An AMLC Certificate of Registration in the Philippines is not something you should treat as permanently valid. In practice, the answer depends on the document you have: a Provisional Certificate of Registration (PCOR) is temporary and is generally valid for six months, while a full Certificate of Registration (COR) must be kept active through AMLC’s current registration system, including mandatory updating every two years and immediate updating whenever material registration details change.
Quick Answer: How Long Is an AMLC Certificate of Registration Valid?
| Document | Practical validity period | What it means |
|---|---|---|
| AMLC PCOR | 6 months | Temporary proof that the covered person has been provisionally registered while AMLC validates the application |
| AMLC COR | Keep active through 2-year mandatory updating | Proof that AMLC has approved the covered person’s registration; portal access may be deactivated if updating is not done |
| Old ORS-era COR | Should be checked against CORS status | Covered persons were required to transition or re-register under AMLC’s Compliance Optimization and Registration System |
The safest practical rule is this: check the date or account expiration shown in the AMLC Portal, not only the PDF certificate saved on your computer. Many compliance problems happen because a business keeps an old downloaded COR but fails to update its AMLC portal account, compliance officer details, address, or supporting documents.
What Is an AMLC Certificate of Registration?
An AMLC Certificate of Registration, often called an AMLC COR or sometimes loosely called an “AMLA certificate,” is proof that a person or entity classified as a covered person has registered with the Anti-Money Laundering Council.
The AMLC is the Philippine government body created under Republic Act No. 9160, or the Anti-Money Laundering Act of 2001, as amended. The law requires covered persons to comply with anti-money laundering and counter-terrorism financing obligations, including customer due diligence, record-keeping, and reporting of covered or suspicious transactions.
An AMLC COR is not the same as:
- an NBI clearance;
- a police clearance;
- a personal certificate that someone has “no AML case”;
- a business permit;
- a BIR Certificate of Registration;
- an SEC, DTI, PRC, BSP, IC, or PAGCOR license; or
- proof that a transaction is automatically lawful.
It simply means that the covered person is registered with the AMLC system for AML/CFT compliance purposes.
Who Needs AMLC Registration?
AMLC registration is not required for every business in the Philippines. It is required for persons and entities classified as covered persons under the Anti-Money Laundering Act, as amended by later laws including Republic Act No. 11521.
Common covered persons include:
- banks, quasi-banks, trust entities, pawnshops, money changers, remittance agents, and other BSP-supervised financial institutions;
- insurance companies, pre-need companies, insurance brokers, and other Insurance Commission-supervised entities;
- securities brokers, dealers, investment houses, financing companies, lending companies, and other SEC-supervised entities;
- casinos, including internet-based and ship-based casinos, where covered by law;
- jewelry dealers in precious metals or precious stones;
- company service providers;
- lawyers, accountants, and other professionals only when they provide specific covered services, such as managing client money or creating, operating, or managing juridical persons;
- real estate developers and real estate brokers;
- offshore gaming operators and their service providers, where covered by applicable regulation.
This matters because many ordinary businesses are asked by banks for an “AMLC certificate” even when they may not actually be covered persons. In that situation, the real issue may be whether the bank needs a COR, a PCOR, a sworn statement, corporate documents, or clarification that the business is not engaged in covered services.
Legal Basis for AMLC Registration and Validity Rules
The main legal and regulatory sources are:
- Republic Act No. 9160, the Anti-Money Laundering Act of 2001;
- later amendments, including Republic Act No. 10365, Republic Act No. 10927, and Republic Act No. 11521;
- the 2018 Implementing Rules and Regulations of the AMLA, as amended;
- AMLC rules on online registration and reporting;
- AMLC Regulatory Issuance No. 01, Series of 2024, on the Compliance Optimization and Registration System;
- BSP Circular Letter No. CL-2019-043, which reminded BSP-supervised financial institutions to require AMLC PCORs or CORs from certain DNFBP customers as part of customer due diligence;
- DILG-AMLC Joint Memorandum Circular No. 01, Series of 2023, which connects AMLC registration with local business permit and licensing procedures for designated non-financial businesses and professions.
Under the current CORS framework, covered persons must keep their registration information current. The AMLC system is not meant to be a one-time filing that is forgotten after the first certificate is downloaded.
PCOR vs COR: Why the Difference Matters
Many people asking about AMLC certificate validity are actually holding a PCOR, not a full COR.
Provisional Certificate of Registration
A PCOR is temporary. It is issued after initial validation steps, usually while the AMLC is still reviewing or validating the covered person’s full registration details and documents.
A PCOR is generally valid for six months from issuance.
This means you should immediately calendar the expiry date. A PCOR is useful for temporary proof of registration, but it is not the final compliance endpoint.
Certificate of Registration
A COR is issued after AMLC determines that the registration requirements are complete and accurate.
Under current practice, the more important compliance issue for a COR is not just the printed date on the PDF. It is whether the covered person’s AMLC portal account, registration details, compliance officer information, and supporting documents are still active and updated.
Covered persons must update registration through the AMLC online system every two years, and sooner if there are changes.
