FINTRAC’s New AMP Regime in 2025: Record Penalties and Higher Stakes

For Canadian reporting entities – from money services businesses (MSBs) and securities dealers to crypto exchanges and banks – this marks a new era of enforcement. Missteps that once led to modest fines now pose existential risks. Below, we break down what changed, why penalties have skyrocketed, and how businesses can respond.

What FINTRAC Changed in 2025

Updated Penalty Policy

In August 2025, FINTRAC released a revised Administrative Monetary Penalties Policy and Supervisory Framework. The updates clarify how penalties are calculated and give FINTRAC broader discretion. Notably, it will no longer share draft findings before finalizing an AMP – meaning that after an examination, a notice of violation can be issued immediately.

Although FINTRAC maintains that AMPs are meant to “encourage compliance,” it now reserves the right to withhold penalty reductions for serious or repeated violations. The result: faster, stricter enforcement when major deficiencies are found.

Public Naming and Transparency
Under the new approach, FINTRAC routinely publishes the names, fines, and violations of penalized firms on its public penalties page. This transparency introduces reputational risk alongside financial loss. Being listed on FINTRAC’s website can damage credibility with banks, clients, and investors – reinforcing deterrence across the industry.

Supervisory Framework
The 2025 framework emphasizes a three-pillar model – Engaging, Monitoring, Enforcing. FINTRAC will continue to guide and supervise entities, but it has made clear that serious compliance gaps will trigger immediate enforcement. These changes collectively shift Canada toward a more assertive AML enforcement model, aligning with international expectations.

Why Penalties Have Skyrocketed

Stronger Laws, Bigger Fines
In June 2025, the federal government introduced the Strong Borders Act (Bill C-2), proposing a 40-fold increase in maximum AMPs.

• Very serious violations: up to C$20 million (up from $500k)

• Serious violations: up to C$4 million (up from $100k)

• Minor violations: up to C$40,000

Cumulative penalties can reach C$20 million or 3% of global revenue, whichever is greater. Even though Bill C-2 is still under review, recent enforcement activity shows FINTRAC is already applying this tougher logic.

FATF Pressure and Deterrence
The escalation also reflects FATF evaluation pressure. Canada is preparing for its next mutual evaluation, and regulators are eager to prove a stronger AML posture. Historically, small fines made non-compliance a tolerable “cost of doing business.” The 2025 overhaul aims to change that narrative — making compliance investment cheaper than penalties.

More Frequent Enforcement
FINTRAC is not just imposing larger fines but doing so more often. Program-level deficiencies such as missing risk assessments, ineffective training, or outdated procedures are now categorized as “very serious” violations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).

Even technical lapses – like missing your two-year effectiveness review – can lead to penalties in the hundreds of thousands.

What Recent AMP Cases Reveal

Recent enforcement cases show how rapidly fines have grown.

• Cryptomus (Xeltox Enterprises): In October 2025, FINTRAC imposed a record C$176.9 million penalty on this Vancouver-based crypto exchange for 2,593 violations, including failure to file 1,068 Suspicious Transaction Reports (STRs) and 1,500 unreported large transactions. Many were tied to predicate crimes such as fraud, child exploitation, and sanctions evasion. The penalty represented roughly 3% of global revenue, underscoring that even foreign-operated MSBs serving Canadians fall under FINTRAC jurisdiction.

• KuCoin (Peken Global Ltd.): A C$19.6 million fine followed in September 2025 against this Seychelles-based exchange for operating in Canada without registering as an MSB and failing to report thousands of transactions. The message: registration and reporting are non-negotiable.

• Gaming Sector Penalties: The Saskatchewan Indian Gaming Authority (SIGA) and British Columbia Lottery Corporation (BCLC) received fines exceeding C$1 million each for AML program deficiencies, including missing STRs and failing to apply enhanced due diligence.

Across these cases, FINTRAC’s message is consistent: failures in AML program design, training, or reporting are no longer “administrative oversights” — they’re high-risk violations with multi-million-dollar consequences.

How Businesses Can Respond Now

1. Conduct a Comprehensive Program Review
Verify that all core components under the PCMLTFA are in place — updated risk assessment, written policies and procedures, a designated compliance officer, and a recent two-year effectiveness review. If it’s been more than 24 months since your last independent review, schedule one now.

2. Fix Reporting and Record-Keeping Gaps
Ensure that all required reports are being filed promptly: Suspicious Transaction Reports (STRs), Large Cash Transaction Reports (LCTRs), and Electronic Funds Transfer Reports (EFTRs). FINTRAC expects zero tolerance for unreported red-flag activity.

3. Keep Your Registration Current
Confirm your FINTRAC MSB registration is active and accurate. Notify FINTRAC of ownership, business line, or address changes within 30 days, and renew every two years. Several 2025 fines – including KuCoin – stemmed from unregistered operations.

4. Strengthen Your Risk-Based Approach
FINTRAC expects that riskier customers and activities face proportionate scrutiny. Review onboarding and monitoring processes, apply Enhanced Due Diligence (EDD) for high-risk clients, and document decisions thoroughly.

5. Train and Test Your Team
Provide annual AML training that includes FINTRAC’s August 2025 policy updates and recent enforcement lessons. Conduct internal mock audits to prepare for examinations.

6. Document Everything
Good documentation can mitigate penalties. Maintain audit trails for STR rationales, training attendance, risk rating updates, and board oversight. If FINTRAC investigates, comprehensive records demonstrate intent to comply — a key mitigating factor.

Risks of Inaction

Ignoring these developments is costly:

• Financial Exposure: Fines now reach tens or hundreds of millions. Even moderate violations can result in seven-figure penalties, and insurers rarely cover them.

• Reputational Damage: FINTRAC’s public disclosure policy ensures violations are visible to clients, banks, and competitors. Once listed, regaining trust is difficult.

• Operational Disruption: Repeated non-compliance can lead to registration suspension or even criminal referrals. Firms may lose access to banking or correspondent relationships.

• Internal Fallout: Regulatory findings often prompt leadership turnover and staff attrition, making compliance recovery even harder.

The lesson is clear: reactive compliance is no longer enough.

AMLI Support Options

Adapting to FINTRAC’s tougher regime requires expertise and credible support. AML Incubator helps reporting entities modernize compliance programs, close identified gaps, and avoid enforcement exposure. Whether through independent reviews, outsourced compliance officer support, or remediation assistance, AMLI provides practical, regulator-aligned solutions that let you focus on business growth while staying compliant.

Services:

• CAMLO/MLRO Services – Outsourced Chief AML Officer oversight for your compliance program.

• MSB Registration Services – Proper registration setup and compliance program development.

• Effectiveness Review – Independent AML audits to meet FINTRAC’s biennial review requirement.

• Regulatory Remediation – Targeted assistance to fix FINTRAC-identified deficiencies.\

Key Takeaways

• FINTRAC’s new policy (Aug 2025) empowers faster, public enforcement.

• Maximum AMPs increased up to C$20 million per violation; cumulative fines can reach 3% of global revenue.

• Record penalties – including C$176.9 million against Cryptomus – show the shift is already here.

• Compliance program quality, reporting accuracy, and documentation are now decisive survival factors.

• Investing in compliance is the most cost-effective protection against enforcement and reputational risk.

Read More:

• There’s No Such Thing as an MSB License in Canada – It’s Only a Registration

• Top FINTRAC Red Flags for Canadian MSBs in 2025