A recent enforcement decision has put DMCL Chartered Professional Accountants under Canada’s spotlight and served as a stark reminder that even trusted accounting networks are not immune to regulatory pressure. The case signals that FINTRAC is intensifying its supervision of non-financial firms whose compliance programs fail to meet core anti-money laundering standards.

AML program enforcement and the DMCL case

On October 9, 2025, the Financial Transactions and Reports Analysis Centre of Canada imposed a monetary penalty on DMCL, a well-known accounting firm operating across British Columbia. The sanction followed a compliance examination that uncovered systemic deficiencies in the firm’s anti-money laundering framework. FINTRAC found that DMCL had not maintained current written compliance policies, failed to assess and document its money laundering and terrorist financing risks, and neglected to carry out the required review of its AML program.

These lapses may appear procedural, but they expose deep structural weaknesses that can enable criminal exploitation. Accounting firms often occupy a pivotal position in financial flows—advising clients on structures, cross-border arrangements, and fund management. A weak compliance program in such an environment can be weaponized by bad actors to layer transactions or disguise beneficial ownership.

While DMCL paid the fine and the case was formally closed, its outcome extends beyond administrative sanction. It reinforces FINTRAC’s message that AML obligations are not optional, and that lapses—no matter the size of the entity—will invite enforcement under Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Act.

Understanding Canada’s regulatory expectations

The Proceeds of Crime (Money Laundering) and Terrorist Financing Act defines the foundation of Canada’s AML regime. It covers a wide spectrum of reporting entities, including banks, real estate brokers, casinos, securities dealers, and professional service providers such as accountants. Each category must develop written compliance policies, perform regular risk assessments, and review its AML program every two years.

The Canadian model prioritizes prevention through documented vigilance. By requiring entities to maintain auditable frameworks, the law ensures that risks are identified and mitigated before money laundering occurs. FINTRAC acts as both supervisor and enforcer, monitoring compliance across sectors and imposing administrative monetary penalties where breaches arise.

The agency assesses violations using a structured methodology that evaluates seriousness, frequency, and history of compliance. Each infraction is classified as minor, serious, or very serious. DMCL’s three failures—policy maintenance, risk assessment, and program review—were each deemed serious, collectively justifying an administrative sanction.

The law requires that policies be approved by a senior officer and kept current. This rule embeds accountability at the top, preventing firms from relegating AML responsibilities to lower-level staff. DMCL’s compliance framework lacked evidence of such oversight, revealing insufficient senior management involvement in risk governance.

FINTRAC’s 2024–25 enforcement statistics reveal a clear escalation: twenty-three Notices of Violation were issued, the highest annual figure to date, totaling over CAD 25 million. The DMCL case is part of this wider surge in enforcement meant to demonstrate tangible supervisory action. Canada’s upcoming FATF mutual evaluation adds urgency to this momentum, as the country aims to prove that its enforcement measures are credible and proportionate across both financial and non-financial sectors.

How compliance failure feeds laundering vulnerability

The DMCL case underscores how administrative lapses can transform into operational vulnerabilities. Weak documentation, missing assessments, and neglected reviews collectively erode the ability of a firm to detect and prevent suspicious activities.

When compliance policies are outdated, staff lack clear guidance for customer onboarding, transaction monitoring, and escalation procedures. Without standardization, each employee interprets obligations differently, leading to inconsistent controls.

An absent or incomplete risk assessment undermines the risk-based approach that regulators expect. Without a formal analysis of exposure by geography, client type, and service channel, firms misallocate resources, potentially ignoring higher-risk activities. A client using an accounting firm to establish cross-border vehicles could easily exploit this gap to launder proceeds through layered structures.

Failing to conduct a biennial review closes the feedback loop that ensures continued program effectiveness. These reviews act as audits of the AML system, identifying weaknesses, tracking remediation, and confirming that controls evolve with emerging typologies. Skipping them leaves firms vulnerable to gradual compliance decay.

From an AML perspective, these issues interact. Missing policies create procedural uncertainty, absent risk assessments eliminate prioritization, and missing reviews prevent recovery. Together, they form a silent chain of exposure through which illicit funds can pass unnoticed. Even when no evidence of laundering exists, regulators treat such negligence as fertile ground for financial crime.

