenting suspicious transaction considerations — including when no report was filed — are exposed on this pillar.
These failures are almost always visible in the initial documentation request phase of the examination, before FINTRAC has conducted a single interview or reviewed a single transaction file.
Section 05
Transaction-level compliance — the documentation your brokerage collects for individual deals — absolutely matters. It is not optional, and FINTRAC will review it. But it is not, by itself, the determining factor in examination outcomes.
What determines examination outcomes is whether the governance structure around your transaction-level activity is sound. FINTRAC is asking: does your brokerage have a functioning program that directs, monitors, and documents how individuals handle their transaction-level obligations? A brokerage with clean transaction files and no compliance program remains non-compliant. A brokerage with a rigorous compliance program and isolated transaction-level gaps is in a substantially different position.
The distinction is important for program design. Brokerages that focus exclusively on deal-level documentation — client identification, beneficial ownership records, large cash transaction records — often do so at the expense of the program-level infrastructure that gives that documentation its defensibility. The program is what makes the transaction records credible.
AMLforBrokerages operates at the program level: compliance officer designation, policies and procedures, risk assessment, training governance, and independent review. The deal-level obligations — client identification records, third party records, and similar — are your brokerage's operational responsibility, managed through your deal workflow and CRM systems. These sit outside the scope of the FineProof™ platform and your brokerage's existing deal management infrastructure handles them.
Understanding this distinction matters. A compliance program is the governance layer that tells your people what to do, trains them to do it, verifies they are doing it, and documents that the system is working. Transaction-level records are the output of that governance. Both must exist. But confusing the two — or assuming one substitutes for the other — is a structural compliance failure.
Section 06
The obligation to file a Suspicious Transaction Report (STR) arises when an individual has reasonable grounds to suspect that a transaction — or an attempted transaction — is related to money laundering or terrorist financing. The threshold is reasonable grounds to suspect, not reasonable grounds to believe. It is a lower standard, and it applies to attempted transactions as well as completed ones.
FINTRAC examines STR compliance at the program level: does your brokerage have a defined process for identifying suspicion, escalating high-risk situations, making a reasoned determination, and documenting the rationale for both filing and not filing?
Decision support is not decision replacement. A structured STR decision framework — such as the STR Decision Matrix within FineProof™ — supports the identification, escalation, and documentation process for high-risk cases. The final determination is always human-led, within your brokerage, and must be documented by the Compliance Officer. The platform does not file reports on your behalf, does not make final determinations, and does not replace your brokerage's judgment in individual situations.
Section 07
The following questions are the diagnostic markers of a program that can withstand examination. Answer them against your current state — not the program you intend to build. If a question cannot be answered with a specific, producible document or record, the gap it identifies is real.
Has your brokerage formally appointed a Compliance Officer in writing?
A signed appointment document naming the individual, their authority, and the date of appointment must be producible on request.
Are your Policies & Procedures current, dated, and real-estate specific?
Generic or undated documents cannot be demonstrated as current obligations. Policies must reflect the PCMLTFA and applicable FINTRAC guidance as it applies to real estate brokerages specifically.
Does your brokerage have a documented Risk Assessment?
The assessment must identify your brokerage's specific risk exposure — by geography, transaction type, and client profile — with controls explicitly mapped to each risk level.
Can you produce completion records for every agent who has received AML/CTF training?
Verbal training or team meetings without records do not meet the documentation standard. Completion dates and individual records must exist for all obligated personnel.
Has your brokerage completed an Independent Review in the last two years?
The review must be conducted by a party independent of your compliance function. Self-assessment does not satisfy this obligation. The review report must be documented and retained.
Does your brokerage have a documented process for STR identification and decision-making?
Including records of situations reviewed, the rationale for filing or not filing, and the Compliance Officer's involvement in high-risk escalations.
If FINTRAC requested your compliance documentation today, how long would it take to produce it?
Days-long document collection exercises under examination conditions are a recognized red flag. Examination-ready programs can produce documentation promptly and completely.
A structured readiness assessment identifies the gaps — before FINTRAC does.
Section 08
Brokerages that perform well under FINTRAC examination share a common characteristic: their compliance program is embedded in operations, not bolted onto them. Documentation exists because it is part of how the brokerage runs — not because examination is imminent.
Strong programs share the following characteristics:
The Compliance Officer has a defined role, documented appointment, and clear lines of authority. Accountability is explicit, not assumed.
Policies are dated, versioned, and updated on a documented review cycle. Amendment history demonstrates ongoing engagement with the regulatory framework.
The risk assessment is specific to the brokerage's actual profile. Controls are proportionate to risk levels and demonstrably implemented — not just listed.
