The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) published compliance guidance setting out how reporting entities can voluntarily share personal information with other reporting entities under section 11.01 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act to help detect and deter money laundering, terrorist activity financing and sanctions evasion. The guidance explains that such sharing can occur without an individual’s knowledge or consent only where it is conducted under an approved code of practice. Participation is limited to reporting entities and is not mandatory. Before any sharing occurs, a code of practice for the disclosure, collection and use of personal information must be established and implemented, submitted to FINTRAC and the Office of the Privacy Commissioner of Canada (OPC), and approved by the OPC. The guidance sets conditions for disclosure (including that the information was collected in the course of the reporting entity’s activities, the disclosure is reasonable for the stated purposes, and obtaining consent would risk compromising detection or deterrence) and for subsequent collection and use by recipients, all in accordance with the approved code. It also lists required code contents, including participating entities’ legal names and FINTRAC reporting entity numbers, descriptions of information types and purposes, how information will be handled, and the measures to protect and retain personal information at a standard at least equivalent to protections under the Personal Information Protection and Electronic Documents Act. On process and lifecycle, FINTRAC may provide comments within 60 calendar days of receiving a code, while the OPC has 120 calendar days to review (with a possible additional 15-day extension) and may pause the review clock if additional information is requested. If the OPC does not notify the applicant of a decision by the end of the review period, the code is deemed approved. Revisions to an approved code must be notified to FINTRAC and the OPC, with the OPC assessing within 30 calendar days whether a revision is significant and directing re-approval where required; approvals can be suspended if revisions are made without notification and a direction to apply is not followed. Codes must be resubmitted for re-approval every five years.
Financial Transactions and Reports Analysis Centre of Canada 2025-11-03
Financial Transactions and Reports Analysis Centre of Canada issues compliance guidance for voluntary private-to-private information sharing via approved codes of practice
FINTRAC issued guidance on voluntary information sharing among reporting entities under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. Sharing is allowed without individual consent if under an approved code of practice, submitted to FINTRAC and the OPC for approval. The guidance outlines conditions for disclosure and use, and mandates periodic re-approval of codes.