MSB Compliance vs Tax Compliance in Canada: What’s the Difference and Why Both Matter?

Two Compliance Regimes, One Business

If you operate a Money Service Business in Canada, you are subject to two entirely separate compliance frameworks administered by two different federal bodies, under two different pieces of legislation, with two different penalty regimes, and two different audit processes.

Framework 1 — Regulatory Compliance Administered by FINTRAC under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). Its purpose is to detect and deter money laundering and terrorist financing by requiring MSBs to implement AML/CTF controls, know their customers, monitor transactions, and report suspicious activity.

Framework 2 — Tax Compliance Administered by the Canada Revenue Agency (CRA) under the Income Tax Act (ITA) and the Excise Tax Act (ETA). Its purpose is to ensure that business income — including the income earned through MSB activities — is correctly reported and taxed, and that GST/HST, payroll, and information return obligations are met.

These two frameworks operate in parallel. Compliance with one confers no benefit, credit, or safe harbour under the other. An MSB can be a model FINTRAC registrant — with a perfect effectiveness review score — and simultaneously be carrying material CRA exposure through unreported foreign exchange gains, missed information returns, or incorrect GST/HST treatment. The reverse is equally true.

This article is a definitive guide to understanding both regimes, how they differ, where they overlap, and how Canadian MSBs can build a compliance framework that addresses both without duplication of effort or dangerous blind spots.

What Is MSB Regulatory Compliance (FINTRAC)?

FINTRAC regulatory compliance encompasses everything an MSB must do to satisfy its obligations under the PCMLTFA and its associated Regulations. These obligations attach to the activity of being an MSB — they are triggered by registration and apply continuously regardless of the MSB’s size, revenue, or transaction volumes.

Core Regulatory Compliance Obligations

1. Registration Every MSB must register with FINTRAC before commencing MSB activities. Registration must be renewed every two years from the registration date. Failure to register or renew is a criminal offence under the PCMLTFA.

2. AML/CTF Compliance Program Every registered MSB must develop, implement, and maintain a written compliance program covering:

• Compliance policies and procedures (reviewed every two years)
• A business-wide risk assessment
• An ongoing training program
• An effectiveness review (internal or independent)
• A designated compliance officer

3. Know Your Client (KYC) and Client Identification MSBs must verify the identity of clients for transactions above specified thresholds. Under the PCMLTFA Regulations, identity verification is required for:

• Cash transactions of $3,000 or more in a single transaction
• Currency exchange transactions of $3,000 or more in a single transaction
• Virtual currency transactions of $1,000 or more

Note that these identity verification thresholds are separate from the Large Cash Transaction Report (LCTR) threshold of $10,000 — LCTRs are required regardless of whether identity has been verified. For business clients, beneficial ownership must also be verified.

4. Transaction Reporting MSBs must file the following reports with FINTRAC:

• Large Cash Transaction Reports (LCTRs) — for cash transactions of $10,000 or more
• Electronic Funds Transfer Reports (EFTRs) — for international EFTs of $10,000 or more
• Suspicious Transaction Reports (STRs) — where there are reasonable grounds to suspect money laundering or terrorist financing
• Terrorist Property Reports (TPRs) — where property is owned or controlled by a listed terrorist entity

5. Record-Keeping MSBs must retain KYC records, transaction records, and compliance program documentation for five years.

For a comprehensive guide to FINTRAC compliance requirements, see our FINTRAC AML requirements guide.

What Is MSB Tax Compliance (CRA)?

CRA tax compliance for a Canadian MSB encompasses the obligations that arise from earning income and conducting business in Canada. These are not triggered by FINTRAC registration — they arise from the corporate structure, the activities conducted, the revenue earned, and the employment relationships maintained.

Core Tax Compliance Obligations

1. Corporate Income Tax (T2) Every incorporated MSB must file a T2 Corporation Income Tax Return annually. The return must be filed within six months of fiscal year end, though taxes are due within two or three months depending on CCPC status. MSBs must correctly characterise all income — exchange gains, remittance fees, crypto proceeds — and apply the correct tax rates.

2. GST/HST Most core MSB services are exempt financial services under the Excise Tax Act. However, ancillary technology, platform, and administrative fees may be taxable. MSBs must determine whether registration is required, file returns on the required schedule, and correctly apportion Input Tax Credits between exempt and taxable activities.

