As of mid-2026

FINTRAC's Most Wanted

Failure to keep records of customer identity verification

A deep dive into monetary penalties since the beginning of last year. The hope is that by looking at recent fines, we can shine a light on the agenda of everyone's favorite regulator.

We're starting at the 12th most common penalty: failure to keep records of customer identity verification.

Only one company was hit with this fine, but I want to mention it here because it should be an easy one, and it's sort of a cornerstone item for your AML program.

FINTRAC wants to know that you verified a customer, but they also want to see evidence of how you did it.

So if you're performing a KYC check, you need to be storing the source data behind it: timestamps, uploads of IDs, the results of any verifications, all this kind of stuff. If you're not storing it, you're likely not doing enough.

When regulators come knocking, you can't just say "we checked", you have to actually show the proof, and you have to keep it on hand for up to five years.

Of course, if you're using Rhizome, we make the proof and evidence gathering totally automatic for every single person or business in your system. We do this through our Continuous Diligence Reports where we bundle everything: initial onboarding, automated sanctions and PEP searches, KYC refreshes, and any sort of due diligence work. It's all gonna show up in this comprehensive report, and it's sort of a living history of your customer lifecycle.

So when you're being audited and you're being asked to show proof, you're not digging around through five different systems looking for information; you just provide everything you've got.

If you're in crypto, gaming, real estate, or one of these other sectors that FINTRAC has been hyper-focused on lately, you're gonna wanna watch the rest of this series, so follow for more!

Reach out to us to see more, or take a look at our onboarding solutions for people or businesses.