Key points for currency exchange and remittance MSBs
- FINTRAC registration is mandatory for currency exchange and remittance businesses—there is no exemption.
- Your compliance program must be documented and specific to your business model, not generic.
- Client identification is required for applicable transactions before processing them.
- Transaction monitoring and suspicious activity reporting are ongoing obligations with strict deadlines.
- Independent effectiveness review is required to demonstrate your controls actually work.
- Common mistakes like weak KYC, slow reporting, and poor documentation are the top enforcement triggers.
Currency exchange and remittance businesses operate at the front line of financial crime. Every transaction involves money movement across borders, customer identification challenges, and exposure to jurisdictions with weaker AML controls. FINTRAC recognizes this inherent risk. That's why Money Services Businesses (MSBs) handling currency exchange and remittance payments face heightened compliance scrutiny in Canada.
If your business exchanges currency or processes remittance payments, FINTRAC compliance is not optional. It's your legal foundation to operate in Canada. This guide explains what FINTRAC MSB compliance means, what your compliance program must include, and how to build controls that actually work in practice.
Why Currency Exchange and Remittance MSBs Face Higher AML Risk
Currency exchange and remittance businesses handle money specifically designed to cross borders. This makes them attractive to people engaged in financial crime: money laundering, sanctions evasion, terrorist financing, and fraud.
The financial flows create genuine risk. A currency exchange desk might process hundreds of cash transactions daily. A remittance company might send millions of dollars annually to countries with developing AML frameworks. These volumes, combined with cash handling and rapid international movement, create environments where illicit money can move relatively quickly.
FINTRAC treats these business types as higher risk because of cash handling, cross-border transaction volume, and exposure to high-risk payment corridors. FINTRAC expects AML compliance programs tailored specifically to these risks, not generic controls copied from other financial services.
Who Qualifies as a Money Services Business in Canada?
FINTRAC defines Money Services Businesses under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). An MSB is a person or entity that engages in one or more of these activities:
- Foreign exchange dealing — buying, selling, or exchanging currency
- Money transmission — remitting funds (including remittance payments), moving money between accounts
- Selling money orders, traveller's cheques, or similar instruments
- Virtual currency dealing — where applicable to your business
- Other prescribed activities under FINTRAC rules
If you exchange currency or process remittance payments, you are an MSB regardless of how you label your business. You must register with FINTRAC unless an exemption applies. Your business needs a FINTRAC registration number to legally operate.
Registration is the starting point. It confirms that FINTRAC knows who you are, where you operate, and what activities you conduct. Compliance is the ongoing work of making sure you follow the rules.
FINTRAC Registration Requirements for MSBs
FINTRAC registration for MSBs is free but mandatory. Your registration is valid for two years. After two years, you must renew—without exception and without grace periods. A lapsed registration means operating illegally under Canadian federal law.
To register, you provide:
- Business name and all operating locations
- Beneficial ownership information
- MSB activities you conduct
- Senior officer designation (your compliance officer or equivalent)
- Confirmation that you have a compliance program in place
FINTRAC reviews your application. If complete and accurate, registration is usually granted. If FINTRAC has concerns about your beneficial ownership structure or the jurisdictions you serve, processing may take longer.
Once registered, FINTRAC may conduct examinations to verify that your compliance program actually works. These examinations are a normal part of regulatory oversight.
Core AML Compliance Program Requirements
FINTRAC requires every MSB to have a documented compliance program addressing specific requirements under PCMLTFA. Here's what you need:
Compliance Officer Appointment
Designate a compliance officer—someone with the authority to set policy, approve decisions, and escalate issues. This person should have direct access to senior management. They cannot be an external consultant only; the compliance officer must be part of your organization.
Your compliance officer should understand currency exchange and remittance risks specifically. They need to know what suspicious activity looks like in your business, not just generic AML concepts. Many MSBs benefit from Fractional MLRO support to strengthen their compliance function.
Written Policies and Procedures
Document how your business conducts AML compliance. Write policies covering customer identification, transaction monitoring, suspicious activity escalation, and record-keeping. These policies must be specific to your business model.
A policy copied from another business type won't satisfy FINTRAC. Be explicit about how each procedure applies to currency exchange or remittance payment flows. Explain your decision-making process. Show that your controls are designed for your specific risks.
