Buy a Canadian MSB: FINTRAC Registration Due Diligence Guide

When you search "buy Canadian MSB" or "MSB licence Canada for sale," you're usually looking for a faster way into the Canadian money services market. But acquiring a FINTRAC-registered MSB entity is fundamentally different from purchasing a standalone licence. What you're actually buying is a corporation with existing FINTRAC registration, AML obligations, ownership records, and banking relationships. The real risk is assuming registration alone means operational readiness.

This guide covers the compliance and operational due diligence you need to complete before acquiring a Canadian MSB for sale, including registration verification, AML program assessment, pre-closing and post-closing obligations, banking realities, and the documents you should request from the seller.

Understanding the Difference Between FINTRAC Registration and Operational Readiness

Many people use the phrase "buying an MSB licence," but Canada does not issue standalone "licences" for money services businesses. Instead, entities register with FINTRAC under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). Registration confirms that FINTRAC knows about the entity and its registered services. It does not confirm that the entity is compliant, has functioning AML controls, or is ready to operate.

When you buy a Canadian MSB, you're acquiring:

• A registered corporation or entity known to FINTRAC
• An existing registration status for specific money services (e.g., foreign exchange, remittance, virtual currency)
• The entity's compliance records (or lack thereof)
• Its banking history and current account status
• Its ownership structure and regulatory filing history

The critical due diligence challenge is this: a clean registration and zero operating history do not equal zero compliance risk. Buyers often search for "ready-made MSB Canada" or "FINTRAC registered MSB for sale" hoping to skip compliance work. This is a misunderstanding. Whether the entity is new or has a 10-year history, you will need to review its AML compliance program, verify FINTRAC registration accuracy, update ownership information, and prepare banking documentation.

Key FINTRAC Registration Checks

Before committing to an acquisition, verify the following:

Registration Status & Scope

• Use the FINTRAC MSB Registry to confirm the entity is currently registered (not suspended or revoked).
• Confirm the registered activities match your planned business model. If you plan to offer virtual currency services but the entity is only registered for remittance, you'll need a registration amendment before launch.
• Note the registration effective date and renewal date. FINTRAC MSB registrations expire and must be renewed.

Ownership & Control Information

• Review the names, roles, and addresses of all owners, directors, and responsible persons listed in the FINTRAC registration.
• Confirm this information aligns with current corporate records and beneficial ownership documentation.
• Outdated or inaccurate ownership information is a red flag; you'll need to update it post-acquisition.

Compliance Officer

• Verify that the entity has a named compliance officer (also called the "responsible person for MSB obligations").
• Confirm this person's contact details and role are current in FINTRAC's records.
• If no compliance officer is listed, the entity is not compliant with FINTRAC requirements.

Foreign vs. Domestic Status

• Confirm whether the MSB is a Canadian-resident entity or a foreign MSB registered in Canada. The classification affects regulatory obligations and banking treatment.

Regulatory Correspondence

• Ask the seller for any FINTRAC correspondence from the past three years (notices, compliance checks, amendment approvals, or suspensions).
• If there are unresolved issues or outstanding compliance requests, you may inherit them.

AML Compliance Program Review

A FINTRAC-registered MSB must have a written, documented AML compliance program. This is not optional. Request and review the following:

Written Policies & Procedures

• Client identification and beneficial ownership procedures (KYC/CDD)
• Transaction monitoring and sanctions screening processes
• Suspicious transaction reporting (STR) procedures
• Large transaction reporting (LTR) procedures
• Record retention and documentation standards
• Staff training requirements and records
• Conflict of interest and third-party relationships management

Risk Assessment

• A completed money laundering and terrorist financing risk assessment (MLRA/TFRA)
• Confirmation that the assessment is current (ideally updated annually or when the business model changes)
• Evidence that the risk assessment informed the MSB's controls and procedures

Customer Due Diligence Files

• Sample client files (if any customers exist) showing KYC documentation, beneficial ownership information, and ongoing monitoring notes
• Verification that the entity is collecting and retaining required customer information

Transaction Monitoring & Sanctions Screening

• Documentation of how the MSB monitors transactions for unusual patterns or suspicious activity
• Evidence of screening against Canadian sanctions, UN sanctions, and other applicable sanctions lists where relevant
• Records of any suspicious activity alerts or reports generated

Governance & Training

• Records of ongoing AML/ATF training for staff, agents, or other authorized persons
• Documentation of the compliance officer's role and authority
• Board or management-level oversight of the AML program

Independent Review

• Confirmation of whether an independent AML audit or effectiveness review has been completed
• Results and remediation of any audit findings
• Timeline for the next independent review (required at least every two years)

If critical AML documentation is missing, budget for immediate compliance work post-acquisition. Many buyers underestimate this cost.

