FINTRAC'sNewAMPFrameworkUnderBillC-12:WhyRemediationEvidenceNowMatters

FINTRAC's May 6, 2026 update on administrative monetary penalties is not just a notice about bigger numbers. It is a signal that the enforcement process itself is becoming more structured, more remediation-focused, and harder to satisfy with informal fixes after an examination.

Under Bill C-12, formally the Strengthening Canada's Immigration System and Borders Act, FINTRAC now has a broader enforcement toolkit under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. For reporting entities, the practical message is straightforward: penalty exposure is rising, but the bigger operational change is the need to prove what changed, when it changed, who approved it, and whether the control now works.

what changed in the AMP framework

FINTRAC says the new framework applies to violations that occur after March 26, 2026, when Bill C-12 received Royal Assent. Violations that occurred entirely before that date continue to be handled under the existing AMP policy, penalty amounts, and processes.

For post-March 26 violations, the framework gives FINTRAC a wider range of supervisory tools:

That combination matters. A penalty is no longer the only consequence compliance teams need to plan around. The post-examination phase may now involve formal agreements, required corrective measures, deadlines, follow-up evidence, and potentially a separate violation if an order is not handled properly.

why the March 26 line matters

FINTRAC examinations look backward. The applicable enforcement framework depends on when the activity under review occurred, not just when the examination starts or when a notice arrives.

FINTRAC says it will scope examination review periods so they fall within one legislative framework. That sounds procedural, but it has real operating consequences. Reporting entities need to be able to show when alerts were reviewed, when reports were filed, when controls were updated, when training was completed, and when remediation became operational.

If your remediation tracker is vague, the dates are loose, or the evidence sits across inboxes and shared drives, the organization may struggle to show which framework applies and what actually changed before or after March 26, 2026.

Rockwell's service lens: remediation has to be provable

This is where Rockwell Advisory sees the practical risk. Many compliance programs can produce a policy document. Fewer can show a clean chain from risk assessment to procedure, procedure to execution, execution to review, and review to remediation.

Under a more active AMP framework, "we updated the procedure" is weak evidence. A stronger record includes the approved procedure, the reason for the change, senior officer approval where required, staff training completion, sample testing, reporting logs, owner assignment, and a follow-up review that confirms the new control is working.

That is not just paperwork. It is how a reporting entity shows that a compliance issue was understood, corrected, and integrated into the way the business actually operates.

ability to pay is not a softer standard

FINTRAC's new ability-to-pay criterion should not be read as a reason to relax. It means financial capacity can be considered in determining the penalty amount. It does not replace the need for a functioning compliance program.

For larger entities, the revised framework may increase financial exposure. For smaller entities, ability-to-pay analysis may add context, but it will not make missing policies, weak risk assessment, incomplete training, stale effectiveness reviews, or unsupported reporting workflows disappear.

what reporting entities should review now

1. Separate pre- and post-March 26, 2026 activity.Make sure alert reviews, report filings, remediation actions, and testing files can show which framework period they belong to.
2. Clean up remediation evidence. Keep dated artifacts, approvals, reviewer notes, training records, sample testing, and action plans in one defensible record.
3. Map known issues to possible prescribed violations.As FINTRAC publishes updated guidance, compare internal findings against the categories most likely to trigger mandatory compliance agreement exposure.
4. Assign owners before an examination. Decide who owns FINTRAC communications, document production, penalty response, legal escalation, remediation approvals, and senior leadership updates.
5. Test whether the compliance program works. Policies, risk assessments, reporting workflows, training, and effectiveness review cadence should line up as one operating system, not five disconnected documents.

the practical takeaway

FINTRAC's May 6 update confirms that Bill C-12 is not a legislative footnote. The Centre is preparing to apply a new AMP policy to post-March 26, 2026 violations, with higher maximums and more direct remediation tools.

The organizations that handle this well will not be the ones that only memorize penalty bands. They will be the ones that can show clean timelines, clear accountability, repeatable controls, and a record of acting before FINTRAC has to force the issue.