FINTRAC Compliance for Canadian Mortgage Brokers: The Program You Must Have in Place

The five elements of a compliance program

FINTRAC expects every reporting entity to maintain a documented program with five parts. None of them are optional, and “we're a two-person shop” is not an exemption — the program scales with your size, but it must exist.

1. A designated compliance officer. A named person responsible for the program. In a small brokerage this is often the broker-owner; what matters is that the designation is documented.
2. Written policies and procedures. How your office verifies identity, monitors transactions, escalates and files reports, and keeps records — kept current and approved.
3. A documented risk assessment. Your products, client types, geographies, and delivery channels (remote signings score differently than face-to-face), with mitigation measures for the higher-risk buckets.
4. Ongoing training. Documented, recurring training for everyone who touches client files — including new-hire onboarding.
5. A two-year effectiveness review. A periodic test of whether the program actually works, performed by someone independent of it (internal or external), with findings and fixes documented.

Client identification: the everyday obligation

The duty brokers feel daily is verifying client identity using a FINTRAC-accepted method — government-issued photo ID review, the credit-file method, or the dual-process method (two independent reliable sources). Each has specific requirements about currency and documentation. Two practical traps:

• Remote deals. Verifying someone you never meet requires an authentication-based process consistent with FINTRAC's remote-verification guidance — a selfie next to a driver's licence on file does not, by itself, meet the standard.
• Third parties and beneficial ownership. If someone other than the applicant is directing the transaction or providing funds, determination and record-keeping obligations kick in. The classic example: gifted down payments routed through a parent.

Reporting and records

• Suspicious transaction reports (STRs) — filed when there are reasonable grounds to suspect a transaction relates to money laundering or terrorist financing. There is no dollar threshold, and you must not tip off the client.
• Large cash transaction reports — cash of $10,000 or more in a single transaction or in aggregated transactions within 24 hours. Rare in mortgage practice, which is exactly why offices miss it when it happens.
• Terrorist property reports and ministerial directives — low frequency, but your procedures must cover them.
• Records for five years — ID verification records, reports filed, risk assessments, training logs, and review findings, retrievable within 30 days if FINTRAC asks.

Making it survivable in a real office

The brokerages that handle FINTRAC well treat it as workflow, not paperwork: ID verification happens at intake (not scrambled at funding), down-payment sources get traced as documents arrive, unusual-pattern flags are part of the deal review, and every step leaves a timestamped record. That's also the design philosophy behind BrokerOS: document intake, down-payment verification, and audit trails live on the client file, so compliance evidence accumulates as a by-product of doing the deal — see our approach to compliance-minded workflows.