A cryptocurrency exchange has been fined nearly $177 million — the largest penalty ever imposed by Canada’s financial intelligence agency — for violations that include failing to detect more than 1,000 transactions with suspected links to criminal activity.
The Financial Reporting and Transactions Analysis Center of Canada (FINTRAC) on Wednesday announced the sanction for Xeltox Enterprises Ltd. The BC-incorporated company does business as Cryptomus and was previously known as Certa Payments Ltd.
The fine of $176,960,190 eclipses the previous record (approximately $20 million) for a fine imposed by FINTRAC. That sanction was imposed on Peken Global Ltd, the operator of another cryptocurrency company, KuCoin, in September.
“Given that numerous violations in this case were related to trafficking in child sexual abuse material, fraud, ransomware payments and sanctions evasion, Fintrac was forced to take this unprecedented enforcement action,” director and CEO Sarah Paquet said in a statement regarding the sanction to Cryptomus.
The agency found 1,068 cases in which Cryptomus failed to file reports for transactions from July 2024 involving known darknet marketplaces and virtual currency wallets with ties to the criminal activity described by Paquet.
Darknet markets are online and often anonymous platforms where illegal goods and services are sold. Virtual currencies also mask the identity of their holder, making them and darknet markets havens for criminal activity.
FINTRAC said Cryptomus not only violated money laundering laws when it failed to detect suspicious transactions, but also committed a violation when it failed to report 7,557 transactions originating in Iran between July 1 and December 31, 2024.
Due to ministerial directives linked to financial transactions associated with the Islamic Republic of Iran, Cryptomus was supposed to treat these transactions as high risk. It was also required to verify the identity of senders/beneficiaries, exercise due diligence, maintain a record of transactions and report them to FINTRAC, but the agency said none of those obligations were met.
Company banned from BC securities trading in May
Additionally, FINTRAC found 1,518 transactions in July 2024 that met the $10,000 threshold by which companies must report a large virtual currency transfer.
FINTRAC said Cryptomus failed to report these cases, which also had “incomplete and inadequate policies and procedures” that created deficiencies in how the company handled ongoing monitoring and “know your customer” obligations.
Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, businesses, from financial institutions to real estate brokers and casinos, must maintain certain records, identify customers, maintain a compliance regime, and report financial transactions that meet specific criteria to FINTRAC.
Wednesday’s fine is the latest rebuke Cryptomus has faced. The BC Securities Commission temporarily banned the company in May from securities trading and other market activities.
In 2024-25, FINTRAC issued 23 violation notices to non-compliant companies. It was the largest number of notices issued in one year in its history and amounted to more than $25 million in penalties.
FINTRAC has imposed more than 150 sanctions since receiving legislative authority to do so in 2008.
