Accounting Basic & Tutorials
December 5, 2025

Guide to FINTRAC Attestation of Activities Form for CPAs: Are You a Reporting Entity?

By Larry Hasson

Compliance sits quietly in the background of every CPA’s work. Until it doesn’t. Most firms don’t think about regulatory exposure day to day, but the burden is there whether we acknowledge it or not. Accountants are expected to know everything, carry everything, and never miss a detail. And somewhere along the way, the line between “helping clients” and “holding legal risk” got blurry.

We all saw that recently, when a medium-sized accounting firm was hit with a significant administrative penalty, over $70,000, for non-compliance under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and associated Regulations (PCMLTFA/R). It was a reminder that the rules apply to all of us, not just the big institutions. A firm with a solid reputation and experienced leadership still slipped into non-compliance. That should make every CPA pause.

This is why FINTRAC’s Attestation of Activities Form tends to spark nerves. Not because CPAs are doing anything wrong, but because the unknown is uncomfortable. Most practitioners don’t wake up thinking about Anti-Money Laundering/Anti-Terrorist Financial (AML/ATF) rules, yet as of July 1, 2024, they’re held accountable for them. The good news? When you understand the form and fill it out correctly, it’s not something to fear. It’s a chance to get clarity and finally take the guesswork out of whether your firm is exposed.

In today’s blog, we’ll break down the form, the reasoning behind it, how to complete it properly, and what it actually means for your practice long-term.

What Is an Accountant Attestation of Activities Form?

FINTRAC’s Attestation of Activities Form is essentially a check-in. It’s a way for FINTRAC to understand whether your firm participates in activities that fall under AML/ATF rules, most importantly activities that could classify you as a reporting entity.

Do I need to fill out the Accountant Attestation FINTRAC form?

If you received it, you need to complete it. FINTRAC doesn’t send this randomly. They send it when they need more visibility into your firm, when they’re updating risk assessments in the sector, or when they suspect your services fall close to the regulatory line.

Ignoring it doesn’t make it go away. In fact, non-response usually results in more follow-up and potentially an Administrative Monetary Penalty (AMP).

If you didn’t receive the form, that doesn’t mean you’re exempt from AML/ATF rules, just that FINTRAC doesn’t currently need assurance from your firm. Still, it’s worth understanding the criteria so you can make sure your everyday workflows aren’t creeping into reporting-entity territory despite the lack of request from FINTRAC.

What FINTRAC wants to know about CPAs

FINTRAC isn’t interested in your tax filings or assurance engagements. They’re trying to understand if your firm steps into the world of moving money on behalf of our client, even if unintentionally. That includes:

  • Handling client funds

  • Using trust accounts to pay bills or taxes

  • Facilitating payments tied to business or property transactions

  • Directing or instructing third parties to release funds

These aren’t theoretical questions. FINTRAC wants to know what you actually do — not what you think your role “should” be.

Potential Consequences of Incorrect FINTRAC Form for CPAs

If your firm answers “no” to certain activities but FINTRAC later discovers you actually do them, you may face a deeper review, a compliance examination, or an AMP like the one given to the firm identified above. That’s avoidable as long as you answer with honesty and precision and are engaged in the above activities, that you implement a program that complies with the AML/ATF rules.

How to Fill Out an Attestation Form as a CPA

The form is short, but the implications aren’t. A few checkboxes on paper can determine whether your firm is subject to an entire regulatory framework, so it’s worth approaching this carefully.

Section A: Activities Performed on Behalf of Clients

This is the heart of the form. Each question is there to determine whether you participate directly or indirectly in financial transactions. Don’t think about what CPAs “should” do. Think about what your firm actually does day to day.

For example:

  • If you’ve ever paid a client’s supplier or tax payment using your trust account, that’s a “yes.”

  • If you’ve coordinated the release of funds in a client's business purchase, even once, that’s a “yes.”

  • If your team logs into a client’s bank portal or CRA account to push payments through, even as a courtesy, that’s a “yes.”

