Checking the expiry date of an AMLA Certificate of Registration is usually urgent because a bank, payment provider, real estate client, casino, remittance partner, or regulator is asking for proof that the business is still properly registered for anti-money laundering compliance. In practice, the document people call an “AMLA certificate” is usually the AMLC Certificate of Registration (COR) or Provisional Certificate of Registration (PCOR) issued through the Anti-Money Laundering Council’s online registration system. The safest way to verify its expiry is to check the document itself, the AMLC Portal account, the approval email, and—when available—the AMLC registration status inquiry page.
“AMLA Certificate” vs. AMLC Certificate of Registration
“AMLA” refers to the Anti-Money Laundering Act of 2001, or Republic Act No. 9160, as amended. “AMLC” refers to the Anti-Money Laundering Council, the government body that implements the AMLA and receives covered and suspicious transaction reports.
So when a bank asks for an “AMLA certificate,” it usually means one of these:
| Term commonly used | Correct document | What it means |
|---|---|---|
| AMLA Certificate | AMLC Certificate of Registration (COR) | Proof that the covered person’s AMLC registration has been approved |
| AMLA provisional certificate | AMLC Provisional Certificate of Registration (PCOR) | Temporary proof of registration while the AMLC reviews the application |
| AMLC registration certificate | COR or PCOR | The document requested for compliance, bank onboarding, licensing, or customer due diligence |
Under the AMLC’s current Compliance Optimization and Registration System (CORS) framework, a Certificate of Registration (COR) is the document issued by the AMLC evidencing registration, while a Provisional Certificate of Registration (PCOR) is temporary registration after email validation and is valid for six months. (Scribd)
Why the Expiry Date Matters
The expiry date is not just a formality. It affects whether the covered person can:
- maintain AMLC Portal access;
- file covered transaction reports (CTRs) and suspicious transaction reports (STRs);
- satisfy a bank’s customer due diligence requirements;
- continue licensing or business registration where AMLC registration is required;
- show clients, counterparties, or supervising authorities that its registration is active.
The AMLC’s rules treat registration as part of a covered person’s compliance system, not merely a one-time certificate. The AMLC has authority under the AMLA and its implementing rules to require and receive covered or suspicious transaction reports, and covered persons generally must report covered and suspicious transactions within the prescribed reporting period. (Supreme Court E-Library)
Legal Basis in the Philippines
The main legal and regulatory sources are:
| Legal source | Relevance |
|---|---|
| Republic Act No. 9160 (2001), Anti-Money Laundering Act | Created the AMLC and established AML reporting obligations |
| RA 9194 (2003), RA 10167 (2012), RA 10365 (2013), RA 10927 (2017), and RA 11521 (2021) | Expanded and strengthened the AMLA, including covered persons and AMLC powers |
| 2018 AMLA Implementing Rules and Regulations, as amended | Provides detailed compliance rules for covered persons |
| AMLC Regulatory Issuance No. 01, Series of 2024 — CORS Guidelines | Current registration framework for covered persons, including PCOR, COR, user account monitoring, and mandatory updating |
| AMLC Portal procedures | The practical system used to register, download the COR, update registration, and verify registration status |
The CORS Guidelines require covered persons to register with the AMLC to access the AMLC Portal and file reports when warranted. They also make AMLC COR or PCOR part of customer due diligence where covered persons transact with other covered person-clients. (Scribd)
Where to Find the Expiry Date
There are four practical places to check.
1. Check whether the document is a PCOR or COR
Start by reading the title of the PDF.
If it says Provisional Certificate of Registration or PCOR, treat it as temporary. Under the AMLC’s current registration procedure, the PCOR is valid for six months from the date of issuance. The CORS procedure also states that the PCOR contains a unique control number and that the date of issuance is the date when the email addresses have been validated. (Scribd)
If it says Certificate of Registration or COR, it means the AMLC has approved the registration after evaluating the application. The COR may be downloaded from the covered person’s AMLC Portal account after approval. (www.foi.gov.ph)
2. Look for the date of issuance, validity date, control number, or QR code
Open the PDF and check for:
- document title: COR or PCOR;
- covered person name;
- institution code, if already approved;
- control number or QR code;
- date of issuance;
- approval date;
- expiry date or user account expiration date;
- AMLC Executive Director or Officer-in-Charge signature or QR authentication.
