FINTRAC AML Training Program: What Casino Reporting Entities Must Implement Under PCMLTFR s. 156(1)(d)

Every casino listed under paragraphs 5(k) to (k.3) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) is a reporting entity. That status carries five mandatory compliance program elements under the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), SOR/2002-184: an appointed compliance officer, written policies and procedures, a risk assessment, an ongoing training program, and a two-year effectiveness review. The training program is codified at paragraph 156(1)(d). It is not a best-practice recommendation. A casino that cannot produce a written, implemented, and documented training program is non-compliant with federal law, and FINTRAC examiners will treat it accordingly.

The stakes have risen sharply since March 26, 2026, when the Strengthening Canada’s Immigration System and Borders Act (Bill C-12) received Royal Assent. The amended PCMLTFA framework raises maximum administrative monetary penalty (AMP) caps to up to 40 times their pre-2026 limits, introduces mandatory compliance agreements for prescribed violations, and adds compliance orders as an additional enforcement tool. Compliance teams that have been treating training as a documentation formality now face a materially different penalty exposure.

What Is a Training Program Under PCMLTFR?

FINTRAC defines a training program as “a written and implemented program outlining the ongoing training for your employees, agents or other individuals authorized to act on your behalf. It should contain information about all your obligations and requirements to be fulfilled under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and its associated Regulations.”

Two words in that definition carry outsized legal weight: written and implemented. A written program that was never delivered, or a training culture that was never committed to writing, satisfies neither limb. FINTRAC examiners assess whether the program is operational in practice, not merely memorialized in a compliance manual.

“A compliance program is all elements (compliance officer, policies and procedures, risk assessment, training program, effectiveness review) that you, as a reporting entity, are legally required to have under the PCMLTFA and its associated Regulations to ensure that you meet all your obligations.”, FINTRAC, Compliance Program Guidance

The training program is one of the five required elements. All five must coexist and operate together. A well-designed risk assessment does not compensate for an absent training program, and a training program that is not tested during the two-year effectiveness review will be flagged as a gap in its own right.

Who Must Receive Training: The Scope of Coverage

FINTRAC’s guidance requires casinos to identify in their training plan who will receive training. The scope is broader than many casinos assume.

Training recipients must include those who have contact with clients, such as front-line staff or agents. They must also include those involved in client transaction activities, and anyone who handles cash, funds, or virtual currency on the casino’s behalf in any capacity. The obligation covers employees of the reporting entity, agents, mandataries, and all other persons authorized to act on behalf of the casino who interact with clients or transactions.

For an online casino operating under the iGaming Ontario framework, this extends to any third-party service provider or agent who, by agreement, deals with clients or completes transactions on behalf of the reporting entity. The PCMLTFR makes clear that delegating a function to an agent or mandatary does not transfer the casino’s compliance obligation. The casino remains responsible for ensuring that those persons receive appropriate training and that the training can be documented.

What the Training Plan Must Document

Paragraph 156(1)(d) requires the casino to both establish and implement the training program. FINTRAC’s compliance guidance specifies that the casino must also “institute and document a plan” for the ongoing training program and for delivering the training. The training plan is therefore a distinct document, not merely a chapter within the policy manual.

The plan must address four components. Training recipients, identifying who will receive training and in what categories or roles. Training topics and materials, specifying the substantive content of each module or session. Training methods for delivery, covering whether training is in-person, online, written, or some combination. Training frequency, describing the schedule and the event-triggered circumstances under which training is refreshed or accelerated.

FINTRAC is explicit that the plan should describe both interval-based training, for example monthly, semi-annually, or annually, and event-triggered training, for example before a new employee deals with clients, after a procedure changes, or following a regulatory amendment. The size and complexity of the casino determines how this balance is struck. A large casino operating multiple verticals or serving high-volume VIP clientele will be expected to maintain a more differentiated and frequent training cadence than a smaller venue.

