The cryptocurrency exchange was fined nearly $177 million (the largest fine ever by Canada's Financial Intelligence Unit) for violations including failing to flag more than 1,000 transactions suspected of being linked to criminal activity.
The Financial Transactions and Reports Analysis Center of Canada (FINTRAC) announced a fine for Xeltox Enterprises Ltd. on Wednesday. The company, registered in British Columbia, operates as Cryptomus and was previously known as Certa Payments Ltd.
The $176,960,190 fine surpasses the previous record of approximately $20 million for a fine imposed by FINTRAC. In September, this fine was applied to Peken Global Ltd, the operator of another cryptocurrency company KuCoin.
“Given that the multiple violations in this case involved the trafficking of child sexual abuse material, fraud, ransomware payments and sanctions evasion, Fintrac was forced to take these unprecedented enforcement actions,” director and CEO Sarah Paquet said in a statement announcing the Cryptomus fine.
The agency found 1,068 instances where Cryptomus failed to report transactions dating back to July 2024 involving known darknet markets and virtual currency wallets associated with the criminal activity described by Paquet.
Darknet markets are online and often anonymous platforms where illegal goods and services are sold. Virtual currencies also hide the identity of their owner, making them and darknet markets a haven for criminal activity.
FINTRAC said Cryptomus not only violated money laundering laws when it failed to flag suspicious transactions, but also committed a violation when it failed to report 7,557 transactions originating in Iran between July 1 and December 31, 2024.
Due to departmental directives related to financial transactions related to the Islamic Republic of Iran, Cryptomus was required to consider these transactions to be high risk. It was also required to verify the identity of the sender(s)/beneficiary(s), exercise due diligence, record transactions and report them to FINTRAC, but the agency said none of these obligations were met.
A British Columbia firm was banned from trading securities in May.
Additionally, FINTRAC found 1,518 transactions in July 2024 that reached the $10,000 threshold at which companies must report large virtual currency transfers.
FINTRAC said the cases were not reported to Cryptomus, which also had “incomplete and inadequate policies and procedures” that created deficiencies in how the company carried out ongoing monitoring and know-your-customer obligations.
Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, businesses ranging from financial institutions to real estate brokers and casinos are required to maintain certain records, identify customers, maintain a compliance regime and report financial transactions that meet certain criteria to FINTRAC.
Wednesday's fine is the latest reprimand Cryptomus has faced. In May, the British Columbia Securities Commission temporarily banned the firm from trading securities and other market activities.
In 2024-25, FINTRAC issued 23 breach notices to businesses that failed to comply. This was the largest number of notices issued in one year in the company's history, and penalties totaled more than $25 million.
FINTRAC has issued more than 150 fines since it received legislative authority to do so in 2008.
