ey-canadas-watershed-moment-on-financial-crime

Canada’s watershed moment on financial crime

Photographic portrait of Beatrice Kangwa
Beatrice Kangwa

EY Partner, Financial Crimes, Risk Consulting

05 minute read 10 Mar 2026

Budget 2025 changes the rules on AML, fraud and sanctions. See what reporting entities should prioritize now.

In brief
  • Budget 2025 reframes financial crime as a national security priority, integrating AML, fraud and sanctions into a single, tougher compliance framework.
  • New enforcement models, stricter cash controls and higher penalties raise expectations for governance, data quality and regulatory readiness.
  • Early action will help reporting entities strengthen resilience, adapt faster to reform and build trust with regulators and consumers.

Six areas reporting entities should consider prioritizing now

A paradigm shift is forever changing the operating landscape for Canada’s reporting entities and now’s the time to act.

Budget 2025 reframed Canada’s financial crime risk as a national security priority alongside regulatory integrity and consumer trust. Today, financial institutions and other reporting entities have a unique window of time to understand those changes and proactively adapt. Doing so now can help carve out a competitive advantage, even as legislation and regulations take shape.

As legislative changes roll out and enforcement capacity builds, Canada’s reporting entities should be prudent to assess and adapt early. Doing so fosters innate resilience needed to reinforce governance and support a wider culture of flexibility, one in which organizations continue adapting to new measures as they arise from here on out.

No institution can afford to stand still in the face of Canada’s watershed moment in the fight against financial crime. Sweeping reforms and elevated fraud risk signal a new era in which financial institutions must rethink compliance, strengthen controls and embrace a unified approach to safeguarding the financial system.

Taking early action can bolster both governance and that critical market differentiator: consumer trust.

Budget 2025 reframed Canada’s financial crime risk as a national security priority.

What’s changing for Canada’s financial institutions and reporting entities?

Budget 2025 made it clear that in Canada, anti-money laundering (AML), anti-terrorist financing (ATF) and fraud prevention are no longer siloed efforts. Rather, the government is integrating pillars of regulatory integrity and consumer trust. We’re seeing tactical efforts made to protect our communities.

For financial institutions, this is more than a policy update. It’s a call to action, rallying reporting entities to look inward and understand what these changes mean and how they must adapt.

Key changes were introduced when the federal budget came down late in 2025. Budget 2025 proposes to:

  • Establish a new financial crimes agency to lead enforcement for complex financial crimes
  • Reform AML and ATF laws, by introducing restrictions on large cash transactions of $10,000 or more, and limiting third-party cash deposits, alongside increased penalties and expanded use of compliance agreements Enhance information and intelligence sharing, particularly between public and private entities
  • Implement bank fraud controls focused on prevention, customer consent for risky features and fraud data regulatory reporting requirements
  • Introduce tools requiring financial institutions to report assets and profits of sanctioned persons, with the Department of Finance empowered to redirect profits to public funds and Finance Minister consultations required around new sanctions that may pose systemic risks.

As these updates launch, Budget 2025 will also infuse fresh momentum into additional areas. Chief among them:

  • Whole-of-government anti-fraud strategies designed to support a cross-sector approach uniting banks, telecoms and tech firms against evolving fraud schemes
  • Integrated compliance expectations around the convergence of AML, fraud, sanctions and cyber risks, (as regulators coordinate oversight and the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) joins the federal supervisory committee
  • Centralized enforcement linking law enforcement and financial expertise through an integrated model that combats money laundering, fraud and sanction evasion
  • Heightened enforcement culture in which institutions can expect specialized agencies and partnerships to focus on complex schemes and a more aggressive pursuit of financial crime
  • Continued regulatory changes, like ongoing refinements to close loopholes and safeguard data within the AML and ATF space, further tightening compliance expectations
  • Granted, the political climate compounded by broader geopolitical, macroeconomic and nation-building factors is creating a lot of unknowns for financial institutions. That’s exactly why starting work and getting ahead on these changes specific to financial crime is critical. With so much changing in real time, taking proactive steps can help reporting entities prepare for greater governance and build business resilience.

At EY, we recommend reporting entities get started by addressing six priorities now. 

ey-graphics-for-federal-budget-2025-pov-option-03
ey-chapter-fc-1.jpg
1

Understand Canada’s new financial crime enforcement ecosystem

A centralized, expert‑led agency is reshaping how Canada investigates complex financial crime, increasing scrutiny, accelerating data requests and raising expectations for reporting entities.

Poised to launch in spring 2026, the newly established Financial Crimes Agency will become Canada’s lead investigator for complex financial crime. The approach is modelled on leading practices gleaned from other parts of the world.