3. Payroll Source Deductions MSBs with employees must deduct CPP contributions, EI premiums, and income tax from each pay period and remit on the required schedule. T4 slips must be filed by the last day of February.

4. Information Returns MSBs may be required to file T5s (dividends), T1134s (foreign affiliates), T1135s (foreign assets), and T106s (transfer pricing) depending on corporate structure and international activities.

5. Corporate Tax Instalments Quarterly instalment payments are required once net taxes payable exceed $3,000 in the current or either of the two preceding years.

For a technical deep-dive into each CRA obligation, see our guide on Canadian MSB tax obligations: corporate tax, GST/HST and reporting requirements.

Side-by-Side Comparison: FINTRAC vs CRA Obligations

Dimension	FINTRAC Regulatory Compliance	CRA Tax Compliance
Governing body	FINTRAC	Canada Revenue Agency
Governing legislation	PCMLTFA and Regulations	Income Tax Act, Excise Tax Act
Purpose	Detect / deter money laundering and terrorist financing	Ensure correct reporting and payment of taxes
Triggered by	MSB activity registration	Incorporation and income-earning activity
Core obligations	AML program, KYC, transaction reporting, record-keeping	T2, GST/HST, payroll, information returns, instalments
Filing with	FINTRAC online portal	CRA (My Business Account / EFILE)
Primary audit type	FINTRAC effectiveness review	CRA income tax / GST audit
Audit notice	Typically advance notice given (unannounced reviews possible)	Can be desk review, requirement for information, or full field audit
Record retention	5 years	6 years — in practice, maintain all records for 6 years to satisfy both regimes simultaneously
Maximum penalty	$1,000,000+ per violation (AMPs)	50% of understated tax (gross negligence); criminal prosecution for evasion
Personal liability	Officers / directors can be named in FINTRAC violations	Directors liable for unremitted payroll deductions under s.227.1 ITA
Self-reporting	STRs required; no voluntary disclosure equivalent	CRA Voluntary Disclosures Program (VDP) available
Regulator’s public profile	FINTRAC publishes penalty decisions	CRA publishes limited enforcement information

Why MSBs Confuse the Two — and Why That’s Dangerous

The confusion between regulatory and tax compliance is understandable. Both involve the word “compliance.” Both involve the government. Both involve record-keeping. And many of the same records — transaction histories, customer identification, exchange rates — are relevant to both. But the confusion has real consequences.

The Four Most Dangerous Misconceptions

Misconception 1: “I have a compliance officer — my compliance is covered.” A compliance officer appointed for FINTRAC purposes has no mandate over CRA tax obligations. Their expertise is in AML/CTF, not tax law. An MSB that relies on its MLRO to ensure tax compliance is leaving its CRA obligations entirely unmanaged.

Misconception 2: “My accountant handles my compliance.” A general accountant or bookkeeper handles tax filings — they have no obligation to ensure FINTRAC registration is current, that a compliance program is in place, or that transaction reporting is occurring. If your accountant is your only compliance resource, your FINTRAC obligations are uncovered.

Misconception 3: “FINTRAC and CRA don’t talk to each other.” This is factually incorrect. FINTRAC is legally authorised to disclose information to the CRA where it relates to tax evasion or proceeds of crime. FINTRAC transaction reports — including the financial details of large cash transactions and suspicious transactions — are accessible to CRA investigators under the relevant legislative gateways. An MSB that assumes its FINTRAC disclosures are invisible to CRA is operating under a dangerous and false assumption.

Misconception 4: “If FINTRAC hasn’t audited me, I’m fine.” FINTRAC and CRA conduct entirely independent audit programs. Being clear of a FINTRAC review provides no information about your CRA risk status, and vice versa. The absence of one regulator does not indicate the absence of the other.

The Penalty Picture: What Each Regulator Can Do to You

Understanding the penalty exposure under each regime is essential for any MSB operator making resource allocation decisions about compliance investment.

FINTRAC Penalties

FINTRAC enforces compliance through Administrative Monetary Penalties (AMPs) under Part 5 of the PCMLTFA. The penalty structure was significantly strengthened in 2019 and again in amendments that followed.