For a PCOR, calculate six months from the date of issuance unless the document or AMLC Portal shows a specific validity date.
Example: If the PCOR was issued on 10 January 2026, its six-month validity generally ends on 10 July 2026.
For a COR, do not rely only on the PDF date. Check the AMLC Portal because the more important compliance issue may be the user account expiration or mandatory updating deadline.
3. Log in to the AMLC Portal
The most reliable practical check is through the AMLC Portal, because the portal shows the covered person’s registration and user access status. AMLC’s public response on the FOI portal confirms that the AMLC Registration Portal is used for online registration and that the COR PDF may be downloaded from the account once the application is approved. (www.foi.gov.ph)
After logging in, check:
- Account Settings
- Registration Status
- Covered Person profile
- Compliance Officer and alternate officer details
- User account expiration date
- Notifications or pending update prompts
- Downloadable COR or PCOR PDF
Under the CORS Guidelines, the AMLC approval email should contain the covered person’s name, institution code, user type, usernames and passwords, and the approval and expiration dates of the user account. (Scribd)
4. Use the AMLC registration status inquiry page
If you still have the reference number, you can check the AMLC’s Covered Person Registration Status Inquiry page. The page asks for the reference number and is specifically labeled for covered person registration status inquiry. (AMLC Portal)
This is useful when:
- the compliance officer has not yet received the approval email;
- the PCOR was issued but the COR is still pending;
- the bank is asking for confirmation;
- the registered email inbox is difficult to access;
- the business only has a reference number from the initial application.
The Important Rule: PCOR Is Six Months, COR Requires Ongoing Updating
The most common mistake is treating the PCOR and COR as the same.
A PCOR is temporary. It is issued after email validation and is valid for six months. It is often used when a bank or payment provider needs proof that registration has started while AMLC review is still ongoing. (www.foi.gov.ph)
A COR is the approved registration certificate. But even after the COR is issued, the covered person must keep its AMLC registration information updated. Under the CORS Guidelines, compliance officers and alternates must update their information every two years or whenever there are changes in registration information. The same framework provides that failure to update registration results in deactivation of user access in the AMLC Portal. (Scribd)
In practical terms:
| Situation | What to check |
|---|---|
| You only have a PCOR | Check the issuance date and count six months |
| You have a COR | Check the AMLC Portal user account expiration or mandatory update date |
| You have an old COR issued before CORS implementation | Check if re-registration under CORS was completed |
| Bank says the certificate is expired | Download the latest PDF from the AMLC Portal and check the account status |
| Compliance officer left the company | Update or repeat registration as required by the portal procedure |
Special Note on Older AMLC Certificates and CORS Re-Registration
Covered persons with older registrations should not assume that an old PDF remains sufficient. The AMLC issued CORS in 2024, and the transition rules required covered persons with valid registration to re-register with the AMLC within one year from the effectivity of the CORS Guidelines. AMLC advisories also referred to re-registration under CORS on or before 29 April 2025. (amlc.gov.ph)
This matters in 2026 because many banks and counterparties now look for proof that the entity is properly reflected in the current AMLC registration system. If the business is presenting an old COR, the safer check is not merely the date printed on the old PDF. Confirm through the AMLC Portal whether the covered person has re-registered or updated under CORS.
Step-by-Step Guide to Check the Expiry Date
Step 1: Open the certificate PDF
Check the document title. Confirm whether it is a PCOR or COR.
For PCOR, look for:
- date of issuance;
- unique control number;
- statement of six-month validity;
- covered person name;
- registered email or reference details.
For COR, look for:
- certificate date;
- institution code;
- QR code or signature;
- covered person name;
- business name exactly matching SEC, DTI, CDA, PRC, BSP, SEC, IC, PAGCOR, CEZA, or APECO records, depending on the entity.
Step 2: Calculate the PCOR expiry, if applicable
For a PCOR, count six months from the date of issuance.
| PCOR issuance date | Likely PCOR validity end |
|---|---|
| 15 February 2026 | 15 August 2026 |
| 30 June 2026 | 30 December 2026 |
| 31 August 2026 | Last day of February 2027 or the system-indicated expiry date |
When the calendar date is ambiguous, follow the date shown in the AMLC Portal or AMLC email.
Step 3: Log in to the AMLC Portal
Use the compliance officer or authorized alternate officer account. Check whether the portal allows access or shows an expiration/update prompt.
