Crypto MSB License in Canada 2026: Cost & FINTRAC Process

Under the PCMLTFA and its associated regulations, you must register with FINTRAC as an MSB if your business engages in any of the following activities:

Crypto and virtual currency activities:

• Fiat-to-crypto and crypto-to-fiat exchange (on-ramping and off-ramping)
• Crypto-to-crypto exchange (e.g., BTC to ETH, stablecoin swaps)
• Custodial wallet services (holding private keys on behalf of clients)
• Crypto payment processing (accepting or settling crypto payments for merchants)
• Crypto payroll and disbursement (paying employees or contractors in virtual currency on behalf of a business)
• Cross-border crypto remittance (using virtual currencies as rails for international money transfers — triggers both “money transferring” and “dealing in virtual currencies” under the PCMLTFA)

Additional VASP-specific obligations — including the Travel Rule, stablecoin rules, and CSA securities requirements — are covered in the Crypto & VASP-Specific Requirements section below.

Traditional MSB activities:

• Foreign exchange dealing — exchanging one fiat currency for another (e.g., CAD to USD, EUR to GBP)
• Money transferring — sending funds domestically or internationally on behalf of a third party
• Issuing or redeeming money orders, traveller’s cheques, or similar instruments
• Crowdfunding platform services — platforms that provide payment services as part of fundraising

The threshold is low: even a single transaction in any of these categories triggers the registration requirement. There is no de minimis exemption — if your crypto platform facilitates even one trade for a Canadian user, you are in scope.

Certain entities are carved out from the MSB registration requirement under the PCMLTFA. The table below clarifies the boundary between businesses that must register and those that are exempt:

Exemptions depend on your specific business structure and activities. Many crypto businesses operate hybrid models — combining exchange, custody, and payment services — which makes the assessment more nuanced. If you are unsure whether your project falls within scope, we can help you assess your status.

• Zero government fees, low total cost — FINTRAC charges nothing to register. Full-service setup starts from $14,900 USD (including our fees), compared to €50,000–€150,000 in MiCA own-funds requirements alone (plus professional and build-out costs that often push total expenses well above that range), $50,000–$100,000+ for US state money transmitter licenses across multiple states, or $30,000+ for a UK FCA registration.
• No minimum capital requirements — unlike the EU’s MiCA regulation (€50,000–€150,000 minimum own funds depending on service type) or many other jurisdictions, Canada imposes no statutory capital threshold for MSB registration.
• Crypto fully recognized — virtual currency services are explicitly covered under the PCMLTFA since June 2020. You do not operate in a legal grey area — dealing in virtual currencies is a defined MSB activity.
• Flexible corporate structure — no excessive staffing mandates, no local director requirement for Foreign MSBs (FMSBs), and no physical office requirement. This makes it accessible for international entrepreneurs.
• International reputation — FINTRAC registration signals credibility to banks, payment providers, and partners worldwide. Canada is a FATF member, G7 nation, and has a stable regulatory environment.
• Dual market access — serve both Canadian and international clients from a single MSB registration.

FINTRAC is governed by the PCMLTFA and focuses on identifying who is moving money and detecting financial crime. Every MSB operating in Canada — whether domestic or foreign — must register with FINTRAC before commencing operations.

FINTRAC registration requires you to implement and maintain:

• AML/KYC compliance program — written policies and procedures, a designated compliance officer, ongoing training, and a two-year effectiveness review cycle
• Suspicious Transaction Reports (STRs) — filed when there are reasonable grounds to suspect money laundering or terrorist financing
• Large Cash Transaction Reports — mandatory for any cash transaction of CAD $10,000 or more
• Know-Your-Client (KYC) procedures — identity verification for transactions above CAD $1,000
• Record keeping — all transaction and client records must be retained for a minimum of 5 years

The Retail Payment Activities Act (RPAA) is being phased in: registration requirements took effect on November 1, 2024, and full compliance obligations (risk management, safeguarding of funds) apply from September 8, 2025. It introduces a second layer of oversight for payment service providers (PSPs) serving Canadians and is administered by the Bank of Canada.

