Now booking Q3 FINTRAC MSB filings. Reserve a scope call →
Regulator update

What changed in the 2026 FINTRAC bulletins.

A concise read on the year's MSB-relevant guidance: the headline updates, the changes that quietly tightened expectations, and what to revisit in your program before the next examination.

5 min read Updated May 2026 Series Regulator updates

FINTRAC's 2026 guidance cycle continued the pattern of recent years: incremental tightening rather than headline changes. The shifts that matter for MSBs are mostly in interpretation, not in the underlying obligations — which means programs written in 2023 or 2024 are likely to be technically compliant but operationally behind on what reviewers expect.

What moved on paper

  • Beneficial-ownership expectations. Guidance reinforced that ownership analysis through multiple corporate layers must be documented, not merely concluded. Reviewers expect to see the diagram, the source documents, and the analysis — not just the named owner.
  • PEP and HIO follow-through. Updated guidance emphasized that screening alone does not satisfy the obligation; documented review and source-of-funds analysis on positive matches remain expected practice.
  • Virtual currency transfer reporting. Refinements to the VCTR regime clarified expectations around reporting timing, batch versus real-time submission, and the level of customer-identifier detail required.
  • Sanctions program expectations. Guidance reinforced that sanctions screening is a continuous obligation against current lists, not a point-in-time onboarding check.

What quietly tightened

The more material changes are in how examination teams have been applying existing guidance:

  • Risk-assessment recency. A risk assessment more than 12 months old is increasingly being treated as out of date by examiners, even where the regulation does not specify an annual review cadence.
  • Training depth. Sign-in sheets are losing weight as evidence; examiners are asking for attestations, test results, or other evidence that the training landed.
  • STR disposition reasoning. "No suspicious activity identified" is no longer sufficient on alert closures. Examiners want to see what was reviewed, what was found, and why the conclusion was reached.
  • Independent review action items. Older findings from prior independent reviews that have not been closed are being flagged as repeat findings — and treated more seriously than first-time findings.

What to revisit in your program

  1. Pull the date of your last risk assessment. If it's older than 12 months, schedule a refresh now.
  2. Review your beneficial-ownership files for customers onboarded before the most recent guidance. The standard at the time of onboarding may not match today's expectations on documentation.
  3. Audit a sample of monitoring alerts closed in the last six months. If the disposition reasoning is thin, brief the team on the expected level of detail.
  4. Look at the open items from your most recent independent review. Any open longer than a year — close them or document why they remain open.
  5. If you handle virtual currencies, confirm your VCTR submission process matches the most recent guidance on timing and identifier completeness.
Nothing in this update is breaking news The bulletins this year did not introduce a new regime. They reinforced what existing obligations require and where examiners are looking harder. Programs already operating to a high standard need to confirm — not rebuild. Programs that have been coasting will feel the difference at the next examination.

Program due for a 2026 review?

We update existing AML programs and risk assessments to reflect current FINTRAC guidance and operational reality.

Book a scope call See AML services

Related from the desk

Guide · FINTRAC

Building an AML program that survives a FINTRAC examination

14 min read Guide · FINTRAC

What a clean MSB application actually looks like

10 min read Guide · AML programs

Transaction-monitoring rules that match your business model

11 min read