Language selection

Search

News release

Privacy Commissioner of Canada publishes new guidance for financial reporting entities on submitting codes of practice

July 9, 2026 – Gatineau, Quebec

The Privacy Commissioner of Canada has published guidance on submitting codes of practice for sharing personal information as part of efforts to detect or deter money-laundering, terrorist activity financing, and sanctions evasion.

The guidance is intended for reporting entities, such as banks, credit unions, trust companies, and providers of life insurance and loans that are subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). It clarifies what information is required to satisfy the Privacy Commissioner that a code of practice meets the requirements for approval set out in the regulations.

Following legislative changes in March 2025, reporting entities under the PCMLTFA can share personal information among one another without an individual’s knowledge or consent in certain circumstances, in accordance with regulations. However, to do so, they must establish a code of practice to govern this information sharing and have the code approved by the Privacy Commissioner of Canada.

The purpose of a code of practice is to enable better detection and prevention of money laundering, terrorist financing, and sanctions evasion while also ensuring that there is the same or greater protection of personal information as is provided in the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal private-sector privacy law.

Quote

“This new guidance will support organizations as they establish codes of practice that maintain strong privacy protections in the context of information sharing meant to detect and prevent money laundering, terrorist financing, and sanctions evasion.”

Philippe Dufresne
Privacy Commissioner of Canada

Related link

Media contact

Office of the Privacy Commissioner of Canada
communications@priv.gc.ca

Date modified: