If you are looking for the expiry date of an “AMLA certificate,” you are usually referring to the AMLC Certificate of Registration (COR) issued by the Anti-Money Laundering Council to a Philippine covered person. In practical terms, you should check three things: the certificate PDF itself, the AMLC Portal account status, and the approval or reminder emails sent to the registered Compliance Officer. The important point is that the “expiry date” may appear as an account expiration, mandatory registration update deadline, or PCOR validity date, depending on the document and the stage of registration.
What an AMLC Certificate of Registration Means
An AMLC Certificate of Registration, or COR, is the document showing that a covered person has registered with the Anti-Money Laundering Council for purposes of complying with the Anti-Money Laundering Act of 2001, or Republic Act No. 9160, as amended.
In ordinary language, it is proof that the business or professional entity is recognized in the AMLC registration system and can comply with reporting obligations, especially the filing of Covered Transaction Reports (CTRs) and Suspicious Transaction Reports (STRs).
The AMLC also issues a Provisional Certificate of Registration (PCOR) in some situations. A PCOR is temporary. Under the 2024 CORS Guidelines, the PCOR is issued after email validation and is valid for six months from the date of issuance. The full COR is issued only after AMLC determines that the registration information and documentary requirements are complete and accurate. (Scribd)
COR vs. PCOR: Why the Expiry Date Is Different
Before checking the expiry date, confirm what document you actually have.
| Document | What it means | Where to check validity |
|---|---|---|
| PCOR | Temporary proof of AMLC registration while the application is being reviewed | The PCOR itself should indicate issuance details; current CORS rules state that PCOR validity is six months from issuance |
| COR | Final certificate issued after AMLC approval | Check the COR PDF, AMLC approval email, AMLC Portal account status, and account expiration/update notices |
| Portal account access | The covered person’s active ability to access AMLC reporting and registration functions | Check the AMLC Portal account settings and registered Compliance Officer emails |
This distinction matters because many people say “AMLA certificate expiry” when they actually mean one of three things:
- the six-month validity of a PCOR;
- the two-year mandatory update cycle for AMLC registration; or
- the expiration or deactivation date of the AMLC Portal user account.
Legal Basis for AMLC Registration
The AMLC registration requirement comes from the Anti-Money Laundering Act of 2001, RA 9160, as amended by later laws including RA 9194, RA 10167, RA 10365, RA 10927, and RA 11521. RA 11521 further expanded the AMLA framework and expressly included, among others, real estate developers and brokers as covered persons. (Lawphil)
The 2018 AMLA Implementing Rules and Regulations require covered persons to register with the AMLC’s electronic reporting system in accordance with registration and reporting guidelines. AMLC advisories have repeatedly described this registration as necessary so covered persons can file required reports electronically. (Anti-Money Laundering Council)
The current registration framework is now governed mainly by the Guidelines on Compliance Optimization and Registration System, commonly called the CORS Guidelines, issued under AMLC Regulatory Issuance No. 1, Series of 2024. The CORS Guidelines require covered persons to register, designate authorized officers, keep information accurate, and update registration through the AMLC Online Registration System. (Anti-Money Laundering Council)
Who Usually Needs to Check an AMLC COR Expiry Date?
You may need to check the expiry or validity of an AMLC COR if you are connected with any of these covered persons:
- banks, pawnshops, money changers, remittance companies, e-money issuers, and other BSP-regulated covered persons;
- insurance companies, brokers, agents, and other Insurance Commission-regulated covered persons;
- securities brokers, financing companies, lending companies, investment houses, and other SEC-regulated covered persons;
- casinos and regulated gaming-related entities;
- real estate developers and real estate brokers;
- jewelry dealers and dealers in precious metals or precious stones;
- company service providers;
- lawyers, accountants, and other professionals only when they perform covered services under the AMLA, such as managing client money, securities, bank accounts, or creating and managing juridical persons.
AMLC registration is not for everyone. The AMLC has stated that registration is exclusively for covered persons under Section 3(a)(1) to (10) of the AMLA, as amended. (Anti-Money Laundering Council)
How to Check the Expiry Date of an AMLC Certificate of Registration
1. Check whether the document is a COR or PCOR
Open the PDF copy of the AMLC certificate and look for the label.