Look for:
- “Account Settings”
- “Registration Status”
- “Update Registration”
- “No Update” or similar confirmation button
- user account expiration date
- latest downloadable COR
The CORS procedure provides for email reminders starting thirty days before account expiration and every five days thereafter. Failure to update may deactivate the covered person’s user access. (Scribd)
Step 4: Check the AMLC approval email
Search the registered email inbox for terms such as:
- “AMLC registration approved”
- “Certificate of Registration”
- “Provisional Certificate of Registration”
- “PCOR”
- “COR”
- “Institution Code”
- “expiration”
- “update registration”
- “CORS”
The approval email is important because it may contain the account approval and expiration dates. Keep a PDF copy and a screenshot of the portal status for internal compliance records.
Step 5: Use the status inquiry page if you only have a reference number
Go to the AMLC Covered Person Registration Status Inquiry page and enter the reference number. The page specifically asks users to enter the reference number to check registration status. (AMLC Portal)
This is useful for newly registered covered persons still waiting for AMLC review.
Step 6: Check whether the certificate matches the current business details
A certificate may appear unexpired but still be practically problematic if the business details are outdated.
Check whether the AMLC record still matches:
- registered business name;
- trade name;
- SEC, DTI, CDA, PRC, or other registration;
- principal office address;
- operating offices or branches;
- compliance officer;
- alternate officer;
- contact email;
- nature of business;
- ownership or control.
Under the CORS Guidelines, covered persons must update registration information every two years and whenever there are changes. DNFBPs also have notification obligations for matters such as commencement of operations, transfer of location, closure, change of name, and change of ownership or control. (Scribd)
Documents Usually Needed When Updating or Fixing AMLC Registration
The exact documents depend on the covered person category, but these are commonly relevant:
| Covered person type | Common documents to check or prepare |
|---|---|
| Corporation or partnership | SEC Certificate, Articles of Incorporation or Partnership, latest General Information Sheet, board resolution or secretary’s certificate designating the compliance officer |
| Sole proprietorship | DTI Certificate of Business Name Registration, business permit, notarized written authority designating the compliance officer if not handled by the owner |
| Real estate broker | PRC Certificate of Registration or license, business registration documents if operating as a business, compliance officer designation |
| Jewelry dealer, precious metals dealer, precious stones dealer | DTI or SEC registration, business permit, compliance officer designation, proof of covered activity classification |
| BSP, SEC, IC, PAGCOR, CEZA, or APECO-supervised entity | Supervising authority license or registration, board resolution or secretary’s certificate for compliance officer designation |
| Foreign officer or foreign-issued document | Foreign equivalent clearance or public document may need proper authentication or apostille depending on the issuing country and receiving office |
Earlier AMLC FOI responses for DNFBPs referred to requirements such as business permit, list of operating office locations, proof of AML seminar attendance, and NBI clearance or equivalent clearance from a foreign jurisdiction for directors and principal officers. (www.foi.gov.ph) The current CORS framework streamlined registration requirements, so always compare older checklists against the latest portal instructions and AMLC advisories. (www.foi.gov.ph)
For foreign public documents, the DFA’s apostille system is relevant when a Philippine office needs to rely on documents issued abroad or when Philippine documents must be used abroad. DFA authentication services generally require an online appointment, and the Philippines has also implemented e-Apostille for certain electronic PSA and CHED documents. (DFA Appointment System)
Common Problems When Checking Expiry
The bank says the AMLA certificate is expired, but the COR has no obvious expiry date
Ask which document the bank reviewed. Sometimes the bank is looking at an old PCOR, not the COR. A PCOR is only temporary and valid for six months. The full COR should be downloaded from the AMLC Portal after approval. (www.foi.gov.ph)
The business has a PCOR but never completed the COR requirements
A PCOR does not mean full approval. Under AMLC procedure, the PCOR is replaced by the COR after the AMLC evaluates and finds the application in order. (www.foi.gov.ph) If the six-month PCOR period has lapsed and no COR was issued, the business should check the portal status and correct any missing or inconsistent documents.
The compliance officer no longer works for the company
This is a serious practical bottleneck. The AMLC Portal access is tied to the compliance officer and alternate officer details. If the registered compliance officer left, the company may need to update or repeat registration depending on what the portal allows and what information changed.
