FINTRAC Compliance for Acquirer Services (Private ABMs)

New FINTRAC obligations for acquirer services in relation to private automated banking machines, effective October 1, 2025. Comply+ automates your reporting requirements.

One Minute Setup
Free to Start
No Credit Card Required

New FINTRAC Obligations for Acquirer Services

Effective October 1, 2025, acquirer services in relation to private automated banking machines (ABMs) are reporting entities under the PCMLTFA. If you provide the infrastructure, processing, or settlement services that enable private ABMs to operate, FINTRAC now requires you to report certain transactions, verify the identity of your clients, maintain records, and operate a compliance program.

Private ABMs, sometimes called white-label ATMs, are found in convenience stores, bars, gas stations, and other non-bank locations. They are distinct from bank-owned ATMs and have been identified as a money laundering vulnerability because of the cash they handle and the limited oversight some operators historically received.

What You Must Do

  • Register with FINTRAC as a reporting entity.
  • File Large Cash Transaction Reports (LCTR) when applicable cash thresholds are met. Deadline: 15 calendar days.
  • File Suspicious Transaction Reports (STR) when you have reasonable grounds to suspect money laundering or terrorist financing. Deadline: as soon as practicable.
  • Verify client identity for the operators and owners of private ABMs in your network.
  • Maintain records of transactions, client identification, and filed reports for at least five years.
  • Establish a compliance program with policies, procedures, a compliance officer, a risk assessment, and staff training.

Why Private ABM Acquirers Are Now Regulated

Private ABMs process cash withdrawals outside the banking system's direct oversight. Several risk factors drove the regulatory change:

  • Cash loading and replenishment: Private ABMs are loaded with cash by the operator, not by a bank. The source of that cash and the methods used to replenish the machine can be exploited for money laundering.
  • Limited oversight of operators: Unlike bank-owned ATMs, private ABMs are operated by independent businesses with varying levels of sophistication. Some operators may be involved in, or vulnerable to, illicit activity.
  • Transaction monitoring gaps: Acquirers process transaction data but have not traditionally been required to monitor it for AML purposes. The new regulations close this gap.
  • High cash volume locations: Private ABMs in cash-intensive locations (bars, nightclubs, casinos) process significant volumes and may be used to access funds linked to illegal activity.

How Comply+ Supports Acquirer Services

Transaction Monitoring

Upload your transaction and settlement data. Comply+ monitors for reportable activity, including cash thresholds and suspicious patterns across your network of private ABMs.

STR Detection

Our aiSTR technology identifies suspicious patterns in ABM transaction data: unusual cash loading patterns, operators with anomalous activity, and transactions that deviate from normal behaviour for the location type.

Operator-Level Record Management

Comply+ maintains identification and compliance records for each operator in your network. When FINTRAC conducts an examination, your documentation is organized at the operator level.

Direct FINTRAC Submission

Submit all required reports directly to FINTRAC from within the platform, with confirmation receipts and a complete audit trail.

Acquirer services are newly regulated under the PCMLTFA. Getting compliant before enforcement begins positions your business to continue operating without disruption. Comply+ gives you the reporting infrastructure you need from day one.

Enforcement & Penalties

The Cost of Non-Compliance

FINTRAC enforcement is intensifying. Recent penalties demonstrate that compliance failures result in significant financial consequences, with Bill C-2 increasing maximum penalties to $20 million for entities.

Recent FINTRAC Penalties

FINTRAC has imposed significant Administrative Monetary Penalties (AMPs) for compliance failures across multiple sectors.

Juba Express Inc. — $67,150

December 2025 — Toronto, Ontario

Multiple compliance failures including no effective compliance regime, no proper risk assessment, and failures to submit EFT and LCT reports.

Read case study

MP Technology Services Ltd. — $536,853.35

December 2025 — Foreign MSB (Seychelles)

Failed to submit STRs for transactions with exposure to darknet marketplaces, sanctioned entities, and child sexual abuse material.

Read case study

Xeltox Enterprises (Cryptomus) — $176,960,190

October 2025 — British Columbia

2,593 violations including 1,068 unreported STRs, 1,518 unreported LVCTRs, and failure to comply with Ministerial Directive on Iran.

Read case study

KuCoin (Peken Global) — $19,552,000

September 2025 — Foreign MSB (Seychelles)

Unregistered foreign MSB, 2,952 unreported LVCTRs, and 33 unreported STRs linked to darknet marketplaces and illicit chemical trade.