If it says Provisional Certificate of Registration or PCOR, treat it as temporary. Under the CORS Guidelines, the PCOR is valid for six months from the date of issuance. The issuance date is generally tied to the date when the registered email addresses were validated. (Scribd)
If it says Certificate of Registration or COR, it means AMLC has approved the registration after review. For a COR, the more practical question is whether the covered person’s AMLC registration and portal account remain active and updated.
2. Read the certificate PDF carefully
Check the document for these details:
- exact registered name of the covered person;
- institution code or control number;
- date of issuance;
- QR code or facsimile signature;
- registered address;
- name of the Compliance Officer, Associated Person, Primary Designated Officer, or authorized representative, if shown;
- any field saying “valid until,” “expiration,” “approval date,” or “account expiration.”
Some AMLC documents may not show a simple “Valid Until” line the way a mayor’s permit, PRC ID, or business registration certificate would. That does not automatically mean the COR is invalid. It usually means you need to confirm the status through the AMLC Portal and the registered email trail.
3. Check the AMLC approval email
Under the CORS process, once the application is approved, AMLC sends an email notification to the registered Compliance Officer and alternates. The approval email should contain important account details, including the covered person’s name, institution code, user type, username and password, approval date, and expiration date of the user account. (Scribd)
Search the registered email inbox for phrases such as:
- “AMLC Certificate of Registration”
- “COR”
- “approval”
- “approved registration”
- “institution code”
- “account expiration”
- “CORS”
- “Online Registration System”
- “mandatory updating”
Also check spam, archived mail, and the inboxes of former Compliance Officers. A common real-world problem is that the person who originally registered the business has resigned, migrated, changed email, or no longer has access to the company email.
4. Log in to the AMLC Portal
The most practical way to check current validity is to log in to the official AMLC Portal. The portal allows covered persons to conduct online registration, update registration, upload CTR/STR files, upload attachments to STRs, and view upload history. (AMLC Portal)
Once logged in, check:
- whether the account is active;
- whether the institution code is still usable;
- whether the Compliance Officer and alternates are still correct;
- whether the portal shows an account expiration or update deadline;
- whether there are pending notices or required actions;
- whether the registration information matches your latest SEC, DTI, CDA, PRC, mayor’s permit, or regulatory records.
If the account is already deactivated, the CORS Guidelines state that the Compliance Officer may be redirected to a window showing the covered person’s information. If there are no changes, the CO may be required to update by clicking “Submit.” If there are changes, the CO may need to repeat the online registration process. (Scribd)
5. Look for the two-year mandatory update deadline
Under the CORS Guidelines, covered persons must update their registration through the Account Setting of the Online Registration System every two years. AMLC email reminders are sent starting 30 days before account expiration and every five days thereafter. Failure to update registration results in deactivation of the covered person’s user access in the AMLC Portal. (Scribd)
This is often what people mean when they ask, “When does my AMLA certificate expire?”
A safer way to frame it is:
The COR should be treated as valid only while the covered person’s AMLC registration is active, accurate, and timely updated. The operational deadline to monitor is the portal account expiration or two-year registration update date.
6. Use the AMLC registration status inquiry if you only have a reference number
The AMLC has a public Covered Person Registration Status Inquiry page where a user may enter a reference number to check registration status. (AMLC Portal)
This is useful when:
- you are dealing with a client, counterparty, broker, developer, or service provider;
- you were given a reference number but not portal access;
- you need to confirm whether a submitted registration is still pending, provisional, approved, or problematic.
However, portal access by the registered Compliance Officer is still the better source for internal compliance purposes because it can show account-level notices and required updates.
7. Call or email AMLC registration support if the record is unclear
If the COR has no visible expiry date, the approval email is missing, and the portal account cannot be accessed, contact AMLC registration support through official AMLC channels. AMLC advisories list registration and reporting hotline numbers, and AMLC has also identified telephone numbers for verifying registration concerns. (Anti-Money Laundering Council)
Prepare these before contacting AMLC:
- exact registered name of the covered person;
- SEC, DTI, CDA, PRC, BSP, IC, SEC, PAGCOR, or LGU registration details, as applicable;
- institution code, control number, or reference number, if available;
- name and email address of the registered Compliance Officer;
- copy of the COR or PCOR;
- proof that the person making the inquiry is authorized to act for the entity.
