A cryptocurrency exchange has been slapped with a fine of almost $177 million — the largest-ever penalty by Canada’s financial intelligence agency — for infractions including failing to flag more than 1,000 transactions with suspected links to criminal activity.
The Financial Transactions and Reports Analysis Centre of Canada announced the penalty for Xeltox Enterprises Ltd. on Wednesday. The B.C.-incorporated business operates as Cryptomus and was previously known as Certa Payments Ltd.
The $176,960,190 eclipses the previous record — roughly $20 million — for a fine imposed by Fintrac. That penalty was given to Peken Global Ltd, the operator of another cryptocurrency firm, KuCoin, in September.
“Given that numerous violations in this case were connected to trafficking in child sexual abuse material, fraud, ransomware payments and sanctions evasion, Fintrac was compelled to take this unprecedented enforcement action,” director and CEO Sarah Paquet, said in a statement about the Cryptomus penalty.
The agency found 1,068 instances where Cryptomus did not submit reports for July 2024 transactions involving known darknet markets and virtual currency wallets with ties to the criminal activity Paquet described.
Darknet markets are online and often anonymous platforms where illegal goods and services are sold. Virtual currencies also mask the identity of their holder, making both them and the darknet markets havens for criminal activity.
Fintrac said Cryptomus didn’t just violate money laundering laws when it failed to flag suspicious transactions, it also committed a violation when it failed to report 7,557 transactions originating from Iran between July 1 and Dec. 31, 2024.
Because of ministerial directives linked to financial transactions associated with the Islamic Republic of Iran, Cryptomus was supposed to treat these transactions as high risk. It was also required to verify the identity of the sender(s)/beneficiary(ies), exercise due diligence, maintain a record of the transactions and report them to Fintrac, yet the agency said none of those obligations were fulfilled.
Furthermore, Fintrac found 1,518 transactions in July 2024 that met the $10,000 threshold at which companies have to report a large transfer of virtual currency.
Fintrac said these instances went unreported by Cryptomus, which also had “incomplete and inadequate policies and procedures” that created deficiencies in how the company handled ongoing monitoring and “know-your-client” obligations.
Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, businesses ranging from financial institutions to real estate brokers and casinos must keep certain records, identify clients, maintain a compliance regime and report financial transactions meeting specific criteria to Fintrac.
Read More: Cryptocurrency exchange Cryptomus fined record $177M by Fintrac
