Canadian Money Services Businesses (MSBs) operate in one of the most heavily regulated segments of the financial industry. Since October 2025, sanctions screening requirements have tightened: MSBs must now not only screen counterparties against lists, but also submit detailed reports to FINTRAC when property of sanctioned persons is identified.
The Special Economic Measures Act (SEMA) is Canada’s primary legislative instrument for imposing autonomous sanctions. Since October 2025, expanded reporting obligations have come into force: MSBs are required to file a Listed Person or Entity Property Report (LPEPR) with FINTRAC when assets of persons included on SEMA sanctions lists are identified. It is critically important to understand that SEMA applies the concept of deemed ownership — property of legal entities controlled by sanctioned persons is deemed to belong to the sanctioned persons themselves. This rule extends the scope far beyond simple ownership of more than 50% of shares.
Violations of SEMA requirements carry serious consequences. According to Canadian regulators, non-compliance is a criminal offense: fines of up to CAD 500,000 upon conviction or up to CAD 250,000 on summary conviction, plus possible imprisonment of up to five years. For MSBs, this means the need for daily updates to procedures and the integration of sanctions checks into all operational processes — from customer onboarding to transaction monitoring.
The Justice for Victims of Corrupt Foreign Officials Act, known as the Sergei Magnitsky law, adopted in 2017, sanctions foreign nationals responsible for gross human rights violations and acts of significant corruption. Unlike SEMA, which applies to states, the Magnitsky law focuses on individuals. An important distinction: under this law, it is prohibited not only to hold assets of sanctioned persons, but also to provide them with any financial services or carry out transactions for their benefit.
For MSBs, this creates an additional layer of complexity: they must screen not only direct clients, but also transaction beneficiaries, ultimate recipients of transfers, and related structures. The consolidated Canadian Autonomous Sanctions List combines sanctions under SEMA and JVCFOA, but it is updated irregularly and is for reference purposes only. Companies are required to monitor official regulatory documents in the Canada Gazette, since sanctions may come into force before official publication.
An effective sanctions control system for MSBs must combine technological automation and human expertise. Underestimating either element leads either to a high number of false positives or to missed real threats.
Automation begins with data quality. MSBs that collect incomplete or unstructured customer information face a flood of false matches. The basic requirement is separate fields for first name, last name, date of birth, address, and identification documents. This allows algorithms to match data more accurately against lists, where transliteration variations, nicknames, and spelling inaccuracies are common.
The Office of the Superintendent of Financial Institutions (OSFI) recommends that large financial institutions conduct daily screening of customer databases; for medium-sized MSBs, the minimum is weekly screening. New customers must be screened during onboarding or immediately after it is completed. Sanctions checks should be integrated into transaction monitoring systems: every cross-border transaction, currency exchange, or crypto transfer triggers an automatic screening of all parties in the chain.
The technological solution should support three screening modes: real-time (during onboarding and transactions), periodic (batch screening of customer databases on a schedule), and on-demand (when the risk profile changes). Companies that use only one mode risk missing changes in sanctions lists, which are updated daily.
Canada does not provide a single consolidated list of all sanctioned persons. MSBs are required to screen counterparties against multiple sources: SEMA lists, JVCFOA, the United Nations Act, and the Criminal Code (terrorist organizations). Each list is updated on its own schedule, and regulations may come into force before publication in the official gazette.
A critical mistake is relying only on official Canadian lists. Many MSBs process transactions in U.S. dollars or work with correspondent banks that require compliance with OFAC (the U.S. Office of Foreign Assets Control) sanctions. Loss of banking relationships due to non-compliance with U.S. sanctions is a common problem for Canadian MSBs operating in high-risk currency corridors.
The optimal strategy is to use a third-party commercial data provider that aggregates all relevant lists and updates them daily. An important condition: the MSB bears full responsibility for verifying list coverage completeness and update timeliness, even when outsourcing. Legal responsibility is not delegated together with the technical solution.
The industry standard is 90-95% false positives in sanctions screening. This means that most compliance team resources are spent resolving incorrect alerts. Causes include simple name matching without context, transliteration variability, cultural naming conventions, and common names.
Reducing false positives requires a multi-layered approach. First, the use of fuzzy matching algorithms that take into account phonetic similarity, common transliteration errors, and regional spelling variants. Second, contextualization: the system must consider additional identifiers — dates of birth, citizenship, geographic links, and counterparty type. A match on name alone without confirmation by other parameters is a candidate for automatic closure.
The use of machine learning and AI makes it possible to train the system on historical data: which combinations of factors led to real matches and which turned out to be false. Modern solutions use PEP scoring — a risk assessment of politically exposed persons taking into account their role, jurisdiction, connections, and type of exposure. This reduces the burden on analysts by up to 50%.
