1.Context
Bill C-12 is a Canadian federal statute that amends the PCMLTFA, the law governing anti-money-laundering and anti-terrorist-financing in Canada. Mortgage brokers are reporting entities under this Act. They have specific obligations: identify their clients, maintain records, report suspicious and large-cash transactions, and maintain a written compliance program.
Before Bill C-12, Canadian administrative penalties were modest compared to the US or UK equivalents. Bill C-12 brings Canada in line with those jurisdictions. Parliament wanted to send a clear signal after several years of critical FATF (Financial Action Task Force) reviews of Canada's AML regime.
2.Effective date
- March 26, 2026: Royal Assent.
- Immediate: provisions that do not require regulations are effective on Royal Assent. This includes the new penalty schedules for existing violations.
- Phased: some technical obligations take effect gradually by regulation. Watch the FINTRAC official page.
3.The three major changes
3.1 Administrative penalties multiplied by roughly 40
This is the most visible change. Maximum fines per violation (minor, serious, very serious) have been raised significantly. For a small reporting entity like a solo broker, a single very serious violation could previously reach a few tens of thousands of dollars. The ceiling is now in the hundreds of thousands, or more for repeated violations.
3.2 Personal liability of the principal
Bill C-12 reinforces provisions allowing FINTRAC to impose penalties not just on the firm, but on the individual who directs or oversees the compliance program when gross negligence is involved. For a solo broker or small-firm principal, the distinction between "me" and "my company" becomes fragile.
3.3 Faster enforcement
FINTRAC has new tools to accelerate enforcement procedures. On-site reviews can now lead to penalty notices more quickly. Challenge windows have not fundamentally changed, but the waiting time between review and penalty notice has shortened.
4.Penalty schedule
FINTRAC penalties fall into three severity levels. Each violation in a category accumulates a separate amount, and those amounts add up when multiple violations are found during a single review.
| Category | Example | Change (indicative) |
|---|---|---|
| Minor violation | Administrative delay in recordkeeping | Significantly increased ceiling, specified by regulation |
| Serious violation | No written compliance program | Notably higher ceiling, roughly 40x multiplier on prior amounts |
| Very serious violation | Recurring failure to file a suspicious transaction report | Ceiling can exceed several hundred thousand dollars per instance |
Note: exact amounts are set by regulation and FINTRAC's published schedule. For current figures, consult the official FINTRAC Penalties for non-compliance page. Hypora does not substitute for that source.
5.What it changes for the broker
5.1 The cost of negligence becomes existential
A solo mortgage broker typically closes between 4 and 10 deals a month. A single "very serious" violation can wipe out a year of net income. Two can bankrupt the business. That is the intended effect. The broker's calculation is no longer "is rigorous documentation worth it". The calculation is "can I afford not to do it".
5.2 Documentation is the only proof of compliance
During a review, FINTRAC asks to see the records. A broker who performed the right identity checks but cannot prove it is treated as a broker who did not. What is not documented does not exist.
5.3 Brokerages tighten internal processes
Several large brokerages have already issued internal notes requiring affiliated brokers to prove they have a current compliance program. Liability flows up the chain. A broker with a weak program puts their firm at risk too.
6.Preparation checklist
Seven points to verify in your current practice:
- Written compliance program current, dated, signed. Names the compliance officer (even if that is you).
- Documented identity verification procedure with accepted methods (original photo ID, dual-source, credit file, etc.).
- Records for each file: photocopied or scanned ID, verification date, method, verifier name.
- STR procedure with the current FINTRAC F2R form reference.
- PEP procedure (politically exposed persons) with documentation of enhanced measures.
- Risk assessment performed at least annually, documented, signed.
- Annual training documented for yourself and every person handling files.
7.FAQ
Does my E&O insurance cover a FINTRAC penalty?
Very rarely. Most policies explicitly exclude administrative penalties imposed by a regulator. Re-read your policy. And 2026 premiums reflect Bill C-12, so a renewal this year may bring surprises.
Can I challenge a FINTRAC penalty?
Yes. You have 30 days from notice to file a written representation with the FINTRAC director. If the decision is maintained, you can seek judicial review at the Federal Court. But these procedures are long, expensive, and the penalty continues to accrue during that time.
Does FINTRAC publish penalties?
Yes. FINTRAC publishes the list of reporting entities that received penalties, with amount and violation type. It is a public registry. For a broker whose client relationships depend on trust, being named on that list can be more costly than the penalty itself.
How does Hypora fit in?
Hypora is a software tool that helps the broker document their obligations. We collect documents, timestamp each action, generate an exportable PDF report you can present to FINTRAC during a review. We do not replace your compliance program or professional judgment. We are not a mortgage broker. Responsibility for compliance remains yours.