Pre-Closing vs. Post-Closing MSB Due Diligence

Understanding the difference between pre-closing and post-closing obligations helps you plan the acquisition timeline and compliance budget.

Pre-Closing Due Diligence (Before You Buy)

Your job is to assess the entity's current compliance state and decide if the purchase makes commercial and regulatory sense:

• Review FINTRAC registration status and registered activities
• Assess the completeness and quality of the AML compliance program
• Evaluate the ownership and control structure
• Review banking history and current account status
• Identify any regulatory correspondence or unresolved issues
• Understand the business model and transaction flows
• Confirm the seller can provide all necessary compliance documentation
• Budget for post-closing compliance work and legal/AML advisory costs

Pre-closing due diligence is your chance to walk away if the compliance foundation is too weak or the business model doesn't make sense.

Post-Closing Obligations (After You Buy)

Once you own the entity, regulatory obligations begin immediately:

• FINTRAC registration updates. Within 30 days (or as required), notify FINTRAC of changes to ownership, directors, responsible persons, compliance officer, locations, and any new services you plan to offer.
• Business plan and compliance rollout. Finalize the AML policies and procedures; address any compliance gaps identified during due diligence.
• Compliance officer confirmation. Confirm your designated compliance officer is in place, trained, and understands the role.
• Banking application. Prepare documentation for your bank application, including ownership verification, business model summary, AML policies, and customer base description.
• Independent AML audit. If the previous owner did not complete an audit within the past two years, consider commissioning one to certify your compliance readiness.
• Staff onboarding and training. Ensure all staff understand the AML policies and sanctions screening procedures.
• Customer transition. If existing customers exist, verify that all CDD files are complete and current; if the business model changes, update customer risk ratings accordingly.

The timeline between closing and operational launch typically ranges from 30 to 120 days, depending on banking complexity and compliance readiness.

Documents to Request From the Seller

Create a formal document request list before or during due diligence. This keeps the process organized and ensures you don't miss critical information.

Corporate & Registration Documents

• Certificate of Incorporation and corporate bylaws
• Current corporate search and shareholders register
• FINTRAC MSB registry record, registration number, current registration status, and amendment history
• All FINTRAC correspondence from the past 3–5 years
• Details of any registration renewal dates and status
• List of any agents, subcontractors, or payment processors used

Compliance Program Documents

• Written AML/ATF compliance manual or policy book
• Completed money laundering and terrorist financing risk assessment (with date)
• Client identification procedures and templates
• Beneficial ownership verification process and sample files
• Transaction monitoring procedures and alert thresholds
• Sanctions screening procedures and screening tools used
• Suspicious transaction reporting (STR) procedures and sample reports
• Large transaction reporting (LTR) procedures
• Record retention and destruction policies
• Staff AML training records and training materials
• Compliance officer appointment letter and role description

Operational & Transaction Records

• Customer files (if applicable), with KYC documentation
• Transaction history and volume (previous 12 months, if available)
• Any regulatory examinations or audit reports
• Banking agreements and account history
• Third-party service provider agreements (payment processors, custodians, etc.)
• Details of any previous regulatory issues or compliance violations
• A high-level reporting history, including whether STRs, large cash transaction reports, large virtual currency transaction reports, or EFTRs were filed, subject to confidentiality, privacy, and tipping-off restrictions.

Ownership & Governance

• Details of current owners, directors, and beneficial owners
• Shareholder agreements or voting arrangements
• Compliance officer appointment and contact details
• Board minutes or management records documenting AML oversight

If the seller cannot or will not provide these documents, that itself is a compliance red flag.

