Xelox Enterprises Ltd (also known as Cryptomus), a Canadian based crypto exchange platform, was fined C$176.9 million by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) for noncompliance with the Proceeds of Crime and Terrorist Financing Act (PCMLTFA).
This case marks a turning point in anti-money laundering regulation (AML) within Canada, marking the largest fine in FINTRAC history, eclipsing the regulator’s previous record of C$20 million fine against Peken Global Limited in September 2025.
CryptoMUST ensure compliance with the rules
Between July 1 and July 31, 2024, FINTRAC investigators found 1,068 instances where Cryptomus failed to submit suspicious transaction reports where there were reasonable grounds to suspect money laundering on terrorist-financing offenses. Alongside this, the business failed to report 1,518 large virtual-currency transactions in the same timeframe of over C$10,000.
Diving deeper into these transactions, the regulator found that the unreported transactions involved proceeds linked to trafficking and child sexual-abuse, fraud, ransomware payments, and sanctions evasion – with Cryptomus’s compliance failings allowing criminals to move money and finance further illegal activity.
Canada vs Crypto
In imposing such a hefty fine, the Canadian regulatory authority has asserted that crypto firms must play by the same rules as more established “traditional” financial organizations – and not assume leniency because of the technologies’ novelty.
This move is reflective of wider regulatory shifts globally to supervise and bring digital asset reporting in line with traditional financial services standards. Recent changes to the PCMLTFA now require regulated entities to report any transactions suspected to involve sanctioned persons or property, along with what is classified as traditional “suspicious transactions” to FINTRAC.
Failures need fixes
This case has seen Cryptomus caught out for many failures, from failure to assess and document the risk of a money laundering, to failing to submit a notification of change to the information provided in a prescribed application.
As with a range of other compliance risks, firms looking to take proactive steps on AML must start with ensuring data completeness. By leveraging solutions that allow for unified reporting, produce automated alerts, and maintain clear, verifiable audit trails, firms stand the best chance of flagging and escalating potential signs of money laundering and related misconduct. By working with complete, consolidated transactional and communications data, firms maintain oversight, and maintain control.
The “other” FCA
Regulators such as the U.S. Securities and Exchange Commission (SEC) and Department of Justice (DOJ) have clearly set out that, although they will be scaling back enforcement of certain kinds of noncompliance, financial crimes like fraud and money laundering are firmly in the spotlight.
The Canadian Government has sent similar signals of a financial crime clampdown, recently announcing a new agency to combat fraud and money laundering and recover criminal proceeds – the aptly named Financial Crimes Agency (FCA).
It will be interesting to see how quickly the new FCA catches up with FINTRAC’s current focus on holding those who have lapsed on financial crime to account. In the meantime, firms should be left in no uncertain terms of the deterrent message of increasingly hefty AML penalties: “egregious and system-wide non-compliance will lead to business-destroying penalties.”
Global Relay’s solutions ensure data completeness, clear audit trails, and reliable records you can share with regulators, while our communications surveillance tools can help you flag signals of misconduct.