The agency will create a centralized hub, in which traditional police powers and civilian financial experts team to tackle sophisticated money laundering schemes, large-scale fraud, illicit proceeds recovery and other major crimes. The approach fundamentally shifts the reporting chain and coordination among enforcement bodies.

For the first time, financial institutions will see complex fraud investigations managed by a single, dedicated authority, as opposed to dispersed police units. The agency will draw on increased federal law enforcement capacity. What’s more, the budget allocates $1.7 billion to the RCMP over four years — a move aimed to add 1,000 RCMP officers, boost financial crime-fighting efforts and underpin the agency’s work.

What does this mean for Canada’s reporting entities?
  • Be ready to assist investigations. As financial crime units become larger and better resourced, expect increased program scrutiny and expanded enforcement risk.
  • Deeper dives may be more common. With specialized capabilities at the core, the agency may focus on more frequent and in-depth requests for transaction data, intelligence and collaboration.
  • Quality and speed will be key. As the agency makes use of advanced analytics, financial expertise and other leading-class resources, internal compliance teams must be ready to provide robust information seamlessly and quickly.
Ask these key questions to prepare now:
  • Do we know where our AML, fraud and sanctions controls intersect and where gaps lie?
  • Are our data-sharing protocols and escalation procedures dynamic enough?
  • What do our compliance teams need (learning, tools, resources or technologies) to succeed in this new operating environment?
ey-chapter-fc-2.jpg
2

Prepare for holistic, cross-industry anti-fraud measures

Canada’s anti‑fraud reforms push institutions towards cross‑industry coordination, deeper data visibility and customer‑centric controls reshaping how banks prevent, detect and report emerging fraud threats.

How EY can help

  • Financial Services

    Learn more about our Financial Services teams and how they can help your business focus on delivering value while navigating risk and managing disruption.

    Read more

By the numbers, the government reports that Canadians lost over $643 million to fraud in 2024. That’s nearly a 300% increase since 2020 and a strong driver for a national anti-fraud strategy. Essentially, the government is working to take down silos between industries and rally reporting institutions, tech companies, telco providers and other stakeholders to create a cross-sector approach against increasingly complex fraud schemes.
 

As Budget 2025 amends Canada’s Bank Act, institutions will need to implement formal policies and controls that address consumer-targeted fraud. This includes maintaining a stronger focus on vulnerable segments, creating dedicated frameworks to detect and prevent scams that prey on customers.
 

In that same vein, banks will need to address account security. For example, Budget 2025 says customers must be allowed to set adjustable limits on transaction sizes, as well as enable or disable certain account features, with a focus on express consent around higher-risk features. This could influence areas like remote deposit capture, international wire capabilities, e-transfers and any other functionality that could be exploited by fraudsters.
 

Essentially, fraud reporting is becoming a cornerstone of regulatory engagement, influencing perceptions of institutional maturity, governance effectiveness and the capacity for consumer protection. All of this influences how institutions design products, manage risk and orchestrate customer journeys from now on.

Canadians lost over
$643
Million to fraud in 2024
A nearly
300%
Increase since 2020.
What does this mean for Canada’s financial institutions and reporting entities?
  • Consent and limits just became your new focus. Considering user experience factors like consent-by-design architecture, dynamic customer-adjustable limit configurations and customer experience/friction calibration is crucial to building trust capital and reducing fraud losses.
  • Completeness and visibility of data trends count. Banks will now be evaluated not only on their fraud outcomes but also on the quality, completeness and visibility of their data trends.
  • Standardized reporting applies. Banks will need to standardize fraud data reporting to improve risk posture and regulatory maturity. You’ll also want to evaluate how to consistently log, categorize and report fraud attempts and losses.
Ask these key questions to prepare now:
  1. Can our systems and vendor solutions accommodate customer-level fraud controls?
  2. How do we standardize fraud data models, enterprise data infrastructure, benchmarking and oversight to improve quality and consistency?
  3. Do we have the processes and platforms in place to effectively collect and report consumer fraud incidents under heightened requirements?
ey-chapter-fc-3.jpg
3

Think about holistic and cross-industry anti-fraud measures

Canada’s AML reforms introduce tougher penalties, stricter cash controls and broader sector oversight, demanding stronger governance, intelligence sharing and readiness for a far more rigorous enforcement regime.

The latest federal budget proposes the most significant overhaul of Canada’s AML and ATF regime in years. Tighter controls on illicit money flows. Elevated expectations for compliance across sectors. Stricter rules around cash transactions. Tougher enforcement. These updates represent a meaningful uptick in terms of enforcement rigour.