What If the COR Has No Printed Expiry Date?
Do not assume that a COR is permanently valid just because the PDF has no “valid until” field.
In practice, verify validity through the following checklist:
| Question | Why it matters |
|---|---|
| Can the Compliance Officer log in to the AMLC Portal? | Active portal access is a strong sign that registration is operational |
| Is there an account expiration or update deadline? | CORS requires mandatory updating every two years |
| Are the registered CO and alternates still connected with the business? | AMLC notices and OTPs go to registered emails |
| Has the business changed name, address, ownership, branch, license, or regulator? | Material changes must be updated |
| Was the document only a PCOR? | A PCOR is temporary and valid for six months |
| Has AMLC sent reminders, deficiency notices, or deactivation notices? | Ignoring these can lead to loss of portal access |
The safest compliance practice is to calendar the two-year update date, preserve the approval email, and save screenshots or PDF acknowledgments after every successful update.
Documents Usually Needed When Checking or Updating AMLC Registration
The exact documents depend on the type of covered person, but these are commonly requested or useful in practice:
| Document | Why it may be needed |
|---|---|
| Existing COR or PCOR | Shows control number, institution details, and issuance information |
| SEC Certificate, Articles of Incorporation, General Information Sheet, DTI Certificate, CDA registration, or equivalent | Confirms legal existence and current registered name |
| Mayor’s permit or business permit | Often relevant for DNFBPs and operating address verification |
| Board Resolution, Secretary’s Certificate, Partnership Resolution, or owner authorization | Proves authority of the Compliance Officer or authorized representative |
| PRC license, if applicable | Common for real estate brokers or regulated professionals |
| Valid government IDs of authorized officers | Used to verify identity and authority |
| Updated contact details and official email addresses | Needed because AMLC notices, OTPs, and reminders are sent electronically |
| AML training or compliance documents, if requested | May be relevant depending on sector and AMLC requirements |
AMLC registration and issuance of CORs or PCORs are free. The AMLC has advised that it does not charge any fee for registration or for the issuance of P/CORs. (Anti-Money Laundering Council)
Common Problems When Checking AMLA Certificate Expiry
The Compliance Officer left the company
This is one of the most common bottlenecks. If the OTP, reminders, or approval emails go to a former employee’s email address, the business may miss account expiration notices.
The covered person should update the Compliance Officer and alternate officer details immediately. Under the CORS Guidelines, covered persons must immediately update online registration whenever there are changes in the profile of Compliance Officers and alternates, address and contact details, or any material registration change. (Scribd)
The certificate is only a PCOR
A PCOR is not the final COR. If six months have passed from PCOR issuance and no COR was issued, check whether AMLC requested additional documents, whether the questionnaire was completed, or whether the application was denied or left incomplete.
The registered email was personal or unprofessional
The CORS Guidelines require covered persons to use a valid, professional-looking email address. AMLC may disapprove registration if the email address is not identifiable to the user or entity, or contains offensive, scandalous, or indecent names. (Scribd)
For practical purposes, use official company emails when available. Avoid relying solely on a personal Gmail or Yahoo account of an employee who may later resign.
The business changed its name or address
A COR issued under an old name or address can create problems with banks, counterparties, regulators, and LGUs. Even if the portal account still works, the business should update its AMLC registration so the COR and account details match current corporate records.
The covered person missed the two-year update
If the two-year update is missed, portal access may be deactivated. This can affect the entity’s ability to file reports and respond to AMLC communications. It can also cause issues when a bank, client, LGU, or regulator asks for proof of current AMLC registration.
Practical Scenarios
Real estate broker renewing a business permit
A real estate broker may be asked by the LGU, bank, developer, or client to show AMLC registration. If the broker only has an old PCOR, the first question is whether the six-month PCOR validity already lapsed. If a COR exists, the broker should check portal access and the two-year update deadline.
