FINTRAC issued 24 AMPs to real estate brokers totaling over $2.6M between 2020 and November 2025, with an average penalty of $110,000. Title insurers were added as reporting entities in October 2025. Bill C-12 introduces universal enrolment in 2026. Here's the complete compliance picture for Canadian real estate brokers, sales representatives, and developers.
Canadian real estate brokers have been reporting entities under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) since 2008. The framework, the obligations, and the consequences of getting compliance wrong have all changed in 2025 and 2026. The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) is now operating in an enforcement-led posture, with administrative monetary penalties (AMPs) averaging $110,000 per case, a maximum recorded penalty of approximately $282,000, and statutory authority moving toward penalty multipliers as high as 40 times current limits.
Between 2020 and November 30, 2025, FINTRAC imposed 24 AMPs on real estate brokers across Canada, totaling more than $2.6 million. Sixty-three percent of penalized brokerages were cited for recordkeeping failures. Over half had no documented prescribed review on file. Training-program deficiencies followed close behind. The pattern is consistent: the failures are not exotic. They are basic operational hygiene that breaks down at the client-identification step and never gets caught until a FINTRAC examiner arrives.
This guide covers the full PCMLTFA compliance picture for Canadian real estate brokers, sales representatives, real estate developers, and the title insurers brought into scope in October 2025. It explains the obligations, the recent regulatory changes, the technology gap that drives most penalty findings, and how deepidv's verification engine and agentic compliance suite closes that gap.
If you operate a Canadian real estate brokerage in 2026, the following are non-negotiable: a documented AML compliance program with senior-officer approval, a written risk assessment that addresses every PCMLTFA-required dimension, FINTRAC-prescribed client identity verification at the right point in every transaction, large cash transaction reports (LCTRs) for any payment of $10,000 CAD or more, suspicious transaction reports (STRs) without delay when grounds exist, recordkeeping retained for five years, an independent prescribed review conducted at least every two years, and ongoing training for every employee whose role touches an AML control. Failures across any of these dimensions have produced AMPs of $100,000 or more on multiple occasions.
The PCMLTFA framework has moved more in 2024-2026 than in the preceding decade combined. Royal Assent on March 26, 2026 brought into force a substantial package of amendments. FINTRAC published its official implementation roadmap on April 13, 2026, with some provisions effective immediately and others awaiting regulations to be published in the Canada Gazette, Part II.
The most important changes affecting real estate brokerages are the inclusion of title insurers (effective October 1, 2025), the new Listed Property and Equipment Property Reports (LPEPR) regime tied to Canada's sanctions disclosure framework, the universal enrolment proposal introduced through Bill C-12 on October 8, 2025, the stablecoin issuer MSB registration regime, and the new statutory ceiling on administrative monetary penalties that gives FINTRAC the authority to impose fines up to 40 times current limits. These are not abstract policy moves; they are calibrated for an enforcement environment that has already produced eight-figure penalties to entities in adjacent sectors.
The Canadian Association of Private Lenders (CAPL) and other industry associations have publicly criticized the new AMP regime for treating administrative deficiencies with the same severity as intentional money laundering, but the legislation is in force and FINTRAC is operating under the expanded authority. Real estate brokerages that delayed their compliance program build during 2024-2025 are now exposed to penalty multipliers that did not exist when their decisions were made.
Three categories of real estate professionals are reporting entities under the PCMLTFA, and one additional category was added in October 2025.
Real estate brokers and sales representatives are persons or entities authorized under provincial or territorial legislation to act as agents in real estate transactions. The reporting obligation attaches to the brokerage, with sales representatives operating as mandataries (agents) under the brokerage's compliance program.
Real estate developers are persons or entities engaged in the sale, on their own behalf, of new homes to the public. The developer threshold is five or more new homes sold in a calendar year, or one or more new commercial or industrial properties.
Title insurers were added as reporting entities under amendments effective October 1, 2025. A title insurer is any person or entity that provides insurance against losses or defects in title to real or personal property, as defined under the Insurance Companies Act. This addition closed a previously unregulated part of the real estate transaction chain and is particularly significant for cross-border investment structures that previously evaded AML oversight by routing through title insurance arrangements.
