Senior leaders acting as CCO or CAMLO alongside primary responsibilities

Compliance obligations exceeding internal capacity or resources

Firms preparing for or undergoing FINTRAC effectiveness reviews

Firms subject to regulatory examinations (e.g. OSC, OSFI, FINTRAC etc.)

Firms subject to regulatory terms & conditions imposed by a securities regulator

Fractional Chief Compliance Officer (CCO) or Chief Anti-Money Laundering Officer (CAMLO) support services

Compliance program design and enhancement

AML frameworks and risk assessment methodologies

Operational compliance support

Project management (e.g. implementation of new compliance software or solutions)

Regulatory registrations and filings

Compliance training

Board and senior management reporting

FINTRAC effectiveness reviews

Compliance testing and file reviews

Mock Regulatory Examinations

Portfolio Managers and Exempt Market Dealers (NI 31-103 Registrants)

Mortgage brokerages

Money services businesses (MSBs) including MSBs impacted by Ministerial Directive (Iran)

Crypto firms and exchanges

Provincially regulated firms (Credit unions, trust companies etc.)

OSFI-regulated entities

25+ years in regulatory compliance, AML/ATF and risk management across banking, capital markets and asset management

Former Chief Compliance Officer roles within large and complex financial institutions

Designed and implemented enterprise compliance programs across multi-asset and regulated environments

Proven track record of programs that have withstood regulator scrutiny

Experience across multiple regulated sectors and jurisdictions

Fully operationalized their AML program

Established a documented risk-based approach

Implemented monitoring, reporting and recordkeeping processes

Appointment of a Compliance Monitor and/or a qualified Chief Compliance Officer

Execution of a formal compliance plan

Independent oversight or compliance monitoring

Defined timelines

Ongoing regulatory reporting

Expectations for demonstrable progress and evidence of remediation

Policies and procedures aligned with applicable regulatory requirements

Control design and documentation, including clearly defined control activities and supporting evidence

Governance structures and compliance frameworks, including:

Application of NI 31-103 compliance system requirements, including governance, policies and procedures, and ongoing monitoring

Development of AML/ATF programs consistent with FINTRAC requirements under applicable legislation, including risk assessments, policies and procedures, ongoing monitoring, reporting and training

Implementation of OSFI Guideline E-13 (Regulatory Compliance Management) principles, including compliance governance, risk identification, control frameworks and reporting to senior management and the board

Consideration of broader regulatory expectations and supervisory guidance, including securities regulators, FINTRAC and relevant industry practices

Enterprise-level AML/ATF risk assessments, covering customer characteristics, products and services, delivery channels, geographic exposure and other relevant factors

Development of formal risk assessment methodologies, including clearly defined risk criteria, likelihood and consequence scoring, and documented risk evaluation processes

Customer risk rating frameworks, including scorecards to assess and document ML/TF risk at onboarding and throughout the business relationship

Automated risk scoring tools (e.g., Excel-based scorecards), where risk ratings are systematically computed based on responses to standardized inputs (e.g., drop-down selections), enabling:

Consistent and repeatable risk assessments across the firm

Reduced reliance on subjective judgment

Practical implementation for firms with limited systems or technology infrastructure

Identification and analysis of ML/TF risk typologies and behavioural patterns relevant to the firm's products, services and operating environment

AML/ATF risk registers, documenting identified risks, control effectiveness, residual risk and mitigation strategies

Design of risk mitigation strategies, including enhanced due diligence, escalation protocols and control enhancements

Integration of risk assessment outputs into operational processes, including KYC, monitoring, reporting and decision-making

Ongoing monitoring and periodic review frameworks, including trigger events and continuous refinement of the risk-based approach

Securities registration processes and NRD filings

FINTRAC registration and reporting obligations, including use of the FINTRAC Web Reporting System (FWR)

