FINTRAC Penalty on Juba Express Inc.: A Clear Warning to Canadian MSBs
Source: FINTRAC Official News Release
Read the full FINTRAC announcementOn 11 December 2025, FINTRAC announced an Administrative Monetary Penalty (AMP) of $67,150 against Juba Express Inc., a money services business (MSB) based in Toronto, Ontario. The penalty follows a compliance examination that found multiple breaches of Part 1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its Regulations.
While $67,150 may appear moderate compared to some recent multi‑million‑dollar AMPs, the findings cut to the core of MSB compliance in Canada: no effective compliance regime, no proper risk assessment, and failures in critical FINTRAC reporting obligations. This case is a clear signal to MSBs—especially small and mid‑sized operators—that basic program elements and reporting disciplines are non‑negotiable.
⸻
What Happened: FINTRAC's Examination Findings
FINTRAC found that Juba Express Inc. committed several distinct administrative violations under the PCMLTFA.
Failure to develop and apply written compliance policies and procedures
FINTRAC requirement: Reporting entities must establish, document, and maintain written compliance policies and procedures that are kept up to date and applied across their operations. These policies must address record‑keeping, client identification, ongoing monitoring, FINTRAC reporting (including FINTRAC reporting via manual channels or through a FINTRAC API or batch system), and training.
FINTRAC's finding: Juba Express Inc. did not develop and apply written compliance policies and procedures, and what existed was not kept current as required under the PCMLTFA requirements.
Why it matters: For MSBs, policies and procedures are the operational blueprint for AML compliance in Canada. Without them, staff lack clear guidance on when to identify clients, how to escalate red flags, and how to complete suspicious transaction reporting or large cash transaction reports. In practice, this often leads directly to missed reports and inconsistent controls.
⸻
Failure to assess and document money laundering and terrorist financing risk
FINTRAC requirement: Under the PCMLTFA, reporting entities must assess and document their money laundering and terrorist financing (ML/TF) risks, taking into account prescribed factors such as products and services, delivery channels, geographic exposure, clients, and business relationships. This risk assessment must be documented and used to drive risk‑based controls.
FINTRAC's finding: Juba Express Inc. failed to assess and document the risk of ML/TF offences, and did not adequately consider the prescribed risk factors.
Why it matters: MSBs—particularly those handling cross‑border remittances and electronic funds transfers—are inherently higher risk. Without a documented risk assessment, an MSB cannot justify its controls, enhanced due diligence, or thresholds for monitoring. This undermines AML audit preparedness and exposes the business to both regulatory and criminal misuse risk.
⸻
Failure to submit electronic funds transfer (EFT) reports of $10,000 or more
FINTRAC requirement: Reporting entities must submit electronic funds transfer reports to FINTRAC for international EFTs of $10,000 or more in the course of a single transaction, together with all prescribed information, within the required timeframes.
FINTRAC's finding: Juba Express Inc. failed to submit EFT reports of $10,000 or more, and did not provide FINTRAC with the required information for those transactions.
Why it matters: EFT reporting is central to FINTRAC’s financial intelligence mandate. For MSBs, which often facilitate cross‑border value flows, missing EFT reports can obscure networks of potential money laundering, terrorist activity financing or sanctions evasion. This is an area where FINTRAC enforcement has become increasingly data‑driven, including the use of automated validation and potential integration through a FINTRAC API or batch reporting systems.
⸻
Failure to submit large cash transaction (LCT) reports of $10,000 or more
FINTRAC requirement: MSBs must submit large cash transaction reports for cash transactions of $10,000 or more in the course of a single transaction, including all prescribed details, within the statutory timelines.
FINTRAC's finding: Juba Express Inc. did not submit required LCT reports for transactions of $10,000 or more, and failed to provide the prescribed data elements.
Why it matters: Cash remains a key ML/TF risk. LCT reporting helps FINTRAC detect structuring, cash‑intensive businesses, and unexplained wealth patterns. For MSBs, consistent LCT reporting is an early indicator that the compliance program is functioning; repeated failures often signal deeper systemic weaknesses.
⸻
Failure to notify FINTRAC of changes to MSB registration
FINTRAC requirement: Money services businesses must submit notifications of change to their MSB registration when information such as ownership, business locations, services, or contact details changes.
FINTRAC's finding: Juba Express Inc. failed to submit a notification of change to its MSB registration as required.
Why it matters: Accurate registration data underpins FINTRAC supervision. If FINTRAC does not know where an MSB operates, who controls it, or what services it offers, it cannot effectively risk‑rate or examine the business. For MSB compliance, treating registration as a one‑time administrative step is a common and costly mistake.
⸻
Why This Penalty Matters
MSBs remain a high‑priority sector for FINTRAC
FINTRAC explicitly supervises money services businesses, casinos, financial entities, real estate brokers and sales representatives, and several other sectors. MSBs are repeatedly highlighted as high‑risk for ML/TF because they:
- Move funds quickly, often across borders
- Serve clients who may be under‑banked or cash‑intensive
- Can be exploited for layering and value transfer schemes
The Juba Express Inc. AMP underscores that even a single‑location MSB in Toronto is firmly on FINTRAC’s radar.