Non-criminal violations are classified as either “serious” or “very serious” under the PCMLTFA’s AMP framework — with penalty maximums varying by classification. Serious violations attract penalties of up to $1,000,000 per violation for a business (up to $100,000 for individuals); very serious violations, introduced through 2022 legislative amendments, can attract higher maximum penalties. Each distinct compliance failure constitutes a separate violation — meaning a single FINTRAC effectiveness review that identifies failures across multiple compliance program components can generate aggregate penalties far in excess of $1 million.

FINTRAC typically conducts effectiveness reviews of registered MSBs on a 3–5 year cycle, though higher-risk businesses and previously penalised entities may be reviewed more frequently. New MSBs should expect their first effectiveness review within the first two to three years of registration.

Criminal offences under the PCMLTFA — including operating without registration and knowingly failing to report — can result in prosecution, with fines and imprisonment.

FINTRAC publishes the names of penalised businesses and the amounts of penalties on its website. The reputational consequences of a public FINTRAC penalty can be severe — particularly for an MSB’s banking relationships.

For a real-world illustration of FINTRAC enforcement, see our case study on FINTRAC’s $229,350 penalty against Simple Canadian Services and our analysis of Canada’s historic $176M FINTRAC AML penalty.

CRA Penalties

The CRA’s penalty regime operates on a different model — primarily financial rather than reputational, and deeply compounding over time through interest.

Violation	CRA Penalty
Late T2 filing (first offence)	5% of unpaid taxes + 1% per month (max 12 months)
Late T2 filing (repeat)	10% of unpaid taxes + 2% per month (max 20 months)
Gross negligence / false statement	50% of understated tax (s.163(2) ITA)
Failure to file information return (T1134/T1135)	$25 per day (min $100, max $2,500); gross negligence: 5% of cost of foreign property
Unremitted payroll deductions	10% penalty + daily compound interest; director personal liability under s.227.1 ITA
Tax evasion (criminal — summary conviction)	Fine of 50%–200% of evaded tax + up to 2 years imprisonment (s.239 ITA)
Tax evasion (criminal — indictment)	Fine of 100%–200% of evaded tax + up to 5 years imprisonment (s.239 ITA)

The CRA also charges compound daily interest on all unpaid balances at the prescribed rate plus 4% — meaning a tax debt left unaddressed for several years can grow substantially before CRA makes formal contact.

Where Regulatory and Tax Compliance Intersect

While the two regimes are separate, there are meaningful areas of overlap that MSBs must navigate carefully.

Shared Record-Keeping Obligations

Both FINTRAC and CRA require MSBs to maintain records of financial transactions — but the specific records required and the purposes they serve are different:

Record Type	FINTRAC Requirement	CRA Requirement
Transaction records	KYC, threshold transaction, and STR support	Income calculation, exchange gain/loss reporting
Exchange rate records	Part of transaction documentation	Required for foreign currency gain/loss computation
Client identification	Mandatory for specified transactions	Not a tax requirement per se
Bank statements	Part of record-keeping obligations	Essential for reconciliation and income verification
Crypto transaction logs	Required for virtual currency transactions	Required for ACB calculation and taxable disposition reporting

A well-designed record-keeping system serves both regulators simultaneously. An MSB that maintains transaction records only to the FINTRAC standard — without the exchange rate and CAD-equivalent information required for tax purposes — will have records that satisfy FINTRAC but are useless for T2 preparation.

The FINTRAC-CRA Information Gateway

Under section 55 of the PCMLTFA, FINTRAC is authorised to disclose designated financial intelligence to specified recipients including the CRA, where the statutory disclosure conditions are met — including where the information relates to tax evasion or proceeds of crime. Financial intelligence derived from FINTRAC’s analysis of transaction data can therefore reach CRA investigators through this statutory gateway.

This gateway has practical implications for MSBs. A Suspicious Transaction Report filed by an MSB about a client does not by itself trigger CRA attention to the MSB. But patterns in FINTRAC data — including discrepancies between reported transaction volumes and filed tax returns — can form the basis for CRA inquiry.

Beneficial Ownership: A Shared Concern

Both FINTRAC and CRA require MSBs to understand and disclose their beneficial ownership structures. FINTRAC requires disclosure of owners with 20% or more ownership at registration. CRA requires disclosure of shareholders in Schedule 50 of the T2, and corporate beneficial ownership registers are now required under the CBCA. An MSB with undisclosed or opaque ownership structures faces exposure under both regimes.

Who Is Responsible for Each?

