Browse Conduct and Practices Handbook

Money Laundering and Terrorist Financing

March 26, 2026

Understand AML and anti-terrorist-financing controls, FINTRAC reporting, red flags, and escalation in securities accounts.

On this page

Money laundering and terrorist financing matter in securities firms because investment accounts can move large amounts of money quickly, across entities, jurisdictions, and product types. A representative is not expected to conduct a criminal investigation, but the representative is expected to recognize red flags, collect required client information properly, and escalate concerns through the firm’s anti-money laundering framework.

For CPH purposes, the strongest answer usually connects four ideas:

  1. the purpose of the AML and anti-terrorist-financing regime
  2. the firm’s client-identification and monitoring controls
  3. the red flags that require escalation
  4. FINTRAC reporting and recordkeeping obligations

The Main Framework Is the PCMLTFA and FINTRAC

Canada’s anti-money laundering and anti-terrorist-financing regime is built mainly around the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and its Regulations. FINTRAC is the financial intelligence unit that receives prescribed reports and administers AML compliance obligations for reporting entities.

At a high level:

  • money laundering is the process of making criminal proceeds appear legitimate
  • terrorist financing is the collection or movement of funds to support terrorist activity
  • FINTRAC receives reports and oversees compliance with the reporting framework
  • CIRO and the dealer’s internal supervisory structure remain relevant because AML failures are also conduct and control failures

The exam usually tests recognition, escalation, and control discipline rather than technical drafting of FINTRAC forms.

A Securities-Firm AML Program Has Core Control Elements

Students should recognize the broad elements of an AML and anti-terrorist-financing program:

  • written policies and procedures
  • a designated compliance lead or AML officer
  • a documented risk assessment
  • client due diligence and identity verification
  • recordkeeping
  • training
  • ongoing monitoring and testing

These controls work together. Identity collection without monitoring is weak. Monitoring without records is weak. Reporting without staff training is weak. The program has to function as a system.

    flowchart TD
	    A[Client seeks account or transaction] --> B[Identity and control review]
	    B --> C[Risk assessment and account setup]
	    C --> D[Ongoing monitoring]
	    D --> E{Red flags or unusual activity?}
	    E -->|No| F[Continue documented supervision]
	    E -->|Yes| G[Escalate internally and investigate]
	    G --> H[Report to FINTRAC if required]
	    H --> I[Keep records and apply enhanced monitoring]

The point is sequence. A firm does not jump directly from account opening to reporting. It first builds a defensible client file, monitors activity, and escalates when facts justify further action.

Client Due Diligence Starts with Knowing Who Controls the Account

AML controls begin at onboarding, but they do not end there. The firm should know:

  • who the client is
  • who has authority over the account
  • whether the account has beneficial owners or controlling individuals behind it
  • whether the nature of the client’s business or source of wealth creates higher risk
  • whether politically exposed person or similar higher-risk review is required

This overlaps with ordinary account-opening practice, but the AML purpose is different. In a suitability discussion, the firm asks whether the product fits the client. In an AML discussion, the firm asks whether the client relationship and transaction activity make sense, can be supported, and can be monitored properly.

Ongoing Monitoring Matters More Than One-Time Identity Collection

The firm’s responsibilities do not stop once the account is opened. Ongoing monitoring is important because suspicious patterns often appear later. Examples include:

  • sudden activity in a previously dormant account
  • unexplained third-party deposits or wires
  • rapid movement of money in and out with little investment rationale
  • use of multiple related accounts to move funds in small increments
  • transactions that do not fit the client’s known occupation, business, or account purpose

The CPH exam often rewards the answer that notices the mismatch between the client’s known profile and the actual account activity.

Common Red Flags in Securities Accounts

No single fact proves money laundering or terrorist financing, but certain facts should make the representative pause and escalate:

  • reluctance to provide ordinary identity or control information
  • inconsistent explanations about source of funds
  • beneficial ownership that remains unclear after follow-up
  • deposits from unrelated parties without a credible explanation
  • repeated incoming and outgoing transfers with no investment purpose
  • urgent trading or transfer requests designed to move funds rather than build a portfolio
  • use of high-risk jurisdictions or complex account structures without a clear business reason

The correct response is usually not to make accusations. It is to document the issue, escalate it through the firm’s AML process, and avoid treating the matter as a routine client-service question.

FINTRAC Reporting Exists Alongside Internal Escalation

Where the facts meet the legal threshold, the firm may need to file prescribed reports with FINTRAC. At a high level, students should recognize:

  • Suspicious Transaction Reports when there are reasonable grounds to suspect money laundering or terrorist financing
  • Large Cash Transaction Reports for large cash transactions meeting the reporting threshold
  • Electronic Funds Transfer Reports for qualifying international electronic funds transfers
  • Terrorist Property Reports when the firm knows or believes it controls terrorist property

The exam usually does not require procedural detail about how to complete a form. It does require students to understand that suspicious activity may trigger both internal escalation and an external reporting obligation.

