FINTRAC's New AMP Framework Under Bill C-12: Higher Penalties, Compliance Orders, and Ability to Pay

FINTRAC's latest administrative monetary penalties update is not just a notice about bigger numbers. It is a signal that the enforcement process itself is changing. Under Bill C-12, formally the Strengthening Canada's Immigration System and Borders Act, FINTRAC now has a broader set of tools for dealing with non-compliance under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.

The short version: for violations that occur after March 26, 2026, reporting entities should expect a framework that can combine higher penalty ceilings, mandatory remediation agreements, compliance orders, and a more explicit look at ability to pay. FINTRAC says it is updating its AMP policy and developing new guidance to explain how the new approach will be administered.

That matters because FINTRAC examinations look backward. The policy that applies will depend on when the activity under review occurred, not simply when an exam starts or when a notice arrives. FINTRAC has said it will scope examination review periods so they sit entirely within one legislative framework. That is a small sentence with large operational consequences.

What changed in the AMP framework

FINTRAC lists five central changes introduced through Bill C-12. Taken together, they move the AMP framework from a penalty-only tool toward a more active supervisory model.

The important point is sequencing. A prescribed violation is no longer only about whether a dollar penalty is imposed. It can also trigger a mandatory agreement, and FINTRAC may use a compliance order to direct specific corrective action. For compliance teams, that means the post-examination phase may become more structured, more documented, and harder to treat as a one-time settlement exercise.

The March 26, 2026 line matters

FINTRAC is drawing a clear line around March 26, 2026, the day Bill C-12 received Royal Assent. Violations that occurred entirely before that date continue to be handled under the existing AMP policy, existing penalty amounts, and existing processes. Violations that occur on or after that date fall under the amended Act and the updated AMP policy once finalized.

This creates a practical evidence issue. Reporting entities need to be able to show when controls were in place, when activity occurred, when alerts were reviewed, when reports were filed, and when remediation happened. Vague timelines are going to be less helpful when the applicable enforcement framework depends on dates.

If your organization has open remediation from earlier testing, this is the moment to make the timeline clean. Document what was found, what changed, who approved it, and when the new control became operational. That record may matter later if an examination crosses the 2026 transition period.

Ability to pay is not a reason to relax

The new framework allows FINTRAC to consider ability to pay when determining a penalty amount. That should not be read as a softer enforcement posture. It means penalty calculation can take financial capacity into account, but the underlying compliance issue still needs to be addressed.

For larger reporting entities, ability-to-pay analysis may support much larger penalty exposure. For smaller entities, it may invite more careful financial context, but it does not replace evidence of a functioning compliance program. Policies, risk assessments, training, effectiveness reviews, and reporting workflows still have to stand on their own.

Compliance orders change the remediation conversation

A compliance order is different from a penalty notice. A penalty looks backward at a violation. A compliance order can push the organization toward defined future action. That gives FINTRAC another way to supervise behaviour after a finding, especially where the issue is systemic or where a reporting entity needs to prove that a control has been implemented.

In practice, reporting entities should expect more attention on whether remediation is measurable. "We updated our procedure" is weaker than a dated procedure, an approval record, staff training completion, a test sample, a report-submission audit trail, and a named owner for recurring review.

What reporting entities should review now

1. Separate pre- and post-March 26, 2026 activity. Make sure testing files, alert reviews, reporting logs, and remediation trackers can show which framework period the activity belongs to.
2. Check whether known issues could become prescribed violations. Once FINTRAC publishes updated guidance, map your internal findings against the categories most likely to create mandatory compliance agreement exposure.
3. Tighten evidence around remediation. Compliance orders make implementation proof more important. Keep dated artifacts, reviewer notes, approvals, training records, and follow-up testing.
4. Review escalation paths before an examination. Decide who owns FINTRAC communications, document production, penalty response, and executive approvals if a compliance agreement is required.
5. Reduce reporting-operation noise. Late, inconsistent, or poorly supported FINTRAC reports create the kind of operational evidence that makes an examination harder. Structured report preparation and audit trails matter more when enforcement tools expand.

The practical takeaway

FINTRAC's May 6 update confirms that Bill C-12 is not just a legislative footnote. The Centre is preparing to apply a new AMP policy to post-March 26, 2026 violations, with higher maximums and more direct remediation tools. The organizations that handle this well will not be the ones that memorize penalty bands. They will be the ones that can show clean dates, clear ownership, repeatable controls, and a record of acting before FINTRAC has to force the issue.

For reporting entities, the best response is boring in the best possible way: make the control record complete, make the reporting workflow traceable, and make remediation easy to prove.