PCMLTFA changes for title insurers, mortgage companies, cheque cashing, and factoring firms

The PCMLTFA expansion to these four industries closes a long-standing regulatory gap. Each industry has been identified in Canada's national risk assessments and in successive FATF mutual evaluations as a vector for money laundering that previously fell outside formal AML regulation. Title insurance touches real estate, which is the most-targeted sector under the existing PCMLTFA enforcement regime. Mortgage origination touches the same flows. Cheque cashing intermediates cash. Factoring intermediates short-term credit. Bringing each industry under the PCMLTFA forces a documented, examiner-defensible AML program, which is what each of them now has to build.

This is a long explainer. The first section covers why the expansion happened and what is common across all four industries. The next four sections take each industry in turn: title insurers, mortgage companies, cheque cashing, and factoring. The last section covers the common compliance pillars and a 90-day plan that works across all four.

Why the PCMLTFA expanded scope

The PCMLTFA has been amended on a rolling basis since the late 2010s to bring more of the Canadian non-bank financial sector into formal AML regulation. Three converging policy drivers explain why these four industries in particular came into scope.

The FATF mutual evaluation. The Financial Action Task Force's mutual evaluations of Canada repeatedly flagged the absence of AML obligations in industries that materially intermediate Canadian payment and credit flows. Real estate had already been brought into the regime. Title insurance, mortgage origination, cheque cashing, and factoring sit close to those flows and were the obvious next set.

Canada's national risk assessments. The Department of Finance's national money-laundering and terrorist-financing risk assessment programme has been pointing at each of these industries for several cycles. Each cycle's findings became more specific. The legislative response is the direct consequence.

The real-estate enforcement experience. Real estate has been the most-targeted sector under the existing PCMLTFA enforcement regime. Of the 84 published FINTRAC AMP actions between November 2020 and May 2026, 27 (about 32%) were against real estate brokers, with violations concentrated in KYC, beneficial ownership, and recordkeeping. The lesson FINTRAC took from that experience was that the industries adjacent to real estate, and the industries that intermediate Canadian payment and credit flows, all need to be inside the regime, not outside it.

What is common across all four newly-captured industries

Although the four industries operate in different parts of the Canadian financial system, the program they each have to build looks very similar. Five things are common.

• Five-pillar program. Officer appointment, risk assessment, policies and procedures, training, independent review. Each industry has to stand all five up.
• KYC, beneficial ownership, and sanctions screening on counterparties. Whether the counterparty is the insured party on a title policy, the borrower on a mortgage, the presenting party on a cheque, or the factored debtor on an invoice, the underlying obligation is the same.
• STR triage and filing. Each industry has typologies that an examiner expects to see triaged and, where appropriate, filed.
• Recordkeeping to FINTRAC standards. The recordkeeping standard is industry-specific in the detail and identical in the principle: the records have to be there, organised, and producible on a FINTRAC request.
• The Bill C-12 effectiveness standard. Every newly captured firm has to design its program to be reasonably designed, risk-based and effective from day one. We covered this in detail in the Bill C-12 guide.

What differs across the four industries is the specific typology, the practical evidence an examiner will expect to see, and the workflow stage where the program has to bite. The next four sections take each industry in turn.

Title insurers

What changed

Canadian title insurance underwriters have been brought into the PCMLTFA reporting-entity tent through amendments that recognise their position in the real estate transaction chain. A title insurer underwrites a policy that protects the lender or the buyer against title defects. The underwriter sees the parties, the property, the consideration, and the funds flow. That places the title insurer in a position to identify money-laundering typologies that the real estate broker and the lender each see only partially.

The compliance program a title insurer has to build

The program looks like the program any other PCMLTFA reporting entity must build, configured for title work. Specifically:

• Appointed compliance officer. A named officer with the authority and reporting line to make the program effective. For most Canadian title underwriters, this is a senior person in legal, risk, or operations, or a fractional CAMLO retained on a named basis.
• Risk assessment. Specific to title work: the geographic distribution of policies, the corporate-vs-individual mix of insured parties, the source jurisdictions for corporate insured parties, the cash-vs-financed mix of the underlying transactions, and the broker channels used to originate.
• KYC and beneficial ownership on insured parties. Identity verification on individuals; beneficial ownership work on corporate insured parties; ongoing monitoring of the relationship for material changes.
• Sanctions and PEP screening at policy issuance and renewal. Every insured party and every related entity (where applicable) screened against Canadian sanctions lists and PEP lists, with hits dispositioned and logged.
• Recordkeeping. Identity records, beneficial ownership records, screening records, and copies of the policy and transaction documentation retained for the FINTRAC-prescribed period.
• STR triage. Typologies specific to title insurance (last-minute substitution of insured party, source-of-funds inconsistencies between the buyer and the financing, related-party corporate structures designed to obscure beneficial ownership) routed through a documented triage process.
• Beneficial Ownership Material Discrepancy Reports. Where the title insurer's beneficial ownership work on a corporate insured party turns up information that materially conflicts with the public registry, the obligation to file a Material Discrepancy Report applies. We cover the mechanics in the Material Discrepancy Report explainer.

