FINTRAC Penalty on MP Technology Services Ltd.: A Clear Warning to Foreign MSBs
Source: FINTRAC Official News Release
Read the full FINTRAC announcementOn 18 December 2025, FINTRAC announced a significant Administrative Monetary Penalty (AMP) of $536,853.35 against MP Technology Services Ltd., a Seychelles‑incorporated foreign money services business (MSB) operating in Canada and a subsidiary of MoonPay Inc. Following a compliance examination, FINTRAC concluded that the firm had committed multiple violations of Part 1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated Regulations.
This case matters far beyond the dollar amount. It highlights FINTRAC’s growing focus on virtual-asset related MSBs, foreign MSBs with Canadian operations, and the critical role of suspicious transaction reporting in detecting exposure to darknet marketplaces, sanctioned entities and child sexual abuse material. For MSBs and other reporting entities subject to AML compliance in Canada, this AMP is a clear signal that FINTRAC enforcement is intensifying and that gaps in core program elements will no longer be tolerated.
⸻
What Happened: FINTRAC's Examination Findings
FINTRAC found that MP Technology Services Ltd. committed several distinct administrative violations under the PCMLTFA.
Failure to Submit Incoming EFT Reports of $10,000 or More
FINTRAC requirement: Reporting entities, including MSBs, must submit electronic funds transfer (EFT) reports to FINTRAC for incoming international EFTs of $10,000 or more in a single transaction, together with all prescribed information (e.g., sender, receiver, account details, transaction date and amount).
FINTRAC's finding: MP Technology Services Ltd. failed to submit multiple incoming EFT reports for transactions of $10,000 or more conducted in the course of a single transaction, and did not provide the required prescribed information to FINTRAC.
Why it matters: EFT reporting is a cornerstone of FINTRAC reporting. Gaps here directly limit FINTRAC’s ability to trace cross‑border flows that may be associated with money laundering, terrorist activity financing, sanctions evasion or other threats to the security of Canada. For MSBs, especially those dealing in virtual assets or cross‑border payments, failure to file EFT reports undermines FINTRAC’s analytical capability and will attract heightened scrutiny.
⸻
Failure to Maintain Written, Approved Compliance Policies and Procedures
FINTRAC requirement: Under the PCMLTFA, reporting entities must develop, document, and apply written compliance policies and procedures that are:
- Up to date; and
- In the case of an entity, approved by a senior officer.
FINTRAC's finding: MP Technology Services Ltd. did not have written compliance policies and procedures that were both current and approved by a senior officer. The firm failed to demonstrate that its compliance framework met the formal governance and documentation expectations under the PCMLTFA.
Why it matters: Policies and procedures are the operational blueprint for MSB compliance. Without clear, senior‑approved documentation, frontline staff and systems cannot reliably meet obligations related to client identification, record‑keeping, large cash or large virtual currency transaction reporting, and suspicious transaction reporting. FINTRAC’s message is clear: a compliance program that exists only in practice, but not in properly documented and approved form, is non‑compliant.
⸻
Failure to Assess and Document ML/TF Risk
FINTRAC requirement: Reporting entities must assess and document their risk of money laundering and terrorist financing, taking into account prescribed factors such as products, services, delivery channels, geography, clients, and business relationships.
FINTRAC's finding: MP Technology Services Ltd. failed to assess and document its ML/TF risk in line with these prescribed factors. There was no adequate, documented risk assessment supporting the design of its compliance controls.
Why it matters: Risk assessment is the foundation of risk‑based AML compliance in Canada. For a foreign MSB operating in Canada, especially one connected to virtual asset flows, a robust ML/TF risk assessment is essential to calibrate transaction monitoring rules, sanctions screening, darknet exposure controls, and thresholds for suspicious transaction reporting. Without it, the compliance regime is effectively blind.
⸻
Failure to Submit Suspicious Transaction Reports (STRs)
FINTRAC requirement: A suspicious transaction report must be submitted to FINTRAC when a transaction occurs or is attempted and there are reasonable grounds to suspect that it is related to the commission or attempted commission of a money laundering or terrorist activity financing offence.
FINTRAC's finding: FINTRAC determined that MP Technology Services Ltd. failed to submit STRs on multiple separate occasions where there were reasonable grounds to suspect attempted transactions were linked to ML/TF offences. Specifically, declined transactions that should have been reported were instead left unreported, even though they were flagged for direct or indirect exposure to:
- Darknet marketplaces
- Sanctioned entities
- Child sexual abuse material
Why it matters: This is the most serious finding. FINTRAC explicitly notes that suspicious transaction reporting is critical to its ability to generate actionable financial intelligence for law enforcement and national security agencies. The fact that the transactions were declined does not remove the obligation to report attempted suspicious activity. For MSBs using automated screening tools or a FINTRAC API–enabled RegTech solution, this case underscores that:
- Alerts related to sanctions, darknet, or child sexual abuse material must be carefully escalated.
- Declined or blocked transactions may still require STRs.
- Failure to report can directly impede investigations into child exploitation and national security threats.
