Canada Just Legalized Private Sector Fraud Intel Sharing — Now What?

Abstract: In a major shift for Canada’s fight against financial crime, new amendments to the PCMLTFA now allow private-sector entities to share personal information without consent to detect and prevent money laundering and terrorist financing. This breakthrough ends decades of legal silos that prevented collaboration among banks, fintechs, and telcos. While large institutions are leading initial efforts, concerns remain that smaller lenders and at-risk sectors may be left behind. Additionally, outdated identity verification methods hinder progress in a digital economy. The author calls for inclusive collaboration, suggesting a national working group to ensure this new legal framework is implemented effectively and equitably across Canada.

Canada is in the midst of a quiet but consequential shift in how we combat financial crime. In November 2024, new amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) opened the door for something we’ve never seen before in this country: private-sector entities can now share personal information with one another—without the individual’s consent—for the purpose of detecting and preventing money laundering and terrorist financing.

This marks a watershed moment. For decades, financial institutions, fintechs, telcos, and other reporting entities were barred from collaborating in this way. That meant that a bad actor rejected by one bank could simply try their luck elsewhere, exploiting the legal silos that kept institutions from alerting one another. But those silos are now legally dissolving. Regulations published March 4, 2025, lay out the mechanics for compliant information sharing—provided participants follow strict privacy protocols, including creating a formal code of practice and getting feedback from both FINTRAC and the federal Privacy Commissioner.

The government has passed the baton. The question now is: who picks it up?

Right now, the big players—banks, credit bureaus, telcos—are leading the charge, with efforts led by the Canadian Bankers Association and consulting firms like Deloitte. But from where I sit in Edmonton, I worry: will this new framework only benefit Bay Street? What about the rest of us—mid-sized lenders, regional players, sectors like automotive or real estate that face rising fraud exposure but are often left out of national coordination efforts?

There is another pressing issue we need to address: identity verification. The PCMLTFA still relies on outdated ID verification methods—physical government ID, credit file lookups, and dual-process verification—that do little to actually prevent fraud in a digital economy. But a quiet revolution is already underway. In British Columbia, residents can now carry a digital “BC Services Card” on their smartphones. Ontario is preparing to launch mobile driver’s licenses. The question is: are lenders and lawyers ready for this shift? Will they know how to interpret, verify, and trust these digital credentials?

These are questions without easy answers—but they need asking. I don’t pretend to have a blueprint, but I believe collaboration is the only way forward. I’d welcome the chance to connect with others in the lending, identity, or compliance space who are grappling with the same issues. Perhaps it’s time for a national working group—one that includes not just banks, but the broader community of innovators and practitioners on the front lines of fraud prevention.

If Canada is serious about tackling fraud, we can’t afford to let this new legislation sit on the shelf. Let’s make it work—for everyone.

Sign up for the CLA 2025 Summit Series