Recordkeeping and Training Support the Program

AML controls are difficult to defend without records. Good files should support:

  • identity verification steps
  • beneficial ownership and control review
  • risk classification decisions
  • monitoring notes and escalations
  • the basis for any report or decision not to report
  • evidence of staff training and policy application

Training matters because suspicious activity is rarely identified only by the AML department. Branch staff, representatives, assistants, and supervisors may all see different parts of the pattern.

Common Pitfalls

  • Treating AML as a one-time account-opening exercise.
  • Assuming that suitability information alone satisfies AML obligations.
  • Accepting unclear source-of-funds explanations without follow-up.
  • Missing the need to escalate suspicious third-party transactions.
  • Treating FINTRAC reporting as the same thing as a client complaint or ordinary compliance file.

Key Takeaways

  • The PCMLTFA and FINTRAC framework focuses on detection, deterrence, reporting, and recordkeeping.
  • Securities firms need policies, risk assessment, due diligence, monitoring, training, and records.
  • Beneficial ownership, control, and source-of-funds questions are part of proper onboarding.
  • The strongest exam answers spot activity that does not fit the client’s known profile.
  • Suspicious activity should be escalated through the firm’s AML process and reported externally where required.

Sample Exam Question

A new corporate client opens an account and provides basic incorporation documents, but the representative cannot get a clear explanation of who ultimately controls the company. Two weeks later, the account receives a large incoming wire from an unrelated foreign entity, immediately buys a thinly traded security, and sends most of the proceeds out again after a quick sale. The branch manager suggests waiting to see whether the pattern repeats before doing anything formal.

What is the strongest response?

  • A. Treat the issue mainly as a product-suitability question because the account already holds securities.
  • B. Escalate the matter through the firm’s AML process because beneficial ownership remains unclear and the transaction pattern is suspicious.
  • C. Ignore the issue because the corporation provided incorporation documents at account opening.
  • D. Focus only on whether the client paid the trading commissions disclosed on the confirmation.

Answer: B. The fact pattern raises both control and transaction red flags. The firm should not rely on a weak opening file and should escalate the activity through its AML framework promptly.

### What is FINTRAC's main role in the Canadian AML framework? - [ ] To decide whether a recommendation is suitable for the client - [x] To receive prescribed AML reports and oversee compliance with the reporting regime - [ ] To insure client accounts against market losses - [ ] To approve prospectuses and exempt distributions > **Explanation:** FINTRAC is Canada's financial intelligence unit and the recipient of prescribed AML reports. ### Which fact most clearly raises a beneficial ownership concern? - [ ] The client prefers electronic delivery of statements - [ ] The client asks about dividend reinvestment - [x] A corporation opens an account, but no one can explain who ultimately controls it - [ ] A client wants a conservative asset mix > **Explanation:** Beneficial ownership review focuses on who ultimately owns or controls the relationship behind the legal account holder. ### Which statement best describes ongoing monitoring in AML practice? - [ ] It replaces account-opening identification requirements - [ ] It applies only to cash deposits - [ ] It matters only after a regulator starts an examination - [x] It helps the firm detect activity that no longer matches the client's profile or expected use of the account > **Explanation:** Ongoing monitoring looks for unusual activity, not just incomplete opening documents. ### Which pattern is the strongest AML red flag in a securities account? - [ ] A long-term investor rebalances once a year - [ ] A client updates an address after moving - [x] Repeated third-party funding followed by rapid trading and outbound transfers with no clear investment rationale - [ ] A retiree buys an investment-grade bond ladder > **Explanation:** Third-party funding plus rapid movement of money without a coherent investment purpose is a classic escalation trigger. ### What is usually the strongest first response when a representative notices suspicious activity? - [ ] Confront the client immediately and accuse them of money laundering - [ ] Close the account without documentation - [x] Escalate the matter internally through the firm's AML process and preserve the relevant facts - [ ] Wait until year-end to see whether the pattern becomes clearer > **Explanation:** The representative should escalate through the firm's documented AML framework rather than improvise. ### Why is AML not satisfied by ordinary suitability review alone? - [ ] Because AML applies only to institutional accounts - [x] Because AML also requires identity, control, monitoring, recordkeeping, and possible reporting analysis - [ ] Because suitability rules have been repealed - [ ] Because AML is relevant only when a client complains > **Explanation:** Suitability and AML overlap, but AML has its own control and reporting framework.
Revised on Friday, April 24, 2026
CIPF & Protection