Canada Tightens Financial Controls on Iran-Linked Transactions in Updated AML Directive

Canada has taken a decisive step in its fight against financial crime involving the Islamic Republic of Iran, with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) issuing updated instructions in July 2025 under its Ministerial Directive. The new measures require all Canadian reporting entities to apply enhanced countermeasures to any transaction with a connection to Iran, signaling a significant policy escalation in response to international concerns and ongoing recommendations from the Financial Action Task Force (FATF).

This development represents a new phase in how Canadian financial institutions, credit unions, and money service businesses (MSBs) handle cross-border flows involving Iran, a country designated by FATF as non-cooperative due to persistent failures in addressing anti-money laundering (AML) and counter-terrorist financing (CFT) vulnerabilities. The revised directive significantly tightens regulatory expectations, with a clear emphasis on comprehensive controls, real-time risk management, and immediate compliance with heightened AML obligations.

The scope of the directive is extensive, covering banks—both domestic and foreign operating in Canada—credit unions, caisses populaires, authorized foreign banks, and MSBs. It applies universally to all financial transactions originating from or destined for Iran, regardless of the amount involved. The directive imposes a presumption of high risk for such transactions, which compels institutions to conduct the strictest level of due diligence and ongoing monitoring, regardless of the client’s familiarity or the transaction size.

These expectations are supported by an aggressive set of compliance requirements. Institutions are required to perform enhanced due diligence (EDD) on any Iran-linked transaction. That includes mandatory identity verification for both parties to the transaction, even if the transaction is nominal in value. Identification procedures must align with Part 3 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR). Additional due diligence obligations include verifying the source of funds or virtual currency, establishing the transaction’s purpose, and determining beneficial ownership where an entity is involved.

The directive leaves no room for ambiguity in detecting Iran-linked activity. Even indirect connections—such as routing through third countries, use of the Iranian rial, Iranian government affiliation, or indicators like geolocation data or digital footprints linking activity to Iran—trigger the same compliance obligations. If there is reasonable evidence suggesting the origin or final destination of funds is Iran, financial institutions must apply the full range of controls outlined in the directive.

Recordkeeping obligations are equally stringent. Any transaction tied to Iran—whether in cash, virtual currency, or involving negotiable instruments—must be fully documented. Institutions are expected to retain records detailing transaction information, involved parties, source and destination of funds, and intended purpose for a minimum of five years, readily available for FINTRAC review.

Reporting standards under the directive depart sharply from typical thresholds. All electronic funds transfers under $10,000 CAD with an Iran nexus must be reported to FINTRAC using the code “IR2020.” Suspicious Transaction Reports (STRs) are required for all activity where the only trigger is an Iranian connection. Large Cash Transaction Reports and Large Virtual Currency Transaction Reports must also be filed for any transaction tied to Iran, regardless of value. The logic is clear: even low-value flows are potential conduits for illicit activity, and efforts to evade thresholds through structuring or smurfing must be proactively countered.

In reporting such transactions, entities are expected to clearly articulate the Iranian linkage, whether through currency indicators, digital identifiers like IP addresses, or transactional pathways. Virtual currency transactions, often more difficult to trace, fall under the same stringent rules and reporting expectations.

Monitoring for suspicious activity is mandatory, with obligations extending to both attempted and completed transactions. If any indication of money laundering, terrorist financing, or sanctions evasion arises, an STR must be filed. In cases involving designated individuals or entities, financial institutions may also need to file a Listed Person or Entity Property Report. Reporting timelines are enforced: electronic funds transfers must be reported within five business days, and large cash transactions within 15 days. In newly covered scenarios, such as redemption of negotiable instruments, reporting must occur as soon as reasonably possible.

To operationalize these rules, regulated entities must overhaul their compliance frameworks. This includes revising internal policies to explicitly incorporate Iranian transaction identification, enhanced monitoring procedures, and documented steps for escalation. Institutions must detail how Iranian connections will be identified using transaction data, external intelligence, and technological tools. All decisions and actions must be documented for audit purposes.

Staff training is central to enforcement. Institutions are required to deliver targeted instruction to employees across departments—operations, compliance, and executive oversight—so that all personnel understand the requirements and know how to act when encountering Iran-linked transactions. Ongoing education is emphasized, given the evolving nature of global AML/CFT obligations and geopolitical risks.

Risk assessment methodologies must also be revised to reflect the risks posed by jurisdictions under ministerial directives. That includes reviewing exposure to high-risk counterparties, flow patterns, and customer profiles. Institutions are encouraged to adopt sophisticated monitoring systems capable of flagging hidden or indirect links to Iran, such as shared ownership structures or subtle transaction routing patterns.

FINTRAC has stated it will actively supervise compliance through examinations. During these inspections, FINTRAC will evaluate whether entities have put the directive into action by establishing proper internal controls, retaining accurate records, and submitting timely reports. Institutions found in violation face severe consequences, including administrative monetary penalties under PCMLTFR, with the added threat of public exposure—a significant reputational risk for non-compliant firms.

This shift must be understood within a broader global context. Canada’s aggressive stance mirrors FATF’s ongoing demand that member states adopt effective countermeasures against jurisdictions with strategic AML/CFT deficiencies. By implementing strict, enforceable controls, Canada not only protects its domestic financial system but also strengthens global efforts to cut off illicit financial flows.

The Canadian regulatory approach is likely to influence other FATF members facing similar pressures. With expectations around monitoring, due diligence, and reporting continuing to tighten, especially for high-risk jurisdictions, financial institutions worldwide may soon face similarly stringent requirements.

The July 2025 update to FINTRAC’s Ministerial Directive has fundamentally altered the compliance landscape for Canadian institutions engaged in any financial activity involving Iran. Every transaction, no matter how small, must now be approached with the presumption of high risk, complete with rigorous screening, real-time reporting, and detailed documentation. The operational burden is significant, but so is the rationale: preventing money laundering, terrorist financing, and sanctions evasion tied to a jurisdiction under intense global scrutiny.

Canada’s message is unequivocal. “Continuous vigilance, adaptive controls, and a culture of compliance are essential for safeguarding the integrity of Canada’s financial sector.” As geopolitical tensions shift and global standards evolve, the obligation to remain compliant will demand not just policies, but institutional commitment and readiness for scrutiny at every level.

By fLEXI tEAM