Coordination of responses to regulatory inquiries

Preparation of documentation to support regulatory submissions

Design of role-specific training programs, tailored to the firm's business model and regulatory obligations (e.g., NI 31-103, FINTRAC)

AML/ATF, sanctions and general compliance training, including onboarding and annual refresher programs

Implementation of structured, screen-based training solutions, using third-party platforms (e.g., LRN) or internally developed tools

Development of in-house training delivery frameworks, leveraging tools such as SharePoint and Microsoft Forms to distribute training materials and track the completion of knowledge assessments

Tracking and reporting of training completion, including maintenance of audit-ready records

Assessment of comprehension through quizzes and testing, with documented results to evidence understanding and effectiveness

serving as a compliance monitor pursuant to terms and conditions imposed by a securities regulator

Independent oversight and reporting on remediation activities

Assessment of progress against regulatory requirements and commitments

Support in responding to regulatory findings, deficiency letters and examination reports

Development and validation of remediation plans

KYC and onboarding file reviews

Transaction monitoring and alert reviews

Trade reviews and suitability oversight (for NI 31-103 registrants)

Personal trading and conflicts of interest monitoring

Sanctions, PEP and adverse media screening processes

Assessment of documentation quality and audit readiness

Project management of compliance technology initiatives, including planning, timelines, stakeholder coordination and vendor oversight

Assessment and selection of compliance tools, including KYC platforms, sanctions/PEP screening solutions, transaction monitoring systems and case management tools

Translation of regulatory requirements into system design, ensuring tools are configured to support compliance obligations

Configuration support and workflow design, including onboarding processes, monitoring triggers, escalation pathways and documentation standards

Integration of systems into existing operations, ensuring alignment with front-line processes and minimizing operational disruption

Testing and validation of system outputs, including ensuring data integrity, accuracy of alerts and adequacy of audit trails

Development of supporting policies, procedures and user guidance, aligned with system functionality

Post-implementation review and optimization, including identification of gaps and enhancements

Validation of your risk assessment methodology

Review of policies, procedures and controls, including alignment with current FINTRAC guidance

Assessment of monitoring, reporting and recordkeeping processes, including transaction monitoring and escalation practices

Sample-based testing of files and transactions, including KYC, screening, and reporting decisions

Evaluation of training, governance and oversight, including evidence of implementation

Independent written report documenting scope, methodology and findings

Clear identification of deficiencies and control gaps

Practical, prioritized remediation roadmap tailored to your business

Supporting documentation designed to be audit-ready for FINTRAC examination

You are approaching your 2-year FINTRAC effectiveness review requirement

You have not previously conducted a formal review

You want to assess your program before a FINTRAC examination

Your business has experienced growth or changes in products, channels or customer base

Experience designing and testing AML programs across multiple regulated sectors

Familiarity with FINTRAC examination expectations and common deficiencies

Practical, risk-based approach focused on how programs operate in reality

Reviews designed to be defensible, documented and regulator-ready

Did not clearly assign responsibilities

Lacked operational guidance for brokers

Did not address corporate borrowers or beneficial ownership

Provided limited support for documenting and evidencing compliance

Developed a custom Policies & Procedures Manual (PPM) tailored to the firm's actual workflows

Embedded step-by-step operational guidance, including system screenshots and documentation standards

Introduced structured processes for:

KYC and source of funds verification

Corporate onboarding and beneficial ownership

Third-party determination and PEP handling

Customer, product, geographic and channel risks

ML/TF and sanctions exposure

ML/TF & Sanctions Risk Register

Regulatory Compliance Risk Register

Built a standardized, weighted risk scorecard applied at the file level

Enabled brokers to assess risk through structured inputs (e.g., borrower profile, mortgage product type, property and transaction attributes, geography)

Automatically generated consistent risk ratings, reducing subjectivity

Triggered enhanced due diligence (EDD)

Required escalation to the AML Officer

Ensured decisions were documented and auditable

Appointment of a dedicated AML Officer

Direct reporting to senior management

Weekly compliance oversight meetings

Issue escalation

Policy updates

Risk reporting

Implemented a structured training program using the LRN platform

Developed:

Role-specific training aligned with the PPM

Comprehension testing and completion tracking

Introduced:

Live training sessions

Ongoing awareness communications

This ensured training was trackable, consistent and auditable.

