Nick Wright, BA JD MBA LLM (Tax)

Wright Business Law

Know-your-client (KYC) and anti-money-laundering (AML) obligations arise under both securities law and federal AML legislation. Direct obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada) (PCMLTFA) apply to entities that qualify as reporting entities, while securities regulators expect private fund sponsors to maintain onboarding and investor due diligence standards broadly consistent with NI 31-103 practices, regardless of registration status.

In Canada’s exempt market, the KYC/AML framework is shaped by several overlapping regimes, including securities regulation under NI 31-103, federal AML law under the PCMLTFA, FINTRAC guidance, and provincial enforcement expectations. While unregistered private issuers are not directly subject to NI 31-103 or, in many cases, the PCMLTFA, regulators expect them to maintain onboarding, investor due diligence, and oversight practices that are consistent with registrant standards, particularly where distributions are conducted through registered dealers.

Handling KYC/AML properly is not a check-the-box exercise. Fund sponsors must determine which rules apply to them directly, which obligations can be delegated to dealers, and how to manage onboarding in a way that integrates securities law compliance (e.g., NI 45-106 exemption eligibility) with AML risk assessments. This article provides a detailed and practical analysis of how fund managers should approach KYC/AML compliance in the exempt market.

Regulatory Framework & Sources of Law

KYC and AML requirements arise from two primary frameworks:

1. Securities Regulation – NI 31-103 and NI 45-106

NI 31-103 imposes KYC, suitability, and ongoing monitoring obligations on registrants. Private fund managers that are not registered are not directly subject to these obligations. However, where they operate through or alongside registered dealers, particularly exempt market dealers (EMDs), regulators expect the overall distribution process to meet NI 31-103 standards. In Ontario Securities Commission (OSC) compliance reviews, this manifests as scrutiny of the issuer’s onboarding controls, oversight of dealer processes, and consistency with NI 31-103-type practices.

NI 45-106 governs exempt distributions. Although it does not itself impose AML rules, it requires issuers to verify exemption eligibility, which often overlaps with KYC processes.

2. Federal AML Law – PCMLTFA and Regulations

The PCMLTFA applies to persons and entities authorized under provincial legislation to engage in the business of dealing in securities or to provide portfolio management or investment advising services. Investment fund managers are not expressly enumerated and are captured only where their activities constitute dealing, advising, or another prescribed activity. Private fund managers may therefore fall within scope where they are registered as dealers or advisers, or where their activities amount to dealing in securities within FINTRAC’s functional interpretation of a securities dealer.

FINTRAC publishes guidance, including materials on compliance program requirements and beneficial ownership, which provide interpretive direction on onboarding, monitoring, sanctions screening, PEP and HIO determinations, and suspicious transaction reporting. The binding obligations arise from the statute and its regulations, including recordkeeping, identity verification, reporting, and the requirement to establish and maintain a risk-based compliance program.

Canadian Securities Administrators (CSA) and OSC compliance reviews indicate that regulators expect registrants and fund managers to align onboarding and monitoring practices with AML risk considerations, including where onboarding is conducted through third-party dealers. These expectations arise from NI 31-103 client relationship obligations, including KYC, suitability, and ongoing monitoring, rather than direct application of the PCMLTFA where the firm is not itself a reporting entity.

Definitions and thresholds are central to the operation of these regimes.

• “Client” under NI 31-103 is not exhaustively defined but is used functionally to capture persons or companies to whom a registrant provides investment services, including advice, recommendations, or trade execution. The concept triggers obligations under Part 13, including KYC, suitability, and conflict of interest requirements.
• “Politically exposed person” and “head of an international organization” are defined under the PCMLTFA framework and require prescribed determinations and, where applicable, enhanced due diligence measures.
• “Beneficial ownership” refers to individuals who ultimately own or control 25% or more of an entity. Reporting entities must take reasonable measures to obtain and confirm this information. Where ownership cannot be confirmed, or where structures are complex or present elevated risk, enhanced measures and escalation are required.
• A “business relationship” arises where a reporting entity establishes an ongoing relationship with a client, including through repeated transactions or account-like arrangements. This triggers ongoing monitoring obligations within the entity’s compliance program.