Regulatory Compliance Responsibility

FINTRAC compliance requires a designated compliance officer — an individual who is accountable for the implementation and effectiveness of the AML/CTF program. This person:

• Must have sufficient authority, resources, and independence to do the job
• Is typically an internal senior employee (or, for smaller MSBs, the owner/director)
• Can be outsourced to an external MLRO service provider

ComplyFactor offers outsourced MLRO services for MSBs that prefer to have an experienced professional serve as their compliance officer without adding a full-time hire.

Tax Compliance Responsibility

Tax compliance does not require a formally designated individual in the same way as FINTRAC — but the practical consequence of having no qualified person managing CRA obligations is severe. For most MSBs, tax compliance is the responsibility of:

• An external CPA firm engaged to prepare T2 returns, GST/HST filings, and information returns
• An internal controller or CFO at larger operations
• The owner-director at early-stage MSBs — which is the highest-risk scenario, since owners rarely have the tax expertise to manage all CRA obligations without professional support

Director Personal Liability: Both Regimes

Directors face personal exposure under both frameworks:

• Under s.227.1 of the ITA, directors are personally liable for unremitted source deductions
• Under the PCMLTFA, directors and officers can be named in FINTRAC administrative penalty proceedings for compliance failures

The Cost of Getting Either Wrong

The True Cost of FINTRAC Non-Compliance

The direct costs of a FINTRAC enforcement action include:

• Administrative monetary penalties — potentially millions of dollars
• Remediation costs — rebuilding compliance programs under regulatory scrutiny
• Banking relationship termination — banks actively monitor FINTRAC penalty publications
• Reputational damage — FINTRAC publishes all penalised businesses publicly
• Criminal prosecution — in severe cases, particularly for wilful non-registration

For a detailed breakdown of what FINTRAC non-compliance costs in practice, our analysis of the $176M FINTRAC penalty and the FINTRAC $229,350 fine are instructive case studies.

The True Cost of CRA Non-Compliance

The direct costs of CRA non-compliance compound over time in ways that are not always visible until CRA makes contact:

• Tax arrears — the underlying unpaid tax, potentially going back the full reassessment period (3 years standard for CCPCs from the date of the original notice of assessment; unlimited where CRA establishes misrepresentation attributable to neglect, carelessness, wilful default, or fraud)
• Late filing penalties — 5–10% of unpaid taxes, compounding
• Arrears interest — prescribed rate plus 4%, compounding daily from the original payment deadline
• Gross negligence penalties — 50% of understated tax where CRA establishes knowing or grossly negligent understatement
• Information return penalties — per-day penalties for T1134/T1135 failures, regardless of tax owing
• Director personal liability — personal assessment for unremitted payroll deductions
• VDP ineligibility — once CRA initiates contact, voluntary disclosure is no longer available

An MSB that has, for example, operated for three years without reporting foreign exchange gains, failed to file T1135s for foreign bank accounts, and misclassified agents as contractors faces an aggregate exposure that can easily reach hundreds of thousands of dollars — all from genuine operational errors rather than intentional evasion.

How to Build a Compliance Framework That Covers Both

The most effective approach for a Canadian MSB is to treat regulatory and tax compliance as two pillars of a single integrated compliance framework — sharing infrastructure where possible, but maintaining clear ownership and accountability for each.

The Integrated Compliance Calendar

Period	FINTRAC Obligations	CRA Obligations
Ongoing	Transaction monitoring, STR/LCTR filing, KYC maintenance	Payroll remittances per schedule
Monthly	Review transaction reports, update risk assessments	Review tax accruals; remit GST/HST if monthly filer
Quarterly	Compliance training reviews; agent oversight	Corporate tax instalment payments; GST/HST if quarterly filer
Annually	Compliance program effectiveness review; FINTRAC registration renewal check	T2 filing, T4/T5 filing, T1134/T1135/T106 filings
Every 2 years	FINTRAC registration renewal; compliance policy review	—

Record-Keeping System Design

Design your transaction records system to satisfy both regulators simultaneously:

• Every transaction record should capture: date, amount in original currency, CAD equivalent at transaction date, client identification (where required), and transaction type
• Exchange rates used should be from a consistent, documented source (e.g., Bank of Canada noon rate)
• Crypto transaction logs should include: coin type, quantity, FMV in CAD at transaction date, counterparty details
• Client identification records should be maintained in a system that enables both FINTRAC record-keeping compliance and CRA audit trail support

Governance Structure

• Compliance Officer — accountable for FINTRAC program
• CPA / Finance function — accountable for CRA obligations
• Senior management / Board — oversight of both, with regular reporting on compliance status in each regime
• Annual review — formal assessment of compliance status across both frameworks

For a detailed guide to building a robust AML compliance program, see our complete AML program blueprint.

