Skip to main content
FINTRAC Cyberattack: What MSB's Need to Know

The Financial Transactions and Reports Analysis Centre of Canada (“FINTRAC” or the “Centre”) supervises anti-money laundering and anti-terrorist financing in Canada. It acts as the country’s financial intelligence unit and aims to detect, prevent and deter money laundering and the financing of terrorist activities. FINTRAC was recently subject to a cyber incident and this blog provides a brief review of the events and details about potential consequences for money services businesses (MSBs).

Summary of Events

On March 3, 2024, FINTRAC released a statement informing the public that the Centre was the subject of a “cyber incident” however, they ensured stakeholders that none of the “intelligence or classified systems” were involved. At this time, FINTRAC also took all corporate systems offline as a precautionary safety measure.

As of April 5, 2024, FINTRAC has released two additional statements (on March 11, 2024 and March 22, 2024) reiterating that the intelligence and classified systems are safe and the corporate systems will continue to remain offline until they are returned to full operational capacity.

In the statement from March 22, 2024, FINTRAC further clarified that “there is no evidence that any information has been removed from FINTRAC’s systems or that any information was lost.”

As it stands, FINTRAC has not provided specific details about the cyber incident or when systems will be back online.

MSBs and Data Security

MSBs are required to register and report to FINTRAC and through this process, FINTRAC receives important and potentially confidential company information. With the lack of guidance from FINTRAC, MSBs now have many questions: Will MSBs be required to re-report information? Are there privacy concerns for the data MSBs have reported? Who has access to the MSB information through this cyber incident? Will MSBs be subject to penalties for non-compliance? How should MSBs effectively monitor transactions and uphold transaction reporting requirements? While FINTRAC has provided some assurances regarding the state of intelligence and classified systems, there is little published guidance on protection and next steps for registered MSBs. If you are concerned about these issues, our team would be happy to provide guidance and updates as they become available.

Despite the assurances provided by FINTRAC, this cyber incident reignites the conversation surrounding data privacy and the security of corporate information. This unfortunate scenario highlights the importance of ensuring that your company has a robust risk management system for data security. How will your company respond if sensitive information is released? What measures will help mitigate the damage caused by such a release?

Our team can assist you to manage your risks, provide guidance on upholding reporting requirements and ensure that you are protected if a breach occurs.

Segev LLP will continue to monitor the FINTRAC cyber incident and provide updates as they become available.

If you have any questions about FINTRAC and how the above may impact you, our team would love to hear from you. Please do not hesitate to contact us at 1-800-604-1312 or https://segevllp.com/contact-us/.

Disclaimer

***The above blog post is provided for informational purposes only and has not been tailored to your specific circumstances. This blog post does not constitute legal advice or other professional advice and may not be relied upon as such.***