Read case study

Bill C-2: Increased Penalties

Under Bill C-2 (tabled June 2025), maximum Administrative Monetary Penalties would increase dramatically:

  • Entities: Up to $20 million (previously $500,000) — a 40x increase
  • Individuals: Up to $4 million (previously $100,000)
  • Criminal penalties: Certain compliance failures can result in criminal prosecution
Learn more about Bill C-2

Enforcement Trends

  • 23 Notices of Violation issued in 2024–25, the highest annual volume since 2008
  • More than $25 million in total penalties in 2024–25
  • Over 150 penalties imposed since 2008 across all regulated sectors
  • FINTRAC is moving to a supervisory model anchored in credible deterrence

Why Choose Comply+

Purpose-built for Canadian FINTRAC compliance. Automate reporting, reduce risk, and scale your operations.

Comprehensive Reporting

Handle all FINTRAC transaction types with automated LCTR, LVCTR, EFTR, and STR detection and submission. Our system identifies reportable transactions across cash, virtual currency, and electronic funds transfers.

AI-Powered Detection

Our proprietary aiSTR™ technology automatically flags suspicious transactions and drafts FINTRAC-compliant narratives. Reduce false positives and ensure nothing falls through the cracks.

Scalable Operations

Scale your operations without increasing compliance overhead. Automate reporting workflows to handle growth from hundreds to thousands of transactions per month.

Platform Features

Complete FINTRAC Compliance Solution

From batch uploads to direct FINTRAC submission — everything you need in one platform

Direct FINTRAC Submission

Submit reports directly to FINTRAC securely. No need to log in to the FINTRAC website — everything is handled within Comply+.

Autopilot Mode for Connected Databases

For fully connected databases, enable autopilot for automatic submission of LCTRs, LVCTRs, and EFTRs. Our proprietary aiSTR™ technology handles suspicious transaction detection, requiring manual review only for STRs.

Intelligent Batch Processing

For non-connected databases, upload a CSV of transactions. Automatically detect required reports and generate draft LCTRs, LVCTRs, EFTRs, and STRs with AI-powered analysis.

AI-Driven STR Detection

Our proprietary aiSTR™ technology automatically flags high-risk transactions and drafts narratives aligned with FINTRAC risk indicators. You retain full control with manual overrides.

Customer & Location Management

Maintain complete customer and location data with direct integrations to providers like SumSub. Reports auto-populate with existing records.

Draft & Save Reports

Create and save draft reports — including AI-generated STR narratives — for later completion. Work at your own pace with automatic data preservation.

STR Extensions Made Simple

Add STR extensions to existing reports (LCTR/LVCTR/EFTR/CDR) with one click. Fill only additional fields — no separate forms.

COMING SOON

AI Model Configuration

Risk Detection Settings

Risk Indicator A
Identified: 87%
Risk Indicator B
Identified: 94%
Risk Indicator C
Identified: 82%
Overall Risk Rating78%

Recommended STR filing

aiSTR 2.0

Advanced risk flagging via AI. Machine learning flags suspicious transaction patterns — reducing false positives and helping teams act faster on STRs.

Direct Slack integration for no login STR review/submissions

Maximize risk detection with custom set, and AI-driven risk indicators

Set your risk indicator weightings, or let aiSTR optimize detection

Generate higher accuracy through reinforced learning

30-Minute Demo

FINTRAC Compliance for Acquirer Services (Private ABMs)

In 30 minutes, walk through how Comply+ helps you move from transaction data to draft reports, STR review with your team, and FINTRAC API submission without logging into the Web Reporting System (FWR) for each filing.

1. Draft report preparation

Upload a CSV or connect your system and see how Comply+ helps surface reportable activity for LCTR, LVCTR, EFTR, and CDR workflows.

2. STR review path

See how aiSTR™ supports narrative drafts and how your team reviews and decides what is filed.

3. Submit and confirm

Follow submission through FINTRAC's API and where confirmations and status live in Comply+.

Book the same workflow as above

Enter your work email. We will open the calendar to schedule your demo.

We will send demo details and redirect you to schedule

Disclaimer

This page is provided for general informational purposes only and reflects our interpretation and opinions based on publicly available information at the time of writing. It does not constitute legal advice, financial advice, regulatory guidance, or a substitute for professional counsel. Reporting entities and businesses subject to FINTRAC obligations should consult qualified legal and compliance advisors before making decisions relating to FINTRAC, AML obligations, or compliance requirements.