Risk Assessment
Conduct a risk assessment documenting the AML/CFT risks your business faces. Identify:
- Customer types and their risk profiles
- Geographic regions where money flows
- Currencies you exchange and volumes
- Illicit activity risks specific to your corridors
- Cash handling volumes and customer onboarding challenges
Use this assessment to justify your control design. If you identify high-risk remittance corridors, your monitoring should be more aggressive. If you handle large daily cash volumes, your customer identification controls need to work efficiently at that scale.
Ongoing Training
Train your staff on AML compliance. Everyone handling customer interaction or transactions needs to understand:
- How to identify suspicious activity
- When and how to escalate concerns
- How to conduct customer identification correctly
- What records to keep and how
Train your team specifically on currency exchange and remittance AML risks, not generic concepts.
Independent Effectiveness Review
Hire an external reviewer to test your compliance program at least annually or biannually. This person should examine whether:
- Your policies match your actual operations
- Your staff follow documented procedures
- Your customer identification process works correctly
- Your transaction monitoring detects suspicious patterns
- Your escalation procedures function as documented
- Your records are complete and retention meets requirements
An Independent Effectiveness Review demonstrates to FINTRAC that your program actually works. It also identifies gaps you can address proactively before an examination.
Client Identification and Know Your Client Requirements
MSBs must verify customer identity for applicable transactions and business relationships under PCMLTFA. The requirements vary by transaction type, amount, and customer category.
For customer identification, you collect and verify:
- Full legal name
- Date of birth
- Address
- Identification type and number
- For businesses: registration information and beneficial ownership
For currency exchange, you typically identify customers before processing each transaction. For remittance payments, you identify both sender and beneficiary. You need to understand the purpose of the transfer and verify that the destination jurisdiction allows the transfer (sanctions screening).
FINTRAC expects you to collect this information upfront. You cannot complete the transaction first and identify the customer afterward.
Maintaining accurate customer records is essential. FINTRAC expects you to link every transaction to a customer file containing identification and verification documents. During examinations, you should be able to retrieve these files quickly.
Transaction Monitoring and Suspicious Activity Detection
Establish monitoring rules that flag potentially illicit activity. Your rules should reflect your specific business model.
For currency exchange MSBs, monitor for:
- Unusually large transactions relative to customer history
- Transactions inconsistent with the customer's stated purpose
- Rapid movement of funds in and out
- Multiple small transactions structured to avoid thresholds
- Transactions involving high-risk jurisdictions
For remittance MSBs, monitor for:
- Beneficiaries in high-risk jurisdictions
- Large transfers to countries with developing AML controls
- Frequent transfers to the same beneficiary in short timeframes
- Transactions from sources inconsistent with customer's stated income
- Rapid movement of received funds to unrelated third parties
When a transaction triggers an alert, investigate it. Document your findings and decision. If you conclude the transaction is suspicious, escalate it according to your procedures. If you conclude it's legitimate, document your reasoning.
Reporting Obligations for Canadian MSBs
FINTRAC requires specific reports. These are not optional. Filing deadlines are strict. Failure to file carries enforcement consequences.
Suspicious Transaction Reports
File a Suspicious Transaction Report (STR) when you have reasonable grounds to suspect that a transaction involves proceeds of crime or relates to terrorist financing. Submit the report as soon as practicable after reasonable grounds are established. FINTRAC expects prompt reporting—delays undermine the intelligence value.
Reasonable grounds means more than speculation. There must be some factual basis for your concern. A customer's nervousness alone doesn't justify an STR. But a customer's reluctance to provide identification combined with a large cash transaction to a high-risk jurisdiction does.
Large Cash Transaction Reports
File a Large Cash Transaction Report (LCTR) for every transaction involving $10,000 or more in Canadian or foreign currency (in a single transaction or linked transactions within five business days). File within 30 days of the transaction.
This requirement is objective—there's no discretion. Once you process cash at or above $10,000, you must report it.
Electronic Funds Transfer Reports
File an Electronic Funds Transfer Report (EFTR) for outbound transfers of $10,000 or more. Include customer identification, beneficiary details, and transfer information. File within 30 days of the transaction.
For remittance businesses, every outbound remittance payment at or above $10,000 triggers an EFTR requirement.