Every obligated individual has a training record. The program is ongoing, not a one-time orientation. Completion is tracked and producible.
The two-year review obligation is calendared, completed on schedule, and the results have been actioned. Findings are documented and improvements are traceable.
STR considerations are recorded regardless of outcome. High-risk situations have escalation records. The Compliance Officer's involvement in material decisions is evident.
Section 09
Examination readiness is not a one-time project. It is a sustained operational discipline. Brokerages that treat compliance infrastructure as a periodic exercise — addressed when examination seems likely — consistently find themselves in a position where retroactive remediation is both costly and incomplete.
Building a defensible compliance program requires four things:
The FineProof™ platform is built around these four requirements. It provides the structural framework for each of the five PCMLTFA compliance pillars, generates audit-ready evidence at each stage, and creates the documentation record that makes your program defensible when it matters.
The platform does not make compliance decisions on your behalf. It provides the governance infrastructure, documentation tools, and compliance intelligence your Compliance Officer needs to make defensible decisions — and to demonstrate that they did.
Section 10
Compliance readiness is not a judgment call. The five PCMLTFA pillars are specific, enumerable, and assessable against documented criteria. A brokerage can determine its current readiness posture — with reasonable precision — before any external scrutiny occurs.
The starting point is an honest internal audit against each pillar: does the required element exist, is it documented, is it current, and can it be produced? That assessment produces a specific gap map — not a general compliance rating, but a pillar-by-pillar account of what exists and what does not.
Gaps identified through internal assessment are gaps that can be remediated before an examination. Gaps discovered during an examination become findings. The difference in consequence is significant.
The AMLforBrokerages compliance risk assessment is a structured diagnostic that evaluates your brokerage's current position across all five pillars. It takes approximately ten minutes to complete, produces a pillar-by-pillar readiness profile, and identifies the highest-priority remediation priorities for your specific situation.
It is not a sales tool. It is a diagnostic. The results are specific to your brokerage — not a generic compliance checklist.
FINTRAC examines the compliance program of the reporting entity — not solely individual transactions. The examination assesses all five mandatory pillars of a PCMLTFA-compliant program: the Compliance Officer appointment, Policies & Procedures, Risk Assessment, Training Program, and the two-year Independent Review. Transaction-level records are reviewed within this context, but the program structure is the primary subject of examination.
No. AMLforBrokerages and the FineProof™ platform operate exclusively at the program level. The platform does not capture, store, or process client identification data, beneficial ownership records, or deal-level compliance documentation. Those obligations sit with the brokerage and are managed through your deal workflow and CRM systems. This is a deliberate product boundary, and it is important to understand the distinction between program-level compliance and transaction-level KYC execution.
Transaction compliance refers to the specific obligations that arise from individual real estate transactions — client identification, beneficial ownership verification, large cash transaction records, and similar requirements. Program compliance refers to the governance infrastructure that governs how your brokerage approaches all of those transaction-level obligations: the policies that direct behaviour, the training that builds capability, the risk assessment that calibrates scrutiny, the review process that verifies effectiveness, and the Compliance Officer who oversees the entire system. Both are mandatory. A brokerage with clean transaction files and no compliance program is non-compliant. A brokerage with a rigorous program and isolated transaction gaps is in a substantially different regulatory position.
When a brokerage cannot demonstrate a functioning compliance program under examination, FINTRAC documents non-compliance findings across the specific pillars where deficiencies exist. Each documented deficiency can attract an Administrative Monetary Penalty (AMP), which is assessed independently per violation. FINTRAC publishes the names of penalized entities and the nature of their violations. Beyond the financial penalty, the reputational exposure for a named real estate brokerage in an industry built on trust is material. Remediation requirements following an examination finding are more onerous and resource-intensive than preventive compliance program development.
The FineProof™ platform provides the structural infrastructure for all five mandatory PCMLTFA compliance pillars. It supports the formal appointment and documentation of your Compliance Officer, maintains your Policies & Procedures with version history, guides your Risk Assessment against brokerage-specific criteria, tracks training completion across your agent roster, and calendars your two-year Independent Review obligation. The platform generates audit-ready documentation at each stage — ProofPack reports that consolidate your compliance evidence for examination readiness. It does not perform KYC, file STRs autonomously, or replace your Compliance Officer's judgment. It provides the governance framework and documentation infrastructure that makes your compliance program demonstrable.
A structured readiness assessment identifies whether the required program elements exist, whether they are aligned, and whether your compliance program can be defended under scrutiny. It takes approximately ten minutes and produces a specific gap profile — not a generic score.