Where FINTRAC focuses on who is moving money, the RPAA focuses on how you handle the money — operational safety and consumer protection. The act establishes requirements for safeguarding end-user funds, managing operational risks, and reporting incidents that could affect the payment system.

Not all MSBs need RPAA registration — only those that provide retail payment services to end consumers in Canada. However, the definition is broad. If your MSB involves any of the following, you likely need RPAA registration in addition to FINTRAC:

• Payment processing for merchants or consumers
• Fund transfers to end consumers (including crypto-to-fiat payouts)
• Operating a payment platform or payment gateway
• Holding end-user funds as part of a payment transaction

Beyond the two federal tracks, some provinces impose additional requirements on MSBs and crypto businesses:

• Canadian Securities Administrators (CSA) — crypto trading platforms that facilitate the buying and selling of crypto-assets may need to register as securities dealers or marketplaces under provincial securities law. The CSA has issued guidance clarifying that many crypto exchanges fall within securities regulation.
• Quebec: Autorité des marchés financiers (AMF) — Quebec has its own MSB registration requirements through the AMF, which operates parallel to FINTRAC. Businesses serving Quebec residents must comply with both federal and provincial obligations.
• British Columbia — the recommended province for non-resident company formation due to simpler incorporation requirements, no mandatory local director, and a straightforward corporate registry process.

Stablecoins (USDT, USDC, DAI, and similar fiat-pegged or algorithmic tokens) are treated as virtual currencies under the PCMLTFA. There is no separate stablecoin licensing regime in Canada — instead, stablecoin activities fall under the general MSB framework:

• Issuing or redeeming stablecoins — if your platform mints stablecoins in exchange for fiat deposits or redeems them back to fiat, this constitutes dealing in virtual currencies and requires MSB registration.
• Stablecoin exchange services — facilitating swaps between different stablecoins (e.g., USDT to USDC) or between stablecoins and other crypto assets.
• Stablecoin-based payment rails — using stablecoins for cross-border settlement, payroll, or merchant payments means your platform functions as a money transfer service using virtual currencies.
• Potential securities implications — the Canadian Securities Administrators (CSA) may classify certain stablecoins — particularly algorithmic or yield-bearing variants — as securities or derivatives, requiring additional regulatory registration beyond MSB.

Canada has adopted the FATF Travel Rule for virtual asset transactions, imposing specific obligations on MSBs that handle crypto transfers:

• CAD $1,000 threshold — for virtual currency transfers of CAD $1,000 or more, MSBs must collect and transmit full originator and beneficiary data, including names, account references, and transaction details.
• Below-threshold transfers — even transactions under CAD $1,000 require you to collect originator information. The difference is that you are not required to transmit it to the receiving institution, but you must record and retain it.
• Blockchain analytics tools — FINTRAC expects MSBs dealing in virtual currencies to use transaction monitoring tools. Blockchain analytics platforms (such as Chainalysis, Elliptic, or Crystal) are recommended for screening wallet addresses, tracing transaction flows, and flagging suspicious patterns.
• Record retention — all Travel Rule information (originator data, beneficiary data, transaction records) must be retained for a minimum of 5 years from the date of the transaction.

TRISA and OpenVASP protocols: To comply with the Travel Rule for crypto-to-crypto transfers, MSBs need a mechanism to exchange originator/beneficiary data with counterparty VASPs. Two industry protocols have emerged:

• TRISA (Travel Rule Information Sharing Architecture) — an open-source, peer-to-peer protocol that enables VASPs to securely exchange Travel Rule data using encrypted messaging and certificate-based authentication. It is gaining traction among North American compliance teams.
• OpenVASP — an open protocol for Travel Rule compliance that uses decentralised messaging. It is used by several European VASPs and is interoperable with other Travel Rule solutions.
• Commercial solutions — platforms such as Notabene, Sygna Bridge, and Chainalysis Compliance also provide compliance infrastructure. Choose a solution that is interoperable with the VASPs you transact with most frequently.