Core program failures, not technical errors
The violations here are not minor form‑filling issues. They go to the heart of PCMLTFA requirements:
- No effective written policies and procedures
- No documented ML/TF risk assessment
- Multiple failures in mandatory FINTRAC reporting
This aligns with FINTRAC’s message that AMPs are meant to encourage behavioural change, not punish honest mistakes. When the fundamentals are missing, enforcement is increasingly likely.
Enforcement intensity is rising
FINTRAC reported that in 2024–25 it issued 23 Notices of Violation, the largest number in a single year in its history, with total penalties exceeding $25 million. Since gaining AMP authority in 2008, FINTRAC has imposed more than 150 penalties across most business sectors.
Within this enforcement environment, an MSB that lacks basic controls is at high risk of scrutiny—whether through targeted examinations, desk reviews, or data‑driven anomaly detection based on FINTRAC reporting patterns.
⸻
Lessons for Reporting Entities
Build and maintain a living compliance program
MSBs must ensure they have written, up‑to‑date policies and procedures covering:
- Client identification and verification
- Record‑keeping and retention
- Risk‑based monitoring and enhanced due diligence
- FINTRAC reporting (EFT, LCT, suspicious transaction reporting, large virtual currency transaction reporting where applicable)
- Training and independent review
Treat these documents as living tools, reviewed at least annually or when business models, geographies, or products change.
Conduct a documented, risk‑based ML/TF assessment
A credible risk assessment should:
- Map products and services, delivery channels, geographies, and client types
- Rate inherent ML/TF risk for each dimension
- Document mitigating controls and resulting residual risk
For MSB compliance, this assessment should explicitly address cross‑border remittances, cash intensity, and third‑party transactions, and be used to calibrate monitoring thresholds and escalation workflows.
Strengthen FINTRAC reporting controls and automation
Missed EFT and LCT reports are often symptoms of weak data capture and manual processes. MSBs should:
- Implement system rules to flag transactions at or above $10,000
- Standardize data fields required for FINTRAC reporting
- Consider RegTech solutions or integration with a FINTRAC API or batch reporting tool where available
- Perform periodic reconciliations between transactional data and submitted reports
These controls also support AML audit preparedness, making it easier to evidence timely, accurate reporting during examinations.
Treat registration and corporate changes as compliance events
Any change to ownership, directors, business locations, services, or key contacts should trigger a formal compliance checklist, including:
- MSB registration update with FINTRAC
- Policy and procedure review
- Risk assessment refresh
- Training updates for new products or channels
Embedding this into corporate governance reduces the risk of missing mandatory notifications of change.
Embed culture, training, and accountability
Even a well‑designed program fails without trained staff and clear accountability. MSBs should:
- Designate a compliance officer with sufficient authority
- Provide role‑specific training, including red flags and suspicious transaction reporting expectations
- Track completion and effectiveness of training
⸻
The Bigger Picture
The Juba Express Inc. AMP sits within a broader shift in FINTRAC enforcement:
- 23 Notices of Violation in 2024–25, the highest ever in a single year
- More than $25 million in penalties in that same period
- Over 150 penalties imposed since 2008 across casinos, financial entities, MSBs, real estate, and other sectors
FINTRAC continues to emphasize that suspicious transaction reporting is critical to generating actionable intelligence for law enforcement and national security agencies investigating money laundering, terrorist activity financing, sanctions evasion, and threats to the security of Canada.
The trend is clear: the balance is shifting from education‑first to education plus assertive enforcement, particularly where entities fail to meet foundational PCMLTFA requirements.
⸻
Final Thoughts
The $67,150 Administrative Monetary Penalty against Juba Express Inc. is more than a one‑off sanction against a Toronto MSB. It is a pointed reminder that no MSB is too small or too local to attract FINTRAC’s attention when core compliance elements are missing.
For MSBs and other reporting entities, the message is straightforward: invest in a robust, risk‑based AML compliance framework, ensure accurate and timely FINTRAC reporting, and be ready to demonstrate your program under scrutiny. Those who treat compliance as a strategic, well‑governed function will be far better positioned as FINTRAC’s enforcement trajectory continues to rise.
If your MSB needs help ensuring timely, accurate, audit-ready reporting, Comply+ offers automated FINTRAC reporting with AI-powered risk assessment tools designed specifically for MSBs and other PCMLTFA reporting entities.
Disclaimer:
This article is provided for general informational purposes only and reflects our interpretation and opinions based on publicly available information at the time of writing. It does not constitute legal advice, financial advice, regulatory guidance, or a substitute for professional counsel. Reporting entities and businesses subject to FINTRAC obligations should consult qualified legal and compliance advisors before making decisions relating to FINTRAC, AML obligations, or compliance requirements.
Automate Your FINTRAC Reporting with Comply+
Don't let compliance failures put your business at risk. Comply+ offers AI automated FINTRAC reporting, compliance training, and AI risk assessment tools designed specifically for PCMLTFA reporting entities.