Money service business dealing with a bank
Banks may ask money changers, remittance agents, and similar businesses for proof of AMLC registration as part of customer due diligence. Historically, AMLC set a two-year validity for certain AMLC registration certificates, especially for money service businesses, with failure to renew resulting in deactivation of user access to the AMLC Portal. (Anti-Money Laundering Council)
Under current practice, the same compliance logic remains: keep portal access active, monitor the account expiration/update date, and keep the COR updated.
Foreign-owned Philippine company
A foreign-owned Philippine corporation that is a covered person should check the AMLC COR the same way as a local entity. The practical issue is usually not nationality, but authority and documentation. If board resolutions, powers of attorney, or foreign-issued documents are signed abroad, Philippine counterparties may require consular authentication or apostille, depending on the country of execution and the receiving office’s requirements.
Law firm or accounting firm
A law firm or accounting firm is not automatically required to register simply because it practices law or accountancy. The AMLA framework treats lawyers, accountants, and other professionals as covered persons when they perform specified covered services, such as managing client funds or creating and managing juridical persons. Lawyers and accountants acting as independent legal professionals are excluded where disclosure would compromise client confidences or the attorney-client relationship. (Anti-Money Laundering Council)
If the firm is registered, it should still monitor the same COR, PCOR, portal, and two-year update rules.
Frequently Asked Questions
How do I check the expiry date of my AMLA Certificate of Registration?
Check the certificate PDF, the AMLC approval email, and the AMLC Portal account settings. If the document is a PCOR, it is temporary and generally valid for six months from issuance. If it is a COR, check the portal account expiration or two-year mandatory update date.
Is an AMLC COR valid forever?
No. Even if the COR does not show a clear printed expiry date, the covered person must keep its AMLC registration active, accurate, and updated. Under CORS, covered persons must update registration every two years, and failure to do so can deactivate portal access.
What is the difference between AMLA, AMLC, COR, and PCOR?
AMLA is the Anti-Money Laundering Act. AMLC is the Anti-Money Laundering Council. COR is the final Certificate of Registration. PCOR is the temporary Provisional Certificate of Registration issued while AMLC reviews the application.
Where can I verify AMLC registration status?
You can check through the AMLC Portal if you are the registered Compliance Officer or authorized user. If you only have a reference number, you may use the AMLC Covered Person Registration Status Inquiry page. (AMLC Portal)
How long is a PCOR valid?
Under the 2024 CORS Guidelines, a PCOR is valid for six months from the date of issuance. The AMLC reviews the registration within this period and may issue a COR once the requirements and information are complete and accurate. (Scribd)
How often should AMLC registration be updated?
Covered persons must update their AMLC registration through the Online Registration System every two years. AMLC sends reminders starting 30 days before account expiration and every five days thereafter. (Scribd)
Is there an AMLC renewal or registration fee?
No. AMLC registration and issuance of PCORs or CORs are free. Be careful with fixers or service providers claiming that AMLC itself charges a government fee for the certificate. (Anti-Money Laundering Council)
What happens if my AMLC registration expires or portal access is deactivated?
You may lose access to AMLC Portal functions, including reporting functions. The Compliance Officer may be redirected to update the covered person’s information. If there are changes, the entity may need to repeat the online registration process. (Scribd)
Can I rely on an old AMLC COR if our business details changed?
Not safely. If your business changed name, address, Compliance Officer, alternates, contact details, ownership, branch information, or other material details, update your AMLC registration. A COR that no longer matches your current records may cause problems with banks, regulators, LGUs, and counterparties.
Do all businesses in the Philippines need an AMLC COR?
No. AMLC registration is only for covered persons under the AMLA, as amended. Ordinary businesses that do not fall under the covered categories generally do not need an AMLC COR.
Key Takeaways
- The “AMLA certificate” people usually refer to is the AMLC Certificate of Registration (COR).
- A PCOR is temporary and valid for six months from issuance under the current CORS Guidelines.
- A COR should be checked through the certificate PDF, AMLC approval email, portal account status, and account expiration or update notices.
- Covered persons must update AMLC registration every two years through the Online Registration System.
- AMLC sends update reminders starting 30 days before account expiration and every five days thereafter.
- Failure to update can result in deactivation of AMLC Portal access.
- AMLC registration and issuance of CORs or PCORs are free.
- Keep the Compliance Officer, alternate officers, registered email addresses, business address, legal name, and supporting documents current at all times.