At the overarching level, the most impactful reform may very well be in the enforcement regime itself. Budget 2025 will significantly toughen the penalty framework and introduce a mandatory compliance agreement system. Currently, FINTRAC can levy penalties for violations and optionally negotiate compliance undertakings.

The reforms propose raising administrative monetary penalties (AMPs) under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), with details to be set out in forthcoming regulations. The takeaway for reporting entities: noncompliance costs will be sharply higher and regulators will insist on formal corrective action plans when deficiencies are found.

More granularly, Budget 2025 aims to:

  • Crackdown on large cash transactions. Because cash is typically a cornerstone of money laundering schemes, Budget 2025 proposes amendments to the PCMLTFA to restrict the acceptance of cash payments, donations or deposits of $10,000 or more, as well as third-party cash deposits into a customer’s account.
  • Close loopholes that allow bad actors to mask illicit funds as charitable donations. In an effort to cut down abuse, all financial donations will be subject to AML regulations. Compliance programs in banks, credit unions and money service businesses will need to treat large “donations” like any other high-risk transaction. That means applying due diligence, reporting and operating as though these transactions are suspicious until verified.
  • Bring additional industry players, including mortgage lenders, brokers and administrators, under PCMLTFA regulations. This also has ramifications for compliance officers in banks that deal with mortgage intermediaries and who need to understand their counterparts will soon face direct regulatory scrutiny. As things evolve, other professionals, think payment service providers or even professionals like lawyers or accountants, may also fall under a widening AML net.
What does this mean for Canada’s financial institutions and reporting entities?
  • Banks are becoming active intelligence partners. Gone are the days of simply reporting suspicious transactions. Institutions will become much more involved in intelligence sharing to enhance enforcement. That also means compliance leaders must proactively examine AML programs for gaps or weaknesses before high-stake rules come into force.
  • Transactions may need to be refused. Under the proposed amendments, institutions would be prohibited from accepting more than $10,000 in physical cash in a single transaction and from accepting third-party cash deposits along the same lines.
  • Tellers and automated systems must be ready to raise the red flag. Many institutions already scrutinize large cash deposits, triggering reports to FINTRAC. These reforms go farther. Complying will require a look at processes, procedures and customer communications, with potential considerations for legitimate customers that require alternative methods for large payments.
Ask these key questions to prepare now:
  1. How can we improve information and intelligence sharing, internal controls, transaction monitoring, training and AML auditing to balance governance with customer confidentiality and privacy?
  2. If we’re going to contribute fully in this new enforcement ecosystem, do our legal teams need to change policies, customer-facing terms or negotiated settlements when specific improvements are made under regulatory supervision or other areas?
  3. Are we prepared to liaise effectively with the board around enhanced governance and the need for financial crime compliance frameworks capable of withstanding this stricter regime?
ey-chapter-fc-4.jpg
4

Get ready to boost compliance with sanctions and asset recovery

New sanctions and asset‑recovery rules will demand faster compliance, deeper tracking of frozen assets and tighter integration across AML, fraud and sanctions controls, raising expectations for transparency and accountability.

How EY can help

  • Banking & Capital Markets

    Learn more about our Banking & Capital Markets team and how they can help your business integrate disruptive technologies with an ecosystem of partners to achieve growth.

    Read more

Budget 2025 aims to strengthen sanction compliance in terms of both transparency and accountability. Canadian banks, securities dealers, insurers and money service businesses will face new measures on economic sanctions with the aim of improving compliance and enabling authorities to deal more effectively with blocked assets. The updates are designed to ensure Canada’s financial system is not misused to circumvent sanctions, including those related to Russia, Iran and other regimes.

At a high level, the Special Economic Measures Act (SEMA), Canada’s primary sanctions law, will evolve to address systemic financial stability concerns. For example, the Minister of Finance will need to be consulted before new sanctions orders are made. That means when government is considering adding a major foreign bank or critical company to the sanctions list, Finance will weigh in on the potential fallout for Canada’s finance sector.

Clearly, Canada is seeking to thoughtfully avoid unintended financial stability risks (i.e., a sanction that could disrupt markets or a Canadian institution’s solvency). This risk management lens can be reassuring for compliance officers. Drastic moves will now get a second look by Finance officials. But it doesn’t change the fact that when sanctions are imposed, institutions will need to comply quickly.

Reading between the lines, Budget 2025 also hints at a more aggressive stance on seizing the proceeds of sanction violations or evasion. Financial institutions will need to actively report and surrender profits from frozen assets, in line with Canadian-ally countries. We may also see additional guidance spelling out how these “windfall” profits are calculated and remitted.

