FINTRAC Penalty on Griffin Jewellery Designs: A Warning for DPMS Compliance
Source: FINTRAC Official News Release
Read the full FINTRAC announcementOn 17 October 2025, FINTRAC imposed an Administrative Monetary Penalty (AMP) of $77,137.50 on Griffin Jewellery Designs Inc., a full-service jewellery retailer operating 21 locations across Ontario, Nova Scotia and New Brunswick. The penalty, publicly announced on 4 December 2025 from Ottawa, followed a compliance examination under Part 1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its Regulations.
Griffin Jewellery Designs Inc. operates squarely within the dealers in precious metals and stones (DPMS) sector, a high-risk segment for money laundering and terrorist financing. While the dollar value of the AMP is moderate compared to some recent cases, the violations strike at the heart of AML compliance in Canada: policies, risk assessment, and effectiveness testing. For DPMS businesses, this case is a clear signal that program design and governance failures will attract FINTRAC enforcement.
⸻
What Happened: FINTRAC's Examination Findings
FINTRAC identified three core administrative violations. Each one relates to foundational PCMLTFA requirements that every DPMS must meet.
Failure to maintain written, approved compliance policies and procedures
FINTRAC requirement: Reporting entities must develop, document, and maintain up-to-date written compliance policies and procedures, and, in the case of an entity, have them formally approved by a senior officer. These policies must clearly set out how the business meets its PCMLTFA requirements, including FINTRAC reporting, record-keeping, client identification, and ongoing monitoring.
FINTRAC's finding: Griffin Jewellery Designs Inc. failed to develop and apply written compliance policies and procedures that were kept current and approved by a senior officer.
Why it matters: For DPMS compliance, policies and procedures are the operational blueprint for handling high-value cash, precious metals, diamonds, and luxury goods. Without documented, senior-approved procedures, frontline staff are left guessing about when to identify clients, when to file suspicious transaction reporting, or how to escalate red flags. FINTRAC views this as a core governance failure, not a technical oversight.
⸻
Failure to assess and document money laundering and terrorist financing risk
FINTRAC requirement: Reporting entities must assess and document their risk of money laundering and terrorist activity financing, taking into account prescribed risk factors such as products, services, delivery channels, geography, and client types. This risk assessment must inform controls, monitoring, and resource allocation.
FINTRAC's finding: Griffin Jewellery Designs Inc. did not assess and document its exposure to money laundering or terrorist activity financing risk as required, nor did it demonstrate consideration of the prescribed risk factors.
Why it matters: The DPMS sector is attractive to criminals because jewellery and precious stones are portable, high-value, and easily resold. A documented risk assessment is the backbone of a risk-based program: it determines which locations, products, or client segments require enhanced due diligence or heightened monitoring. Without it, a DPMS cannot credibly calibrate controls, leverage RegTech tools such as a FINTRAC API integration, or justify its approach during an AML audit preparedness review.
⸻
Failure to conduct a documented, biennial review of the compliance program
FINTRAC requirement: Reporting entities must review the effectiveness of their compliance program at least every two years, using an internal or external auditor. The review must be documented, and it must specifically test whether the program is working as designed.
FINTRAC's finding: Griffin Jewellery Designs Inc. failed to institute and document the prescribed review of its compliance program. The required effectiveness testing, to be carried out at least every two years by an internal or external auditor, was not documented.
Why it matters: In a multi-location DPMS business with 21 branches across three provinces, program drift is a constant risk. Staff turnover, new products, and evolving FINTRAC reporting requirements (including large virtual currency transaction reporting and updated suspicious transaction indicators) can quickly render a static program obsolete. A documented biennial review is FINTRAC’s minimum expectation to ensure that compliance controls are not just designed but actually effective in practice.
⸻
Why This Penalty Matters
DPMS remains a high-risk, high-priority sector
Dealers in precious metals and stones are specifically listed under the PCMLTFA because their products can be used to move and store value anonymously, bypassing traditional financial channels. FINTRAC’s decision to publicize this AMP against a retail jewellery chain highlights its continued focus on DPMS compliance and the expectation that even non-financial businesses maintain robust AML controls.
Program design failures are no longer tolerated
This case is not about a missed report or one-off error in FINTRAC reporting. All three violations relate to program foundations: governance, risk assessment, and effectiveness testing. FINTRAC is signalling that a weak compliance framework is itself a serious breach. For DPMS and other sectors, “paper programs” that exist only in name—without documentation, risk analysis, or testing—are now clear AMP territory.
Enforcement intensity is at historic highs
FINTRAC reported that in 2024–25 it issued 23 Notices of Violation, the largest number in a single year in its history, totalling more than $25 million in penalties across sectors. Since gaining AMP authority in 2008, FINTRAC has imposed more than 150 penalties. Griffin Jewellery Designs Inc. is part of this broader FINTRAC enforcement trend, in which education is increasingly paired with visible consequences for non-compliance.