Where title insurers most often get it wrong

The most common first-year mistakes are treating the program as a documentation exercise (a binder rather than a workflow), routing AML through the legal team without a dedicated compliance officer, and skipping the beneficial ownership step on corporate insured parties because the broker file already contains some BO information. The Bill C-12 standard treats each of these as a foundational deficiency.

Mortgage companies

What changed

Mortgage brokers, lenders, and administrators are now PCMLTFA reporting entities. Each of the three plays a different role in the mortgage life cycle (origination, funding, servicing), and the PCMLTFA recognises that the obligations attach to whichever party is actually exposed to the risk at each stage. The provincial regulators (FSRA in Ontario, BCFSA in British Columbia, others by province) continue to regulate the underlying licensing, but the federal PCMLTFA obligations apply on top.

The compliance program a mortgage company has to build

The five-pillar structure carries through, with a mortgage-specific configuration on every pillar.

• Appointed compliance officer. Brokers, lenders, and administrators each need a named officer. For broker shops, this is typically the principal broker or a senior staff member with delegated authority; for lenders and administrators, a dedicated officer (in-house or fractional) is more common.
• Risk assessment. Specific to mortgage origination: borrower geography, employment-vs-self-employed mix, refinancing-vs-purchase mix, source jurisdictions for non-resident borrowers, private-vs-institutional funding source, second-mortgage and bridge-loan volumes.
• KYC, BO, and source-of-funds work on borrowers. Identity verification on individual borrowers. Beneficial ownership work on corporate borrowers (which includes many investor borrowers). Source-of-funds documentation on the down payment, particularly where the down payment originates outside Canada or from related parties.
• Sanctions and PEP screening at application and at closing. Every borrower and (where applicable) every signing officer screened, with hits dispositioned and logged. Screening at closing matters because there is often a gap of weeks or months between application and funding.
• Recordkeeping. Application, identification, BO, screening, and closing records retained for the FINTRAC-prescribed period. Mortgage administrators carry the records forward through the life of the mortgage; brokers and lenders retain through the prescribed window.
• STR triage. Typologies specific to mortgage origination (cash-only down payment from undocumented sources, last-minute change of borrower, recurrent refinancing without economic justification, structuring around lender LTV thresholds) routed through documented triage.
• Beneficial Ownership Material Discrepancy Reports. Where BO information on a corporate borrower conflicts materially with the federal registry, the same obligation applies. Investor-borrower files are the most common source of these reports.

Where mortgage companies most often get it wrong

The mortgage industry's biggest first-year mistakes are running the AML program as a compliance overlay on top of an unchanged sales workflow, treating source-of-funds documentation as the buyer's lawyer's problem, and assuming that lender-side anti-fraud controls are equivalent to AML controls. They are not. An examiner expects to see the AML program built into the file workflow, with source of funds documented by the originator and retained in the file.

Cheque cashing

What changed

Cheque cashing businesses have been brought further into the PCMLTFA reporting-entity tent. Cheque cashing as an activity has long been captured indirectly where the firm also performed other MSB activities (currency exchange, remittance), but standalone cheque cashing operations were a regulatory grey area. That grey area has closed. A firm whose business is cashing cheques in exchange for a fee now has the same PCMLTFA obligations as any other reporting entity.

The compliance program a cheque cashing firm has to build

• Appointed compliance officer. Named, with authority and reporting line. For most cheque cashing firms, this means promoting a senior staff member, retaining a fractional officer, or building the role into the operations leadership.
• Risk assessment. Specific to cheque cashing: customer mix (one-time vs recurring), cheque type (payroll, government, private), face-value distribution, source of cheques (employer, government issuer, third-party), and geographic concentration.
• KYC on each cashing customer. Identity verification on each customer. Recurring customers may go through risk-based enhanced due diligence depending on volume and pattern.
• Sanctions and PEP screening on the customer and (risk-based) on the cheque issuer. Hits dispositioned and logged.
• Recordkeeping. The presenting customer, the cheque (or image), the disposition (cashed, returned, held), the fee, and the disbursement. Records retained for the FINTRAC-prescribed period.
• STR triage. Typologies specific to cheque cashing (structured cashing across multiple locations on the same day, cheques from related-party issuers, payroll cheques presented by third parties, cheques cashed and immediately wired or remitted out) routed through documented triage.

