Regulatory inspection is not a random selection. FINTRAC focuses inspections on areas where a business may be vulnerable to money laundering or terrorist financing risks, and where there is a greater risk of non-compliance with legal requirements. Understanding the selection mechanism helps businesses assess their weak points and properly organize their preparation for FINTRAC inspections.
FINTRAC uses a risk-analysis-based strategy to select companies. Information from the MSB registry helps the regulator ensure effective compliance in the sector by using a risk-based approach and assessing the suitability of owners, directors, and senior officers to operate as MSBs in Canada. The regulator considers several factors: history of previous violations, transaction volume, geographic corridors, types of clients, use of agents, and the overall complexity of the business model.
Key selection criteria include:
FINTRAC uses this information to assess risk and determine the scope of the inspection, including assessment requirements and appropriate methods, and also sets the number of document samples, client records, transaction records, and financial statements to be reviewed. MapleBiz can conduct a preliminary audit of your MSB to identify high-risk areas before the regulator notices them.
The moment you receive notice of an inspection starts the clock. After that date, updating documents will no longer count — the regulator assesses the state of compliance at the time the inspection begins. Therefore, the MSB compliance program must be kept current at all times, not just on the eve of the inspector’s visit.
When notifying of an inspection, FINTRAC requests a basic document package. FINTRAC will request documentation including compliance policies and procedures, the money laundering and terrorist financing risk assessment, measures to mitigate high risks, samples of transaction documentation, and other documents.
The standard list includes:
Records must be kept in such a way that they can be provided to FINTRAC within 30 days upon request. An important nuance: policies must reflect the real specifics of your business, not be generic templates. The regulator compares the described procedures with the company’s actual actions.
FINTRAC reviews transaction records for the past several years. You must keep a copy of the report for at least 5 years after the day it is submitted, and for some reports — at least five years from the date of creation. Electronic logs must contain complete information on large cash transactions (from CAD 10,000), international transfers, and suspicious operations.
Key requirements for records:
Preparing for FINTRAC inspections means maintaining a system that can instantly generate the required data. Missing or incomplete records — one of the typical MSB mistakes that leads to fines.
FINTRAC inspectors assess not only the presence of documents, but also their content, as well as whether actual actions match the described procedures. When applying assessment methods, FINTRAC may review documents, client records, transaction records, and financial statements, and may also conduct interviews, using a holistic approach to evaluating findings rather than reviewing them in isolation.
The central element of the inspection is the MSB compliance program. MSBs are required to have policies and procedures, where policies describe regulatory obligations and procedures explain what the MSB does to meet those requirements. FINTRAC checks for the presence of five main elements: a designated compliance officer, written policies, a risk assessment, a staff training program, and a review of the program’s effectiveness every two years.
Inspectors carefully examine how the company meets KYC (Know Your Client) requirements. Client verification is checked: whether the correct methods were used, whether all data was collected, and whether a risk assessment was conducted for each client. FINTRAC found that 41% of reviewed clients did not have a documented risk rating — this is a serious violation.
Special attention is paid to high-risk clients: whether enhanced due diligence is in place, how often information is updated, and whether additional monitoring measures are applied. In 129 inspections, MSBs had no evidence of risk assessments being conducted. The absence of a risk assessment is a direct path to a fine and reputational losses.
FINTRAC checks the timeliness and completeness of mandatory reports: suspicious transaction reports (STR), large cash transaction reports (LCTR), and electronic funds transfers (EFT). The MSB training program must be documented (who, what, where, when, and how) and provided to all employees and agents on at least an annual basis.
In October 2025, FINTRAC imposed a record CAD 176.9 million fine on a cryptocurrency exchange for 2,593 violations, including failure to submit 1,068 suspicious transaction reports and 1,500 unreported large transactions. These figures show that the regulator does not forgive systemic reporting failures. MapleBiz specialists will help set up a monitoring and reporting system that meets FINTRAC requirements.
Inspections are divided into three phases: planning and scoping, review and assessment, and findings and finalization of the inspection. Understanding each stage helps businesses interact properly with inspectors and minimize risks.
Interviews with employees are an important part of the inspection. Common mistakes included interviews with staff during the inspection, which revealed a lack of understanding of the requirements, as FINTRAC will question random employees about regulatory requirements to assess the effectiveness of training. Inspectors ask questions about procedures and ask employees to explain how to identify a suspicious transaction and what to do if red flags are detected.
A mismatch between documented policies and staff understanding is a red flag for FINTRAC. It indicates a formal rather than functional approach to compliance. Important: employees must not only know the procedures, but also demonstrate an understanding of their purpose and application in real situations.
The inspector will inform you when to expect the formal letter (usually within 30 days after the inspection ends), which details FINTRAC’s findings as well as information about a possible administrative monetary penalty (AMP). The letter classifies violations by severity: minor, serious, and very serious.
It is important to understand the trade-offs: even if FINTRAC does not require a formal action plan, creating one and providing it to the bank or investors can prevent the loss of banking relationships. If FINTRAC found something insignificant during an inspection in 2014, it was not cited, but in such cases the regulator may inform you verbally, and it will not be part of the formal findings letter.
Typical MSB mistakes recur year after year. In 361 inspections, MSBs were found non-compliant; most problems were related to failure to update information when business changes occurred or failure to list all types of activities. Understanding these patterns helps avoid predictable mistakes.
The most common violations:
The consequences of violations vary. Violations are categorized by severity — from minor to serious and very serious, with corresponding fine ranges of up to CAD 1,000 for a minor violation, CAD 100,000 for a serious violation, and CAD 500,000 for a very serious violation for a legal entity. In October 2025, FINTRAC imposed a record CAD 176.96 million fine on an MSB company, citing more than 2,590 violations, including failure to file suspicious transaction reports.
In addition to fines, there are secondary effects: loss of banking services, reputational risks, publication of violation information on the FINTRAC website, and possible criminal prosecution in the case of intentional violations. FINTRAC may revoke an MSB registration if it finds serious non-compliance or violations of the PCMLTFA, and non-compliance may also lead to significant reputational damage, loss of clients, and loss of business.
MapleBiz specializes in legal support for businesses in the financial sector, including comprehensive MSB support. We help at every stage: from developing a compliance program to representation in dealings with FINTRAC. Our services include:
Contact MapleBiz for a consultation — we will help you build a resilient compliance system that protects your business from fines and reputational risks, allowing you to focus on growth rather than fighting regulatory issues.