The Canadian Securities Administrators (CSA) regulate crypto trading platforms that facilitate buying, selling, or trading crypto assets classified as securities or derivatives. This layer of regulation operates in addition to FINTRAC MSB registration — not as a replacement.

Which platforms need CSA registration?

• Platforms that custody user assets — if your exchange holds crypto on behalf of users (even temporarily), the CSA considers those assets to be “contractual rights to an underlying crypto asset,” which are treated as securities or derivatives. This applies to most centralised exchanges.
• Platforms offering margin, leverage, or futures — any crypto product involving derivatives, leveraged trading, or contract-for-difference (CFD) structures falls clearly within provincial securities jurisdiction.
• Staking, lending, and yield platforms — if your platform takes custody of user assets to facilitate staking, lending, or yield generation, the custodial element triggers MSB obligations under the PCMLTFA, and the yield or interest component may also qualify as a security or derivative under CSA rules.
• Platforms listing tokens classified as securities — if a token offered on your exchange meets the definition of a security (e.g., it represents an investment contract, provides profit-sharing, or involves a common enterprise), the CSA requires your platform to register as a dealer or marketplace.
• Platforms that only facilitate Bitcoin and Ether spot trades — the CSA has indicated that Bitcoin and Ether are generally not considered securities. However, if your platform custodies these assets for users, the custody arrangement itself may create a securities obligation.

Registration options under the CSA:

• Restricted dealer registration — a streamlined pathway for crypto trading platforms that meet certain conditions, including limits on leverage and product complexity.
• Investment dealer registration (CIRO member) — required for platforms offering margin trading, derivatives, or a wide range of crypto assets classified as securities.
• Marketplace registration — applies if your platform matches buy and sell orders from multiple users.

A common question from crypto founders is whether non-custodial services — where the platform never holds private keys or takes control of user funds — still require MSB registration. The answer is nuanced:

• Non-custodial wallet providers — if your wallet app generates keys client-side and never has access to user funds, you are generally not classified as an MSB under current FINTRAC guidance. However, if your wallet facilitates exchange transactions (e.g., in-app swap features powered by third-party liquidity), the facilitation itself may bring you into scope.
• DeFi front-ends and aggregators — FINTRAC has not issued definitive guidance on purely decentralised protocols. However, operating a user-facing interface that connects to decentralised protocols does not automatically exempt you. Any entity that acts as an intermediary — facilitating order matching, providing custodial access to DeFi liquidity pools, collecting fees, or controlling the routing of transactions — may be treated as a reporting entity under the PCMLTFA. DEX aggregators with a legal entity or identifiable operators serving Canadian users are likely in scope. The FATF’s 2021 Updated Guidance on Virtual Assets recommends applying VASP obligations to DeFi operators with sufficient control — and Canada aligns closely with FATF standards.
• Peer-to-peer (P2P) facilitators — platforms that match buyers and sellers for direct crypto trades without taking custody still facilitate the exchange of virtual currencies. FINTRAC guidance indicates that facilitating virtual currency transactions — even without holding funds — can constitute “dealing in virtual currencies” under the PCMLTFA.
• Unhosted wallet transfers — MSBs that process transfers to or from unhosted (self-custody) wallets must still apply full KYC and transaction monitoring. FINTRAC does not exempt transactions simply because the counterparty wallet is non-custodial.

