April 4, 2025

Protecting Your Crypto Assets: Safe Business

Learn more about trading platforms and money services businesses in the third part of our series: Protecting Your Crypto Assets.

While the beauty of blockchain enables you to make decentralized peer-to-peer transactions, you may want to delegate the expertise and some of the responsibilities that come with it to centralized exchanges (CEX). With crypto scams on the rise, it is important to know what to look for and what to avoid when searching for an exchange, a wallet provider or a money services business.

In our last blog post, we explored smart wallets and the different security functionalities smart contracts have to offer. In Part Three of our Protecting Your Crypto Assets series, we recall what to keep in mind when deciding who to entrust your keys or money with within a flourishing crypto industry.

Decentralized Exchanges Vs. Centralized Exchanges

Decentralized exchanges (DEX) function on a peer-to-peer basis, working similarly to a marketplace, with its data being distributed among its users. This replicates the principle of the blockchain. As such, decentralized exchanges do not act as any one entity, with functions they perform being automated through smart contracts for maximum privacy and transparency. You can read more about smart contracts in our previous blog post. Instead, each user acts as their own entity, with their own wallet being the decentralized finance (DeFi) equivalent to a centralized exchange.

The downside of decentralized exchanges is that they require a fair amount of technical crypto knowledge in order to navigate and use. Additionally, customer support can be limited as decentralized exchanges are largely ran by code.

Centralized exchanges (CEX), on the other hand, are entities who provide crypto services within an internally managed platform, which enables them to offer faster delivery time and increased user friendliness including customer support—similar to a bank. For example, password recovery is made possible by centralized exchanges, whereas losing the private keys of a DeFi wallet means definitely losing access to the wallet itself. While centralized exchanges offer less cryptocurrency options, often specializing in a few, they carefully research and vet the cryptocurrencies they offer. Additionally, centralized exchanges offer lower trading fees and increased ease of on-ramp (from fiat to crypto) and off-ramp (from crypto to fiat) transfer of funds.

On the other hand, relying on centralized exchanges means entrusting them with your private keys. Your funds could be threatened if your CEX collapses.

Exchanges are not the only way to buy and trade cryptocurrency. Physical Bitcoin ATM, wallets that have incorporated third-parties for on/off ramp like Moonpay, Transak Challengy or EZO, or crypto mining are some of the off-exchange options out there. They all come with security challenges and their own key points to keep in mind for safeguarding.

Registration and Compliance

Before taking your business to a company, it is important to verify its legitimacy. While cryptocurrency constitutes a safeguard against government currency manipulation, exchanges and money services businesses still have to abide by local regulations which ensure the safety of their users and consumers.

Applying to register with relevant regulatory bodies involves a great deal of paperwork and compliance audits, showcasing a commitment to high safety standards. The identity of company owners are additionally verified by these regulatory agencies, as they are personally responsible for their company’s actions. Though, of course, your verification process should not stop there, looking for proof of license or registration is a good first step to ensure your security. On the other hand, searching within lists of banned cryptocurrency exchanges or banned money services businesses can clarify who to avoid. 

In Canada, crypto exchanges and money services businesses who offer crypto services must register with different provincial and federal regulatory bodies. The expectations for crypto exchanges (or virtual asset services providers (VASPs)) and money services businesses are different, as they are two distinct categories of businesses who offer different services. A crypto exchange must fulfill the legal requirements of a money services business and an investment or restricted dealer, while a money services business who offers some crypto services is not necessarily a crypto asset trading platform.

Money Services Businesses in Canada

For example, in Canada, while you may buy and convert crypto with a money services business, they must ensure their immediate delivery in your own self-custodial wallet, as they cannot keep clients’ cryptocurrency in their custody. They can only keep fiat currencies in their custody. Custodial solutions for cryptocurrency are not offered by money services businesses. They also can only offer cryptocurrency considered as commodities such as Bitcoin and Ether.

As for regulations, money services businesses must develop an anti-money laundering and counter-terrorist financing (AML/CTF) compliance program when registering with the Financial Transactions and Reports Analysis Centre (FINTRAC), with respect to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). FINTRAC also requires money services businesses to carry out Know Your Client (KYC) procedures for certain activities, as well as customer due diligence activities. To operate in the province of Quebec, MSB must also be registered with Revenu Quebec.

As a separate but relevant registration for money services businesses dealing with crypto, in order to provide payments between parties, payment service providers (PSP) must register with the Bank of Canada which has been mandated by the Retail Payment Activities Act (RPAA) to supervise their activities.

Virtual Asset Services Providers, Restricted Dealers and Crypto Asset Trading Platforms

On the other hand, crypto asset trading platforms facilitate crypto transactions. They may retain custody of your crypto assets in their storage—in this case, securities laws apply and registering as a restricted dealer or investment dealer is required.

Previously, crypto exchanges authorized to operate in Canada had to register with the Canadian Securities Administrators (CSA), which includes the relevant provincial securities regulators like the Autorité des marchés financiers in Quebec and the Ontario Securities Commission. The CSA also lists crypto asset trading platforms which have filed a pre-registration undertaking.

Crypto is part of a rapidly evolving regulatory space. In August of 2024, the CSA has closed registration and pre-registration forms for restricted dealers, instead redirecting new applicants to the Canadian Investment Regulatory Organization (CIRO). Current CSA-registered dealers must also register with CIRO as dealer members within a two-year period.