Large Virtual Currency Transaction Reports
If you facilitate virtual currency transactions or exchanges involving $10,000 or more, file Large Virtual Currency Transaction Reports. This applies if your remittance or exchange operations include any crypto or stablecoin services.
Record Keeping Requirements
Keep records for five years after the transaction or customer relationship ends:
- Customer identification documents and verification dates
- Every transaction and its details
- Suspicious activity investigations and conclusions
- Every report filed with FINTRAC
- Compliance officer appointment documentation
- Risk assessment and updates
- Staff training records and dates
- Independent effectiveness review results
FINTRAC examiners will request records during examinations. If you cannot produce them promptly, regulators will question whether your controls are actually functioning.
Digital record-keeping is acceptable but must be secure, with backup systems and access controls. Records must be legible and retrievable.
Common Compliance Mistakes Currency Exchange and Remittance Businesses Make
Weak customer identification: Accepting a customer's word without verification. Collecting ID documents but not verifying them. Failing to identify beneficial owners of business customers.
Inadequate transaction monitoring: Setting alert thresholds too high or failing to configure rules. Closing suspicious activity alerts without investigation or documentation.
Slow or missed reporting: Filing Suspicious Transaction Reports weeks after reasonable grounds are established. Missing Large Cash Transaction or Electronic Funds Transfer reporting deadlines.
Generic policies: Copying policies from other industries. Policies that don't specifically address currency exchange or remittance risks.
Weak compliance officer role: Designating a compliance officer but not giving them authority or access. Treating compliance as a part-time responsibility.
Poor record-keeping: Collecting customer identification but losing track of which transaction belongs to which customer. Not documenting suspicious activity investigations.
Inadequate training: Assuming staff understand AML compliance without formal training. Not updating training as regulations or your business model change.
These mistakes are correctable. But FINTRAC doesn't grant exemptions based on effort or intent. If your program has significant gaps, you're vulnerable to enforcement action.
Practical Steps for Currency Exchange and Remittance MSBs
Step 1: Map your MSB activities
Document exactly what services you provide. Are you a currency exchange dealer, remittance provider, or both? What currencies do you handle? What geographic corridors do you serve? This clarity drives your compliance design.
Step 2: Confirm your FINTRAC registration category
Verify that your FINTRAC MSB Registration accurately reflects your activities. If your business model has changed, update your registration with FINTRAC.
Step 3: Build customer identification workflows
Design a process that works at your transaction volume. If you process cash daily, can you collect and verify ID efficiently? If you operate online, what documents do you require? Document your process.
Step 4: Create transaction monitoring rules by corridor and customer risk
Don't use one-size-fits-all rules. Set monitoring thresholds and alert criteria that reflect your specific corridors and customer base. High-risk destinations warrant more aggressive monitoring.
Step 5: Document your suspicious transaction escalation process
Who investigates alerts? Who decides whether to file an STR? What documentation is required? Make this clear and repeatable.
Step 6: Review records monthly
Don't wait for FINTRAC examination. Regularly verify that customer files are complete, transactions are recorded, and monitoring is functioning.
Step 7: Schedule your effectiveness review
Plan this annually or biannually. Build the cost into your budget. Use the reviewer's findings to improve your program. Your AML Compliance Program Canada depends on this independent verification.
Step 8: Train frontline staff on real scenarios
Generic training is forgettable. Train staff on scenarios you actually encounter. What does suspicious activity look like in your currency exchange desk? What red flags should remittance staff watch for? Make training relevant.
Final Thoughts
AML compliance for currency exchange and remittance MSBs is not inherently complex. FINTRAC has published clear expectations. The PCMLTFA defines requirements. Guidance documents spell out what programs should contain.
The real challenge is implementation at operational scale. Currency exchange and remittance businesses operate at speed with high transaction volumes. Building controls that work at this scale without creating operational friction is the genuine difficulty.
If your compliance program feels like a burden rather than a natural part of your operations, it may not be working effectively. The best compliance frameworks integrate into your business processes.
If your compliance program needs assessment or improvement, consider an independent review to identify gaps and build a framework tailored to your specific operations. AML Advisory Canada services can help. ComplyFactor works with currency exchange and remittance MSBs across Canada to strengthen AML compliance programs.
Disclaimer: This article is general information only and does not constitute legal advice. Consult with a compliance professional or legal advisor about your specific business obligations.