The registered email is a personal or unclear email
CORS requires professional-looking email addresses that are identifiable to the user or entity. The AMLC may disapprove registration if the email is not identifiable or contains offensive, scandalous, or indecent names. (Scribd)
The business changed address, ownership, or business name
Do not rely on the old certificate. A valid-looking COR may still be questioned if the registered profile is outdated. Update the AMLC registration and keep proof of the update.
The applicant is not actually a covered person
Not every business needs an AMLC COR. The AMLC certificate is for covered persons under the AMLA and related rules. Under CORS, an entity that claims it is not performing covered activities may be required to execute a sworn statement of non-engagement in covered services. (Scribd)
Practical Timeline
| Action | Usual timing or reference point |
|---|---|
| Email verification after registration | Must be completed within 72 hours under CORS procedure |
| PCOR issuance | After registered email addresses are validated |
| PCOR validity | Six months from date of issuance |
| AMLC review of registration | Within the PCOR period under CORS procedure |
| COR issuance | After AMLC determines completeness and accuracy of registration information |
| Mandatory update | Every two years or whenever registration information changes |
| Reminder before account expiration | Starting 30 days before expiration and every five days thereafter under CORS |
| Effect of failure to update | Deactivation of user access in the AMLC Portal |
Frequently Asked Questions
How do I check the expiry date of an AMLA Certificate of Registration?
First, confirm whether the document is a PCOR or COR. If it is a PCOR, check the issuance date and count six months. If it is a COR, log in to the AMLC Portal and check the user account expiration date, registration status, and mandatory update prompt.
Is the AMLC PCOR valid for bank requirements?
Yes, banks and other covered persons may ask for a PCOR as part of customer due diligence, especially while the full COR is still pending. However, the PCOR is temporary and valid only for six months. (www.foi.gov.ph)
Does the AMLC Certificate of Registration expire every year?
Not usually as an annual renewal. The more important rule under the current framework is mandatory updating every two years and whenever registration information changes. Check the AMLC Portal for the actual user account expiration or update deadline. (Scribd)
Where can I check AMLC registration status if I cannot log in?
Use the AMLC Covered Person Registration Status Inquiry page if you have the reference number. It specifically requires the reference number to check registration status. (AMLC Portal)
What happens if the AMLC registration is not updated?
Failure to update registration may result in deactivation of the covered person’s user access in the AMLC Portal. This can prevent the covered person from properly accessing the reporting system and may create compliance issues. (Scribd)
Can I use an old AMLC COR issued before CORS?
Check the AMLC Portal first. The AMLC required covered persons with valid registration to re-register under CORS within the transition period, with advisories referring to the 29 April 2025 deadline. An old PDF may not be enough if the current portal record was not updated. (amlc.gov.ph)
Can a foreigner or foreign-owned business get an AMLC COR?
Yes, if the person or entity is operating in the Philippines as a covered person under the AMLA and related rules. The applicant must still comply with Philippine registration requirements, AMLC portal procedures, and any sector-specific regulator requirements. Foreign-issued supporting documents may need authentication or apostille depending on the document and issuing country.
Is an AMLC COR the same as an AML clearance?
No. The COR is proof that a covered person is registered with the AMLC. It is not a personal “clearance” saying someone has no AML case. Banks sometimes use loose wording, so clarify whether they need a COR, PCOR, business registration proof, or a separate explanation that the person or entity is not a covered person.
What should I do if the bank rejects my certificate?
Check whether the bank reviewed the latest downloadable COR from the AMLC Portal. Provide the correct PDF, verify the portal status, and confirm whether the bank is requiring proof of CORS re-registration. If the document is only a PCOR and six months have passed, check whether the COR has already been issued.
Key Takeaways
- The document commonly called an “AMLA certificate” is usually the AMLC COR or AMLC PCOR.
- A PCOR is valid for six months from issuance.
- A COR is proof of approved AMLC registration, but the covered person must keep its AMLC Portal registration active and updated.
- Under CORS, covered persons must update registration information every two years or whenever material details change.
- The most reliable expiry check is the AMLC Portal, especially the registration status, account settings, approval email, and downloadable latest COR.
- Older AMLC certificates should be checked against CORS re-registration requirements, especially after the 29 April 2025 transition deadline.
- Banks may reject a certificate if it is a PCOR past six months, an old COR, a certificate with outdated business details, or a document that does not match the current AMLC Portal record.