⸻
Why This Penalty Matters
Heightened Focus on Foreign and Virtual-Asset MSBs
MP Technology Services Ltd. is a Seychelles‑incorporated foreign MSB operating in Canada and a subsidiary of MoonPay Inc., a well‑known virtual asset service provider. This AMP signals that FINTRAC expects foreign MSBs with Canadian customers to fully meet PCMLTFA requirements, regardless of where they are incorporated or where their parent company sits. Cross‑border, digital‑first models will not be treated more leniently.
Zero Tolerance for Weak STR Practices on High-Risk Activity
FINTRAC went out of its way to describe the unreported, declined transactions as having exposure to darknet marketplaces, sanctioned entities and child sexual abuse material. This language is deliberate. It highlights that FINTRAC enforcement will be particularly aggressive where gaps in FINTRAC reporting may impact investigations into the most harmful criminal activity.
Evidence of a Broader Enforcement Trend
FINTRAC notes that in 2024–25 it issued 23 Notices of Violation, the largest number in a single year in its history, with total penalties of more than $25 million. Since obtaining AMP authority in 2008, FINTRAC has imposed more than 150 penalties across most sectors. This case is part of a clear pattern: a shift from education‑first to enforcement‑driven supervision.
⸻
Lessons for Reporting Entities
Treat Attempted and Declined Transactions as Reportable
MSBs must ensure their AML audit preparedness covers both completed and attempted transactions. Systems and procedures should:
- Flag high‑risk attempted activity (e.g., sanctions hits, darknet exposure, exploitation‑related indicators).
- Escalate these cases for investigation.
- File STRs promptly where reasonable grounds to suspect exist, even if the transaction was declined.
Strengthen Risk-Based Transaction Monitoring
Given the explicit mention of darknet marketplaces and child sexual abuse material, MSBs should:
- Review risk assessments to ensure these typologies are fully captured.
- Calibrate monitoring rules and screening tools accordingly.
- Where possible, integrate RegTech and FINTRAC API–enabled solutions to support scalable detection of high‑risk patterns.
Formalize and Approve Policies and Procedures
Compliance policies and procedures must be:
- Written, detailed and tailored to the MSB’s products, channels and geographies.
- Approved by a senior officer and reviewed regularly.
- Explicit about EFT reporting, large virtual currency transaction reporting, client identification, sanctions screening and STR decision‑making.
Build and Maintain a Robust ML/TF Risk Assessment
Every reporting entity should have a documented, periodically updated risk assessment that:
- Considers products, services, clients, geography and delivery channels.
- Drives the design of controls, including thresholds and monitoring rules.
- Is available for FINTRAC review as part of examinations and AML audit preparedness.
Use Technology, but Don’t Outsource Judgement
RegTech tools, case management platforms and integrations that support FINTRAC reporting can significantly improve MSB compliance. However:
- Alerts must be reviewed by trained staff.
- Decisions to not file STRs must be documented and defensible.
- Governance should ensure that technology complements, rather than replaces, sound compliance judgement.
⸻
The Bigger Picture
This AMP is not an isolated event. FINTRAC reports that in 2024–25 it issued 23 Notices of Violation, totalling more than $25 million in penalties—the highest annual volume of Notices since it gained AMP powers in 2008. Over that period, it has imposed more than 150 penalties across sectors including casinos, financial entities, MSBs, real estate brokers and sales representatives, and others.
The message to the market is unambiguous:
- Administrative Monetary Penalties are being used actively to encourage behavioural change where entities fall short of PCMLTFA requirements.
- FINTRAC is moving decisively from a primarily educational posture to a supervisory model anchored in credible deterrence.
- Core obligations—client identification, record‑keeping, maintaining a compliance regime, EFT and large transaction reporting, and especially suspicious transaction reporting—are non‑negotiable.
For MSBs and other reporting entities, this environment demands a proactive approach to AML compliance in Canada, including regular independent reviews, technology enhancements, and senior‑level oversight.
⸻
Final Thoughts
The $536,853.35 AMP against MP Technology Services Ltd. underscores that FINTRAC expects every reporting entity—domestic or foreign, traditional or virtual‑asset focused—to operate a mature, risk‑based compliance program aligned with the PCMLTFA.
The key takeaways are clear: document and approve your policies, build a defensible risk assessment, ensure complete EFT and large transaction reporting, and treat suspicious attempted transactions with the same seriousness as completed ones. In the current FINTRAC enforcement climate, investing in strong MSB compliance and robust reporting processes is not optional—it is essential to protecting your business, your customers and the integrity of Canada’s financial system.
If your MSB needs help ensuring timely, accurate, audit-ready reporting, Comply+ offers automated FINTRAC reporting with AI-powered risk assessment tools designed specifically for MSBs and other PCMLTFA reporting entities.
Disclaimer:
This article is provided for general informational purposes only and reflects our interpretation and opinions based on publicly available information at the time of writing. It does not constitute legal advice, financial advice, regulatory guidance, or a substitute for professional counsel. Reporting entities and businesses subject to FINTRAC obligations should consult qualified legal and compliance advisors before making decisions relating to FINTRAC, AML obligations, or compliance requirements.
Automate Your FINTRAC Reporting with Comply+
Don't let compliance failures put your business at risk. Comply+ offers AI automated FINTRAC reporting, compliance training, and AI risk assessment tools designed specifically for PCMLTFA reporting entities.