Where cheque cashing firms most often get it wrong

The most common cheque cashing mistakes are treating KYC as a one-time event for repeat customers, omitting source-of-cheque analysis (especially for third-party-presented payroll cheques), and not catching same-day structuring across locations because there is no central monitoring view. An examiner will look for evidence of an aggregated customer view across the firm, not just per-location KYC files.

Factoring

What changed

Invoice factoring firms have been brought further into the PCMLTFA reporting-entity tent. Factoring sits in a sector that was previously regulated mainly through commercial law (the assignment of accounts receivable, security interests, and so on) rather than through AML obligations. The expansion treats factoring as the credit-intermediation activity it functionally is, and applies the same AML expectations that apply to other credit intermediaries.

The compliance program a factoring firm has to build

• Appointed compliance officer. Named, accountable. Most factoring firms historically ran underwriting under credit risk; the compliance officer role is now distinct.
• Risk assessment. Specific to factoring: client industry mix (construction, staffing, freight, services), invoice obligor concentration, advance-rate distribution, recourse-vs-non-recourse mix, geographic distribution of the underlying receivables.
• KYC and BO work on the factoring client. Identity on individuals (where applicable) and BO on corporate clients. KYC on the obligor (the company paying the invoice) is risk-based, depending on the role the firm wants the obligor to play in the relationship.
• Source-of-funds review on advances. Where the firm's own funding is from third-party capital, the source-of-funds obligation runs both ways.
• Sanctions and PEP screening. On the client, the client's principals, and (risk-based) the obligor.
• Recordkeeping. Client file, BO information, screening records, advance and collection records, retained for the FINTRAC-prescribed period.
• STR triage. Typologies specific to factoring (round-trip invoicing between related parties, advance-and-pay-back patterns without underlying receivable economics, dispute-and-replace patterns that obscure the underlying flow) routed through documented triage.

Where factoring firms most often get it wrong

The most common factoring mistakes are running AML through the credit underwriting workflow rather than as a parallel discipline, omitting BO work on corporate clients because credit underwriting already pulled directors and officers, and not maintaining a typology-specific monitoring view across the client book. Round-trip invoicing in particular is a typology that does not surface in single-file review; it requires an aggregated view.

The five pillars, in industry-neutral terms

All four newly-captured industries have to stand up the same five pillars. Each pillar has industry-specific detail that the program documentation has to reflect, but the structure is uniform.

1. Compliance officer appointment. A formally appointed officer with the knowledge, authority, and reporting line to make the program effective. Documented appointment, board or principal approval as applicable, and named accountability.
2. Risk assessment. A current, written money-laundering and terrorist-financing risk assessment that reflects the firm's actual products, customers, geographies, and channels. The risk assessment calibrates every other control.
3. Policies and procedures. Written, version-controlled, board or principal approved, mapped to the actual operational workflow. The policies of the firm, not a template.
4. Training program. Role-based training for every employee, contractor, and agent with AML responsibilities, with completion records and refresh on a defined cadence.
5. Independent effectiveness review. A periodic independent review of the program (every two years for most reporting entities), with findings tracked to closure.

The first 90 days

For a firm in any of the four industries, the first 90 days under the new regime separate the firms that will pass the first examination from the firms that will not.

Days 1 to 30: appoint the officer

• Identify a compliance officer (in-house, fractional, or shared) and document the appointment.
• Confirm any required registration (federal or provincial) and bring contact information current.
• Draft a first-pass risk assessment so subsequent decisions are calibrated to actual risk, not assumed risk.

Days 31 to 60: build the program

• Write the policies and procedures to match the actual workflow, not a template.
• Deploy an AML platform that captures KYC, screening, BO, and records in one place. Spreadsheets will not scale to the new standard.
• Train the team. Document completion. Refresh annually.

Days 61 to 90: remediate the back-book, then dry-run

• Bring the existing customer or client book up to the new standard. File any Material Discrepancy Reports surfaced by the BO comparison against the registry.
• Run a documented dry-run examination, internally or with an outside practitioner. Treat the findings as if they were FINTRAC's. Track to closure.
• Move into ongoing operations. The program is now the operating discipline of the firm, not a project.

How BriteBase helps

BriteBase covers each of these four industries under the same umbrella. The AML Operating Platform handles KYC, screening, beneficial ownership, recordkeeping, and STR triage with industry-specific configuration. The AML Managed Services bench operationalises the program day to day, with a fractional Chief Anti-Money Laundering Officer of record. Special Projects handle the first-90-days build and the back-book remediation as fixed-fee engagements. Advisory Services cover the strategic and regulator-facing questions: an outside view on the new program design, a board briefing, a regulator meeting, or a second opinion on a contested examination finding.

For an industry-specific case study, see title insurers, mortgage companies, or cheque cashing & factoring.

FAQ