Security Features

Obtaining different licenses and registration is a lengthy and rigorous process, which may weed out some fraudulent actors, but they do not constitute by themselves a guarantee that a company is trustworthy.

Looking specifically on your own into security protocols and mechanisms can help enlighten you in choosing the right company for your crypto needs, as well as give you a better idea of how things function behind the scenes. Here are some relevant questions to keep in mind as you read through a crypto exchange or a money services business' Security page:

  • Are they transparent about how they handle your trust and your business?
  • How do they protect your account?
    • Do they use multi-factor authentication to ward off unauthorized access to your account?
    • Do they use real-time notifications and behavior analysis to warn you of suspicious activities on your account?
  • What storage methods do they use for their assets?
    • Do they store their company assets offline (cold storage), away from possible online threats including cyber attacks?
    • Are your funds safeguarded separately from their own company assets?
  • Is there a plan in place in the unfortunate event of a security breach?
  • How do they protect your personal information?
    • Do they use encryption to protect your data?
    • Are they in compliance with data privacy regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and the General Data Protection Regulation (GDPR)?

Reputation

Another way to verify the legitimacy of an exchange or a money services business is to read what others have to say about it. Others’ experiences can be a valuable resource to evaluate where a company stands within the crypto community, provided you have already done research regarding the applicable legislation, licenses and registrations as well as the security measures they take to protect themselves and to protect you.

Of course, reputation is not the only measure of reliability. You may encounter issues with a well-rated crypto exchange, while a lesser known business may provide you excellent services. Furthermore, even highly-rated and well established companies, as well as their employees, can be targeted by cybercriminals, as was the case recently with the Bybit heist.

On one hand, community feedback on websites like Reddit and Trustpilot allows users to read and share their experiences. On the other hand, established social media presence on platforms like LinkedIn and X can help you gauge the credibility and the reach of a specific enterprise. 

Crypto news sites including CoinDesk and Cointelegraph, regularly issue articles about ongoing scams. Keeping yourself informed about current crypto events can equip you with valuable knowledge to protect yourself against scams and increase your security.

As aforementioned, government websites also often lists banned crypto exchanges and even reports of scams.

Carefully choosing who to trust is the first step to ensuring your security within the rapidly evolving world of crypto. As part of our Protecting Your Crypto Assets series, learn what you can do yourself to proactively protect your wallet, seed phrase and wealth in our next blog post. Keep in touch with us by signing up to our newsletter for more articles like this one.

About EZO

At EZO, we operate in full compliance with anti-money laundering (AML), counter-terrorist financing (CTF), consumer protection and Know Your Client (KYC) regulations in every jurisdiction where our services are offered. As a licensed money services business and payment service provider, we hold compliance as a core principle and ensure all of our decisions are reflective of that. EZO is regulated by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) and Revenu Québec (RQ) as a Money Services Business (MSB). EZO is also registered as a Payment Service Provider (PSP) with the Bank of Canada for the purposes of the Retail Payments Activities Act (RPAA).

We uphold high security standards including the continuous monitoring for suspicious transactions and strict encryption protocols to ensure you remain safe at every step of your financial journey with us, whether it is swapping cryptocurrency or within your very own EZO digital fiat wallet.

In Sum

When choosing a crypto asset trading platform, a wallet provider or a money services business to buy cryptocurrency, ask yourself:

  • What are my needs in regards to crypto?
  • Does this company have all licenses and are registered everywhere they are required to be for the services they offer?
  • What security measures does this company use in order to protect itself and to protect my account?
  • Have others used this company’s services before? What are others’ experiences with this company like?

Frequently Asked Questions

What is the difference between a crypto asset trading platform and a money services business?

While you can buy crypto from both, crypto asset trading platforms and money services businesses offer different services, and have to obtain different licenses in order to operate in full regulatory compliance. A crypto asset trading platform is authorized to keep your cryptocurrency in their custody, whereas a money services business is mandated to immediately deliver your purchased cryptocurrency to your personal self-custodial wallet.

What regulatory authorities must crypto asset trading platforms register with in order to operate in Canada?

Previously, registering with the Canadian Securities Administrators (CSA) and its provincial equivalents was required to operate as a dealer in Canada. Registration and pre-registration has since closed, with the CSA announcing that new crypto asset trading platforms must seek to register with the Canadian Investment Regulatory Organization (CIRO) as investment dealers.

What is the difference between decentralized exchanges (DEX) and centralized exchanges (CEX)?

Decentralized exchanges work on a peer-to-peer (P2P) basis, often using smart contracts in order to automate agreements and eliminate the need for a central entity in charge of fulfilling them. Centralized exchanges, on the other hand, are central entities which offer services within their platform. Both DEX and CEX have their advantages and their disadvantages.

Symona Lam
Political Science Content Writer @ EZO
Related Posts
January 29, 2025

The Future of Payments via Stablecoins

Stablecoins have the potential to revolutionise global payments by reducing fees, increasing speed and improving security.

Learning
November 22, 2024

Women's Access to Finance: 8 Eye-Opening Facts

Women’s access to finance is still precarious around the world. There remains a gender gap that is increasingly important to bridge.

February 2, 2025

What Does Donald Trump’s Presidency Mean for the Future of Crypto?

Trump’s election marked the culmination of a very pro-crypto campaign, with many promises made. What will follow his entry in office?

Learning
Be the First to Know!

Subscribe to get exclusive updates and early access when we launch in your country.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.