Most firms who get into trouble didn’t realize that their “helpfulness” counted as financial facilitation and thus triggered obligations under the PCMLTFA/R as it relates to accountants or accounting firms.

Section B: Attestation

This section is straightforward: you’re signing to confirm that your answers reflect reality. This should be signed by someone who understands your workflows well enough to stand behind them, typically a partner or firm leader.

A Reporting Entity: Are You or Aren’t You?

Now the bigger question: What does it actually mean to be a reporting entity?

What is a reporting entity?

A reporting entity is a person or business that participates in certain financial transactions covered under the PCMLTFA/R. For CPA firms, it all hinges on one thing: Do you move money (or direct the movement of money) for your clients?

If yes, you may be a reporting entity. If no, you’re not.

Activities that make you a reporting entity include:

  • Handling client funds

  • Directing payments or transfers

  • Facilitating or overseeing real estate or business transactions

  • Acting as an intermediary between clients and financial institutions

Activities that do not make you a reporting entity include:

  • Tax preparation

  • Bookkeeping

  • Audits and reviews

  • Entering accounting data

  • Reconciling bank records

  • Charging your own fees

Here’s where firms get blindsided: a lot of CPAs take shortcuts or offer “quick help” to clients that fall directly into FINTRAC territory. Logging into a client’s bank account to schedule a tax payment, using a firm’s trust account to pay government remittances, holding blank cheques, or using a client’s CRA login to push through an installment might feel efficient. Those actions shift your firm from “accountant” to “financial transaction facilitator.” And that shift comes with real risk.

What it means if you are a reporting entity

If your firm meets the definition of a reporting entity, you aren’t just filling out extra paperwork, you’re entering a regulatory framework that requires identity verification, record-keeping, suspicious transaction reporting, and ongoing compliance procedures. Some firms choose to embrace this fully and build out AML/ATF programs. Others rethink their workflows to avoid the risk entirely.

What matters most is awareness. You can only protect your firm from liability if you’re honest about your exposure.

Using Third Parties to Avoid Risk

Many of the riskiest situations happen because firms are pulled into tasks that fall outside their core expertise, usually because they want to help clients or save them time. But when a firm handles client payments manually, logs into client systems, or authorizes transfers, it’s stepping into an AML/ATF compliance landscape that was never designed for accountants. 

This is where using a third-party platform such as Remitian can change everything. Instead of relying on manual processes, untracked approvals, or shared credentials, firms can shift the entire payment execution and authorization process into a secure, auditable environment. Clients stay in control of their payments. Firms stay out of the danger zone. And both sides benefit from transparency, automation, and peace of mind.

Give your clients an easy payment workflow. Give yourself less risk. Book a demo with Remitian today.

FAQ

What is the Accountant Attestation of Activities Form from FINTRAC?

It’s a screening tool that helps FINTRAC understand whether your firm engages in activities that classify you as a reporting entity under the PCMLTFA.

Do I need to fill out the Accountant Attestation Activities FINTRAC form?

Yes, if you received it. FINTRAC sends it based on risk indicators or sector reviews. If you didn’t receive the form, you don’t need to fill it out but should still be aware of the potential workflows that put you into risky territory. 

What makes an accounting firm a reporting entity?

A firm becomes a reporting entity when it moves money or directs financial transactions on behalf of clients. Most accounting tasks are exempt, but certain payment-related tasks push firms into AML territory.

Balancing Helpfulness and Risk

The FINTRAC Attestation of Activities Form can feel intimidating, but it doesn’t need to be. Once you understand what counts, what doesn’t, and why FINTRAC cares, the process becomes much clearer and far less stressful. The real risk isn’t filling out the form, it’s you knowing where your firm stands.

If your practice handles client payments or gets involved in transactional workflows, now is the right time to ask whether those tasks belong inside your firm at all.

To see how Remitian helps firms remove risk, while improving the client experience, book a demo.

Related Posts

No items found.
View all