Mortgage administrators, brokers, and lenders became reporting entities on October 11, 2024 and are covered in detail in our companion guide to FINTRAC mortgage sector compliance.
The PCMLTFA imposes seven core obligations on every covered real estate brokerage. Each has been the subject of recent AMPs.
Every reporting entity must maintain a written compliance program approved by a senior officer. The program must designate a compliance officer, document policies and procedures, articulate a risk-based approach, and include a training plan and review cycle. FINTRAC has been clear that off-the-shelf generic compliance manuals do not satisfy this obligation. The program must be specific to the brokerage's risk profile, client base, and operational footprint.
Sixty-three percent of penalized real estate brokerages had risk assessment deficiencies. The most common failures were inadequate consideration of products and services, geographic risk factors, and client risk indicators. Generic checklists without supporting documentation or rationale have been deemed insufficient. A FINTRAC-defensible risk assessment is a written document that scores each dimension of money laundering and terrorist financing risk, documents mitigation measures, and reflects the brokerage's actual transaction profile.
Identity verification is required at specific trigger points: when a brokerage receives funds from or pays funds to a client (other than for property of $100,000 or more, where identification is required regardless), when a suspicious transaction occurs, and at other PCMLTFA-defined moments. FINTRAC's methods guidance accepts documentary methods (government-issued ID), credit file method, dual process method, reliance method (relying on another reporting entity's verification), and affiliate or agent method. The verification must be reliable and proportionate to the risk.
The most common identification failures involve incomplete client information records, missing identification records, and missing receipt-of-funds records. These are the specific findings driving the 63 percent recordkeeping deficiency rate among penalized brokerages.
Sales representatives acting as the brokerage's mandataries are permitted to conduct identity verification on the brokerage's behalf, but the brokerage remains fully responsible. This requires a written agreement with each mandatary, documented oversight, and quality assurance sampling. Many brokerages assume that delegating to a licensed sales representative satisfies their obligation. FINTRAC examines whether the brokerage can prove the mandatary did it correctly.
Large cash transaction reports (LCTRs) must be filed for any single cash payment of $10,000 CAD or more, or for two or more cash payments within 24 hours that aggregate to $10,000 or more. Suspicious transaction reports (STRs) must be filed without delay when reasonable grounds exist to suspect money laundering or terrorist financing, even if the transaction does not proceed.
Fifty-one percent of penalized reporting entities (across all sectors) had missed report filings. Brokerages routinely underestimate the STR trigger, believing it requires confirmed wrongdoing. The statutory threshold is much lower: reasonable grounds to suspect, not reasonable grounds to believe.
Every record produced under the PCMLTFA must be retained for five years from the relevant trigger date. This includes client information records, identification records, receipt-of-funds records, large cash transaction records, transaction tickets, account opening records, and business relationship records. The records must be accessible to FINTRAC within 30 days of a request.
The independent prescribed review is a periodic assessment of the brokerage's AML program effectiveness, conducted at least every two years. The review must be performed by an independent party (which may be internal but not the compliance officer) and must cover the full scope of the program. Over half of brokerages that received AMPs had no documented prescribed review. This is one of the highest-leverage compliance investments a brokerage can make; the absence of a review is a near-guaranteed finding in any examination.
For a deeper breakdown of how the PCMLTFA compares against equivalent frameworks like FinCEN in the US, see our comparison of cross-border identity verification regimes.
A FINTRAC compliance examination typically begins with a notification call and a formal letter. The examiner requests specific documents and operational data, then conducts interviews with the compliance officer and other staff, then issues a findings report. PII and sensitive information exchange usually moves through a secure portal.
Examiners look for specific evidence that each PCMLTFA obligation has been met operationally, not just on paper. The most common evidence requests are: a complete copy of the written compliance program, the latest risk assessment with supporting analysis, sample client identification records for a defined audit period, complete LCTR and STR submission logs, training records for all relevant staff, the most recent prescribed review report, and operational records for any client transactions that exceed FINTRAC-defined thresholds.
