In an unprecedented enforcement action, Canada’s anti-money-laundering regulator, Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), has hit crypto service provider Xeltox Enterprises Ltd., operating under the name Cryptomus, with a C$176.96 million (approx. US$126 million) administrative monetary penalty for widespread compliance failures.
What Triggered the Strike
According to FINTRAC’s findings, in the span of one month (July 2024), Cryptomus failed to submit Suspicious Transaction Reports (STRs) in 1,068 separate instances, despite having grounds to suspect money-laundering and terrorist-financing activities. The violations included failures to report 1,518 large virtual-currency transactions (C$10,000 or more) and neglected to comply with a Ministerial Directive regarding Iran-linked flows, 7,557 transfers from Iranian addresses went unreported.
FINTRAC highlighted that many of the transactions in question were tied to “trafficking in child sexual abuse material, fraud, ransomware payments and sanctions evasion,” describing the breaches as “severe and unacceptable.”
What This Means for Crypto Firms
This landmark fine far exceeds any previous crypto-sector penalty in Canada (the previous record was around C$20 million) and signals that regulators are upping the pressure on crypto companies to implement robust compliance frameworks.
FINTRAC’s statement emphasises that money-services businesses must identify clients, keep accurate risk assessments, maintain written AML policies and submit required reports, or face serious consequences.
The Bottom Line
Cryptomus’s massive fine sends a clear message: crypto service providers must treat compliance as mission-critical. The cost of neglect, both financially and reputationally, could now dwarf what many firms spend on launch or growth initiatives. Anyone building in this space must ensure their KYC/AML regime is not merely nominal, but rigorously effective.