Threshold-based requirements also apply. Cash transactions of $10,000 or more are subject to reporting where applicable under the regulations, although this is typically of limited relevance in private fund structures. Electronic funds transfer reporting applies to prescribed international transfers of $10,000 or more, which may arise in the context of cross-border subscriptions or capital calls. Enhanced due diligence is required for high-risk clients, including PEPs, HIOs, and clients associated with higher-risk jurisdictions.

Where fund managers rely on registered dealers for investor onboarding, the dealer bears primary PCMLTFA obligations as the reporting entity. However, issuers and fund managers retain exposure under securities law, including with respect to investor qualification, reliance on prospectus exemptions, and oversight of the distribution process. Deficiencies in onboarding conducted by an intermediary do not eliminate that exposure.

Application in Practice

A robust KYC/AML program begins with onboarding. Fund sponsors typically collect detailed investor information through subscription agreements, investor questionnaires, and supplementary forms. The issuer must determine who the “client” is for KYC purposes: the individual investor, the corporation or trust, or the beneficial owners behind an entity. Determining beneficial ownership accurately is critical. FINTRAC expects issuers to review corporate records, partnership agreements, trust deeds, or equivalent documentation.

If the fund uses a registered EMD to handle investor onboarding, the dealer will typically act as the reporting entity for its client relationship under the PCMLTFA. However, the fund sponsor must still confirm that exemption eligibility under NI 45-106 has been correctly verified. A dealer’s AML review satisfies the dealer’s obligations as a reporting entity but does not replace the issuer’s responsibility for exemption eligibility, investor qualification, and oversight of the distribution process. This allocation of AML responsibility does not transfer regulatory exposure. The fund sponsor must maintain oversight of the onboarding process and independently confirm that exemption eligibility under NI 45-106 has been properly established.

Identity verification must comply with PCMLTFA methods, such as government-issued photo ID, dual-process methods, or credit file checks. For entities, verification requires confirming the existence of the corporation, partnership, or trust, along with verifying its beneficial owners.

AML risk scoring is an often-overlooked step. FINTRAC expects reporting entities to classify clients into low, medium, or high risk and to adjust due diligence accordingly. Private funds dealing with high-net-worth individuals, offshore entities, or complex family office structures often trigger medium-to-high risk designations.

Ongoing monitoring includes periodic updates of KYC information, reviewing transactions for anomalies, screening against sanctions lists, and monitoring for suspicious activity. FINTRAC reporting obligations, such as Suspicious Transaction Reports (STRs), apply only when the sponsor is a reporting entity, but regulators expect unregistered fund managers to maintain adequate oversight nonetheless.

Grey Areas & Regulator Focus

A major grey area is whether unregistered fund managers are “securities dealers” for PCMLTFA purposes. FINTRAC has historically taken the position that unregistered issuers of exempt securities are generally not reporting entities. However, FINTRAC has also emphasized that entities performing dealing-like functions may fall within scope. FINTRAC has generally taken the position that issuers distributing their own securities are not securities dealers, but this remains a fact-specific analysis where activities resemble dealing. The OSC, meanwhile, may expect KYC/AML standards that mirror those of registered dealers, even where FINTRAC does not apply.

Another grey zone concerns reliance on third-party dealers. Fund sponsors frequently assume that outsourcing onboarding eliminates their KYC/AML obligations. In reality, regulators expect the issuer to conduct oversight of the dealer, ensure exemption eligibility is accurate, and verify that corporate and beneficial ownership information is reliable.

The treatment of fund-of-funds, family offices, and offshore entities is another area of regulatory scrutiny. FINTRAC expects enhanced due diligence where structures obscure beneficial ownership or involve higher-risk jurisdictions. OSC reviews often question whether fund sponsors have adequately documented beneficial ownership verification and obtained sufficient information to understand the source of subscription funds in higher-risk scenarios.

Regulators also focus on outdated KYC files. Subscription documents completed years ago are often stale, particularly for continuous offering funds. Regulators expect periodic refreshes, especially when investors re-up, increase commitments, or subscribe through new entities.

Interactions with Adjacent Regimes

KYC/AML obligations intersect closely with NI 45-106 exemption requirements. For example, verifying an investor’s accredited investor status often overlaps with verifying the investor’s identity or reviewing corporate records. A KYC failure may therefore compromise both AML compliance and the validity of the exemption.

