ARTICLE
2 February 2026

A Line In The Sand: FINTRAC's Shift To Aggressive AML Enforcement

DW
Davies Ward Phillips & Vineberg

Contributor

Davies Ward Phillips & Vineberg logo
Davies is a law firm focused on high-stakes matters. Committed to achieving superior outcomes for our clients, we are consistently at the heart of their most complex deals and cases. With offices in Toronto, Montréal and New York, our capabilities extend seamlessly to every continent. Visit us at www.dwpv.com.
Explore Firm Details
The year 2025 marked a turning point in Canada's anti-money laundering (AML) enforcement landscape, with the Financial Transactions and Reports Analysis Centre of Canada...
Canada Government, Public Sector
Zain Rizvi,Matthew Milne-Smith,Corey Omer
+2 Authors
 Your Author LinkedIn Connections
Zain Rizvi’s articles from Davies Ward Phillips & Vineberg are most popular:
  • in Canada
  • with readers working within the Banking & Credit, Law Firm and Construction & Engineering industries
Davies Ward Phillips & Vineberg are most popular:
  • within Technology topic(s)

Enforcement shift has implications beyond the crypto sector

The year 2025 marked a turning point in Canada's anti-money laundering (AML) enforcement landscape, with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) adopting a markedly more aggressive approach. As the administrative agency responsible for enforcing compliance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), FINTRAC launched a series of audits and enforcement actions that culminated in record-breaking administrative monetary penalties (AMPs) against reporting entities across Canada. These unprecedented penalties, particularly targeting the virtual currency and money services business (MSB) sectors, signal a shrinking tolerance for non-compliance and heightened regulatory scrutiny for all reporting entities.

Record-Setting Penalties Imposed

The escalation of FINTRAC's enforcement efforts began in July 2025, when the agency imposed a C$19,552,000 AMP against Peken Global Limited (operating as KuCoin), a Seychelles-incorporated cryptocurrency trading platform. KuCoin's violations included failing to register with FINTRAC as a foreign MSB dealing in virtual currencies, as well as widespread failures to file large virtual currency transaction reports (LVCTRs) and suspicious transaction reports (STRs).

The KuCoin AMP, which was record-setting at the time it was imposed, was eclipsed just months later, in October 2025, when FINTRAC levied a staggering C$176,960,190 AMP against Xeltox Enterprises Ltd. (operating as Cryptomus). Cryptomus, incorporated in British Columbia and registered with FINTRAC as an MSB, operated a cryptocurrency trading platform.

The Cryptomus AMP, the largest ever imposed by FINTRAC, underscores the agency's commitment to strengthening Canada's AML regime. The penalty related to 2,593 instances of non-compliance across six categories of violations, including more than 1,000 failures to file STRs for transactions where reasonable grounds existed to suspect a link to serious criminal activities, including:

  • trafficking in child sexual abuse material;
  • transferring fraud proceeds and ransomware payments; and
  • facilitating financial flows associated with sanctions evasion.

FINTRAC also found that Cryptomus failed to report transactions linked to known darknet markets and virtual currency wallets tied to criminal activity. Additionally, the firm facilitated more than 7,500 transactions originating from the Islamic Republic of Iran in direct contravention of a ministerial directive requiring enhanced due diligence and reporting for such transactions.

Finally, in December 2025, FINTRAC imposed a modest yet notable AMP of C$536,853.35 against yet another Seychelles-incorporated cryptocurrency trading platform, MP Technology Services Ltd., a subsidiary of MoonPay Inc. (MoonPay), for failing to report LVCTRs and STRs, and for failing to tailor its risk assessment procedures to meet PCMLTFA requirements.

Focus on Programmatic Failures

The scale of these penalties suggests that FINTRAC intends to harshly penalize systemic deficiencies in compliance programs. The core messages emerging from these enforcement actions are that a deficient compliance regime may now tip the scales toward a finding of a "Very Serious" violation and that FINTRAC appears to be paying particular attention to the following:

  • Systemic Programmatic Deficiencies. Entities that fail to develop, implement and maintain adequate written compliance policies and procedures or that fail to properly assess and document money laundering and terrorist financing risks face a heightened risk of enforcement action.
  • Failure of Core Reporting Duties. Widespread failures to submit STRs and LVCTRs, which FINTRAC views as depriving it of critical financial intelligence and undermining its mandate to combat money laundering and terrorist financing, will be punished severely.

Key Implications

Beyond the unprecedented penalty amounts, these enforcement actions provide insight into how FINTRAC is assessing accountability, program effectiveness and risk across reporting entities.

Although the record-breaking penalties send a clear deterrent message to foreign actors engaging in illicit activities in Canada, the action against Cryptomus raises important questions about the future of AML enforcement in Canada:

  • Collection Challenge. Xeltox Enterprises Ltd., a British Columbia-incorporated entity, reportedly operated without a physical presence or employees in Canada, relying instead on a mailbox service. Its principals reside in Kazakhstan and Uzbekistan, and while Xeltox Enterprises Ltd. has appealed the penalty to the Federal Court of Canada, the trading platform has reportedly withdrawn from the Canadian market. These factors make the collection of the $177 million penalty unlikely as a practical matter.
  • Unfair Conflation. Characterizing entities like Cryptomus as "Canadian crypto exchanges" risks unfairly conflating non-compliant, foreign-operated businesses with legitimate, compliant Canadian and international crypto firms that maintain sophisticated AML programs.
  • Symbolic Value. Regardless of collection success, the AMP imposed on Cryptomus sets a new high-water mark for non-compliance and signals FINTRAC's willingness to impose severe penalties on blatant offenders.

FINTRAC's enforcement actions in 2025 serve as a stark reminder that deficiencies in AML programs can result in severe financial, operational and reputational consequences. Reporting entities must ensure that their AML compliance programs are not only properly documented, but also proactively implemented and effectively maintained.

The heightened enforcement environment underscores the importance of treating AML compliance as a material business risk. Canadian entities should expect closer scrutiny and meaningful penalties for non-compliance, particularly in areas such as risk assessment, reporting and governance. For boards and senior management, these developments underscore that AML compliance is not a purely operational issue, but also a critical governance and reputational priority.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Zain Rizvi
Zain Rizvi
Photo of Matthew Milne-Smith
Matthew Milne-Smith
Photo of Léon Moubayed
Léon Moubayed
Photo of Corey Omer
Corey Omer
Photo of Dylan Young
Dylan Young
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More