How to Check If Your AMLC Certificate Is Still Valid or Active
Follow these steps carefully.
Look at the document title. Check whether the document says Provisional Certificate of Registration or Certificate of Registration.
If it is a PCOR, count six months from the issuance date. Also check whether the PCOR itself or the AMLC email shows a specific expiry date. Follow the system-indicated date if available.
If it is a COR, log in to the AMLC Portal. Use the AMLC Portal and check the account status, registration status, downloadable certificate, and any update prompts.
Check the user account expiration or mandatory updating deadline. Under CORS, covered persons must update their registration every two years. If there are no changes, the compliance officer may still need to confirm or submit the current information through the system.
Check the registered compliance officer and alternate officer details. A common problem is that the original compliance officer resigned, migrated, changed email, or no longer has access to the registered address.
Compare the AMLC profile with current SEC, DTI, PRC, LGU, or regulator documents. Names, addresses, officers, licenses, and business lines should match. Inconsistencies may delay approval or cause counterparties to question the certificate.
Download the latest available certificate from the portal. Do not rely on an old PDF saved years ago if the portal has a newer document or shows a pending update.
Required Documents for AMLC Registration or Updating
The exact requirements depend on the covered person’s category. Under the CORS framework, registration is generally done online. Hardcopy submission is generally not required for ordinary portal registration.
| Applicant type | Common documents or information |
|---|---|
| Corporation or partnership | SEC registration documents, latest General Information Sheet, board resolution or secretary’s certificate designating the compliance officer |
| Sole proprietor | DTI Certificate of Business Name Registration, valid ID details, written authority designating a compliance officer if not personally assumed by the owner |
| Real estate broker | PRC real estate broker license or certificate, business registration documents if operating through a firm, compliance officer details |
| PAGCOR, CEZA, or APECO-regulated covered persons | Relevant license, corporate authority, compliance officer designation |
| Lawyers, accountants, or professionals engaged in covered services | Proof of professional authority, business documents if applicable, written authority for compliance officer, and documents showing the nature of covered services |
| All covered persons | Valid email address, business address, contact details, compliance officer and alternate officer details, readable PDF or image uploads |
In practice, the most common bottlenecks are:
- outdated GIS;
- wrong legal name;
- mismatched SEC and AMLC addresses;
- missing notarized board authority;
- unclear compliance officer designation;
- personal email addresses that do not clearly identify the officer;
- expired PRC license for real estate brokers;
- use of an old business permit with a different line of business;
- unreadable scanned documents.
How to Renew or Update AMLC Registration
People often say “renew AMLC certificate,” but under the current framework, the better term is usually mandatory updating of registration.
Here is the practical process.
Access the AMLC Portal. Use the registered compliance officer or alternate officer credentials.
Go to account settings or registration update. Check whether the system shows an update prompt or account expiration notice.
Review all registration details. Confirm the covered person’s legal name, nature of business, mailing address, zip code, contact details, compliance officer, and alternate officer information.
If nothing changed, submit the required confirmation. Even if nothing changed, the system may still require confirmation to keep the account active.
If something changed, update the information and upload supporting documents. Examples include change of business address, change of compliance officer, new corporate officers, change of business name, change in ownership, or change in regulated activity.
Monitor email notifications. AMLC communications are usually sent to the registered email addresses. Check spam, junk, and old company inboxes.
Download the updated COR after approval. Keep both digital and printed compliance copies for bank, LGU, audit, and counterparty requests.
What Happens If the AMLC Registration Is Not Updated?
Failure to update AMLC registration can have practical and regulatory consequences.
Possible effects include:
- deactivation of AMLC Portal user access;
- inability to file reports through the electronic reporting system;
- difficulty opening or maintaining bank accounts;
- enhanced due diligence by banks or other covered persons;
- delay in business permit renewal for DNFBPs;
- questions from counterparties during customer due diligence;
- administrative sanctions under AMLC rules;
- possible criminal exposure if false statements or misrepresentations are made.
For DNFBPs such as real estate brokers, real estate developers, jewelry dealers, company service providers, and certain professional service providers, the issue can also affect local government licensing. Under the DILG-AMLC framework, LGUs may require a PCOR or COR for business permit renewal of covered DNFBPs.
Practical Scenarios
Scenario 1: A real estate broker has a PCOR issued five months ago
The broker should not wait until the sixth month. The PCOR is temporary. The broker should check whether the full COR has been approved, whether AMLC requested additional documents, and whether the registered email address is still active.
Scenario 2: A corporation has an old AMLC COR from before CORS
The corporation should check its current AMLC Portal status. AMLC’s transition to CORS required covered persons with valid registrations to re-register within the transition period. An old saved COR may not satisfy a bank or regulator if the current system record was not updated.
Scenario 3: A bank asks a small business for an “AMLA certificate”
The business should first confirm whether it is actually a covered person. If it is not a covered person, AMLC registration may not be appropriate. The bank may be asking because of its internal due diligence checklist, the business activity code, or a mistaken classification.
Scenario 4: The compliance officer resigned
This is a common problem. The business should update the compliance officer details in the AMLC Portal and prepare the proper board resolution, secretary’s certificate, or written authority. Delays often happen when the old compliance officer’s email is the only account that receives OTPs or AMLC notices.