• Certificate of incorporation (provincial or federal) — original or certified copy
• Articles of incorporation and corporate bylaws — showing the company’s structure and governance rules; ensure the corporate objects clause is broad enough to cover all planned virtual currency activities
• Corporate structure documentation — showing the complete ownership chain down to natural persons (UBOs), including any foreign parent entities or related crypto companies
• Criminal record certificates — for all directors and owners holding 20% or more of the company
• Identification documents — for directors, CEO/president, and senior management (passport or government-issued ID)
• Proof of registered office address — lease agreement and photographs of premises (FINTRAC verifies physical presence)
• Bank account information — account details or bank application in progress (required for MSBRS submission)
• Contact information — for the business, all agents, and branches (if applicable)

• Detailed crypto business plan — describing the specific virtual currency services you will offer (exchange, custody, payments, OTC, etc.), target markets, client types, revenue model, and competitive positioning
• Description of each MSB service — with estimated annual transaction volumes per service category, broken down by virtual currency type where applicable
• List of supported virtual currencies and blockchain networks — every cryptocurrency, token, and stablecoin your platform will support, along with the blockchain networks you will interact with (e.g., Bitcoin, Ethereum, Solana, Tron)
• Technical infrastructure description — documentation of your platform architecture, including hot wallet/cold wallet structure, exchange matching engine (if applicable), API integrations, and key management systems
• Custody model documentation — whether you operate custodially, non-custodially, or through a third-party custodian; detailing how client virtual currency is held, segregated, and protected

• Compliance officer appointment letter and qualifications — naming the individual, their authority, relevant credentials, and specifically their crypto AML expertise (blockchain analytics proficiency, virtual currency compliance experience)
• Written AML/KYC compliance policies and procedures — tailored to virtual currency operations, covering both on-chain and off-chain transaction flows
• KYC/AML procedures specific to crypto transactions — including on-chain analytics integration, wallet screening and scoring, source-of-funds verification for large crypto deposits, and enhanced due diligence triggers for crypto-specific risk indicators
• Blockchain transaction monitoring policy — documenting how your business will use blockchain analytics tools to screen wallet addresses, trace transactions, and flag high-risk activity
• Virtual currency risk assessment — covering crypto-specific threats: anonymity-enhancing technologies, DeFi interactions, cross-chain bridges, privacy coins, and geographic risk
• Wallet and custody security procedures (if applicable) — hot/cold wallet architecture, multi-signature controls, key management, backup and recovery procedures, and incident response protocols
• Travel Rule compliance documentation — procedures for collecting, transmitting, and receiving originator/beneficiary information for virtual currency transfers above CAD $1,000 as required under PCMLTFA, including integration with Travel Rule compliance protocols (e.g., TRISA, Notabene, Sygna)
• Terrorist financing risk assessment document — covering your crypto business model, supported blockchain networks, geographies, products, and client types
• Compliance training program documentation — including training schedule, materials covering crypto-specific red flags, and record-keeping procedures
• Suspicious Transaction Report (STR) filing procedures — with specific crypto-related suspicious indicators (unusual on-chain patterns, structuring across wallets, rapid fiat off-ramping)

FINTRAC charges zero government fees for MSB registration — unlike MiCA (€3,000–€7,000 per NCA) or US state money transmitter licenses ($500–$7,500 per state). Your costs are entirely in legal preparation, compliance infrastructure, and technology.

These are costs that traditional MSBs do not face. For a crypto MSB, they are not optional — FINTRAC expects virtual currency businesses to have blockchain monitoring and Travel Rule compliance capabilities operational from day one.

How to accelerate the timeline: Have three things ready before FINTRAC submission: (1) complete crypto-specific compliance documentation, (2) blockchain analytics tools operational and producing monitoring reports, and (3) a clear explanation of your crypto business model for both regulators and banks. Incomplete applications trigger additional Q&A rounds, each adding 2–4 weeks. See the step-by-step guide above for detailed phase descriptions.

Canadian corporations pay income tax at both the federal and provincial level. The combined rate varies by province:

• Federal corporate income tax: 15% on taxable income
• Provincial tax (British Columbia): 2% on the first $500,000 of active business income, 12% on income above that threshold
• Provincial tax (Ontario): 3.2% on the first $500,000 of active business income, 11.5% on income above that threshold
• Combined effective rate: typically 26.5%–31% depending on the province and income level

The small business deduction may apply to the first $500,000 of active business income for Canadian-Controlled Private Corporations (CCPCs), significantly reducing the effective federal rate from 15% to 9%. Eligibility depends on your corporate structure and ownership — foreign-controlled crypto MSBs typically do not qualify.