Theoretical understanding of the law must be transformed into concrete operational procedures. MSBs that delay implementing sanctions control systems or treat them formally expose themselves to regulatory and reputational risk.
Small and medium-sized MSBs often face a dilemma: build their own solution or use ready-made platforms. In-house development is justified only for large players with an IT team and a budget for ongoing support. For most MSBs, the optimal option is specialized SaaS solutions that provide the full cycle: sanctions lists, matching algorithms, case management, and audit trails.
When choosing a provider, the following parameters are critical: completeness of sanctions list coverage (at minimum — Canadian, UN, OFAC, EU, UK), data update frequency (at least daily), the ability to configure alert thresholds, APIs for integration with existing systems, tools for managing false positives, and documentation of all decisions for regulatory inspections.
A common mistake is choosing a solution based only on price. Cheap providers often offer incomplete lists, delayed updates, and weak matching algorithms. The result is missed sanctioned persons or an excessive number of false matches. Savings turn into multiple costs during regulatory inspections or loss of bank accounts.
MapleBiz works with MSBs at the stage of selecting technological solutions, helping assess whether systems comply with Canadian regulatory requirements and integrate them into the company’s compliance program. A proper sanctions control structure from the outset prevents costly rework in the future.
Sanctions screening cannot exist in isolation — it must be embedded in all MSB business processes. Integration points include: new customer registration (Know Your Customer), transaction execution (real-time screening), periodic review of the customer base, processing of customer data changes, and payouts through agent networks.
Special attention should be paid to agent networks. Since October 2025, MSBs are required to verify agents, including checking criminal history and compliance with eligibility criteria. Agents who worked before that date must undergo initial verification by October 2027. Agents are a weak link in sanctions control: they conduct operations on behalf of the MSB, but may not have adequate screening systems. The MSB bears full responsibility for agents’ actions.
Documentation is a mandatory part of the process. FINTRAC requires copies of all LPEPR reports and supporting documentation to be retained for five years. Every alert decision (match confirmed, rejected as false, or escalated for further review) must be recorded with justification. During a regulatory inspection, lack of documentation is treated as lack of control.
Staff training is an underestimated aspect. MSB employees who process transactions and work with clients must understand the basic principles of sanctions control, be able to recognize signs of sanctions evasion, and know escalation procedures. Annual training updates are the minimum requirement; quarterly refreshers are recommended.
An analysis of regulatory sanctions and MSB license revocations shows recurring mistakes. Understanding these patterns allows companies to avoid costly errors.
Risk No. 1: Delayed sanctions list updates. Sanctions regulations may come into force almost immediately, sometimes even before official publication. MSBs that update lists once a week or once a month are in violation from the moment sanctions take effect. Consequence: inadvertent transactions with sanctioned persons. Solution: automated daily updates with change notifications and monitoring of official sources (Global Affairs Canada, Canada Gazette).
Risk No. 2: Ignoring the concept of deemed ownership. Many MSBs screen only direct clients, missing related structures. Under Canadian law, property of companies controlled by sanctioned persons is subject to freezing. The concept of control is broader than formal share ownership. Solution: enhanced due diligence for high-risk clients, screening of beneficial owners and corporate control structures, and use of related-party databases.
Risk No. 3: A formal approach to false positives. Companies that automatically close all alerts without analysis or, conversely, spend excessive resources on every match are at risk. The former miss real threats, the latter lose operational efficiency. Solution: a risk-based approach with calibrated alert thresholds, clear criteria for classifying alerts (high/medium/low risk), and regular analysis of system effectiveness.
Risk No. 4: Lack of integration between AML and sanctions control. These areas often exist separately, although the obligations overlap. When sanctioned property is identified, both an LPEPR and a Suspicious Transaction Report must be filed if there is suspicion of money laundering. Solution: a unified compliance program, coordination between teams, and a shared risk management platform.
Risk No. 5: Underestimating international sanctions. Canadian MSBs that work with U.S. dollars or have correspondent relationships with American banks must comply with OFAC sanctions. Ignoring this fact leads to loss of banking services. Solution: multi-jurisdictional screening that includes sanctions from key partners, and proactive communication with banks about control procedures.
Companies that implement sanctions control reactively — after a warning from a regulator or loss of a bank account — incur far greater costs than those that build the system proactively. MapleBiz provides comprehensive legal support to MSBs: from developing sanctions control policies to representing interests during regulatory inspections. A proper legal structure for the compliance program is the foundation of a sustainable business in the money services industry.
Sanctions control is not a one-time project, but a continuous process. Legislation evolves, sanctions lists expand, and technologies improve. MSBs that view compliance as an investment in reputation and operational stability gain in the long term. Consulting professional legal advisers at the stage of building a sanctions control system helps avoid critical mistakes and focus on business development rather than fixing regulatory problems.