Specifically, a new Targeted Windfall Profit Charge mechanism will authorize governments to require financial institutions to report property, and profits derived from property, in their possession that belongs to sanctioned individuals, companies or foreign states. What could that look like in practice? If a Canadian bank is holding frozen assets, say a blocked account accruing interest or shares paying dividends, it will need to disclose that to authorities and may be ordered to remit the earnings on those assets to the government.

What does this mean for Canadian industries?
  • Collaboration is now a priority. This new strategy sends financial institutions and reporting entities a message: fraud prevention is moving towards a more unified front. It’s now everyone’s responsibility.
  • Better tracking for better reporting. Compliance teams will need to think about implementing enhanced tracking of frozen accounts and assets, with an emphasis on profits. Analyses should span complex scenarios; institutions will need to answer key operational questions once regulations are implemented.
  • Systems and programs may need a refresh. From augmenting fraud detection systems to enhancing client education and rethinking incident response plans, compliance and operational teams will need to assess existing systems and see how they line up with heightened expectations.
Ask these key questions to prepare now:
  1. Do we have clear visibility into where our AML, fraud and sanctions controls intersect and where gaps may exist?
  2. Are we prepared to track, report and potentially surrender profits on frozen sanctioned assets?
  3. Have we evaluated our exposure to newly reporting sectors or intermediaries?
ey-chapter-fc-5.jpg
5

Boost sanction compliance and asset recovery focus

Regulators are moving towards a unified oversight model, where AML performance directly influences broader prudential supervision, raising expectations for integrated risk management, data sharing and cross‑functional coordination.

Enhanced coordination sits at the heart of Budget 2025’s financial crimes overhaul. We know that Canada’s financial regulatory architecture is multifaceted: FINTRAC, the Office of the Superintendent of Financial Institutions (OSFI), the Bank of Canada, the Department of Finance, the RCMP and others have historically collaborated within the limits of their mandates. But this budget aims to dismantle those silos and align regulators and industries in the collective fight against financial crime.

As part of these shifts, FINTRAC will become a member of the Financial Institutions Supervisory Committee (FISC), an OSFI-chaired forum where federal financial regulators share info on the safety and soundness of financial institutions. This formally weaves AML and ATF considerations into the fabric of financial oversight.

What does this mean for Canada’s financial institutions and reporting entities?
  •  Compliance will increasingly be viewed as part of overall risk management and stability. If a bank has poor AML controls, it will risk FINTRAC penalties and expose itself to OSFI and other regulators’ considerations around broader institutional risks. This scenario could even trigger more intense supervision or conditions on the bank’s operations.
  • A unified view is the goal. The FINTRAC-FISC move will see information flow more freely, with regulators sharing findings that may have AML implications without the typical legal barriers. Going forward, AML track records may influence standing with prudential regulators. The era of providing different stories to different agencies is over.
  • Scope may expand. As OSFI’s mandate and powers grow to address “integrity and security” risks in the financial sector, financial institutions may see probes into areas traditionally reviewed by FINTRAC or normally left to internal audit. This creates a higher expectation for institutions to manage risks holistically.
Ask these key questions to prepare now:
  1. Is our data-sharing protocol and escalation procedure robust enough for this new enforcement environment?
  2. Are our compliance and risk officers prepared to demonstrate a joined-up approach for regulators?
  3. Do we have the right synergies between the AML, fraud and information security teams to provide senior management with visibility over financial crime risk as an enterprise issue?
What’s the bottom line for Canada’s financial institutions and reporting entities?

As legislative changes roll out and enforcement capacity builds, the time to assess and adapt is now. Budget 2025 represents a paradigm shift in Canada’s approach to AML, ATF, sanctions and financial fraud.

This turning point reframes financial crime risk as a matter of national security, regulatory integrity and consumer trust, and institutions will be expected to meet the moment effectively.

Starting now can help institutions adapt, implement new processes and respond to ongoing regulatory scrutiny and industry benchmarking, both now and as the situation evolves over the next 18 months.

Summary 

Canada’s 2025 budget marks a decisive shift in how financial crime is addressed, elevating AML, fraud and sanctions to a national security priority. With tougher enforcement, greater information sharing and more integrated regulatory oversight, reporting entities face higher expectations for governance, data quality and agility. Organizations that move early to align controls, break down silos and strengthen compliance capabilities will be better positioned to manage risk, respond to scrutiny and maintain trust as reforms continue to unfold.

Contributors
Krutika Sequeira, Senior Manager
James Johnson, Senior Consultant

About this article

Photographic portrait of Beatrice Kangwa
Beatrice Kangwa
EY Partner, Financial Crimes, Risk Consulting
Financial crime Partner advising financial institutions and emerging sectors on AML strategy, regulatory risk, and program transformation in an evolving enforcement environment.
Related topics
Financial services
Banking & Capital Markets

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.