The CRA classifies cryptocurrency as a commodity under its published guidance on digital currencies. This classification determines how every transaction in your crypto MSB is taxed.

For a crypto MSB, this means:

• Exchange fees and trading spreads earned by your platform are business income, taxed at full corporate rates
• Cryptocurrency held as inventory (e.g., coins held in your exchange’s liquidity pool) must be valued at year-end for tax purposes — either at cost or fair market value, applied consistently
• Disposition of cryptocurrency by the business (including exchange for fiat, exchange for another crypto asset, or use as payment) triggers a taxable event that must be calculated and reported
• Each transaction must be recorded in Canadian dollars at the time it occurs, even if no fiat currency is involved — this creates significant record-keeping obligations for high-volume crypto businesses

For most crypto MSBs, the distinction between business income and capital gains is straightforward: revenue from your core operations is business income.

• Business income (fully taxable): Exchange commissions and trading fees, spread revenue, transaction processing fees, custody fees, listing fees, staking-as-a-service revenue, and any other income derived from providing MSB services involving virtual currency
• Capital gains (50% inclusion rate for corporations): May apply to cryptocurrency held as a long-term investment by the company (not as trading inventory). The capital gains inclusion rate for corporations remains at 1/2 (50%) — a proposed increase to 2/3 was announced in the 2024 federal budget but was cancelled by the government on March 21, 2025. For most crypto MSBs, capital gains treatment is the exception, not the rule, because the CRA will view a crypto business’s holdings as inventory or trading assets rather than passive investments.

Practical implication: Do not assume your crypto MSB’s holdings will qualify for capital gains treatment. The CRA looks at the nature and frequency of transactions, the business’s stated purpose, and how the cryptocurrency is used in operations. An active crypto exchange or OTC desk will almost certainly be assessed on a business income basis.

If your crypto MSB engages in mining or staking operations (either directly or as a service to clients), the CRA has specific positions:

• Mining income: The CRA treats cryptocurrency received from mining as business income if mining is conducted as a commercial activity. The fair market value of the mined cryptocurrency at the time it is received must be included in income. Expenses directly related to mining operations (hardware, electricity, hosting) are deductible against this income.
• Staking rewards: Cryptocurrency received as staking rewards is treated similarly to mining income when conducted as a business activity. The fair market value at the time of receipt is included in business income. Subsequent disposition of staking rewards triggers a separate taxable event based on any change in value from the time of receipt.
• Staking-as-a-service: If your MSB offers staking services to clients and earns a fee or commission, that fee is straightforward business income. The underlying staking rewards belong to the client for tax purposes, though your platform may have reporting obligations.

Canada’s Goods and Services Tax (GST) and Harmonized Sales Tax (HST) apply to most commercial transactions. The rate depends on the province:

• Federal GST: 5% (applies in all provinces)
• HST (Ontario): 13% (combines federal GST and provincial component)
• British Columbia: 5% GST only — BC does not have a harmonized provincial sales tax

Most traditional financial services are GST/HST-exempt under Schedule V of the Excise Tax Act. However, because the CRA classifies cryptocurrency as a commodity rather than as money or a financial instrument, the exemptions do not apply cleanly to crypto MSBs:

• Crypto-to-fiat and crypto-to-crypto exchanges: The CRA has indicated that exchanges of virtual currency may be subject to GST/HST because cryptocurrency is treated as a commodity, not as a financial instrument that would qualify for exemption. However, this position has been the subject of ongoing debate, and practical enforcement has been inconsistent.
• Service fees and commissions: Transaction fees, trading commissions, and platform fees charged by your crypto MSB are generally subject to GST/HST as taxable supplies of services.
• Currency exchange services (fiat-to-fiat): Generally exempt as a financial service under the existing framework.
• Money transfer services: May qualify for the financial service exemption depending on the specific transaction structure.

