AML Compliance Effectiveness Review Services

Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its regulations (Regulations), Canadian reporting entities are required to conduct an AML Compliance Effectiveness Review (which is like an audit, but for compliance) at least every two years.

In some cases, service providers such as banks and correspondents may require copies of the review reports. They may also ask for reviews to be conducted on a more frequent basis.

AML Compliance Effectiveness Reviews must test the effectiveness of your whole compliance program, including your documented regime, consisting of:

An Appointed Compliance Officer;
Policies and Procedures;
A Risk Assessment;
Ongoing Training; and
Previous AML Compliance Effectiveness Reviews.

In addition, the AML Compliance Effectiveness Review must test the effectiveness of your operations. This means auditing the things that you’re actually doing during a specific period of time. This involves sharing specific information about your practices, clients, and transactions with the reviewer.

While examinations conducted by regulators, including the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), may follow a similar format, these do not count towards the requirement to complete an AML Compliance Effectiveness Review at least every two years. In addition, the requirements for this type of audit are very specific to Canada, making it important to ensure that you are engaging an internal resource (preferably one that does not have direct compliance oversight responsibilities), or an external service provider (preferably one that has not participated in recent development or updates of your compliance program) who is knowledgeable with regard to Canadian AML and CTF compliance requirements. Reviews conducted for compliance with requirements in another jurisdiction (including our close neighbours, the United States of America) do not meet Canadian requirements.

The results of the AML Compliance Effectiveness Review, as well as any plans to remediate deficiencies, must be reported to your Senior Officer within 30 days. Remediation plans should describe the steps that are being taken to address the issue, as well as any additional steps that will be taken to test the effectiveness of the solution. These may include:

Updating the AML Compliance Program;
Creating new controls;
Updating processes;
Updating client records; and
Providing additional staff training on specific topics.

As a best practice, the remediation plan should include target dates for all action items. If you’re struggling with this part, you can download a copy of our template here (you’re welcome), and edit it to fit your situation:

Compliance Remediation and Program Update Log

Outlier conducts AML Compliance Effectiveness Reviews for financial entities (such as banks and credit unions), money services businesses (MSBs), dealers in precious metals and stones (DPMSs), securities dealers, and real estate companies.

Where it is mutually agreeable, this work can be completed on a fixed-fee basis (meaning that you know exactly what you’ll pay before we start work) and can reasonably plan ahead for the inevitable expense.

How can we help you?*
What do you need?*
What type of training are you looking for?*
Type of Training (Other)*
What type of privacy consultation are you looking for?*
Privacy Consultation (Other)*
Where are you in the process?*
Progress (Other)*
What type of business are you?*
Type of Business (Other)*
Who do you want to hear from?*
What type of event are you holding?*
Type of Event (Other)*
What topics are you interested in?*
Topic (Other)*
Other Request*
Please tell us a bit about yourself.
Name*
First Last
Company Name*
Email*
Phone*
How did you hear about us?
How did you hear about us - Other
Any other comments?