Accounting professionals, like those in DMCL, are gatekeepers of financial legitimacy. Their documentation, client vetting, and professional judgment carry weight with banks and auditors. If these safeguards weaken, the entire system of trust is compromised. FINTRAC’s sanction demonstrates that administrative non-compliance is more than a technical infraction—it is a systemic risk.

Building resilient AML compliance programs

Preventing similar outcomes requires firms to invest in structured governance and demonstrable accountability. A well-designed compliance framework is not static; it evolves with business models, regulations, and typologies.

A robust program begins with comprehensive written policies. These should define responsibilities, cover all required control areas—such as client identification, beneficial ownership verification, PEP handling, third-party reliance, and sanctions—and include explicit procedures for monitoring, reporting, and training. Each policy must be updated regularly, approved by senior management, and distributed across all offices.

An effective risk assessment forms the second pillar. It must identify inherent risks, evaluate control effectiveness, and set clear mitigation measures. This assessment should consider factors such as geographic exposure, client categories, product offerings, and technology usage. Documenting how risks are scored and addressed is essential for demonstrating compliance maturity.

Biennial reviews provide the third critical element. Internal or external reviewers must test controls, analyze exceptions, and confirm corrective actions. The review should conclude with a written report summarizing findings, remediation status, and management approval. This record proves accountability and supports continuous improvement.

Training complements structure. Employees must understand typologies relevant to their work—from shell companies to real estate layering schemes—and adapt to new threats such as digital assets or trade-based laundering. Regular refreshers ensure awareness does not stagnate.

Recordkeeping is the backbone of defense. Maintaining organized archives of risk assessments, reviews, and policy versions can make the difference during an examination. Documentation transforms compliance from verbal assurance into verifiable proof.

Lastly, leadership engagement determines the tone. Senior officers must review reports, allocate resources, and ensure independence of the compliance function. A disengaged leadership team signals weakness and invites regulatory scrutiny.

By integrating these elements, reporting entities can prevent enforcement, safeguard reputation, and create a culture of enduring compliance.

Lessons from DMCL and the wider enforcement landscape

The sanction against DMCL Chartered Professional Accountants is more than a localized event—it reflects a turning point in Canada’s regulatory approach.

First, the modest fine carries disproportionate visibility. FINTRAC’s publication of enforcement actions ensures that every sector takes notice, reinforcing deterrence across non-financial industries.

Second, AML program enforcement now serves as a preventive mechanism rather than a corrective one. Regulators act before laundering occurs, penalizing weak governance to protect system integrity.

Third, compliance failure itself constitutes risk. Whether or not a suspicious transaction occurred, deficiencies in AML governance endanger national financial security and can justify penalties.

Fourth, the case confirms a wider trend: FINTRAC is broadening its scrutiny beyond traditional financial institutions. Accountants, real estate agents, and other professional service providers are increasingly viewed as integral to the AML ecosystem. Their role in facilitating client transactions means they must uphold the same standards of risk management and documentation as banks.

Finally, the overarching message is unmistakable. Regulatory expectations are rising, and firms must treat compliance programs as dynamic instruments of risk management, not static checklists. Each policy review or training session is an investment in resilience and credibility.

The DMCL fine therefore stands as both caution and opportunity—a caution against complacency and an opportunity to rebuild compliance frameworks that anticipate rather than react. For Canada’s non-financial sectors, the era of leniency is over.

---

Related Links

• Financial Transactions and Reports Analysis Centre of Canada – Public Notices
• Proceeds of Crime (Money Laundering) and Terrorist Financing Act – Justice Laws Website
• Administrative Monetary Penalties Regulations
• FINTRAC Guidance: Compliance Program Requirements
• Canada’s AML/ATF Regime Overview – Department of Finance Canada

Other FinCrime Central Articles About FINTRAC’s Latest Sanctions

• KuCoin’s Latest CAD 19M Penalty from FINTRAC and Its AML Legacy
• FINTRAC fine exposes weak money laundering compliance at Primary Capital
• FINTRAC’s $1.17M Penalty on SIGA Exposes Money Laundering Failures

Source: FINTRAC

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.