CRA’s evolving position: The GST/HST treatment of crypto transactions remains one of the most uncertain areas of Canadian tax law for virtual currency businesses. As international standards develop (the EU has exempted crypto exchange services from VAT based on CJEU case law and Member State practice, for example), pressure on the CRA to provide clearer guidance continues to grow. We strongly recommend obtaining a specific advance tax ruling from the CRA for your particular business model before launch to avoid unexpected GST/HST liabilities.

Crypto MSBs in Canada face overlapping reporting obligations from both FINTRAC (AML) and CRA (tax). Key filing requirements include:

• T2 Corporate Income Tax Return: Annual filing due 6 months after your fiscal year-end, reporting all business income including revenue from virtual currency operations. All crypto transaction values must be reported in Canadian dollars.
• T1135 — Foreign Income Verification Statement: If your crypto MSB holds foreign property (including cryptocurrency held on foreign platforms, wallets controlled by foreign entities, or accounts with foreign exchanges) with a total cost exceeding CAD $100,000, you must file form T1135. This is frequently overlooked by crypto businesses that hold assets across multiple platforms and jurisdictions.
• GST/HST returns: Filed quarterly or annually depending on your revenue threshold, reporting all taxable supplies including crypto transaction fees and commissions.
• Record-keeping obligations: The CRA requires detailed records of every cryptocurrency transaction, including date, amount, value in CAD at the time of transaction, wallet addresses, and counterparty information. Records must be retained for a minimum of 6 years from the end of the tax year (note: this is longer than FINTRAC’s 5-year minimum). For high-volume crypto businesses, this requires robust transaction logging and data retention systems.

If your Canadian crypto MSB is controlled by a foreign parent company or transacts with related entities in other jurisdictions — which is common in the crypto industry where operations are often distributed across multiple countries — Canadian transfer pricing rules under Section 247 of the Income Tax Act apply.

• Intercompany transactions must be at arm’s length pricing: This includes management fees, technology licensing, liquidity provision between related exchanges, shared compliance costs, and any other transactions between your Canadian MSB and related foreign entities.
• Crypto-specific transfer pricing risk: The CRA pays particular attention to intercompany transfers of cryptocurrency between related entities. If your Canadian MSB receives crypto from or sends crypto to a related foreign exchange, each transfer must be documented at fair market value with contemporaneous pricing evidence.
• Documentation requirements: Arm’s length pricing must be documented and supportable. Failure to maintain adequate transfer pricing documentation can result in penalties of 10% of the transfer pricing adjustment, in addition to the reassessed tax.

Given the complexity of transfer pricing for international crypto operations, we recommend engaging a transfer pricing specialist familiar with digital asset businesses as part of your initial tax planning.

These are the questions we hear in nearly every FMSB consultation with crypto companies:

• Can I run a crypto exchange from abroad with FMSB registration? — Yes. You can operate your exchange infrastructure, matching engine, and custody systems entirely outside Canada. FMSB registration gives you the legal right to serve Canadian crypto users remotely.
• Do I need Canadian servers or data hosting? — No. FINTRAC does not require your servers, blockchain nodes, or data infrastructure to be located in Canada. Your technology stack can remain wherever it is today.
• Can my development team stay overseas? — Yes. There is no requirement for Canadian-based technical staff. Your engineering, product, and support teams can operate from any jurisdiction.
• What do I actually need in Canada? — One authorized person in Canada to accept service on behalf of the FMSB, plus a full compliance program that meets FINTRAC standards. That’s it. No office, no local directors, no Canadian employees.

For crypto exchanges and wallet providers based in the EU, Asia, or the Middle East, FMSB registration offers Canadian market access with minimal operational disruption. The key advantage over domestic MSB is speed and cost: you skip incorporation, office setup, and provincial compliance, going straight to FINTRAC registration with the same AML/KYC standard.