How ComplyFactor Helps

ComplyFactor exists precisely at the intersection that this article describes — the gap between regulatory and tax compliance that most Canadian MSBs leave partially or entirely unaddressed.

Our integrated MSB compliance services include:

FINTRAC / Regulatory:

• AML/CTF compliance program development and implementation
• FINTRAC registration and renewal support
• Outsourced MLRO / compliance officer services
• FINTRAC effectiveness review preparation
• AML audit and advisory services

CRA / Tax:

• T2 corporate tax return preparation
• GST/HST registration, filing, and ITC apportionment
• Payroll compliance (federal and provincial)
• T1134, T1135, T106 information return filing
• CRA audit representation and voluntary disclosure support

Integrated:

• Combined compliance calendar management
• Record-keeping system design for dual-regulator compliance
• Beneficial ownership register maintenance
• Director liability risk assessment and mitigation

Visit our AML compliance program page, global MLRO services, AML audit services, and Canada PSP and MSB regulatory framework page for more detail.

Contact ComplyFactor to build a compliance framework that covers both sides of your MSB obligations.

FAQ

Is FINTRAC compliance the same as tax compliance for a Canadian MSB? No. They are entirely separate frameworks administered by different federal bodies under different legislation. FINTRAC compliance relates to anti-money laundering obligations; CRA compliance relates to tax reporting and payment. Compliance with one does not satisfy the other.

Can FINTRAC share my transaction data with CRA? Yes. Under section 55 of the PCMLTFA, FINTRAC is authorised to disclose designated financial intelligence to the CRA where the statutory conditions are met, including where the information relates to tax evasion or proceeds of crime. Financial intelligence derived from FINTRAC transaction data can reach CRA investigators through this gateway.

Who should be responsible for each type of compliance in my MSB? FINTRAC compliance requires a designated compliance officer — often outsourced to an MLRO service provider for smaller MSBs. CRA tax compliance requires a qualified CPA. Both need clear ownership; leaving either without a responsible, qualified person is a material compliance gap.

What happens if I have a FINTRAC penalty — does CRA get notified? Not automatically. However, FINTRAC publishes penalty decisions publicly, and the underlying facts that led to the FINTRAC penalty may also contain information relevant to CRA. A FINTRAC enforcement action that reveals unreported cash transactions, for example, is likely to attract CRA attention.

Can I use the same records to satisfy both FINTRAC and CRA? Largely yes, with careful design. Your transaction records must be structured to capture the information both regulators require — which includes CAD-equivalent values and exchange rates for CRA purposes, and client identification and transaction details for FINTRAC purposes. A single well-designed record-keeping system can serve both.

Is there a voluntary disclosure option for CRA like there is for FINTRAC? CRA has a Voluntary Disclosures Program (VDP) through which taxpayers can come into compliance for past errors, with penalty relief and protection from prosecution, provided the disclosure is made before CRA initiates contact. FINTRAC does not have a formal equivalent programme. However, FINTRAC does consider cooperation, transparency, and proactive self-remediation as factors when determining penalty amounts under the AMP framework — an MSB that identifies compliance gaps, reports them to FINTRAC proactively, and implements corrective action before a review will generally receive more favourable treatment than one where deficiencies are discovered under examination.

Related Articles:

• Accounting and Tax Compliance for MSBs in Canada
• Canadian MSB Tax Obligations: Corporate Tax, GST/HST and Reporting
• Setting Up an MSB in Canada: Tax, Licensing and Financial Reporting
• FINTRAC AML Requirements Guide
• How to Apply for a FINTRAC MSB License
• Common Mistakes to Avoid in MSB Registration
• AML Review vs AML Audit
• The Complete AML Program Blueprint
• Canada MSB License: Complete Guide
• FINTRAC’s $229,350 Penalty: Case Study
• Canada’s Historic $176M FINTRAC Penalty: Lessons for MLROs
• MSB vs PSP Licenses in Canada
• Canada 2025 Assessment of ML/TF Risks