What examiners notice immediately is the gap between the policy document and what the staff actually did. A brokerage with a polished compliance manual but no sample QA evidence of mandatary oversight will produce a finding. A brokerage with detailed training documents but no record of completion by named individuals will produce a finding. The pattern is consistent: examinations are evidence-driven, not policy-driven.
The 24 AMPs imposed on real estate brokers from 2020 through November 2025 average $110,000 per case. The highest recorded penalty was approximately $282,000 against a single Vancouver brokerage. Penalty quanta have increased materially in the most recent enforcement cycle, and the new AMP authority enacted in March 2026 gives FINTRAC statutory ceilings up to 40 times the previous limits.
Several adjacent enforcement actions provide context. The British Columbia Lottery Corporation faced a $1,075,000 penalty for administrative deficiencies (currently under appeal). MSB enforcement has produced multi-million-dollar penalties for failures that were primarily procedural rather than malicious. The pattern across all reporting entity categories is the same: FINTRAC is not waiting for evidence of money laundering before issuing penalties. The penalty regime is calibrated against compliance program deficiencies, not against criminal facilitation.
Public disclosure adds another layer of consequence. FINTRAC publishes the names, deficiencies, and penalty amounts of every AMP. For a brokerage operating in a tight professional network, the reputational impact precedes any appeal outcome. Lenders, partner agencies, and clients see the public notice before they see the firm's response.
Four failure modes account for the majority of real estate AMPs.
The recordkeeping failure appears in 63 percent of penalty cases. Specifically: missing client information, missing or incomplete identification records, missing receipt-of-funds records, and missing third-party determinations. The root cause is almost always operational: a sales representative completes a verification in a hurry, files the documentation incompletely, and the brokerage's review process does not catch it before the examination.
The prescribed review failure appears in over half of penalty cases. Either no review was conducted, or the review was inadequate in scope. This is the most preventable failure on the list, because a two-year review schedule with a qualified independent reviewer is a fixed-cost operational decision.
The risk assessment failure appears in 63 percent of cases (across all sectors). Generic checklists without analysis, missing dimensions (especially geographic and product-specific risk), and insufficient detail on mitigation measures.
The training failure is common but harder to quantify. Brokerages run training but do not document completion, or train initially but not on an ongoing basis, or fail to update training as the regulatory framework changes.
For brokerages that want to benchmark their compliance posture against peers, we maintain a current evaluation framework for identity verification providers that includes a self-assessment checklist mapped to FINTRAC examination criteria.
Manual client identification is the single largest source of compliance risk in a real estate brokerage. The reasons are structural: real estate transactions are increasingly remote, document review is performed by sales representatives who are not trained forensic examiners, and the deepfake document threat has escalated dramatically through 2025-2026.
Deepfake-generated identity documents now pass visual inspection at rates approaching 100 percent for trained examiners and effectively 100 percent for untrained reviewers. The same generative AI tooling that produces convincing fake driver's licenses also produces synthetic utility bills, fabricated supporting documentation, and AI-generated voice and video for any remote verification call. A sales representative reviewing a scanned passport on a mobile phone has no realistic chance of detecting a sophisticated synthetic.
The 2025 surge in synthetic identity fraud in mortgage origination, where deepidv data showed a 30 percent year-over-year increase, has bled directly into real estate. Real estate is one of the primary destinations for laundered funds, and synthetic identities are the highest-yield mechanism for routing those funds through the residential market.
Manual verification also fails the operational test. A brokerage that conducts identity verification through scanned-document review cannot scale, cannot reliably enforce its own policies across multiple sales representatives, and cannot produce the cryptographic audit trail that a defensible FINTRAC examination response requires. The gap between policy and execution is precisely the gap examiners exploit.