Dealer registration issues under NI 31-103 also intersect with AML. If a fund is found to be “in the business” of trading and should have been registered, FINTRAC may assert that the fund should also have been a reporting entity subject to AML obligations. This can magnify regulatory exposure.

Tax regimes, particularly FATCA and CRS, overlay similar due diligence requirements. Many KYC processes incorporate FATCA/CRS self-certifications. Errors in these certifications can create exposure not only with tax authorities but also during OSC compliance reviews.

Privacy law (PIPEDA) further intersects with AML processes. Fund sponsors must store investor information securely, limit use to necessary purposes, and maintain adequate cybersecurity measures. Given OSC’s focus on cyber-risk management, KYC/AML systems are increasingly part of broader operational risk assessments.

Illustrative Scenarios

A private credit fund accepts a subscription from a Cayman holding company. The fund collects only the company’s certificate of incorporation and a signed subscription agreement. During an OSC review, regulators question whether the fund verified beneficial ownership or screened the ultimate owners against sanctions lists. The fund must remediate its KYC records, revise onboarding procedures, and re-verify investors.

In another scenario, a venture fund works with a third-party EMD. The dealer conducts KYC/AML, but the fund fails to confirm that all investors meet exemption requirements under NI 45-106. During an exempt distribution review, the OSC identifies mismatches between investor categories and dealer records. The fund faces deficiencies relating to both AML oversight and securities compliance.

In a third scenario, a fund-of-funds invests in a private equity fund. The sponsor relies solely on the fund-of-funds to identify beneficial ownership, assuming it is unnecessary to verify underlying investors. FINTRAC guidance requires identifying at least the controlling mind(s) of the investing entity, and OSC expectations mirror this. The sponsor must collect additional documentation or treat the investor as high risk.

Compliance Checklist

Status and Structure

• Confirm reporting entity status under PCMLTFA
• Determine if onboarding is direct or via registered dealer
• Define reliance and responsibility split if using a dealer

Core KYC/AML Processes

• Implement FINTRAC-aligned procedures:
  • Identity verification
  • Beneficial ownership
  • PEP/HIO screening
  • Sanctions checks
  • AML risk scoring

Documentation and Onboarding

• Ensure subscription documents capture required KYC/AML data
• Include NI 45-106 eligibility representations
• Reject incomplete or inconsistent subscriptions

Operations and Monitoring

• Train staff to identify and escalate red flags
• Conduct periodic KYC refreshes and monitor for material changes

Dealer Oversight (if applicable)

• Obtain compliance attestations
• Perform periodic audits or sample reviews
• Verify exemption eligibility controls

Recordkeeping

• Maintain secure records with audit trail
• Retain for statutory period with supporting evidence

What’s Changing

Regulatory expectations are converging across securities and AML regimes, with a clear shift toward higher standards for private funds. Amendments to the PCMLTFA have expanded reporting entity scope and strengthened beneficial ownership requirements, with further reforms expected in areas such as private vehicles, PEP/HIO treatment, and recordkeeping.  

FINTRAC guidance and supervisory activity indicate increased focus on exempt market participants and private fund structures. While most unregistered issuers are not currently treated as reporting entities, the regulatory direction suggests closer scrutiny of onboarding controls, beneficial ownership verification, and risk classification practices  

The OSC continues to raise expectations under NI 31-103, particularly on KYC, suitability, and dealer oversight. FATCA and CRS impose parallel tax reporting regimes that rely on similar investor information and are typically integrated into onboarding processes alongside KYC and AML data collection.

Conclusion & Next Steps

KYC and AML compliance in the exempt market is more complex than many fund sponsors realise. Even when fundraising through exemptions and using dealers, fund managers remain responsible for robust onboarding, exemption verification, investor due diligence, and oversight of third-party compliance partners. A disciplined, documented KYC/AML program protects the fund, its investors, and its managers from regulatory, reputational, and operational risk. As regulatory expectations evolve, fund sponsors should revisit their onboarding workflows, enhance documentation standards, and ensure that KYC/AML processes are integrated into the broader compliance infrastructure.

Book a Consultation

If you are forming, restructuring, or operating a private investment fund or registered dealer or advisor in Canada, contact us to schedule an initial consultation with Nick Wright.