Mandatory Training Topics for Casino Reporting Entities

FINTRAC’s guidance identifies what training content must address. At its core, every person in scope must understand the casino’s obligations under the PCMLTFA and its associated Regulations, their own role and responsibilities in detecting and deterring money laundering and terrorist activity financing, and how to respond when they encounter a potentially suspicious activity or transaction.

The table below maps training content requirements to the specific compliance obligations that give rise to them. Section-level references point to the relevant provisions of the PCMLTFR and PCMLTFA, casinos should verify current section numbering against the consolidated Regulations, as renumbering can occur following legislative amendments.

Training Topic	Underlying Obligation	Relevant Reference
Large cash transaction identification and reporting	LCTR reporting obligations at $10,000 cash threshold	PCMLTFR, casino-sector LCTR provisions
Casino disbursement reporting	Reporting casino disbursements of $10,000 or more	PCMLTFR, casino disbursement provisions
Suspicious transaction identification and escalation	STR filing obligation on reasonable grounds to suspect	PCMLTFA, s. 7, PCMLTFSTRR
Client identification and KYC procedures	Identity verification methods and timing	PCMLTFR, identity verification provisions (ss. 105, 112)
Politically exposed persons (PEPs) and heads of international organizations (HIOs)	Enhanced measures for PEPs and HIOs	PCMLTFR, PEP and HIO enhanced-measures provisions
Beneficial ownership determination	Identifying and verifying beneficial owners	PCMLTFR, beneficial ownership provisions
Large virtual currency transaction reporting	LVCTR threshold and reporting obligations	PCMLTFR, large virtual currency transaction provisions
Sanctions evasion indicators and property reporting	Obligation to report listed person or entity property	PCMLTFA, listed property reporting provisions
Record-keeping obligations	Retention requirements for casino-sector records	PCMLTFR, casino-sector record-keeping provisions
Ongoing monitoring and risk-based approach	Client risk assessment and enhanced measures	PCMLTFR, s. 156(1)(c) and s. 9.6(2)

For online gambling operators in jurisdictions like iGaming Ontario, virtual currency obligations require particular attention. The Northern Isga Foundation enforcement notice, discussed below, cited the absence of policies covering large virtual currency transactions as a direct deficiency. Staff handling digital asset-related transactions must be trained on the specific thresholds, identification requirements, and reporting mechanics applicable to virtual currency under the PCMLTFR.

Training Frequency: No Fixed Interval, But a Clear Standard

What does FINTRAC consider adequate training frequency?

FINTRAC does not prescribe a fixed training interval in the Regulations. The compliance guidance states that training can be delivered at regular intervals, such as monthly, semi-annually, or annually, when certain events occur, such as before a new employee deals with clients or after a procedure changes, or by using a combination of both. The frequency must be described in the training plan, and it must be calibrated to the casino’s size, structure, complexity, and degree of exposure to money laundering, terrorist activity financing, and sanctions evasion risk.

In practice, a casino with high cash volumes, high-risk clientele, or a recent adverse examination finding will be expected to demonstrate a training cadence that reflects that risk profile. A once-per-year general AML briefing is unlikely to satisfy an examiner reviewing a high-risk casino’s program.

New employees represent a mandatory event trigger. A person must receive training before dealing with clients, not within some grace period after their first client interaction. This is one of the most commonly overlooked requirements in casino environments where operational pressure can lead to front-line staff being deployed before their training is complete.

Documentation: The Evidence That Training Occurred

FINTRAC’s guidance is unambiguous on recordkeeping: the training program must include a record of the training that has been delivered. That record must capture the date the training took place, a list of the attendees who received the training, and the topics that were covered.

These records serve two functions. They allow the casino to track training delivery and schedule future sessions. They also form the evidentiary foundation for a FINTRAC examiner reviewing compliance program effectiveness. A training program that cannot be documented is treated by FINTRAC examiners as a training program that does not exist.