Introduced:

First-line controls (broker documentation standards)

Second-line QA reviews to identify deficiencies

Established an Issue Management Log to track:

Deficiencies

Remediation actions

Recurring themes and risks

Developed a roadmap to evolve QA from checklist-based review to a risk-sensitive oversight function

No enterprise-level reporting capability

Weak sanctions screening functionality

No alert or case management tools

Designed manual compensating controls and workflows

Implemented external screening processes

Engaged with the system provider to advocate for enhancements

Transitioned from generic, high-level documentation to a fully operational AML program

Established a risk-based, auditable framework aligned with FINTRAC expectations

Enabled consistent application of:

Risk assessments

Documentation standards

Escalation protocols

Demonstrate program effectiveness

Prepare for FINTRAC examination

Support ongoing compliance as the sector matures

Appoint a qualified Chief Compliance Officer (CCO)

Implement a formal compliance plan to address identified deficiencies

Operate under the oversight of a compliance monitor

Serve as the firm's CCO

Support the execution of a comprehensive compliance remediation plan

Provide independent compliance oversight and testing aligned with regulatory expectations

Assumed responsibility for CCO oversight and reporting

Established clear governance, escalation and supervision frameworks

Implemented structured compliance monitoring and issue tracking processes

Reviewed and prioritized all regulatory findings and deficiencies

Developed and implemented a detailed remediation roadmap

Enhanced key components of the compliance program, including:

Policies and procedures

KYC, suitability and documentation practices

Conflicts of interest identification and management

Books and records controls

Supported the firm in responding to regulatory requirements and inquiries

Provided structured progress reporting on remediation activities

Ensured documentation and outputs were aligned with regulatory expectations

Successfully implemented the firm's compliance remediation plan

Established a functional and sustainable compliance framework

Demonstrated that controls were:

Clearly defined

Consistently applied

Operating effectively

All transactions associated with Iran were required to be treated as high risk

Enhanced due diligence, monitoring and reporting obligations applied

Regulatory expectations extended beyond documentation to demonstrable program effectiveness

High transaction volumes

Ongoing FINTRAC examination and audit activity

Significant interpretive challenges relating to reporting obligations

Serve as Chief Anti-Money Laundering Officer (CAMLO)

Strengthen the firm's AML/ATF compliance framework

Enhance monitoring, reporting and control effectiveness

Support regulatory interpretation and engagement with FINTRAC

Foster trusted relationships with business partners and banking providers

Formalized treatment of all Iran-linked transactions as high risk, consistent with Ministerial Directive requirements

Implemented controls to ensure:

Collection of source of funds and purpose for all relevant transactions

Consistent application of enhanced due diligence (EDD)

Clear documentation to support reporting decisions

Established processes to ensure:

EFT and large cash transaction reporting aligned with regulatory expectations

Appropriate use of STR reporting where suspicion thresholds were met

Designed and implemented rule-based monitoring within the core system (CurrencyXchanger / 4D), including:

Aggregation rules to identify high cumulative transaction values

Alerts for high transaction volume patterns

Detection of potential structuring (cash and EFT)

Triggers requiring compliance override and EDD documentation

Pre-trade restrictions

Mandatory data fields

Embedded compliance checks within workflows

Led formal interpretation requests to FINTRAC on complex reporting scenarios, including:

Treatment of domestic settlement transactions linked to Iran flows

Clarification of reporting obligations under the Ministerial Directiven

Incorporated FINTRAC guidance into:

Policies and procedures

Reporting practices

Staff guidance and escalation protocols

Established a direct reporting line from CAMLO to the senior officers and directors of the company