• Faster setup — no incorporation timeline, no office search, no provincial compliance delays
• Lower structural cost — no Canadian entity, office lease, or local staffing required
• Full market access — serve Canadian crypto users through your existing platform, apps, and APIs

While FMSBs do not need a Canadian entity, some crypto companies choose to incorporate a Canadian subsidiary alongside their FMSB registration — particularly for banking purposes, since Canadian banks are more willing to open accounts for locally incorporated entities. Note that incorporating a Canadian entity has tax implications, including corporate income tax and potential transfer pricing obligations.

The FMSB registration process for crypto companies follows the same FINTRAC procedure as domestic MSBs, with a few additional requirements:

• Appointment of a person in Canada authorized to accept service on behalf of the FMSB
• Full compliance program covering crypto-specific risks — blockchain analytics, Travel Rule protocols, virtual currency transaction monitoring
• Same reporting obligations to FINTRAC, including Suspicious Transaction Reports (with crypto-specific indicators like mixer usage, rapid cross-chain transfers, and sanctioned wallet interactions)
• Documentation of all virtual currency services offered to Canadian users — exchange, custody, transfer, and any ancillary services

• Biennial compliance effectiveness review — every 2 years, conduct a comprehensive review of your compliance program’s effectiveness (can be performed internally or by an external auditor)
• Suspicious Transaction Reports (STRs) — file with FINTRAC as soon as practicable after determination (the previous 30-day deadline was replaced on June 1, 2020)
• Large Cash Transaction Reports — report all cash transactions of CAD $10,000 or more within 15 calendar days
• Terrorist Property Reports — file immediately upon knowledge or suspicion
• Record keeping — maintain all transaction records, client identification, and compliance documentation for a minimum of 5 years (note: CRA requires 6 years for tax records — plan for the longer period)
• KYC updates — periodically update client identification and risk assessments, particularly for high-risk clients
• Staff training — ongoing AML/compliance training for all employees and agents, with documentation of training delivered
• FINTRAC re-registration — MSB registration must be renewed every 2 years. Failure to renew results in automatic loss of registration status

• Blockchain analytics maintenance — keep your analytics platform’s sanctions lists, risk scoring models, and detection rules current. FINTRAC examinations verify that your monitoring tools are actively maintained and producing actionable alerts — not just installed
• STR procedure updates — regularly update your suspicious transaction indicators as new typologies emerge. FINTRAC publishes crypto-specific operational alerts — incorporate them into your detection rules and staff training within 30 days of publication
• Travel Rule protocol maintenance — test interoperability with counterparty VASPs quarterly. As new standards and protocol versions emerge, update your implementation to maintain compatibility and data exchange reliability
• Supported blockchain and token list updates — when you add new blockchains, tokens, or services (e.g., adding staking, launching on a new L2 network), update your FINTRAC registration and compliance documentation to reflect the expanded scope. Operating services not covered by your registration creates a compliance gap
• Regulatory monitoring for crypto-specific guidance — actively track FINTRAC crypto-specific bulletins, CSA staff notices regarding crypto trading platforms, and Bank of Canada RPAA guidance. The regulatory landscape for crypto in Canada is evolving rapidly, and your compliance program must keep pace
• Cryptocurrency record-keeping specifics — beyond standard transaction records, crypto MSBs must maintain on-chain transaction hashes, originating and receiving wallet addresses, blockchain confirmation data, and records linking on-chain activity to verified client identities. These records must be retained for a minimum of 5 years and be producible upon FINTRAC request
• Custody and wallet security reviews — conduct documented security audits of your wallet infrastructure at least annually. Review key management access logs, test multi-signature recovery procedures, and update incident response plans based on new attack vectors

*EU (MiCA) total first-year cost is an estimate that includes regulatory own-funds requirements (€50,000–€150,000 depending on service type) plus typical professional fees and internal build-out; actual figures vary by Member State and business model.

Canada stands out for businesses that don’t need EU passporting — you get G7-level credibility at a fraction of the cost of any comparable jurisdiction. If your primary goal is European Union market access, consider our MiCA licensing service instead.