The two-year effectiveness review, required under paragraph 156(1)(f), explicitly encompasses testing the training program. An auditor conducting that review must assess whether training records demonstrate adequate delivery and whether training covered all required topics. If records are absent, incomplete, or inconsistent, the review cannot conclude that the training program is effective.

“Your training program should also include a record of the training that has been delivered, for example, the date the training took place, a list of the attendees who received the training, the topics that were covered.”, FINTRAC, Compliance Program Requirements Guidance

Enforcement: What FINTRAC Examinations Actually Find

What are the most common training-related deficiencies in FINTRAC casino examinations?

FINTRAC’s published enforcement notices provide the clearest picture of recurring deficiencies. The March 2026 AMP imposed on Northern Isga Foundation, which operates the Eagle River Casino and Travel Plaza in Glenevis, Alberta, illustrates the pattern directly. FINTRAC classified four violations as “serious,” including explicit failures in the AML training program. According to Investment Executive’s reporting on the enforcement notice, the organization “failed to develop an ongoing compliance training program and wasn’t able to document that it had undertaken the required review of its compliance program to test for effectiveness.” The penalty imposed was CAD $91,162.50.

The same notice identified deficiencies in policies and procedures, risk assessment, and the two-year effectiveness review, which is consistent with what FINTRAC examiners consistently find: training failures rarely occur in isolation. A casino that has not developed adequate training is typically also the casino whose policies are incomplete, whose risk assessment lacks geographic or business-relationship factors, and whose effectiveness review has never been conducted.

FINTRAC’s compliance examination of iGaming Ontario (iGO) for the period September 1, 2023 to February 29, 2024 also demonstrates that the regulator applies the same scrutiny to government-affiliated online operators as to land-based venues. According to iGO’s 2024-2025 financial statements, FINTRAC communicated preliminary examination findings in an exit interview on July 17, 2025, and a formal findings letter was anticipated that could result in no further action, follow-up compliance action, or an administrative monetary penalty. The examination covered the corporation’s AML and anti-terrorist financing compliance program in its entirety, including its training obligations.

The structural deficiencies FINTRAC most frequently cites in casino examinations fall into four categories. The training program was not written down or was contained only in generic policy language rather than a standalone plan. No training records were maintained, meaning delivery could not be evidenced. Training recipients were defined too narrowly, excluding agents or mandataries dealing with clients. Training content did not address all reporting obligations, with virtual currency reporting and sanctions evasion indicators being the most common gaps in recent years.

Scaling Training to Casino Size and Risk Profile

FINTRAC’s guidance anticipates that a large casino will need a differentiated training architecture. A large business may provide general training to all client-facing staff covering the fundamental reporting, identification, and record-keeping obligations, and then layer specialized training for compliance personnel covering transaction analysis, STR escalation procedures, PEP and HIO enhanced measures, and sanctions screening.

For online gambling operators, the differentiation often runs along product lines and team functions. A VIP account management team interacting with high-value clients carries different training requirements from a payments operations team processing withdrawals. Both fall within the scope of paragraph 156(1)(d), but the topics, depth, and frequency appropriate to each will differ. The training plan must explain how these distinctions are made and how delivery to each cohort is tracked.

Larger operators should also address how training is refreshed following regulatory amendments. The March 26, 2026 changes to the AMP framework are a concrete example: any casino whose training materials described penalty exposure under the pre-2026 regime must update those materials and deliver the refresh to all in-scope personnel. The training plan should contain a process for identifying regulatory changes that require a training update, assigning responsibility for developing updated materials, and scheduling delivery within a defined timeframe.

Training and the Two-Year Effectiveness Review

The two-year effectiveness review under paragraph 156(1)(f) is the audit mechanism by which the compliance program tests itself. For training, the review must assess whether training was actually delivered, whether it covered all required topics, and whether it reached all required recipients. FINTRAC defines the two-year effectiveness review as “a review, conducted every two years (at a minimum), by an internal or external auditor to test the effectiveness of your policies and procedures, risk assessment, and training program.”