The deepidv verification engine handles the FINTRAC client identification requirement end to end with one click. The brokerage initiates a verification from the Back Office dashboard or via API. The customer receives a secure link, opens it on any device, and completes the verification in under 60 seconds.
deepidv captures government-issued identification from 211 countries through a single workflow. The verification engine performs document authentication with deepfake-specific defenses (the FaceX/TripleLock algorithm detects synthetic identity attacks that defeat conventional document review), facial biometric matching with active liveness detection, screening against politically exposed person and sanctions lists, and where applicable, NFC chip reading for passport verification.
Every verification produces a cryptographically signed record. The deepidv chain layer, live in production on Base mainnet as of May 2026, signs each verification with AWS KMS, batches them into a Merkle tree, and anchors a Signed Tree Head to the blockchain hourly. Anyone, including FINTRAC examiners, can independently verify any past verification at proof.deepidv.com. This is the cryptographic audit trail competitors do not offer.
For brokerages with multiple sales representatives operating as mandataries, the deepidv platform provides centralized oversight with per-mandatary audit trails, automated QA sampling, and exception-only review workflows. The 63 percent recordkeeping failure mode becomes structurally impossible because every verification produces a complete record automatically, retained for the five-year PCMLTFA window with proof of integrity.
For risk-based ongoing monitoring, Arbiter, deepidv's risk engine, continuously monitors the client base against sanctions list updates, PEP changes, and adverse media. The compliance officer receives flagged events rather than chasing a manual screening calendar.
The Back Office Compliance module produces the documentation FINTRAC examiners look for: complete client information records, identification records with cryptographic provenance, transaction logs with full retention, training records with completion tracking, and a prescribed-review export that supports the two-year independent assessment.
deepidv is the verification engine and agentic compliance suite built for reporting entities that cannot afford to fail an examination.
Q: Are real estate sales representatives directly required to register with FINTRAC? A: Today, no. Sales representatives operate as mandataries under the brokerage's reporting entity registration. Under Bill C-12's universal enrolment proposal, this may change once regulations are published in the Canada Gazette, Part II. Real estate brokerages should plan for an environment in which every sales representative is individually enrolled.
Q: What is the maximum AMP a real estate brokerage can face under the current regime? A: The new authority enacted March 26, 2026 gives FINTRAC the ability to impose penalties up to 40 times prior maximums for prescribed violations, with statutory ceilings that depend on the specific violation category and ability-to-pay considerations. The previous maximum penalty observed in real estate was approximately $282,000.
Q: Does identity verification through a third-party provider satisfy the PCMLTFA? A: Yes, FINTRAC accepts identity verification conducted via reliable third-party electronic providers, provided the brokerage maintains contracts, accuracy testing results, and supporting documentation. The brokerage remains legally responsible for the verification regardless of who performs it operationally.
Q: Are title insurers in scope under the same obligations as real estate brokers? A: As of October 1, 2025, title insurers are reporting entities under the PCMLTFA with their own sector-specific obligations. While not identical to real estate broker obligations, the underlying compliance framework (program, risk assessment, identification, recordkeeping, reporting, prescribed review) applies in modified form.
Q: How long does a typical FINTRAC examination take from notification to findings? A: A standard examination usually runs three to six months from notification to findings report, longer if the brokerage's documentation is incomplete or if interviews reveal additional examination scope.
Q: What happens when FINTRAC issues a Notice of Violation? A: A Notice of Violation lays out specific PCMLTFA violations and the proposed AMP. The brokerage has 30 days to request a review by the FINTRAC Director or to enter an appeal pathway with the Federal Court of Canada. Effective March 2026, FINTRAC no longer shares findings with reporting entities before they are finalized, eliminating a previous window for pre-issuance correction.
Go live in minutes. No sandbox required, no hidden fees.
From AMLD6 to state-level FinTech regulations, the compliance landscape for identity verification is shifting rapidly. Here is what your compliance team needs to know.
Generative AI has broken the assumptions underlying most identity frameworks. Regulators are responding with new rules, and the industry must adapt. Here is the current state of AI identity regulation worldwide.
The global AML regime generates more false positives than it catches genuine money laundering. Here is why static rule-based monitoring fails — and what AI-driven approaches change.
