B
6

Just realized my fintech startup was breaking Canadian AML laws with a simple email mistake

I was sitting in my basement office in Toronto last Tuesday, sending out welcome emails to new users. Turned out my automated system wasn't verifying IDs properly before letting people sign up for our payment platform. A buddy from a bank pointed out that I was basically onboarding unverified users, which is a big no-no under FINTRAC rules. Spent the next 48 hours rewriting the onboarding flow and adding ID checks. Has anyone else accidentally run into compliance issues with something as simple as email automation?
3 comments

Log in to join the discussion

Log In
3 Comments
the_lee
the_lee7d ago
FINTRAC nearly nailed my buddy's crypto exchange over the exact same welcome email glitch.
10
the_emery
the_emery7d agoMost Upvoted
Figure it was the glitch itself that got him in hot water, not the emails.
5
the_kim
the_kim7d ago
OH MAN, that's a brutal wake-up call but better to catch it now than later. @the_emery I hear what you're saying but I think the email part matters more than just a random glitch. So the big question is: Was your ID check completely missing or was it just not triggering right on those welcome emails? Because if the system itself had zero ID verification built in before you hit send, that's a whole different problem than a broken feature. I mean, what was supposed to happen when someone signed up before you fixed it? Sounds like your buddy saved you from a massive headache down the road.
5