FINTRAC releases new information-sharing guidance for reporting entities

This Finance Alert provides an overview of the latest Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) guidance to assist reporting entities (REs) that wish to participate in the recent voluntary private-to-private information-sharing initiative implemented through FINTRAC.

FINTRAC first issued guidance on private-to-private information sharing under section 11.01 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) on March 26, 2025, which implemented amendments proposed in the federal government’s 2024 Budget. On November 3, 2025, FINTRAC released updated guidance (the Guidance). The Guidance is designed to assist REs subject to the PCMLTFA in detecting and deterring money laundering, terrorist financing, and sanctions evasion—while maintaining robust privacy protections.

What is private-to-private information sharing?

Private-to-private information sharing refers to the exchange of personal information, without the individual’s knowledge or consent, between REs who are participants in an approved code of practice. “Personal information” is defined consistently with the Personal Information Protection and Electronic Documents Act as information about an identifiable individual.

Participation by REs is voluntary. The new framework does not compel REs to share information, but it establishes clear requirements for those that choose to do so.

The purpose of the exchange of personal information is to enhance REs’ abilities to detect and deter money laundering, terrorist activity financing, and sanctions evasion, while at the same time operating within defined privacy safeguards. It is believed that sharing personal information under an approved code of practice can materially improve the effectiveness of AML/ATF and sanctions compliance programs. By exchanging risk-relevant data points across institutions, REs can identify patterns, typologies, and networks that would not be apparent when analyzing a single RE’s data in isolation.

How to engage: Codes of practice and oversight

To participate in private-to-private information sharing, REs must obtain approval for a code of practice. A code of practice is a written document that outlines and explains how REs comply with private-to-private information sharing under section 11.01 of the PCMLTFA. REs should consult the Guidance for detailed requirements regarding the contents of the code, as well as FINTRAC’s Model Code of Practice.

The approval process involves both FINTRAC and the Office of the Privacy Commissioner of Canada (OPC). The code must be submitted to FINTRAC for possible review and comment and to the OPC for approval. The OPC’s review is subject to defined timelines, with extensions available where required.

Good faith compliance and code governance

The law provides protection for participants acting in good faith. No person or entity will be liable in criminal or civil proceedings for disclosing, collecting, or using personal information in compliance with the PCMLTFA and associated Regulations—so long as the conduct is undertaken in good faith and in accordance with the approved code of practice.

Governance of the code of practice is ongoing. If a reporting entity revises an approved code, it must notify FINTRAC. Where an entity fails to apply for approval of a revised code after being directed by the Commissioner, approval of the code may be suspended. Renewal and periodic review are integral to ensuring that the code remains aligned with regulatory requirements, operational realities, and emerging financial crime risks.

Practical takeaways

FINTRAC’s renewed guidance creates a structured pathway for REs to share personal information with each other. For entities seeking to strengthen their compliance programs, an OPC-approved code of practice offers a practical mechanism to collaborate while respecting legal requirements.

REs that plan to share personal information with one another should carefully review FINTRAC’s Guidance to ensure compliance with their obligations under the PCMLTFA before proceeding.

If you are concerned that your business may be impacted, contact a member of our Financial Services or Compliance team for assistance.