Red Flags: When Not to Proceed With an MSB Acquisition

Stop your due diligence immediately if you encounter any of these:

• Seller claims compliance is minimal or unnecessary. This signals a non-compliance culture and regulatory risk.
• No documented AML program or compliance policies. This is a FINTRAC violation and a deal-breaker.
• No named compliance officer or unclear role. FINTRAC requires a responsible person; absence of one means the entity is non-compliant.
• FINTRAC correspondence shows unresolved issues. You may inherit regulatory problems.
• Registered services do not match planned business model. Registration amendments take time; account for this in your timeline.
• No independent AML audit in the past two years. Compliance controls are unverified; you'll need an audit quickly.
• Seller cannot explain transaction history or customer base. Lack of transparency is a concern.
• Banking account was closed or there are unresolved banking issues. Banks may have identified compliance or operational problems.
• Unclear or complex ownership history with multiple rapid changes. This raises beneficial ownership verification concerns.
• Unrealistic banking or timeline promises. If the seller guarantees instant banking or claims "no compliance work is needed," they're not being truthful.

Banking Reality Check: What You Need to Know

Banking is often where MSB acquisitions stall. Here are the realities:

A bank account is not automatic. Even a FINTRAC-registered entity may struggle to open a business account. Banks evaluate MSBs using their own AML risk frameworks and may decline based on business model, geography, customer type, or transaction volume.

Banks will ask for:

• Complete beneficial ownership documentation (legal and certified ID)
• Written AML compliance policies and procedures
• Detailed business plan and transaction flow diagrams
• Compliance officer credentials and role description
• Customer base description and source of funds analysis
• Risk assessment and transaction monitoring procedures
• Sanctions screening procedures and tools used
• High-risk corridor policies (if applicable to remittance or virtual currency)

High-risk segments face additional scrutiny. If you're acquiring an MSB to offer virtual currency services, remittance to high-risk jurisdictions, or services in emerging markets, banks expect robust controls, dedicated compliance staffing, and detailed monitoring.

Start banking conversations early in your post-acquisition phase. Assume a 60–90 day timeline to secure approval.

How ComplyFactor Helps With Canadian MSB Acquisition

Acquiring a FINTRAC-registered MSB is a complex compliance undertaking. ComplyFactor specializes in helping founders and companies navigate the due diligence, regulatory updates, and compliance integration required for successful MSB acquisitions.

We can:

• Review FINTRAC registration status and identify required amendments. We verify registration accuracy and flag services you'll need to add before launch.
• Assess AML compliance program readiness. We audit existing policies against FINTRAC requirements and PCMLTFA obligations, identifying gaps and remediation priorities.
• Advise on ownership and control updates. We clarify which FINTRAC notifications are required post-closing and prepare the necessary documentation.
• Prepare banking documentation and business model summaries. We help you package compliance, ownership, and operational information in a format banks expect to see.
• Provide fractional compliance officer services during and after the transition.
• Arrange independent AML audit services to certify compliance before launch.

Whether you're 30 days from closing or three months into post-acquisition integration, we can help you navigate compliance obligations, reduce regulatory risk, and prepare for banking and customer launch.

Final Thoughts: Making the Acquisition Decision

Buying a Canadian MSB can accelerate your market entry—if you complete proper due diligence. The true value is not in FINTRAC registration status alone. Value comes from:

• Clean, verifiable ownership and control
• Accurate and current FINTRAC registration information
• A functioning, documented AML compliance program
• Realistic banking preparation and relationships
• A sustainable business model that matches the registration
• Clear post-acquisition compliance planning

Successful MSB acquisitions typically involve 8–12 weeks of pre-closing due diligence, followed by 4–8 weeks of post-closing regulatory updates, banking applications, and compliance integration. Budget for legal review, AML advisory, and potential compliance audit costs.

The buyers who struggle are those who assume registration alone eliminates compliance work or that banking is automatic. The buyers who succeed are those who treat the acquisition as a regulatory integration project, not just a corporate purchase.

ComplyFactor Advisory Team

ComplyFactor is a specialist AML and regulatory compliance advisory firm working exclusively with MSBs, PSPs, fintechs, and VASPs across Canada's FINTRAC framework. Our advisors hold CAMS certification and bring direct FINTRAC examination experience to every engagement.

Our services Book a consultation