The review must be carried out and its results documented. FINTRAC recommends that the reviewer be someone who is knowledgeable about PCMLTFA and PCMLTFR requirements. As a matter of best practice, the review should not be conducted by someone directly involved in the compliance program activities being reviewed, to preserve impartiality. A casino that has never conducted this review, or cannot produce documentation that it was carried out, faces a dual deficiency: the training element and the effectiveness review element are both non-compliant.

When the review identifies weaknesses in the training program, the casino must document an action plan. Any updates to the training program made during the review period, whether or not they resulted from the review itself, must be documented along with their implementation status. FINTRAC examiners will assess these records as part of examining paragraph 156(1)(f) compliance.

Practical Build: What a Defensible Casino Training Program Contains

Compliance teams building or auditing their training program against FINTRAC’s requirements should confirm that the following elements are present and documented.

The training plan must be a standalone written document, not merely a section of the policy manual. It must identify training recipients by role or category, covering all employees, agents, mandataries, and other authorized persons dealing with clients or transactions. It must list training topics, cross-referenced to the specific PCMLTFA and PCMLTFR obligations they address. It must specify delivery methods, whether in-person, e-learning, written assessment, or a combination. It must describe frequency, both interval-based and event-triggered, calibrated to the casino’s risk profile.

Training records must be maintained for each delivery of training. The record must capture the date, the attendee list, and the topics covered. For new employees, a record must confirm that training was completed before the employee’s first client interaction. Where training is refreshed following a regulatory change or an internal policy update, the record must identify what changed and when the refreshed content was delivered.

The two-year effectiveness review must include a specific assessment of the training program. The review documentation must show who conducted it, what was tested, the findings, and any remedial action taken. If an external auditor is used, their terms of engagement and qualifications must be documented.

Casinos operating in the iGaming Ontario market face an additional layer: FINTRAC obligations run concurrently with AGCO registration requirements and iGO Operator Agreement obligations. AML training requirements in the Alberta market similarly intersect with AGLC and the Alberta iGaming Centre (AiGC) oversight framework, the AGLC’s FAQ directs AML and FINTRAC process inquiries to AiGC directly. Compliance teams in those markets should confirm that FINTRAC training obligations are mapped alongside provincial regulatory requirements in a single compliance framework. The intersection of federal AML obligations with provincial iGaming registration standards is examined further in our comparison of AGCO vs AGLC: Key Differences in Ontario and Alberta Internet Gaming Regulation, and operators entering either market should also review the AGLC SRIG framework obligations for the AiGC-specific AML guidance that applies at provincial level.

Operators and their legal counsel should review the current FINTRAC compliance program guidance and sector-specific casino guidance in full, as requirements are subject to amendment. Operators should consult qualified Canadian legal counsel to assess the application of PCMLTFA obligations to their specific operational structure, particularly where agents, mandataries, or third-party service providers interact with clients on their behalf.

Key Resources

FINTRAC Compliance Program Requirements Guidance, the authoritative guidance on all five compliance program elements, including the training program and plan requirements under PCMLTFR s. 156(1)(d). Available at fintrac-canafe.gc.ca.

Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), SOR/2002-184, the primary statutory instrument establishing compliance program obligations, including s. 156(1)(d) on training. Available at laws-lois.justice.gc.ca.

FINTRAC Casino Client Identification and KYC Requirements Guidance, sector-specific guidance covering identity verification, record keeping, and casino disbursement reporting obligations. Available at fintrac-canafe.gc.ca.

FINTRAC Administrative Monetary Penalties Policy, the policy framework for AMP determination, including the harm-done assessment guide for compliance program violations. Available at fintrac-canafe.gc.ca.

FINTRAC AMP Changes (Bill C-12), FINTRAC’s guidance on the new AMP framework in force from 26 March 2026, including increased penalty caps, mandatory compliance agreements, and compliance orders. Available at fintrac-canafe.gc.ca.