Record-keeping — is not just the obligation to store documents. It is a strategic tool for protecting a business from financial and reputational risks. For Money Service Businesses in Canada, record-keeping is one of the five pillars of MSB compliance, alongside FINTRAC registration, client verification, transaction monitoring, and reporting.
When an MSB cannot provide the requested records within 30 days, it signals to the regulator systemic problems in management. Records must be kept in such a way that they can be provided to FINTRAC within 30 days upon request. It is important to understand: the inability to promptly provide documents is treated as equivalent to their absence.
The legal foundation of record-keeping is established in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). This law gives FINTRAC the authority to conduct FINTRAC examinations and require access to documentation. Companies must register with FINTRAC, create compliance programs, verify clients, keep prescribed records, and report suspicious transactions.
As of October 2025, new requirements came into force, strengthening oversight of MSB agents and beneficial owners. Screening must include criminal records for all key individuals; each record must be issued by a competent authority within six months and retained for at least five years. This means stricter market entry controls and higher barriers for bad actors.
MSBs are required to keep copies of all reports submitted to FINTRAC for at least 5 years from the date of filing. This includes:
Critical nuance: all records must be retained for at least five years, including both suspicious transaction reports and large cash transaction reports. MapleBiz provides legal support to MSBs in organizing a record-retention system and preparing reports on time.
Client identification information includes name, address, phone number, occupation or principal business, and date of birth for individuals. MSBs must retain verification methods: copies of identity documents, sources used to verify information, and records of due diligence measures taken.
For business clients, documentation on ownership structure and beneficiaries is required. MSBs must collect business information and verify beneficial owners with a 25 percent ownership stake. This complicates compliance, but protects against the use of the MSB structure to conceal sources of funds.
For transactions over $3,000, records must include the client’s name, transaction date, total amount, cheque issuer’s name, and reference number. The level of detail required increases with the transaction amount. Neglecting details in smaller transactions results in gaps during FINTRAC audits.
The aggregation rule: transactions are combined if they are carried out by one person, on behalf of one person, or for the benefit of one beneficiary within 24 hours. The 24-hour rule requires multiple transactions of the same type to be aggregated if they total $10,000 or more and occur within 24 consecutive hours. Ignoring this mechanism is a common cause of penalties.
The 24-hour rule is a requirement to aggregate transactions of the same type; the 24-hour period must be consecutive and cannot exceed 24 hours. A critical operator error is using calendar days instead of a rolling window. An MSB must track overlapping periods, not fixed time frames.
The system trade-off: aggregation improves detection of structured transactions (when clients split amounts to avoid thresholds), but increases administrative burden. The solution is automation of monitoring through specialized compliance systems. MapleBiz experts help select technical solutions that match the scale of your business.
Under PCMLTFA, MSBs are required to keep records of financial transactions for at least five years. However, there is a nuance: the retention period is counted differently for different categories of documents. For reports — from the date of filing; for client records — from the date of the last transaction; for transaction records — from the date the record was created.
After the five-year period expires, documents may be destroyed, but only if there is no active investigation or court request. Employees are not required to keep records after leaving employment; the MSB must obtain and retain the records until the employment contract ends. This creates a risk during terminations: the transfer of responsibility must be documented.
Records may be kept in machine-readable or electronic form, provided that a paper copy can be easily obtained. This provides flexibility, but creates an obligation: the system must ensure data remains readable for years. File formats become obsolete, media degrade, software changes.
Assumption: many MSBs choose cloud solutions for scalability. Risk: dependence on a third-party provider and data jurisdiction issues. Alternative: hybrid systems with local backups of critical records. The choice depends on transaction volume, budget, and technical infrastructure.
The 30-day window is not a recommendation, but an imperative. Records may be requested by law enforcement through a court order in investigations of money laundering or terrorist financing. Failure to provide the data is treated as a violation, even if the records physically exist but are inaccessible due to technical problems.
Practical checklist: indexing documents by type, date, and client; regular testing of retrieval procedures; assigning responsible persons; backups; a data recovery plan. MapleBiz specialists develop step-by-step procedures and conduct internal audits of readiness for regulator requests.
Thirty-one percent of reporting entities received administrative monetary penalties for record-keeping violations. This is one of the most common problems. Why? Record management is treated as a secondary task until an examination arrives.
The penalty for record-keeping violations can reach $500,000 and five years in prison; effective record-keeping is critical for compliance and for providing evidence in investigations. Non-compliance is now an offense: up to $250,000 or two years in prison on summary conviction, and up to $500,000 or five years on indictment.
In October 2025, FINTRAC imposed a record fine of $176.96 million on an MSB for more than 2,590 violations, including failure to report suspicious transactions. Peken Global Limited (KuCoin) was fined $19.5 million for operating as an unregistered foreign MSB and failing to submit 2,952 transaction reports.
From 2022 to 2024, one bank was fined more than $9 million for deficiencies in reporting and monitoring. These are not theoretical threats — the regulator actively applies sanctions. An MSB was fined nearly $60,000 for failing to provide required information on time. Even medium-level violations cost tens of thousands of dollars.
Trade-off: stronger compliance increases costs, but protects against catastrophic fines and reputational damage. An unregistered MSB risks not only money, but also the ability to continue operating. Turning to MapleBiz for a comprehensive legal audit of your record-keeping system is a preventive measure that helps avoid costly mistakes.
Navigating FINTRAC regulatory requirements is a complex task, especially for growing MSBs. MapleBiz provides legal support at every stage: from initial registration to preparation for regulatory examinations. We help build a record-keeping system that complies not only with the letter of the law, but also with the regulator’s expectations during examinations.
Our services include developing document management policies and procedures, training staff on compliance requirements, conducting internal audits of readiness for FINTRAC examinations, and advising on technical solutions for automating storage and data retrieval. When the regulator requests documents, you have 30 days. We help you be ready in advance.
Record-keeping — is not a bureaucratic formality, but a protective mechanism for your business. A properly organized record-keeping system saves time during examinations, reduces the risk of penalties, and provides an evidentiary basis in disputes. Contact MapleBiz for a consultation on organizing your MSB compliance system — prevent problems before they arise.