Implemented structured:

Compliance reporting

Issue escalation

Monitoring of remediation activities

Resourcing the compliance function

Balancing audit demands with operational priorities

Leveraged and enhanced existing systems, including:

CRM-integrated AML module

Identity verification tools

Sanctions and adverse media screening solutions

Focused on:

Embedding controls directly into operational systems

Improving data capture, audit trails and documentation quality

Aligning system functionality with regulatory expectations for monitoring and reporting

Established a structured, risk-based AML program tailored to a high-risk jurisdictional exposure

Implemented defensible transaction monitoring and reporting processes

Achieved alignment with FINTRAC expectations and interpretive guidance

Strengthened governance, documentation and audit readiness

Established a long-term trusting relationship with a key business partner

Operate high transaction volumes within a controlled and well-documented framework

Demonstrate that AML controls were:

Clearly defined

Consistently applied

Supported by sufficient evidence

Strengthen relationships with banking and payment service providers, who, following review of the enhanced compliance program, reduced their level of heightened scrutiny and oversight

Portfolio compliance with regulatory and client mandate restrictions

Pre- and post-trade controls

Monitoring of regulatory ownership thresholds and related filing obligations

Properly configured and calibrated

Aligned with the firm's specific portfolios and structures

Embedded into day-to-day compliance processes

Lead the implementation and operationalization of compliance monitoring tools

Translate regulatory obligations and mandate requirements into practical system configurations and workflows

Ensure outputs were usable, reliable and supported by appropriate controls and documentation

Implemented and calibrated monitoring rules within FundApps to track:

Regulatory ownership thresholds and disclosure triggers

Aggregated positions across accounts and strategies

Internal investment limits and client mandate restrictions

Ensured rules were:

Appropriately configured to reflect the firm's holdings and structures

Tested against real portfolio data

Supported by clear internal documentation

Established processes to support:

Identification of threshold breaches and near-breaches

Escalation to compliance for assessment of filing requirements

Documentation of decisions and supporting rationale

Integrated system alerts into a structured compliance workflow, ensuring:

Timely review of alerts

Consistent handling of regulatory triggers

Clear audit trails

Configured pre-trade controls within Bloomberg AIM to:

Prevent breaches of investment restrictions prior to execution

Flag exceptions requiring compliance review

Leveraged FundApps for post-trade monitoring to:

Identify potential breaches of thresholds and limits

Support ongoing compliance oversight

Designed and implemented processes for:

Alert triage and investigation

Coordination between compliance and portfolio management

Documentation of outcomes, including filing decisions where applicable

Ensured alerts were:

Actionable and prioritized

Incorporated into regular compliance monitoring activities

Conducted testing to ensure:

Accuracy of position aggregation

Reliability of threshold monitoring

Consistency between system outputs and underlying data

Identified and resolved:

Data mapping and feed issues

Inconsistencies affecting alert accuracy

Developed supporting:

Policies and procedures aligned with system functionality

Internal guidance for handling regulatory threshold alerts

Documentation supporting regulatory and audit review

Embedded monitoring processes into the firm's overall compliance framework

Successfully implemented automated monitoring of investment restrictions and regulatory thresholds

Established a structured process for identifying, escalating and documenting potential filing obligations

Reduced reliance on manual tracking of ownership levels and limits

Improved consistency, timeliness and auditability of compliance processes

Demonstrate that compliance controls were systematic, repeatable and evidence-based

Reduce operational risk associated with missed or delayed regulatory filings

Support scalable growth while maintaining robust compliance oversight

Advisory & Support — designing and operating compliance programs

Operational Support — assisting with day-to-day execution of compliance activities

Quality Assurance — independently testing whether programs are operating effectively

NI 31-103 registrants (portfolio managers and exempt market dealers)

Mortgage brokerages subject to FINTRAC requirements

Money services businesses and crypto firms

Credit unions and OSFI-regulated entities