Skip to content.

FINTRAC Guidance on Red Flag Indicators Associated With Virtual Currency Transactions

On December 2, 2020, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) published guidance on money laundering (“ML”) and terrorist financing (“TF”) red flag indicators for virtual currency transactions. In Canada, businesses dealing in virtual currency are subject to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada). Reporting entities are required to have effective internal systems for identifying, assessing and reporting suspicious transactions. These ML/TF red flag indicators provide useful guidance for businesses dealing in virtual currency to refine their anti-ML/TF compliance strategy.

The red flag indicators are comprised of factual characteristics, behaviors and patterns associated with suspicious financial transactions. FINTRAC developed the red flag indicators based on their analysis of ML/TF cases, suspicious transaction reports (“STR”), input from reporting entities and materials published by international organizations such as the Financial Action Task Force (FATF). The guidance from FINTRAC follows the recent report on red flag indicators associated with virtual assets published by FATF, summarized here.

The red flag indicators can be grouped into the following categories:

1. Red Flag Indicators Related to the Transaction – Red flags associated with traditional transactions also apply to virtual currency transactions. For example:

  • Funds flowing through a large number of intermediate addresses in a very short period of time prior to being deposited in a client's wallet, or immediately after being withdrawn.
  • A broker charging abnormally high commission fees compared to industry standards.
  • A client's virtual currency wallet or address being linked to fraudulent activity in media reports and/or cyber security bulletins.

2. Red Flag Indicators Related to Transaction Patters – ML/TF can be identified through unusual transaction patterns such as:

  • High volume and frequency of transfers between different types of virtual currencies.
  • Multiple transactions taking place at the same time of day. Transfers from fiat to virtual currency and virtual currency to fiat.

3. Red Flag Indicators Related to Anonymity – The nature of virtual currency allows for a level of anonymity that makes it harder to identify suspicious transactions. Additional measures in virtual currency transactions to conceal the identity of the parties and the source of funds can be a red flag:

  • A client providing an anonymous email address obtained through an encrypted email service.
  • A client’s portfolio solely consisting of, or having a high value of, privacy coins (for example, Monero, Dash, Zcash).
  • A client transferring Bitcoin in large volumes in exchange for privacy coins.

4. Red Flag Indicators Related to the Sender or Recipients – The profile and behavior of the sender or recipient can identify ML/TF:

  • Virtual currency addresses matching addresses on recognized watch lists such as those maintained by the Office of Foreign Assets Control (OFAC) or other law enforcement.
  • Many individuals registering with the exchange within a short period using a shared address, mobile device, phone number, IP addresses and other common identity indicators.

5. Red Flag Indicators Related to the Source of the Funds – There are a number of indicators that suggest a criminal organization is using virtual currency to obscure the original source of funds, such as:

  • The developers are anonymous or information provided about the initial coin offering cannot be verified.
  • Virtual currency passes through mixers/tumblers and is transferred to multiple wallets, where the funds are cashed out.
  • Client is unwilling or unable to provide information about the source of privacy coins they once held or currently have.


The full list of virtual currency ML/TF red flag indicators can be found in the published guidance. FINTRAC notes that in isolation, a single red flag may not appear suspicious. However, it may require organizations to conduct further investigation. Organizations should use the red flag indicators in their internal investigations along with other facts and contextual circumstances to determine if there are reasonable grounds to believe a transaction is associated with ML/TF activities. If there are reasonable grounds, a STR must be submitted to FINTRAC. The red flags should then be used to describe the transaction in the narrative section of the STR. Additionally, during its review of a STR, FINTRAC will assess how an organization uses the red flag indicators in its own investigations.

For more information about our firm’s Fintech expertise, please see our Fintech group’s page.



Stay Connected

Get the latest posts from this blog

Please enter a valid email address