A significant penalty of nearly $177 million has been imposed on a cryptocurrency exchange by Canada’s financial intelligence agency for various violations, including neglecting to report over 1,000 transactions associated with suspected criminal activities. The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) disclosed the fine against Xeltox Enterprises Ltd., also known as Cryptomus, a business based in British Columbia that was formerly named Certa Payments Ltd.
This fine of $176,960,190 surpasses the prior record penalty of around $20 million levied by FINTRAC against Peken Global Ltd, the operator of KuCoin, another cryptocurrency firm, in September. The decision to penalize Cryptomus was driven by multiple breaches linked to offenses such as trafficking in child sexual abuse material, fraud, ransomware payments, and sanctions evasion, as stated by FINTRAC’s director and CEO, Sarah Paquet.
FINTRAC identified 1,068 instances where Cryptomus failed to submit reports for July 2024 transactions involving known darknet markets and virtual currency wallets associated with criminal activities. Darknet markets are platforms where illicit goods and services are traded anonymously online. Virtual currencies provide anonymity to the holder, making them and darknet markets attractive to criminal elements.
In addition to the failure to flag suspicious transactions, Cryptomus breached money laundering laws by not reporting 7,557 transactions originating from Iran between July 1 and Dec. 31, 2024. These transactions were supposed to be treated as high-risk due to ministerial directives related to financial activities involving Iran. Cryptomus was required to verify identities, exercise due diligence, keep transaction records, and report to FINTRAC, but it did not fulfill these obligations.
Moreover, FINTRAC discovered 1,518 transactions in July 2024 that met the $10,000 threshold for reporting large transfers of virtual currency. Cryptomus neglected to report these instances and was found to have inadequate policies and procedures, leading to deficiencies in ongoing monitoring and client identification practices.
Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, various businesses, including financial institutions, real estate brokers, and casinos, must maintain records, identify clients, establish compliance measures, and report specific financial transactions to FINTRAC.
This recent fine adds to Cryptomus’s regulatory woes, as the B.C. Securities Commission had previously banned the company from engaging in securities trading and other market activities in May. In the 2024-25 period, FINTRAC issued 23 violation notices to non-compliant businesses, marking the highest number of notices in a single year and resulting in penalties exceeding $25 million.
Since gaining the legislative authority in 2008, FINTRAC has imposed over 150 penalties as part of its enforcement efforts.