Canada’s financial crime watchdog has imposed a record C$176.96 million (about US$126 million) fine on the crypto payments firm Cryptomus for widespread failures to report suspicious transactions.
Key Takeaways
- FINTRAC issued a penalty of C$176,960,190 to Xeltox Enterprises Ltd. (operating as Cryptomus, formerly Certa Payments Ltd) for multiple regulatory violations
- The firm failed to file 1,068 suspicious transaction reports in July 2024 and did not report 1,518 large virtual currency transactions
- Violations were linked to child sexual abuse material, fraud, ransomware payments, and sanctions evasion
- The fine is the largest ever imposed by Canada’s financial intelligence unit, far exceeding the previous C$20 million record
What Happened?
On October 16, 2025, FINTRAC announced that it had imposed a C$176.96 million fine against Xeltox Enterprises Ltd., the operator of the Cryptomus platform based in British Columbia. The regulator cited severe non-compliance with Canada’s anti-money laundering (AML) laws.
FINTRAC has imposed an administrative monetary penalty of $176,960,190 on Xeltox Enterprises Ltd. (also operating as Cryptomus), a money services business incorporated in British Columbia. For more information, consult: https://t.co/JwNhm3DIVs pic.twitter.com/YK1SpyD6HP
— FINTRAC_Canada (@FINTRAC_Canada) October 22, 2025
In its findings, FINTRAC said Cryptomus failed to:
- Submit 1,068 suspicious transaction reports for July 2024.
- Report 1,518 transactions over the C$10,000 threshold.
- Disclose 7,557 transactions originating from Iran between July and December 2024 despite a Ministerial Directive.
- Maintain adequate compliance procedures, recordkeeping, and risk assessments.
Sarah Paquet, FINTRAC’s Director and CEO, stated:
Why This Matters?
This enforcement marks a turning point in Canada’s approach to regulating crypto-asset service providers. The massive fine demonstrates that regulators are no longer tolerating weak compliance practices in the sector.
Key risks highlighted include:
- Failure to monitor and report large or suspicious virtual currency transactions.
- Non-compliance with sanctions-related directives, particularly concerning Iran.
- Inadequate know-your-client (KYC) and ongoing monitoring protocols.
- Use of Canadian registrations by foreign shell companies with no physical presence.
In May 2024, the B.C. Securities Commission also banned Cryptomus from trading securities, showing a consistent pattern of regulatory failure.
Background & Deeper Issues
Investigations by KrebsOnSecurity and the Investigative Journalism Foundation (IJF) revealed that Cryptomus was part of a network of money services businesses (MSBs) registered at fake addresses across Canada. Their reports exposed:
- 76 foreign exchange dealers registered at the same address as Cryptomus’s parent company.
- 56 crypto exchanges using Cryptomus to process anonymous transactions.
- Sites selling illegal cybercrime services and offering untraceable crypto swaps.
This points to a wider issue of illicit crypto activity exploiting Canada’s relatively open MSB registration process.
CoinLaw’s Takeaway
I found this enforcement action to be one of the most significant signals we’ve seen in the Canadian crypto space. In my experience, regulators don’t drop fines this big unless they’re trying to make an example. If you’re running a crypto business and ignoring AML laws, you’re on a collision course with authorities.
It’s not just about this one firm. This case is a warning shot for every crypto platform operating in Canada. You need strong compliance, effective transaction monitoring, and a real presence in the country or you might be next.
