FINTRAC Iran Ministerial Directive Update: Reporting and High-Risk Controls for Reporting Entities

FINTRAC's June 23 update is a reminder that ministerial directives are not just sanctions-screening references. They change how reporting entities identify clients, classify risk, collect source and purpose information, keep records, and choose the correct FINTRAC report type.

For teams that handle electronic funds transfers, cash, virtual currency, negotiable instruments, casino disbursements, correspondent banking, or other cross-border activity, the operational issue is straightforward: if available information shows that a transaction originates from or is bound for Iran, the review cannot be handled like an ordinary transaction at the same amount.

What FINTRAC updated

FINTRAC's news page says the Centre updated its guidance, reporting form, and technical documentation related to the Ministerial Directive on the Islamic Republic of Iran on June 23, 2026. The guidance explains that the directive came into force on July 25, 2020, and that as of November 15, 2025, it applies to every person or entity referred to in section 5 of the PCMLTFA.

The guidance states that every financial transaction originating from or bound for Iran must be treated as high risk, regardless of the amount. It also requires identity verification for any client requesting or benefiting from such a transaction, customer due diligence with attention to sanctions evasion risk, source of funds or virtual currency, transaction purpose, beneficial ownership or control information for entities, recordkeeping, and reporting to FINTRAC.

FINTRAC also clarifies that the directive applies where available information indicates a connection to Iran and the transaction is originating from or being bound for Iran. Examples include an origin or destination address in Iran, Iranian rial activity, funds disclosed as coming from the sale of an asset in Iran, online activity traced to an IP address geolocated in Iran, or casino disbursements bound for Iran.

The guidance also draws a useful boundary. A client's Iranian passport, Iranian nationality, or historical activity involving Iran does not, by itself, mean the current transaction is captured by the directive if there are no additional details showing that the transaction originates from or is bound for Iran.

Why this matters operationally

A ministerial directive workflow has to sit before the normal reporting decision, not after it. A team first needs to recognize the Iran connection, decide whether the directive applies, apply high-risk and due diligence measures, keep the required records, and then select the report type that matches FINTRAC's instructions.

This is especially important for under-threshold activity. FINTRAC's guidance includes instructions for reporting electronic funds transfers, cash receipts, virtual currency receipts, and casino disbursements below normal reporting thresholds when they are captured by the directive. In those cases, the reporting decision depends on both the transaction type and whether the reporting entity normally has that reporting obligation.

Reporting instructions to review

FINTRAC's guidance distinguishes between enhancements to existing reporting obligations and extensions to activity that previously had no reporting obligation. Where the directive enhances an existing reporting obligation, the corresponding report type is used, such as an Electronic Funds Transfer Report, Large Cash Transaction Report, Large Virtual Currency Transaction Report, or Casino Disbursement Report. Where the directive extends reporting to activity that did not previously have a reporting obligation, FINTRAC instructs reporting entities to use a Suspicious Transaction Report.

For under-threshold electronic funds transfers, entities with electronic funds transfer reporting requirements must report using the Electronic Funds Transfer Report and select IR2020 in the Ministerial Directive field. Transfers of funds within Canada that are deemed to originate from or be bound for Iran are reported using the Suspicious Transaction Report, with the same IR2020 selection.

For under-threshold cash and virtual currency activity, entities with the applicable reporting requirements must use the Large Cash Transaction Report or Large Virtual Currency Transaction Report, select IR2020, and follow FINTRAC's aggregation instructions. Entities that do not have those reporting requirements use the Suspicious Transaction Report for the captured activity.

For casinos, under-threshold casino disbursements captured by the directive are to be reported using the Casino Disbursement Report with IR2020 selected. FINTRAC's updated guidance gives casinos a six-month transition period: they may continue using the Suspicious Transaction Report for under-threshold casino disbursements until December 23, 2026. After that date, casinos must use the Casino Disbursement Report.

For negotiable instruments and issuing or redeeming transactions that originate from or are bound for Iran, FINTRAC instructs all reporting entities to use the Suspicious Transaction Report, select IR2020, and not complete the details of suspicion and action taken sections when the report is submitted solely under the Ministerial Directive instructions.

Controls to check after this update

1. Directive detection: Make sure frontline, operations, and compliance teams know what facts can indicate that a transaction originates from or is bound for Iran, including intermediary-country details and online location information.
2. High-risk classification: Confirm that captured transactions are treated as high risk regardless of amount, and that enhanced monitoring and due diligence steps are triggered consistently.
3. Identity checks at any amount: Review whether workflows can verify the identity of every client requesting or benefiting from a captured transaction, including transactions below ordinary identification thresholds.
4. Source, purpose, and beneficial ownership: Capture source of funds or virtual currency, transaction purpose, and beneficial ownership or control information for entities where the directive applies.
5. Report type routing: Map the transaction type to FINTRAC's current instructions so under-threshold EFTs, cash, virtual currency, casino disbursements, domestic transfers, and negotiable instruments are sent through the correct report type.
6. IR2020 fields: Confirm that reporting teams know where to select IR2020 and when aggregation fields should be marked not applicable for below-threshold reports submitted under the directive.
7. Training updates: Update employee training so staff understand the difference between a client connection to Iran and a transaction that is actually originating from or bound for Iran.

STR and sanctions evasion review still matter

The directive creates reporting instructions for captured completed transactions, but it does not replace suspicious transaction analysis. FINTRAC's guidance says transactions associated with Iran must be monitored to determine whether a Suspicious Transaction Report or Listed Person or Entity Property Report must be submitted.

Attempted transactions remain reportable when there are reasonable grounds to suspect attempted money laundering, terrorist activity financing, or sanctions evasion. If a transaction is not captured by the directive, but the facts, context, indicators, and characteristics lead to reasonable grounds to suspect money laundering, terrorist financing, or sanctions evasion, an STR may still be required.

The practical control is reviewer discipline. Staff need to document what Iran-related facts were available, whether the directive applied, what report type was selected, what high-risk measures were taken, and whether separate suspicion or listed-property obligations were considered.

Practical takeaway

FINTRAC's June 23 update should prompt reporting entities to test the path from detection to filing. A captured Iran-related transaction should not depend on a reviewer remembering an exception. The workflow should surface the connection, trigger the right controls, collect the right facts, and send the activity through the right FINTRAC report type.

The control to strengthen is the handoff between sanctions-evasion risk recognition and accurate FINTRAC reporting.