⸻
Lessons for Reporting Entities
Build and maintain documented, senior-approved policies
DPMS businesses should:
- Draft detailed AML/ATF policies that address all PCMLTFA requirements, including client identification, record-keeping, FINTRAC reporting, suspicious transaction reporting, large cash transactions, and large virtual currency transaction reporting where applicable.
- Ensure formal approval by a senior officer, with dated sign-off.
- Review and update policies regularly to reflect regulatory changes, new products (e.g., online sales, gift cards), and evolving risk.
Conduct a structured, documented risk assessment
A credible risk assessment for DPMS compliance should:
- Map products, services, delivery channels, geography, and client types to specific ML/TF risks.
- Consider high-risk factors such as large cash purchases, non-resident clients, third-party payments, and rapid buy-back or resale.
- Document methodology, risk ratings, and resulting controls (e.g., enhanced due diligence thresholds, additional approvals for high-risk sales).
- Be refreshed periodically and whenever there are significant business changes.
Implement regular, evidence-based effectiveness reviews
To meet the biennial review requirement and strengthen AML audit preparedness:
- Appoint an internal or external auditor with sufficient independence and AML expertise.
- Test real samples of transactions, client files, and FINTRAC reporting outputs (including suspicious transaction reporting) to verify that procedures are followed.
- Document findings, remediation actions, and timelines.
- Use the review to evaluate any RegTech tools or FINTRAC API integrations you rely on for screening, monitoring, or reporting.
Treat FINTRAC reporting as a strategic control, not a formality
DPMS entities often under-appreciate the importance of reporting obligations. Casinos, financial entities, money services businesses, real estate brokers and several other sectors are required to report international electronic funds transfers, large cash transactions, large virtual currency transactions and suspicious transactions. DPMS businesses must align with these standards where applicable by:
- Training staff on red flags and escalation paths for suspicious transaction reporting.
- Ensuring that systems can capture required data elements and produce timely reports.
- Periodically reconciling internal alerts with filed reports to confirm completeness.
Invest in sector-appropriate RegTech and training
While DPMS operations may not be as system-heavy as banks, scalable compliance still benefits from technology:
- Use tools that facilitate client identification, sanctions screening, and transaction monitoring.
- Consider vendors that can interface with a FINTRAC API or automate elements of FINTRAC reporting where feasible.
- Provide ongoing staff training focused on real-world scenarios in jewellery and precious metals, not generic financial examples.
⸻
The Bigger Picture
FINTRAC’s announcement underscores its dual role as financial intelligence unit and AML/ATF supervisor. The Centre not only oversees compliance with the PCMLTFA but also analyzes data and discloses financial intelligence to law enforcement and national security agencies to support investigations into money laundering, terrorist financing, sanctions evasion, and broader threats to Canada’s security.
Administrative Monetary Penalties are explicitly designed to change non-compliant behaviour, not simply punish. The fact that Griffin Jewellery Designs Inc. is paying the AMP in full and the case is closed illustrates FINTRAC’s preference for remediation coupled with transparency. At the same time, the record 23 Notices of Violation in 2024–25 and over $25 million in penalties send a clear message: the era of purely educational outreach is over. FINTRAC enforcement is now a central pillar of AML compliance in Canada.
For DPMS and other reporting entities, this means that program-level weaknesses—especially around governance, risk assessment, and testing—are likely to be detected and sanctioned. Robust documentation, proactive reviews, and thoughtful use of technology are no longer optional; they are essential to staying off the public AMP list.
⸻
Final Thoughts
The AMP of $77,137.50 against Griffin Jewellery Designs Inc., a 21-location jewellery retailer across Ontario, Nova Scotia and New Brunswick, is more than a single enforcement action—it is a sector-wide warning to dealers in precious metals and stones.
DPMS businesses should treat this case as a prompt to revisit their entire compliance framework: written policies, documented risk assessments, biennial effectiveness reviews, and the quality of their FINTRAC reporting and suspicious transaction reporting processes. Those that invest now in strong governance, fit-for-purpose controls, and appropriate RegTech support will be far better positioned as FINTRAC continues to increase its use of Administrative Monetary Penalties across Canada’s AML/ATF regime.
If your MSB needs help ensuring timely, accurate, audit-ready reporting, Comply+ offers automated FINTRAC reporting with AI-powered risk assessment tools designed specifically for MSBs and other PCMLTFA reporting entities.
Disclaimer:
This article is provided for general informational purposes only and reflects our interpretation and opinions based on publicly available information at the time of writing. It does not constitute legal advice, financial advice, regulatory guidance, or a substitute for professional counsel. Reporting entities and businesses subject to FINTRAC obligations should consult qualified legal and compliance advisors before making decisions relating to FINTRAC, AML obligations, or compliance requirements.
Automate Your FINTRAC Reporting with Comply+
Don't let compliance failures put your business at risk. Comply+ offers AI automated FINTRAC reporting, compliance training, and AI risk assessment tools designed specifically for PCMLTFA reporting entities.