skip to Main Content

Canada Updates KYC Identity Verification Guidance for VASPs

On March 23, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) updated its Know Your Customer (KYC) guidance on money services businesses (MSBs) and foreign money services businesses (FMSBs). FINTRAC classifies Virtual Asset Service Providers (VASPs) as MSBs, meaning they too must comply with these new guidelines under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).

Currently, VASPs are only required to collect identification and KYC information in relation to transactions that are considered suspicious (where there are reasonable grounds to suspect money laundering or terrorist financing) and in the case of traditional/non-virtual asset related MSB transactions, such as fiat remittance and foreign exchange. As of June 1, 2021, VASPs operating in Canada will be required to verify identity and collect know your customer (KYC) information in relation to a number of virtual currency transactions.

According to the guidance, VASPs must verify the identity of its customer in the following situations if it has not done so previously and kept the associated records:

  • Receiving $10,000 worth or more in virtual currency in a 24-hour period
  • Transmitting $1,000 or more in funds
  • Foreign currency exchange transactions of $3,000 or more
  • Transferring $1,000 worth or more in virtual currency
  • Exchanging $1,000 worth or more in virtual currency (this includes fiat-crypto and crypto-crypto)
  • Remitting virtual currency to a beneficiary in an amount equivalent to $1,000 or more
  • Initiating an electronic funds transfer (EFT) of $1,000 or more
  • Conducting or attempting to conduct suspicious transactions, regardless of the amount

When applicable, VASPs must also verify the identity of a corporation or other entity 30 days after the day on which the information record is created for:

  • an ongoing service agreement for international EFTs, funds remittance or foreign exchange services;
  • a service agreement for the issuance or redemption of money orders, traveller’s cheques or similar negotiable instruments; or
  • a service agreement to exchange or transfer VC.


Exceptions to KYC Verification

The following are exempt from the customer verification triggers listed above:

  • An entity is exempt for identity verification if:
    • It is a public body,
    • It is a subsidiary of a public body, or
    • It has minimum net assets of $75 million on its last audited balance sheet, and its shares are traded on a Canadian stock exchange.
  • Transferring or receiving virtual currency worth more than $10,000 is exempt if it is compensation for validating a transaction that is recorded on the blockchain or you exchange, transfer or receive the virtual currency for the sole purpose of validating another transaction or a transfer of information.
  • Suspicious activity is exempt if you believe that verifying the identity of the person or entity would inform them that you are submitting a Suspicious Transaction Report.
  • You do not have to verify the identity of an authorized employee who conducts a transaction for their employer under a service agreement.

“In addition to verifying customer identity, there are some elements of KYC information that are quite prescriptive and required at the same thresholds,” notes Amber D. Scott, CEO of Outlier Compliance Group. “For instance, collecting the occupation (for individuals) or principal business (for entities) is one KYC requirement that seems to surprise many VASPs. We’ve often been asked if this is required or ‘nice to have.’ It’s definitely a requirement.”


Keeping KYC information up to date

MSBs are required to perform ongoing monitoring on their customers as part of their KYC/AML regulatory obligations. As such, Canadian VASPs must keep client identification information up to date. The frequency with which a VASP is to update customer information will depend on internal policies and procedures based on the risk level assigned to the client during its risk assessment.

Read the full KYC guidance here:

Read the full ongoing monitoring guidance here:

Back To Top