Scenario 5: A foreign-owned Philippine company needs a COR
The obligation depends on the Philippine entity’s activity, not the nationality of the shareholders. If the company is a covered person under the AMLA, it must comply with AMLC registration requirements. Foreign documents signed or issued abroad may need apostille or consular authentication, depending on the country and the type of document.
Special Notes for Foreigners and Foreign-Owned Businesses
Foreigners commonly encounter AMLC registration issues when they own, manage, or invest in a Philippine business that falls under a covered category.
Important points:
- AMLC registration does not override Philippine licensing laws.
- A foreign-owned corporation may still need SEC registration, BIR registration, LGU permits, and sector-specific licenses.
- A foreigner cannot use an AMLC COR to cure problems with constitutional or statutory restrictions, such as Philippine land ownership restrictions.
- Foreign directors or officers signing documents abroad should check notarization and apostille requirements.
- If the business is a real estate developer, broker, casino-related entity, financing company, lending company, remittance business, or other regulated activity, AMLC registration may be only one part of a larger compliance package.
For documents executed abroad, the usual practical question is whether the document will be accepted in the Philippines. If the country is a party to the Apostille Convention, an apostille may be used. If not, consular authentication through the appropriate Philippine post may be required.
Common Mistakes to Avoid
Treating the COR as permanent
The AMLC registration must be maintained. Calendar the two-year updating cycle and check the AMLC Portal regularly.
Confusing PCOR with COR
A PCOR is temporary. If your document says “Provisional,” count the six-month period and complete the remaining registration steps.
Waiting until bank account opening or mayor’s permit renewal
Many businesses discover the problem too late. Keep the COR ready before annual permit renewal season, loan applications, bank onboarding, or large transactions.
Using outdated corporate documents
If the latest GIS, SEC documents, board authority, PRC license, or business permit no longer matches the AMLC profile, update the records.
Losing access to the registered email
AMLC portal access and OTPs often depend on the registered email. Use a stable, official email address and maintain access even if personnel change.
Assuming lawyers and accountants are always covered
Lawyers and accountants are not automatically required to register simply because of their profession. The key question is whether they provide covered services under the AMLA, such as managing client assets or creating and managing juridical persons, subject to the law’s limits and protections for privileged information.
Frequently Asked Questions
How long is an AMLC PCOR valid?
An AMLC Provisional Certificate of Registration is generally valid for six months from issuance. It is temporary proof of registration while AMLC validates the application.
How long is a full AMLC COR valid?
A full AMLC COR should be kept active through the AMLC Portal. Under the current CORS framework, covered persons must update their registration every two years and whenever material information changes.
Is AMLC registration renewed every year?
Not usually. AMLC registration is commonly maintained through a two-year mandatory updating cycle, not an annual renewal like a mayor’s permit. However, LGU business permit renewal may still require presentation of a valid PCOR or COR for covered DNFBPs.
Where can I check the expiry date of my AMLC certificate?
Check the certificate itself, the AMLC approval email, and most importantly the AMLC Portal. The portal is the practical source for current registration status, account status, and available certificate downloads.
What happens if my AMLC PCOR expires?
If the PCOR expires before full approval or completion of requirements, banks, LGUs, counterparties, or regulators may refuse to treat it as current proof of registration. The covered person should check the portal, respond to pending AMLC requirements, and secure the full COR if eligible.
Is AMLC registration free?
AMLC registration is generally done online and is free. However, businesses may still incur related costs such as notarization, document preparation, scanning, apostille or authentication of foreign documents, and professional compliance assistance.
Do all Philippine businesses need an AMLC COR?
No. AMLC registration is for covered persons under the AMLA. Ordinary businesses that are not banks, financial institutions, casinos, real estate covered persons, jewelry dealers, company service providers, or other covered categories generally do not need an AMLC COR.
Can a bank require my AMLC COR?
Yes, in appropriate cases. Banks and other covered persons perform customer due diligence. For certain DNFBP customers, they may require presentation of an AMLC PCOR or COR and may conduct enhanced due diligence if the customer cannot provide it.
Is an AMLC COR the same as AML clearance?
No. An AMLC COR is proof of registration as a covered person. It is not a personal clearance and does not certify that a person or company has no pending AML issue.
What should I do if my AMLC Portal access is deactivated?
Review the reason for deactivation, update the required registration information, replace outdated compliance officer details if needed, and submit the required documents through the portal. The usual practical cause is failure to complete mandatory updating or loss of access to the registered compliance officer account.
Key Takeaways
- An AMLC PCOR is generally valid for six months.
- A full AMLC COR must be kept active through mandatory updating every two years under the current CORS framework.
- Do not rely only on an old downloaded PDF; check the AMLC Portal for current registration and account status.
- AMLC registration is for covered persons, not all businesses.
- Failure to update can lead to portal deactivation, bank due diligence issues, LGU permit problems, and possible sanctions.
- Keep compliance officer details, email access, corporate documents, licenses, addresses, and beneficial ownership information updated at all times.