FINTRAC Fines HRA Group Holdings $132,000: A Wake-Up Call for Dealers in Precious Metals and Stones
On October 2, 2025, FINTRAC (the Financial Transactions and Reports Analysis Centre of Canada) announced that HRA Group Holdings, a dealer in precious metals and stones (DPMS) headquartered in Vancouver, was fined $132,000 for four violations of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).
The penalty, imposed on June 2, 2025, has been paid in full, and the case is now closed. However, the violations identified in this compliance examination illustrate common—and costly—gaps in AML programs across Canada's DPMS sector.
The Four FINTRAC Violations
1. Inadequate Compliance Policies and Procedures (Serious Violation)
HRA Group Holdings failed to develop and apply written AML/ATF compliance policies that were specific, up-to-date, and approved by a senior officer.
The documentation provided was missing key requirements, including:
- Client identification procedures
- Record-keeping requirements
- Reporting obligations for LCTRs, LVCTRs, EFTRs, and STRs
- Internal AML policies tailored to HRA Group's business operations
Without these, FINTRAC determined that HRA Group could not effectively demonstrate compliance with the PCMLTFA.
2. Failure to Assess and Document ML/TF Risks (Serious Violation)
Under subsection 9.6(2) of the PCMLTFA, businesses must conduct a documented risk assessment across prescribed factors such as:
- Products, services, and delivery channels
- Geographic exposure
- Clients and business relationships
- Other relevant factors
HRA Group admitted during the examination that it had not conducted or documented such an assessment. Risk assessments are the foundation of an effective AML program; without one, businesses cannot appropriately mitigate money laundering and terrorist financing risks.
3. No Ongoing Compliance Training Program (Serious Violation)
HRA Group Holdings failed to develop and maintain a written compliance training program for employees. FINTRAC found no training documentation, plans, or records of delivery.
AML training is essential for ensuring that employees can recognize red flags and understand their obligations under the PCMLTFA. Without it, even well-written policies remain ineffective.
4. Failure to Conduct a Compliance Effectiveness Review (Serious Violation)
Businesses are required to conduct a prescribed review of their compliance program to test the effectiveness of policies, procedures, training, and risk assessments.
HRA Group confirmed that no such review had been performed. FINTRAC treats this as a serious violation, since ongoing testing is the only way to ensure compliance frameworks remain functional over time.
Why This Matters for Dealers in Precious Metals and Stones
Dealers in precious metals and stones (DPMS) are often targeted by criminals seeking to launder money through high-value assets. FINTRAC has emphasized that DPMS businesses must:
- File Suspicious Transaction Reports (STRs) when there are reasonable grounds to suspect money laundering or terrorist financing.
- Submit Large Cash Transaction Reports (LCTRs) and Large Virtual Currency Transaction Reports (LVCTRs).
- Implement AML policies, training, and compliance reviews tailored to their operations.
The $132,000 penalty against HRA Group Holdings demonstrates that FINTRAC is actively enforcing compliance obligations in the DPMS sector.
The Role of FINTRAC Reporting and FINTRAC API
Canadian reporting entities—including DPMS businesses like HRA Group—are required to submit multiple types of reports:
- STRs (Suspicious Transaction Reports)
- LCTRs (Large Cash Transaction Reports)
- LVCTRs (Large Virtual Currency Transaction Reports)
- EFTRs (Electronic Funds Transfer Reports)
Traditionally, these reports were manual and prone to error. Today, the FINTRAC API provides a secure way to:
- Automate the submission of reports directly to FINTRAC.
- Validate data to reduce rejections.
- Integrate reporting into point-of-sale and back-office systems.
- Maintain an auditable trail for regulators.
By using API-based compliance tools, DPMS businesses can reduce administrative burden, improve accuracy, and avoid costly penalties.
Lessons for DPMS Businesses
The HRA Group Holdings case highlights four compliance priorities:
- Policies must be written, detailed, and approved at the senior level. Generic or incomplete policies will not meet FINTRAC's standards.
- Risk assessments must be documented. Verbal acknowledgements or informal processes are insufficient.
- Training programs must be ongoing and documented. FINTRAC expects records of training plans, delivery, and attendance.
- Effectiveness reviews are mandatory. Without evidence of program testing, regulators assume non-compliance.
How Comply+ Helps DPMS Businesses Stay Compliant
At Comply+, we provide DPMS businesses and other reporting entities with:
- Automated FINTRAC reporting via API integrations.
- Risk assessment tools aligned with FINTRAC's prescribed factors.
- Employee AML training modules with built-in documentation.
- Support for annual compliance effectiveness reviews.
These solutions not only prevent fines but also demonstrate a proactive compliance culture that regulators expect.
Final Thoughts
The $132,000 penalty against HRA Group Holdings reinforces a broader message: FINTRAC is watching, and dealers in precious metals and stones are firmly within its compliance spotlight.
By investing in FINTRAC reporting automation, documented risk assessments, structured training, and regular program reviews, DPMS businesses can protect themselves from penalties and build trust with regulators, clients, and stakeholders.
Protect Your DPMS Business from FINTRAC Penalties
Don't let compliance failures put your business at risk. Comply+ offers automated FINTRAC reporting, compliance training, and risk assessment tools designed specifically for PCMLTFA reporting entities.