MSB registration is a critical step for any business in Canada that provides money services — including currency exchange, remittances, bill payments, or dealing in virtual currencies. But registration with FINTRAC is not the finish line. It is the starting point of a comprehensive set of ongoing Anti-Money Laundering (AML) compliance obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).
MSBs play a significant role in Canada’s financial system, and precisely because of that role, they are subject to rigorous regulatory scrutiny. Failure to comply with AML obligations can result in substantial fines, reputational damage, and in serious cases, criminal prosecution. Below is a practical overview of the key compliance requirements every newly registered MSB must understand.
1. Know Your Customer (KYC) Requirements
MSBs are required to establish and verify the identity of their clients — a process known as Know Your Customer (KYC). This means collecting personal information such as name, address, date of birth, and government-issued identification, and using that information to assess the client’s risk level.
KYC is not a one-time exercise. Client information must be kept current and updated regularly, particularly where there are changes in the nature of the relationship or the client’s risk profile. Gaps in KYC records are one of the most common findings in FINTRAC examinations.
2. Transaction Monitoring
MSBs are responsible for monitoring transactions on an ongoing basis to detect and report suspicious activity. This includes large cash transactions, transactions that appear to be structured to avoid reporting thresholds, and patterns of activity that may be indicative of money laundering or terrorist financing.
Effective transaction monitoring requires both clear internal procedures and staff who understand what suspicious activity looks like in the context of your specific business. A monitoring program that exists on paper but is not applied in practice will not satisfy FINTRAC’s requirements.
3. Record Keeping
MSBs must maintain detailed records of their transactions and client information, including records of customer identification, transaction monitoring, and suspicious transaction reporting. These records must be retained for a minimum of five years and must be made available to FINTRAC upon request during an examination.
Establishing a reliable, organised record-keeping system from the outset is far easier than trying to reconstruct records later. Ensure your records are stored securely, are easily retrievable, and that your staff know how to maintain them correctly.
4. Risk Assessment
MSBs are required to conduct a formal risk assessment to determine the level of money laundering and terrorist financing risk posed by their clients, products, services, and geographic exposure. This assessment must be documented and reviewed regularly — ideally annually or whenever there is a material change to the business.
The risk assessment is the foundation of your entire AML compliance program. It informs how you apply CDD measures, how you set transaction monitoring thresholds, and how you allocate compliance resources. A superficial or outdated risk assessment will undermine everything built on top of it.
5. Suspicious Transaction Reporting
MSBs are required to report suspicious transactions to FINTRAC. This obligation applies to any transaction — regardless of size — where there are reasonable grounds to suspect it is related to money laundering or terrorist financing. Failure to file a Suspicious Transaction Report (STR) when one is warranted is a serious compliance breach that can result in significant penalties.
MSBs must also file Large Cash Transaction Reports (LCTRs) for cash transactions of CA$10,000 or more and Electronic Funds Transfer Reports (EFTRs) for international transfers above the same threshold. These reporting obligations are non-negotiable.
6. Employee Training
All employees must receive AML and KYC training appropriate to their roles. Training must cover the key aspects of your compliance program — including how to identify suspicious activity, how to conduct customer due diligence, and what to do if they identify a concern. Training records must be maintained and made available to FINTRAC upon request.
Training should not be a one-time event. As regulations evolve and as your business grows, refresher training and updates are essential. Designating a Compliance Officer responsible for overseeing your AML program — including training — is strongly recommended.
7. Independent AML Audit
MSBs are required under the PCMLTFA to conduct an independent review of their AML compliance program at least every two years. This review must be conducted by someone who is independent of the compliance function — meaning an internal review by the same team responsible for compliance does not satisfy this requirement.
The independent review assesses whether your program is adequate, whether it is being implemented effectively, and identifies areas for improvement. The findings must be reported to senior management, and any recommendations should be actioned promptly.
Need Help Building Your MSB Compliance Program?
C&G Professional Services works with newly registered and established MSBs across Canada to develop AML compliance programs, conduct independent reviews, and prepare for FINTRAC examinations.